Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Url:mal originating from taskhost.exe


  • This topic is locked This topic is locked
21 replies to this topic

#1 Juanmik

Juanmik

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:05:03 AM

Posted 17 January 2014 - 03:46 PM

Hello,

 

My Avast keeps blocking urls originating from taskhost.exe. This is a follow up to another post: http://www.bleepingcomputer.com/forums/t/520646/avast-blocks-malicious-urls-taskhostexe/#entry3259130 .

 

DDS Scan (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 10.0.9200.16750  BrowserJavaVersion: 10.51.2
Run by Doris at 14:37:39 on 2014-01-17
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.34.3082.18.893.125 [GMT -6:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\viakaraokesrv.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\System32\regsvr32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_11_9_900_170_ActiveX.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [AdobeBridge] <no file>
mRun: [HDAudDeck] c:\program files\via\viaudioi\vdeck\VDeck.exe -r
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Wondershare Helper Compact.exe] c:\program files\common files\wondershare\wondershare helper compact\WSHelper.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
dRunOnce: [SPReview] "c:\windows\system32\spreview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &Enviar a OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: E&xportar a Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{F59A3707-D191-4FE7-A96D-AC2EAA0FD84B} : NameServer = 200.91.75.6,8.8.8.8
TCP: Interfaces\{F59A3707-D191-4FE7-A96D-AC2EAA0FD84B} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\32.0.1700.76\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-3-14 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-3-14 180248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-12-20 775952]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2012-12-20 410528]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2013-7-15 243128]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-12-20 67824]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-12-28 50344]
R2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2011-11-25 89888]
R3 aswStm;aswStm;c:\windows\system32\drivers\aswstm.sys [2013-12-28 64168]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C62x86.sys [2011-10-25 68208]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2011-10-25 1801328]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2012-9-19 83168]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-3-14 15872]
S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\drivers\taphss6.sys [2013-2-21 37064]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-6-4 52224]
S3 VBoxUSB;VirtualBox USB;c:\windows\system32\drivers\VBoxUSB.sys [2013-7-4 84752]
.
=============== File Associations ===============
.
FileExt: .scr: AutoCADScriptFile=c:\windows\system32\notepad.exe "%1"
.
=============== Created Last 30 ================
.
2014-01-17 15:12:25 7760024 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{fa7b2079-d842-4dee-824f-e4b6014154e8}\mpengine.dll
2014-01-16 16:18:59 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-01-16 15:43:17 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-01-16 15:43:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-01-15 19:17:08 -------- d-----w- c:\program files\ESET
2014-01-15 18:32:20 -------- d-----w- c:\windows\ERUNT
2014-01-15 17:32:26 -------- d-----w- C:\AdwCleaner
2014-01-15 16:35:47 2349056 ----a-w- c:\windows\system32\win32k.sys
2014-01-15 16:35:44 240576 ----a-w- c:\windows\system32\drivers\netio.sys
2014-01-15 16:35:36 43520 ----a-w- c:\windows\system32\drivers\usbehci.sys
2014-01-15 16:35:34 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2014-01-15 16:35:33 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
2014-01-15 16:35:33 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2014-01-15 16:35:32 6016 ----a-w- c:\windows\system32\drivers\usbd.sys
2014-01-15 16:35:31 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2014-01-15 16:35:30 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2014-01-12 23:29:34 -------- d-----w- c:\users\doris\appdata\local\Emftion
2014-01-10 15:35:26 -------- d-----w- c:\program files\VideoPlayerV3
2014-01-08 20:02:30 1499136 ----a-w- c:\programdata\microsoft\bingdesktop\bingcore\BingDesktopCore.dll
2013-12-28 21:06:19 64168 ----a-w- c:\windows\system32\drivers\aswstm.sys
2013-12-21 06:04:22 225656 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
.
==================== Find3M  ====================
.
2013-12-28 21:06:05 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-12-28 21:06:05 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-12-28 21:06:05 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-12-28 21:06:04 43152 ----a-w- c:\windows\avastSS.scr
2013-12-11 00:59:29 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-11 00:59:29 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-11-26 18:25:54 230048 ------w- c:\windows\system32\MpSigStub.exe
2013-11-23 18:26:20 417792 ----a-w- c:\windows\system32\WMPhoto.dll
2013-11-12 02:07:29 2048 ----a-w- c:\windows\system32\tzres.dll
2013-10-30 02:19:52 301568 ----a-w- c:\windows\system32\msieftp.dll
2013-10-25 04:45:11 1767936 ----a-w- c:\windows\system32\wininet.dll
2013-10-25 04:43:42 2877952 ----a-w- c:\windows\system32\jscript9.dll
2013-10-25 04:43:38 61440 ----a-w- c:\windows\system32\iesetup.dll
2013-10-25 04:43:38 109056 ----a-w- c:\windows\system32\iesysprep.dll
2013-10-25 03:41:01 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-10-25 02:49:34 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-10-24 00:21:25 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-10-24 00:21:24 79720 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
.
============= FINISH: 14:40:59,21 ===============
 
Attached File  attach.txt   12.63KB   1 downloads


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:03 AM

Posted 22 January 2014 - 03:50 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/521158 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Juanmik

Juanmik
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:05:03 AM

Posted 22 January 2014 - 04:38 PM

Hello,

 

My Avast keeps blocking url:mal triggered by taskhots.exe. I already had psted in the Am I infected? forum. After running Malwarebytes and ESET trojans and injectors were found. The problem however did not stop.

 

Can someone please help? 

 

I do not have the original Windows cd.

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 10.0.9200.16750  BrowserJavaVersion: 10.51.2
Run by Doris at 15:30:55 on 2014-01-22
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.34.3082.18.893.97 [GMT -6:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\viakaraokesrv.exe
C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\regsvr32.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [AdobeBridge] <no file>
mRun: [HDAudDeck] c:\program files\via\viaudioi\vdeck\VDeck.exe -r
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Wondershare Helper Compact.exe] c:\program files\common files\wondershare\wondershare helper compact\WSHelper.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mRunOnce: [20131224] c:\program files\avast software\avast\setup\emupdate\ecd5bb2c-5dbc-43bd-a54e-cea218cc6e55.exe /check
dRunOnce: [SPReview] "c:\windows\system32\spreview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &Enviar a OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: E&xportar a Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{F59A3707-D191-4FE7-A96D-AC2EAA0FD84B} : NameServer = 200.91.75.6,8.8.8.8
TCP: Interfaces\{F59A3707-D191-4FE7-A96D-AC2EAA0FD84B} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\32.0.1700.76\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-3-14 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-3-14 180248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-12-20 775952]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2012-12-20 410528]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2013-7-15 243128]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-12-20 67824]
R2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2011-11-25 89888]
R3 aswStm;aswStm;c:\windows\system32\drivers\aswstm.sys [2013-12-28 64168]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C62x86.sys [2011-10-25 68208]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2011-10-25 1801328]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2012-9-19 83168]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-3-14 15872]
S3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\drivers\taphss6.sys [2013-2-21 37064]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-6-4 52224]
S3 VBoxUSB;VirtualBox USB;c:\windows\system32\drivers\VBoxUSB.sys [2013-7-4 84752]
.
=============== File Associations ===============
.
FileExt: .scr: AutoCADScriptFile=c:\windows\system32\notepad.exe "%1"
.
=============== Created Last 30 ================
.
2014-01-21 16:14:50 7760024 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{6ef8fd10-ccbf-4a25-8815-ef66ccaef683}\mpengine.dll
2014-01-21 00:30:37 80887 ----a-w- c:\programdata\microsoft\bingdesktop\bingcore\temp\tmpBD20.exe
2014-01-16 16:18:59 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-01-16 15:43:17 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-01-16 15:43:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2014-01-15 19:17:08 -------- d-----w- c:\program files\ESET
2014-01-15 18:32:20 -------- d-----w- c:\windows\ERUNT
2014-01-15 17:32:26 -------- d-----w- C:\AdwCleaner
2014-01-15 16:35:47 2349056 ----a-w- c:\windows\system32\win32k.sys
2014-01-15 16:35:44 240576 ----a-w- c:\windows\system32\drivers\netio.sys
2014-01-15 16:35:36 43520 ----a-w- c:\windows\system32\drivers\usbehci.sys
2014-01-15 16:35:34 76288 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2014-01-15 16:35:33 284672 ----a-w- c:\windows\system32\drivers\usbport.sys
2014-01-15 16:35:33 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2014-01-15 16:35:32 6016 ----a-w- c:\windows\system32\drivers\usbd.sys
2014-01-15 16:35:31 20480 ----a-w- c:\windows\system32\drivers\usbohci.sys
2014-01-15 16:35:30 24064 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2014-01-12 23:29:34 -------- d-----w- c:\users\doris\appdata\local\Emftion
2014-01-10 15:35:26 -------- d-----w- c:\program files\VideoPlayerV3
2014-01-08 20:02:30 1499136 ----a-w- c:\programdata\microsoft\bingdesktop\bingcore\BingDesktopCore.dll
2013-12-28 21:06:19 64168 ----a-w- c:\windows\system32\drivers\aswstm.sys
.
==================== Find3M  ====================
.
2013-12-28 21:06:05 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-12-28 21:06:05 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-12-28 21:06:05 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-12-28 21:06:04 43152 ----a-w- c:\windows\avastSS.scr
2013-12-18 12:13:56 231584 ------w- c:\windows\system32\MpSigStub.exe
2013-12-11 00:59:29 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-12-11 00:59:29 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-11-23 18:26:20 417792 ----a-w- c:\windows\system32\WMPhoto.dll
2013-11-12 02:07:29 2048 ----a-w- c:\windows\system32\tzres.dll
2013-10-30 02:19:52 301568 ----a-w- c:\windows\system32\msieftp.dll
2013-10-25 04:45:11 1767936 ----a-w- c:\windows\system32\wininet.dll
2013-10-25 04:43:42 2877952 ----a-w- c:\windows\system32\jscript9.dll
2013-10-25 04:43:38 61440 ----a-w- c:\windows\system32\iesetup.dll
2013-10-25 04:43:38 109056 ----a-w- c:\windows\system32\iesysprep.dll
2013-10-25 03:41:01 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-10-25 02:49:34 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
.
============= FINISH: 15:34:34,90 ===============


#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:03 PM

Posted 24 January 2014 - 04:06 PM

Hi and sorry for the delay.

 

please run a scan with FRST:

 

 

Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)

  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.



#5 Juanmik

Juanmik
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:05:03 AM

Posted 25 January 2014 - 04:03 PM

Hi, thanks for answering!

 

FRST 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-01-2014 01
Ran by Doris (administrator) on DORIS-PC on 25-01-2014 14:37:07
Running from D:\Users\Doris\Downloads
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: Spanish Modern Sort
Internet Explorer Version 10
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) ===================
 
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(VIA) C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil32_12_0_0_38_ActiveX.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [HDAudDeck] - C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe [2145904 2011-02-22] (VIA)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [Wondershare Helper Compact.exe] - C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1686528 2012-03-27] (Wondershare)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024 2013-12-28] (AVAST Software)
HKCU\...\Run: [AdobeBridge] - [x]
HKCU\...\Run: [Facebook Update] - C:\Users\Doris\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-11] (Facebook Inc.)
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files\DAEMON Tools Lite\DTLite.exe [3673184 2013-07-03] (Disc Soft Ltd)
HKCU\...\Run: [Emftion] - regsvr32.exe C:\Users\Doris\AppData\Local\Emftion\HandlerEventImage.dll <===== ATTENTION
MountPoints2: {15a91740-0322-11e1-961d-806e6f6e6963} - F:\setup.exe
MountPoints2: {9a0b75a5-ff60-11e0-8272-d35bb09c59b5} - "I:\WD SmartWare.exe" autoplay=true
HKU\ANA\...\Run: [LightScribe Control Panel] - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [ 2009-06-17] (Hewlett-Packard Company)
HKU\ANA\...\Run: [uTorrent] - "C:\Users\ANA\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
HKU\JUAN\...\Run: [AdobeBridge] - [x]
HKU\JUAN\...\Run: [crsscmgr] - C:\Users\JUAN\AppData\Roaming\Adobe\crsscmgr\crsscmgr.exe
HKU\JUAN\...\Run: [GoogleChromeAutoLaunch_EFF3BA7F926C8BFCD15354288FD8111E] - C:\Program Files\Google\Chrome\Application\chrome.exe [ 2014-01-11] (Google Inc.)
Startup: C:\Users\JUAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Doris\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://es.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF93DBA4D7693CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = es
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {295516A5-2EE6-420C-9454-6130B1C0217B} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b2ie7
SearchScopes: HKCU - {976FE0D7-9323-40D4-821F-576FD671AA61} URL = http://www.google.com/search?q={searchTerms}
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} -  No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F59A3707-D191-4FE7-A96D-AC2EAA0FD84B}: [NameServer]200.91.75.6,8.8.8.8
 
Chrome: 
=======
CHR HomePage: hxxp://google.com/
CHR DefaultNewTabURL: 
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\32.0.1700.76\pdf.dll ()
CHR Plugin: (Skype Click to Call) - C:\Users\Doris\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U11) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Doris\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll No File
CHR Extension: (Entanglement Web App) - C:\Users\Doris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2013-10-09]
CHR Extension: (Google Docs) - C:\Users\Doris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-01-19]
CHR Extension: (Lucidchart Diagramas - Online) - C:\Users\Doris\AppData\Local\Google\Chrome\User Data\Default\Extensions\apboafhkiegglekeafbckfjldecefkhn [2013-10-09]
CHR Extension: (Google Drive) - C:\Users\Doris\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-01-19]
CHR Extension: (Ribbet! Photo Editor) - C:\Users\Doris\AppData\Local\Google\Chrome\User Data\Default\Extensions\bikpkcdadljalhghbbipfkkhocppkhob [2013-08-02]
CHR Extension: (YouTube) - C:\Users\Doris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-19]
CHR Extension: (Búsqueda de Google) - C:\Users\Doris\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-19]
CHR Extension: (Search by Image (by Google)) - C:\Users\Doris\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm [2013-10-09]
CHR Extension: (Chinese Tutor Flashcards) - C:\Users\Doris\AppData\Local\Google\Chrome\User Data\Default\Extensions\egbbefchlgcnhjoncjebmkffamidfhae [2013-10-09]
CHR Extension: (Unit Convertor) - C:\Users\Doris\AppData\Local\Google\Chrome\User Data\Default\Extensions\eopnphfocejllklfamlopocijfjmpihi [2013-10-09]
CHR Extension: (Dictionary.com Extension) - C:\Users\Doris\AppData\Local\Google\Chrome\User Data\Default\Extensions\epkhgmlgiomobdlofllfmoejgjdojknn [2013-10-09]
CHR Extension: (Web Lab) - C:\Users\Doris\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgacgeibpdjllcjckbmgecpahipdjabe [2013-10-09]
CHR Extension: (Japanese Kana) - C:\Users\Doris\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnhmomiblghhhfjleapinggmnjhinign [2013-10-09]
CHR Extension: (World Time Buddy) - C:\Users\Doris\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdhpjomiingppeefgnohkiapmnaeakoj [2013-10-09]
CHR Extension: (The Ultimate Free Stock Photo Search Addon) - C:\Users\Doris\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhpcplnfjajjmfnpahacllcleijddbap [2013-10-09]
CHR Extension: (Prueba de mecanografía - KeyHero) - C:\Users\Doris\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkcieoaeooeidmpaopkpjpjfakidlabm [2013-10-09]
CHR Extension: (Autodesk Homestyler) - C:\Users\Doris\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdmmkfaghgcicheaimnpffeeekheafkb [2013-10-09]
CHR Extension: (Movi Kanti Revo) - C:\Users\Doris\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkdkcgeghhfjiglphfppinecpcpnnbne [2013-08-02]
CHR Extension: (Flower Birdie) - C:\Users\Doris\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmachmaeecbidjjclialaakeffcigiag [2014-01-03]
CHR Extension: (Learn Japanese Free - JapanesePod101.com) - C:\Users\Doris\AppData\Local\Google\Chrome\User Data\Default\Extensions\kndfdlmlcglgbpffaippjfioidjnkpjf [2013-10-09]
CHR Extension: (Konnichi wa Japón) - C:\Users\Doris\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdfdnaliaclmjmbfdjeloceogmdofhke [2013-10-09]
CHR Extension: (Highlight Keywords for Google Search) - C:\Users\Doris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nhahncknpppipmgjchbbhehkfglelepf [2013-10-09]
CHR Extension: (Google Wallet) - C:\Users\Doris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Origami Player) - C:\Users\Doris\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiomepakkenneiifjocbinkmmampfbdn [2013-10-09]
CHR Extension: (Palette para Chrome) - C:\Users\Doris\AppData\Local\Google\Chrome\User Data\Default\Extensions\oolpphfmdmjbojolagcbgdemojhcnlod [2013-10-09]
CHR Extension: (Psykopaint) - C:\Users\Doris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil [2013-10-09]
CHR Extension: (Gmail) - C:\Users\Doris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-19]
CHR Extension: (Spot The Differences!) - C:\Users\Doris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pniinickecbjegedmgagmgikbolfgaij [2013-10-09]
CHR HKLM\...\Chrome\Extension: [ceikklieffoecpdlmfcdebiimbfjiofp] - C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha934\ch\WebexpEnhancedV1alpha934.crx [2013-10-09]
CHR HKLM\...\Chrome\Extension: [mhbkpgkjpamabmkcbegecpomahldalif] - C:\Program Files\VideoPlayerV3\VideoPlayerV3beta358\ch\VideoPlayerV3beta358.crx [2013-10-09]
CHR HKLM\...\Chrome\Extension: [npiecjlhkngdinoeekmccdbjdgclmnbk] - C:\Users\Doris\AppData\Local\CRE\npiecjlhkngdinoeekmccdbjdgclmnbk.crx [2013-10-09]
CHR HKCU\...\Chrome\Extension: [npiecjlhkngdinoeekmccdbjdgclmnbk] - C:\Users\Doris\AppData\Local\CRE\npiecjlhkngdinoeekmccdbjdgclmnbk.crx [2013-10-09]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
========================== Services (Whitelisted) =================
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-12-28] (AVAST Software)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1044816 2011-10-25] (Flexera Software, Inc.)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-02-17] (VIA Technologies, Inc.)
 
==================== Drivers (Whitelisted) ====================
 
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2013-12-28] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [79720 2013-10-23] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49944 2013-10-23] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [775952 2013-12-28] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [410528 2013-12-28] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [64168 2013-12-28] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [180248 2013-12-28] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2013-07-15] (Disc Soft Ltd)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [466008 2013-07-15] (Duplex Secure Ltd.)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [37064 2013-02-21] (Anchorfree Inc.)
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1801328 2011-02-17] (VIA Technologies, Inc.)
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)
S2 adfs; No ImagePath
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-01-25 14:36 - 2014-01-25 14:36 - 00000000 ____D C:\FRST
2014-01-24 20:49 - 2014-01-24 20:49 - 00000000 ____D C:\ProgramData\McAfee
2014-01-22 18:11 - 2014-01-22 18:11 - 00000831 _____ C:\Users\Doris\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2014-01-17 18:55 - 2014-01-23 09:51 - 00001400 _____ C:\Windows\PFRO.log
2014-01-17 14:41 - 2014-01-22 15:35 - 00015233 _____ C:\Users\Doris\Desktop\attach.txt
2014-01-17 14:41 - 2014-01-22 15:34 - 00011128 _____ C:\Users\Doris\Desktop\dds.txt
2014-01-17 14:03 - 2014-01-17 14:03 - 00000500 _____ C:\Users\Doris\Desktop\ESETScan 2014 2.txt
2014-01-16 23:01 - 2014-01-16 23:01 - 00000610 _____ C:\Users\Doris\Desktop\FTC.txt
2014-01-16 16:02 - 2014-01-25 12:33 - 00001344 _____ C:\Windows\setupact.log
2014-01-16 16:02 - 2014-01-16 16:02 - 00000000 _____ C:\Windows\setuperr.log
2014-01-16 14:29 - 2014-01-24 23:31 - 00092520 _____ C:\Windows\IE11_main.log
2014-01-16 10:19 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-01-16 10:18 - 2013-12-18 21:10 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-01-16 10:18 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-01-16 10:18 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-01-16 10:14 - 2014-01-16 10:18 - 00005132 _____ C:\Windows\system32\jupdate-1.7.0_51-b13.log
2014-01-16 09:43 - 2014-01-16 09:43 - 00001067 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-16 09:43 - 2014-01-16 09:43 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2014-01-16 09:43 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-15 18:16 - 2014-01-15 18:16 - 00002761 _____ C:\Users\Doris\Desktop\EsetScan2014.txt
2014-01-15 13:17 - 2014-01-15 13:17 - 00000000 ____D C:\Program Files\ESET
2014-01-15 12:40 - 2014-01-15 12:40 - 00001349 _____ C:\Users\Doris\Desktop\JRT.txt
2014-01-15 12:32 - 2014-01-15 12:32 - 00000000 ____D C:\Windows\ERUNT
2014-01-15 12:26 - 2014-01-15 12:26 - 00016252 _____ C:\Users\Doris\Desktop\AdwCleaner[S0].txt
2014-01-15 11:32 - 2014-01-15 12:06 - 00000000 ____D C:\AdwCleaner
2014-01-15 10:35 - 2013-11-26 19:14 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 10:35 - 2013-11-26 19:13 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 10:35 - 2013-11-26 19:13 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 10:35 - 2013-11-26 19:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 10:35 - 2013-11-26 19:13 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 10:35 - 2013-11-26 19:13 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 10:35 - 2013-11-26 19:13 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 10:35 - 2013-11-26 05:11 - 00240576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 10:35 - 2013-11-26 04:10 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-12 17:29 - 2014-01-12 17:29 - 00000000 ____D C:\Users\Doris\AppData\Local\Emftion
2014-01-10 23:15 - 2014-01-10 23:15 - 00002353 _____ C:\Users\JUAN\Desktop\JKan2 - Chrome.lnk
2014-01-10 09:35 - 2014-01-16 12:07 - 00000000 ____D C:\Program Files\VideoPlayerV3
2014-01-05 13:02 - 2014-01-05 13:02 - 00000372 _____ C:\Users\Doris\Desktop\Películas.txt
2013-12-28 15:06 - 2013-12-28 15:07 - 00064168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
 
==================== One Month Modified Files and Folders =======
 
2014-01-25 14:36 - 2014-01-25 14:36 - 00000000 ____D C:\FRST
2014-01-25 14:14 - 2013-06-09 20:53 - 01145813 _____ C:\Windows\WindowsUpdate.log
2014-01-25 14:03 - 2012-02-16 13:18 - 00001086 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-25 13:58 - 2012-11-01 10:42 - 00000838 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-25 13:29 - 2012-05-24 19:07 - 00001116 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1167016168-3567840934-799961921-1000UA.job
2014-01-25 12:34 - 2012-02-16 13:18 - 00001082 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-25 12:33 - 2014-01-16 16:02 - 00001344 _____ C:\Windows\setupact.log
2014-01-25 12:33 - 2009-07-13 22:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-24 23:31 - 2014-01-16 14:29 - 00092520 _____ C:\Windows\IE11_main.log
2014-01-24 20:55 - 2013-08-17 17:36 - 00000000 ____D C:\Users\Doris\AppData\Local\Adobe
2014-01-24 20:55 - 2012-04-01 22:26 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-01-24 20:55 - 2011-11-09 20:11 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-01-24 20:49 - 2014-01-24 20:49 - 00000000 ____D C:\ProgramData\McAfee
2014-01-24 20:42 - 2011-10-25 17:16 - 00000000 ____D C:\Program Files\WinRAR
2014-01-24 19:29 - 2012-05-24 19:07 - 00001094 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1167016168-3567840934-799961921-1000Core.job
2014-01-23 09:51 - 2014-01-17 18:55 - 00001400 _____ C:\Windows\PFRO.log
2014-01-22 19:53 - 2009-07-13 22:34 - 00014016 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-22 19:53 - 2009-07-13 22:34 - 00014016 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-22 18:11 - 2014-01-22 18:11 - 00000831 _____ C:\Users\Doris\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2014-01-22 15:35 - 2014-01-17 14:41 - 00015233 _____ C:\Users\Doris\Desktop\attach.txt
2014-01-22 15:34 - 2014-01-17 14:41 - 00011128 _____ C:\Users\Doris\Desktop\dds.txt
2014-01-20 23:32 - 2012-05-20 19:24 - 00000000 ____D C:\Users\Doris\AppData\Roaming\Skype
2014-01-20 22:37 - 2011-10-25 17:54 - 00000000 ____D C:\Users\Doris\AppData\Roaming\Adobe
2014-01-20 21:49 - 2012-01-22 14:53 - 00000000 ____D C:\Users\JUAN\AppData\Roaming\Dropbox
2014-01-20 21:48 - 2012-01-22 15:08 - 00000000 ___RD C:\Users\JUAN\Dropbox
2014-01-18 19:13 - 2011-11-05 19:20 - 00000000 ____D C:\Users\Doris\AppData\Roaming\vlc
2014-01-18 19:06 - 2012-06-12 17:00 - 00407930 _____ C:\Windows\system32\perfh011.dat
2014-01-18 19:06 - 2012-06-12 17:00 - 00121428 _____ C:\Windows\system32\perfc011.dat
2014-01-18 19:06 - 2011-10-25 17:22 - 02198690 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-17 14:29 - 2013-07-29 11:42 - 00000000 ____D C:\Users\Doris\AppData\Local\JDownloader 0.9
2014-01-17 14:24 - 2011-10-25 18:15 - 00000000 ____D C:\ProgramData\Nero
2014-01-17 14:03 - 2014-01-17 14:03 - 00000500 _____ C:\Users\Doris\Desktop\ESETScan 2014 2.txt
2014-01-16 23:01 - 2014-01-16 23:01 - 00000610 _____ C:\Users\Doris\Desktop\FTC.txt
2014-01-16 16:02 - 2014-01-16 16:02 - 00000000 _____ C:\Windows\setuperr.log
2014-01-16 12:36 - 2013-08-21 16:43 - 00000000 ____D C:\Users\Doris\Desktop\Programas
2014-01-16 12:31 - 2012-02-16 13:18 - 00000000 ____D C:\Program Files\Google
2014-01-16 12:24 - 2013-12-04 13:43 - 00000000 ____D C:\Program Files\Canon
2014-01-16 12:09 - 2012-04-07 22:04 - 00000000 ____D C:\Windows\Minidump
2014-01-16 12:07 - 2014-01-10 09:35 - 00000000 ____D C:\Program Files\VideoPlayerV3
2014-01-16 12:07 - 2011-10-28 12:13 - 00000000 ____D C:\Users\JUAN\AppData\Roaming\Adobe
2014-01-16 10:21 - 2013-09-24 17:51 - 00000000 ____D C:\ProgramData\Oracle
2014-01-16 10:18 - 2014-01-16 10:14 - 00005132 _____ C:\Windows\system32\jupdate-1.7.0_51-b13.log
2014-01-16 10:18 - 2011-11-06 10:36 - 00000000 ____D C:\Program Files\Java
2014-01-16 09:43 - 2014-01-16 09:43 - 00001067 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-16 09:43 - 2014-01-16 09:43 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2014-01-15 19:33 - 2009-07-13 22:33 - 02339432 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-15 18:38 - 2013-08-14 20:25 - 00000000 ____D C:\Windows\system32\MRT
2014-01-15 18:34 - 2011-11-02 20:37 - 83425928 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-15 18:16 - 2014-01-15 18:16 - 00002761 _____ C:\Users\Doris\Desktop\EsetScan2014.txt
2014-01-15 13:17 - 2014-01-15 13:17 - 00000000 ____D C:\Program Files\ESET
2014-01-15 12:40 - 2014-01-15 12:40 - 00001349 _____ C:\Users\Doris\Desktop\JRT.txt
2014-01-15 12:32 - 2014-01-15 12:32 - 00000000 ____D C:\Windows\ERUNT
2014-01-15 12:26 - 2014-01-15 12:26 - 00016252 _____ C:\Users\Doris\Desktop\AdwCleaner[S0].txt
2014-01-15 12:06 - 2014-01-15 11:32 - 00000000 ____D C:\AdwCleaner
2014-01-14 09:54 - 2011-11-08 13:23 - 00000000 ____D C:\Users\JUAN\AppData\Roaming\vlc
2014-01-12 17:29 - 2014-01-12 17:29 - 00000000 ____D C:\Users\Doris\AppData\Local\Emftion
2014-01-11 20:45 - 2012-06-10 11:19 - 00000000 ____D C:\Users\ANA\AppData\Roaming\vlc
2014-01-10 23:15 - 2014-01-10 23:15 - 00002353 _____ C:\Users\JUAN\Desktop\JKan2 - Chrome.lnk
2014-01-10 18:59 - 2012-01-22 15:06 - 00000000 ____D C:\Users\JUAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-10 09:36 - 2013-12-20 11:20 - 00000158 _____ C:\extensions.ini
2014-01-09 16:46 - 2013-02-18 21:51 - 00000000 ____D C:\Users\Doris\AppData\Local\CrashDumps
2014-01-05 13:02 - 2014-01-05 13:02 - 00000372 _____ C:\Users\Doris\Desktop\Películas.txt
2014-01-03 08:04 - 2009-07-13 22:53 - 00032612 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-28 15:12 - 2013-06-18 17:15 - 00000000 ____D C:\Users\Doris\AppData\Roaming\dvdcss
2013-12-28 15:07 - 2013-12-28 15:06 - 00064168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2013-12-28 15:07 - 2012-12-20 00:09 - 00002047 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-12-28 15:06 - 2013-03-14 12:15 - 00180248 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-12-28 15:06 - 2012-12-20 00:09 - 00775952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-12-28 15:06 - 2012-12-20 00:09 - 00410528 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2013-12-28 15:06 - 2012-12-20 00:09 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-12-28 15:06 - 2012-12-20 00:08 - 00270240 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-12-28 15:06 - 2012-12-20 00:08 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-12-26 00:20 - 2012-10-11 11:34 - 00005632 _____ C:\Users\Doris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
Files to move or delete:
====================
C:\Users\Public\ASKLib.dll
 
 
Some content of TEMP:
====================
C:\Users\Doris\AppData\Local\Temp\jkvrorpz.exe
C:\Users\Doris\AppData\Local\Temp\rntcigcr.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-01-19 10:57
 
==================== End Of Log ============================

 

 
Addition
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 25-01-2014 01
Ran by Doris at 2014-01-25 14:40:11
Running from D:\Users\Doris\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
Acoustica CD/DVD Label Maker (Version:  - )
Adobe AIR (Version: 3.9.0.1030 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.9.0.1030 - Adobe Systems Incorporated) Hidden
Adobe Digital Editions 2.0 (Version: 2.0 - Adobe Systems Incorporated)
Adobe Flash Player 12 ActiveX (Version: 12.0.0.38 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (Version: 12.0.0.43 - Adobe Systems Incorporated)
Adobe Media Player (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe Media Player (Version: 1.1 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Español (Version: 11.0.06 - Adobe Systems Incorporated)
Apple Software Update (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (Version: 1.0.0.35 - Atheros Communications Inc.)
Autodesk Inventor Fusion 2012 (Version: 1.0.0.79 - Autodesk, Inc.)
Autodesk Inventor Fusion 2012 (Version: 1.0.0.79 - Autodesk, Inc.) Hidden
Autodesk Inventor Fusion 2012 Language Pack (Version: 1.0.0.79 - Autodesk, Inc.) Hidden
Autodesk Inventor Fusion plug-in for AutoCAD 2012 (Version: 0.0.1.138 - Autodesk)
Autodesk Inventor Fusion plug-in for AutoCAD 2012 (Version: 0.0.1.138 - Autodesk) Hidden
Autodesk Inventor Fusion plug-in language pack for AutoCAD 2012 (Version: 0.0.1.138 - Autodesk) Hidden
Autodesk Material Library 2012 (Version: 2.5.0.8 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2012 (Version: 2.5.0.8 - Autodesk)
avast! Free Antivirus (Version: 9.0.2011 - Avast Software)
Canon Utilities PhotoStitch (Version: 3.1.23.47 - Canon Inc.)
CCleaner (Version: 3.03 - Piriform)
CEP (Color Enable Package) v.9.2 (beta) (Version: 9.2 (beta) - Numenor, for ModTheSims2) <==== ATTENTION
Compatibilidad con Aplicaciones de Apple (Version: 2.3.4 - Apple Inc.)
DAEMON Tools Lite (Version: 4.47.1.0335 - Disc Soft Ltd)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (Version:  - Microsoft) <==== ATTENTION
DVD Flick 1.3.0.7 (Version: 1.3.0.7 - Dennis Meuwissen)
Facebook Video Calling 2.0.0.447 (Version: 2.0.447 - Skype Limited) <==== ATTENTION
FARO LS 1.1.406.58 (Version: 4.6.58.2 - FARO Scanner Production)
FreeOCR v4.2 (Version:  - )
Google Chrome (Version: 32.0.1700.76 - Google Inc.)
Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden
ImgBurn (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.1892 - Intel Corporation) <==== ATTENTION
Intel® TV Wizard (Version:  - Intel Corporation)
IrfanView (remove only) (Version: 4.36 - Irfan Skiljan)
Java 7 Update 51 (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
LightScribe System Software (Version: 1.18.6.1 - LightScribe)
Los Sims 2 (Version:  - )
Los Sims 2 Abren Negocios (Version:  - )
Los Sims 2 Universitarios (Version:  - )
Los Sims 2: Noctámbulos (Version:  - )
Los Sims™ 2 Bon Voyage (Version:  - Electronic Arts)
Los Sims™ 2 Cocina y Baño Diseño de Interiores Accesorios (Version:  - Electronic Arts) <==== ATTENTION
Los Sims™ 2 Comparten Piso (Version:  - Electronic Arts)
Los Sims™ 2 H&M® Moda Accesorios (Version:  - ) <==== ATTENTION
Los Sims™ 2 IKEA® Accesorios para el hogar (Version:  - Electronic Arts) <==== ATTENTION
Los Sims™ 2 Mansiones y Jardines Accesorios (Version:  - Electronic Arts) <==== ATTENTION
Los Sims™ 2 Todo Glamour Accesorios (Version:  - ) <==== ATTENTION
Los Sims™ 2 y Las Cuatro Estaciones (Version:  - )
Malwarebytes Anti-Malware versión 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden <==== ATTENTION
Microsoft Office Excel MUI (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden <==== ATTENTION
Microsoft Office Groove MUI (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden <==== ATTENTION
Microsoft Office InfoPath MUI (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden <==== ATTENTION
Microsoft Office OneNote MUI (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden <==== ATTENTION
Microsoft Office Outlook MUI (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden <==== ATTENTION
Microsoft Office PowerPoint MUI (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden <==== ATTENTION
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) <==== ATTENTION
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden <==== ATTENTION
Microsoft Office Proof (Basque) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden <==== ATTENTION
Microsoft Office Proof (Catalan) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden <==== ATTENTION
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden <==== ATTENTION
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden <==== ATTENTION
Microsoft Office Proof (Galician) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden <==== ATTENTION
Microsoft Office Proof (Portuguese (Brazil)) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden <==== ATTENTION
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden <==== ATTENTION
Microsoft Office Proofing (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden <==== ATTENTION
Microsoft Office Publisher MUI (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden <==== ATTENTION
Microsoft Office Shared MUI (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden <==== ATTENTION
Microsoft Office Word MUI (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden <==== ATTENTION
Microsoft Primary Interoperability Assemblies 2005 (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)
Platform (Version: 1.36 - VIA Technologies, Inc.) Hidden
QuickTime (Version: 7.74.80.86 - Apple Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version:  - Microsoft) <==== ATTENTION
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version:  - Microsoft) Hidden <==== ATTENTION
Sims2Pack Clean Installer (Version:  - )
Skype™ 6.11 (Version: 6.11.102 - Skype Technologies S.A.)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (Version:  - Microsoft) <==== ATTENTION
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (Version:  - Microsoft) <==== ATTENTION
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (Version:  - Microsoft) <==== ATTENTION
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (Version:  - Microsoft) <==== ATTENTION
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (Version:  - Microsoft) <==== ATTENTION
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (Version:  - Microsoft) <==== ATTENTION
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (Version:  - Microsoft) <==== ATTENTION
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (Version:  - Microsoft) <==== ATTENTION
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (Version:  - Microsoft) <==== ATTENTION
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (Version:  - Microsoft) <==== ATTENTION
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (Version:  - Microsoft) <==== ATTENTION
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (Version:  - Microsoft) <==== ATTENTION
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (Version:  - Microsoft)
VBA (2627.01) (Version: 6.03.00.9402 - Microsoft Corporation) Hidden
VBA (2627.4) (Version: 6.03.00.9402 - Microsoft Corporation) Hidden
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VIA Administrador de dispositivos de plataforma (Version: 1.36 - VIA Technologies, Inc.)
VLC media player 2.1.2 (Version: 2.1.2 - VideoLAN)
Windows Media Player Firefox Plugin (Version: 1.0.0.8 - Microsoft Corp)
Windows Movie Maker 2.6 (Version: 2.6.4037.0 - Microsoft Corporation)
WinRAR 5.01 (32-bit) (Version: 5.01.0 - win.rar GmbH)
 
==================== Restore Points  =========================
 
25-01-2014 05:29:10 Windows Update
 
==================== Hosts content: ==========================
 
2009-07-13 20:04 - 2013-12-11 16:50 - 00004562 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       activate.adobe.com
127.0.0.1       activate-sjc0.adobe.com
127.0.0.1       activate-sea.adobe.com
127.0.0.1       adobeereg.com
127.0.0.1       www.adobeereg.com
127.0.0.1       activate-sea.adobe.com
127.0.0.1       wwis-dubc1-vip60.adobe.com
127.0.0.1       activate.adobe.com
127.0.0.1       activate-sjc0.adobe.com
127.0.0.1       activate-sea.adobe.com
127.0.0.1       adobeereg.com
127.0.0.1       www.adobeereg.com
127.0.0.1       activate-sea.adobe.com
127.0.0.1       wwis-dubc1-vip60.adobe.com
127.0.0.1       activate.adobe.com
127.0.0.1       activate-sjc0.adobe.com
127.0.0.1       activate-sea.adobe.com
127.0.0.1       adobeereg.com
127.0.0.1       www.adobeereg.com
127.0.0.1       activate-sea.adobe.com
127.0.0.1       wwis-dubc1-vip60.adobe.com
127.0.0.1       activate.adobe.com
127.0.0.1       activate-sjc0.adobe.com
127.0.0.1       activate-sea.adobe.com
127.0.0.1       adobeereg.com
127.0.0.1       www.adobeereg.com
127.0.0.1       activate-sea.adobe.com
127.0.0.1       wwis-dubc1-vip60.adobe.com
127.0.0.1       activate.adobe.com
 
There are 68 more lines.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {085FE5C1-4A30-4042-9006-F604277F7AFE} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1167016168-3567840934-799961921-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {09111DCA-52AB-4F18-B28E-C51B8260C8CC} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1167016168-3567840934-799961921-1000Core => C:\Users\Doris\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)
Task: {3A81C6E4-D39E-4813-AD71-CFBF775B83C3} - System32\Tasks\{A72ED35B-45B5-4DD0-B667-CADE2ED50B44} => C:\Program Files\EA GAMES\Los Sims 2\TSBin\Sims2.exe [2005-09-27] (Maxis, a division of Electronic Arts Inc.)
Task: {3E444913-F919-46B2-8878-7A65F782AB05} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-12-28] (AVAST Software)
Task: {4914F7C0-ED5E-4E80-9397-357149C29E0C} - System32\Tasks\{86FEB58A-8261-4619-A33E-066B36172E91} => C:\Program Files\EA GAMES\Los Sims 2\TSBin\Sims2.exe [2005-09-27] (Maxis, a division of Electronic Arts Inc.)
Task: {53302BF7-142A-4B42-8D54-DB7F811B1A76} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-24] (Adobe Systems Incorporated)
Task: {6AB3BED8-8C3E-4C43-99C9-C242CFE1168B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {7AABA7C0-34B7-4C1B-B76A-62D42FA099B7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-02-16] (Google Inc.)
Task: {93C788C8-E224-4ED8-A98F-689A094E7BFC} - System32\Tasks\{AB881937-61A9-4C9F-9FC4-BAB49F85B3D3} => J:\Software\Autocad2008\AUTOCAD 2008\A08.SPA.wWw.PcLoCa.Com\x86\Setup.exe
Task: {A04CAEFE-B5A8-46EB-8D27-83BA8A6522DB} - System32\Tasks\{1E426BCF-CCB3-42AE-9AE2-D1DAC3CF8946} => C:\Program Files\Hotspot Shield\bin\openvpntray.exe
Task: {AABB2506-878B-43C4-B864-8912CF82AF86} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1167016168-3567840934-799961921-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {C8AACA25-570E-48CE-AA93-5A7E1D790282} - System32\Tasks\{4B5C7632-3B9F-42A7-B787-E9F54036DC57} => C:\Program Files\EA GAMES\Los Sims 2\TSBin\Sims2.exe [2005-09-27] (Maxis, a division of Electronic Arts Inc.)
Task: {D837D016-18E5-4D0E-8296-B26254DD0CAC} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1167016168-3567840934-799961921-1000UA => C:\Users\Doris\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)
Task: {DF1A57E1-2E55-417B-ACE5-7CB0816DF05B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-02-16] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1167016168-3567840934-799961921-1000Core.job => C:\Users\Doris\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1167016168-3567840934-799961921-1000UA.job => C:\Users\Doris\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SidebarExecute.job => C:\Program Files\Windows Sidebar\sidebar.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-01-12 17:29 - 2014-01-12 17:29 - 00028672 _____ () C:\Users\Doris\AppData\Local\Emftion\HandlerEventImage.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2011-10-25 17:20 - 2011-02-22 00:02 - 00080496 _____ () C:\Program Files\VIA\VIAudioi\VDeck\QsApoApi.dll
2011-10-25 17:20 - 2011-02-22 00:02 - 00113264 _____ () C:\Program Files\VIA\VIAudioi\VDeck\Dts2ApoApi.dll
2011-10-25 17:20 - 2011-02-22 00:02 - 00623216 _____ () C:\Program Files\VIA\VIAudioi\VDeck\Skin.dll
2013-10-23 18:21 - 2013-10-23 18:21 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Faulty Device Manager Devices =============
 
Name: adfs
Description: adfs
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: adfs
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/24/2014 02:36:58 PM) (Source: Application Hang) (User: )
Description: El programa iexplore.exe, versión 10.0.9200.16750, dejó de interactuar con Windows y se cerró. Para ver si hay más información disponible acerca del problema, compruebe el historial de problemas en el panel de control Centro de actividades.
 
Identificador de proceso: 1758
 
Hora de inicio: 01cf1943c44ee9d8
 
Hora de finalización: 69
 
Ruta de acceso de la aplicación: C:\Program Files\Internet Explorer\iexplore.exe
 
Identificador de informe:
 
Error: (01/24/2014 02:33:14 PM) (Source: Application Hang) (User: )
Description: El programa iexplore.exe, versión 10.0.9200.16750, dejó de interactuar con Windows y se cerró. Para ver si hay más información disponible acerca del problema, compruebe el historial de problemas en el panel de control Centro de actividades.
 
Identificador de proceso: aa0
 
Hora de inicio: 01cf194312f9c7e4
 
Hora de finalización: 105
 
Ruta de acceso de la aplicación: C:\Program Files\Internet Explorer\iexplore.exe
 
Identificador de informe:
 
Error: (01/20/2014 03:32:50 PM) (Source: Application Error) (User: )
Description: Nombre de la aplicación con errores: POWERPNT.EXE, versión: 14.0.6009.1000, marca de tiempo: 0x4cc1a4ed
Nombre del módulo con errores: ppcore.dll, versión: 14.0.7105.5000, marca de tiempo: 0x51e86edb
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x003da632
Id. del proceso con errores: 0xbe0
Hora de inicio de la aplicación con errores: 0xPOWERPNT.EXE0
Ruta de acceso de la aplicación con errores: POWERPNT.EXE1
Ruta de acceso del módulo con errores: POWERPNT.EXE2
Id. del informe: POWERPNT.EXE3
 
Error: (01/16/2014 09:16:14 AM) (Source: MsiInstaller) (User: Doris-PC)
Description: Producto: Adobe Reader XI - Español - la actualización "{AC76BA86-7AD7-0000-2550-7A8C40011006}" no se pudo instalar. Código de error 1625. Windows Installer no puede crear registros para ayudar a solucionar problemas de instalación de paquetes de software. Use el vínculo siguiente para obtener instrucciones sobre la activación de la compatibilidad de registro: http://go.microsoft.com/fwlink/?LinkId=23127
 
Error: (01/15/2014 07:39:43 PM) (Source: MsiInstaller) (User: Doris-PC)
Description: Producto: Adobe Reader XI - Español - la actualización "{AC76BA86-7AD7-0000-2550-7A8C40011006}" no se pudo instalar. Código de error 1625. Windows Installer no puede crear registros para ayudar a solucionar problemas de instalación de paquetes de software. Use el vínculo siguiente para obtener instrucciones sobre la activación de la compatibilidad de registro: http://go.microsoft.com/fwlink/?LinkId=23127
 
Error: (01/15/2014 01:40:34 PM) (Source: Application Hang) (User: )
Description: El programa iexplore.exe, versión 10.0.9200.16750, dejó de interactuar con Windows y se cerró. Para ver si hay más información disponible acerca del problema, compruebe el historial de problemas en el panel de control Centro de actividades.
 
Identificador de proceso: cb4
 
Hora de inicio: 01cf122952429452
 
Hora de finalización: 247
 
Ruta de acceso de la aplicación: C:\Program Files\Internet Explorer\iexplore.exe
 
Identificador de informe:
 
 
System errors:
=============
Error: (01/25/2014 00:33:37 PM) (Source: Service Control Manager) (User: )
Description: El servicio adfs no pudo iniciarse debido al siguiente error: 
%%2
 
Error: (01/25/2014 00:33:11 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (User: NT AUTHORITY)
Description: Se deshabilitaron algunas características de administración de energía en estado de rendimiento del procesador debido a un problema conocido de firmware. Consulte al fabricante del equipo si hay firmware actualizado.
 
Error: (01/24/2014 11:31:41 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Error de instalación: error de Windows al instalar la siguiente actualización, error 0x80070643: Internet Explorer 11 para Windows 7.
 
Error: (01/24/2014 07:25:17 PM) (Source: Service Control Manager) (User: )
Description: Se agotó el tiempo de espera (30000 ms) para la conexión con el servicio Microsoft .NET Framework NGEN v4.0.30319_X86.
 
Error: (01/24/2014 07:21:49 PM) (Source: Service Control Manager) (User: )
Description: El servicio adfs no pudo iniciarse debido al siguiente error: 
%%2
 
Error: (01/24/2014 07:21:26 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (User: NT AUTHORITY)
Description: Se deshabilitaron algunas características de administración de energía en estado de rendimiento del procesador debido a un problema conocido de firmware. Consulte al fabricante del equipo si hay firmware actualizado.
 
Error: (01/24/2014 04:45:47 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Error de instalación: error de Windows al instalar la siguiente actualización, error 0x80070643: Internet Explorer 11 para Windows 7.
 
Error: (01/24/2014 10:53:54 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Error de instalación: error de Windows al instalar la siguiente actualización, error 0x80070643: Internet Explorer 11 para Windows 7.
 
Error: (01/24/2014 10:32:05 AM) (Source: Service Control Manager) (User: )
Description: Se agotó el tiempo de espera (30000 ms) para la conexión con el servicio Microsoft .NET Framework NGEN v4.0.30319_X86.
 
Error: (01/24/2014 10:29:32 AM) (Source: Service Control Manager) (User: )
Description: El servicio adfs no pudo iniciarse debido al siguiente error: 
%%2
 
 
Microsoft Office Sessions:
=========================
Error: (01/24/2014 02:36:58 PM) (Source: Application Hang)(User: )
Description: iexplore.exe10.0.9200.16750175801cf1943c44ee9d869C:\Program Files\Internet Explorer\iexplore.exe
 
Error: (01/24/2014 02:33:14 PM) (Source: Application Hang)(User: )
Description: iexplore.exe10.0.9200.16750aa001cf194312f9c7e4105C:\Program Files\Internet Explorer\iexplore.exe
 
Error: (01/20/2014 03:32:50 PM) (Source: Application Error)(User: )
Description: POWERPNT.EXE14.0.6009.10004cc1a4edppcore.dll14.0.7105.500051e86edbc0000005003da632be001cf1608b536aa44C:\Program Files\Microsoft Office\Office14\POWERPNT.EXEC:\Program Files\Microsoft Office\Office14\ppcore.dll690ad99c-821a-11e3-90fc-002522e24d2d
 
Error: (01/16/2014 09:16:14 AM) (Source: MsiInstaller)(User: Doris-PC)
Description: Adobe Reader XI - Español{AC76BA86-7AD7-0000-2550-7A8C40011006}1625(NULL)(NULL)(NULL)
 
Error: (01/15/2014 07:39:43 PM) (Source: MsiInstaller)(User: Doris-PC)
Description: Adobe Reader XI - Español{AC76BA86-7AD7-0000-2550-7A8C40011006}1625(NULL)(NULL)(NULL)
 
Error: (01/15/2014 01:40:34 PM) (Source: Application Hang)(User: )
Description: iexplore.exe10.0.9200.16750cb401cf122952429452247C:\Program Files\Internet Explorer\iexplore.exe
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 74%
Total physical RAM: 893.09 MB
Available physical RAM: 231.36 MB
Total Pagefile: 2220.09 MB
Available Pagefile: 1114.58 MB
Total Virtual: 2047.88 MB
Available Virtual: 1906.41 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:51.39 GB) (Free:2.6 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:97.65 GB) (Free:8.31 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: E484E484)
Partition 1: (Active) - (Size=51 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=98 GB) - (Type=OF Extended)
 
==================== End Of Log ============================


#6 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:03 PM

Posted 28 January 2014 - 08:43 AM

Ok. Please run a Combofix scan:


Please download Combofix (by sUBs) and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start Combofix.exe and follow its instructions.
  • Do not use the computer while the scan is running. This may cause the program to stall.
  • When finished, a log file will be displayed (that can also be found at C:\Combofix.txt).
    Please copy and paste the contents of this file into your next post.
Note: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." after the scan, just restart the computer.
(You can find more detailed instructions in this guide on using Combofix.)

#7 Juanmik

Juanmik
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:05:03 AM

Posted 05 February 2014 - 05:46 PM

Can i still ask for help?

Attached Files



#8 Juanmik

Juanmik
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:05:03 AM

Posted 05 February 2014 - 05:51 PM

Hello, the above was an attempt at posting. It seems I can only post if I attach the log file. When I paste it doesn't work.

 

Since the last time I posted I have run Malwarebytes (to alleviate the problem a little), it found some PUPs and trojans . In the log file : c:\programdata\Microsoft\BingDesktop\BingCore\BingDesktopCore.dll is a trojan, when I ran Malwarebytes a couple of days ago  it deleted a similar Bing file, but it seems a new one has appeared.

 

The Avast is blocking criptic urls originating in iexplorer.exe


Edited by Juanmik, 05 February 2014 - 05:52 PM.


#9 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:03 PM

Posted 10 February 2014 - 04:03 AM

Hello,

yes there is still malware alive.


Start FRST with administator privileges.
  • Make sure the option Addition.txt (under Optional Scan) is checked.
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.


#10 Juanmik

Juanmik
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:05:03 AM

Posted 10 February 2014 - 12:12 PM

Thanks!
 
Can finnally paste it! 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 09-02-2014 03
Ran by Doris (administrator) on DORIS-PC on 10-02-2014 11:01:57
Running from D:\Users\Doris\Downloads
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: Spanish Modern Sort
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(VIA Technologies, Inc.) C:\Windows\system32\viakaraokesrv.exe
(VIA) C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [HDAudDeck] - C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe [2145904 2011-02-22] (VIA)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [Wondershare Helper Compact.exe] - C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1686528 2012-03-27] (Wondershare)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-02-09] (AVAST Software)
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [280576 2013-06-04] (Microsoft Corporation)
HKU\S-1-5-21-1167016168-3567840934-799961921-1000\...\Run: [DAEMON Tools Lite] - C:\Program Files\DAEMON Tools Lite\DTLite.exe [3673184 2013-07-03] (Disc Soft Ltd)
HKU\S-1-5-21-1167016168-3567840934-799961921-1000\...\Run: [Emftion] - regsvr32.exe C:\Users\Doris\AppData\Local\Emftion\HandlerEventImage.dll <===== ATTENTION
Startup: C:\Users\JUAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Doris\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF93DBA4D7693CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = es
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {295516A5-2EE6-420C-9454-6130B1C0217B} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b2ie7
SearchScopes: HKCU - {976FE0D7-9323-40D4-821F-576FD671AA61} URL = http://www.google.com/search?q={searchTerms}
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} -  No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F59A3707-D191-4FE7-A96D-AC2EAA0FD84B}: [NameServer]200.91.75.6,8.8.8.8
 
Chrome: 
=======
CHR HomePage: hxxp://google.com/
CHR DefaultNewTabURL: 
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\32.0.1700.107\pdf.dll ()
CHR Plugin: (Skype Click to Call) - C:\Users\Doris\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U11) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Doris\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll No File
CHR Extension: (Entanglement Web App) - C:\Users\Doris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2013-10-09]
CHR Extension: (Google Docs) - C:\Users\Doris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-01-19]
CHR Extension: (Lucidchart Diagramas - Online) - C:\Users\Doris\AppData\Local\Google\Chrome\User Data\Default\Extensions\apboafhkiegglekeafbckfjldecefkhn [2013-10-09]
CHR Extension: (Google Drive) - C:\Users\Doris\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-01-19]
CHR Extension: (Ribbet! Photo Editor) - C:\Users\Doris\AppData\Local\Google\Chrome\User Data\Default\Extensions\bikpkcdadljalhghbbipfkkhocppkhob [2013-08-02]
CHR Extension: (YouTube) - C:\Users\Doris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-19]
CHR Extension: (Búsqueda de Google) - C:\Users\Doris\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-19]
CHR Extension: (Search by Image (by Google)) - C:\Users\Doris\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm [2013-10-09]
CHR Extension: (Chinese Tutor Flashcards) - C:\Users\Doris\AppData\Local\Google\Chrome\User Data\Default\Extensions\egbbefchlgcnhjoncjebmkffamidfhae [2013-10-09]
CHR Extension: (Unit Convertor) - C:\Users\Doris\AppData\Local\Google\Chrome\User Data\Default\Extensions\eopnphfocejllklfamlopocijfjmpihi [2013-10-09]
CHR Extension: (Dictionary.com Extension) - C:\Users\Doris\AppData\Local\Google\Chrome\User Data\Default\Extensions\epkhgmlgiomobdlofllfmoejgjdojknn [2013-10-09]
CHR Extension: (Web Lab) - C:\Users\Doris\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgacgeibpdjllcjckbmgecpahipdjabe [2013-10-09]
CHR Extension: (Japanese Kana) - C:\Users\Doris\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnhmomiblghhhfjleapinggmnjhinign [2013-10-09]
CHR Extension: (World Time Buddy) - C:\Users\Doris\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdhpjomiingppeefgnohkiapmnaeakoj [2013-10-09]
CHR Extension: (The Ultimate Free Stock Photo Search Addon) - C:\Users\Doris\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhpcplnfjajjmfnpahacllcleijddbap [2013-10-09]
CHR Extension: (Prueba de mecanografía - KeyHero) - C:\Users\Doris\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkcieoaeooeidmpaopkpjpjfakidlabm [2013-10-09]
CHR Extension: (Autodesk Homestyler) - C:\Users\Doris\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdmmkfaghgcicheaimnpffeeekheafkb [2013-10-09]
CHR Extension: (Movi Kanti Revo) - C:\Users\Doris\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkdkcgeghhfjiglphfppinecpcpnnbne [2013-08-02]
CHR Extension: (Flower Birdie) - C:\Users\Doris\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmachmaeecbidjjclialaakeffcigiag [2014-01-03]
CHR Extension: (Learn Japanese Free - JapanesePod101.com) - C:\Users\Doris\AppData\Local\Google\Chrome\User Data\Default\Extensions\kndfdlmlcglgbpffaippjfioidjnkpjf [2013-10-09]
CHR Extension: (Konnichi wa Japón) - C:\Users\Doris\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdfdnaliaclmjmbfdjeloceogmdofhke [2013-10-09]
CHR Extension: (Google Wallet) - C:\Users\Doris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Origami Player) - C:\Users\Doris\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiomepakkenneiifjocbinkmmampfbdn [2013-10-09]
CHR Extension: (Palette para Chrome) - C:\Users\Doris\AppData\Local\Google\Chrome\User Data\Default\Extensions\oolpphfmdmjbojolagcbgdemojhcnlod [2013-10-09]
CHR Extension: (Psykopaint) - C:\Users\Doris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil [2013-10-09]
CHR Extension: (Gmail) - C:\Users\Doris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-19]
CHR Extension: (Spot The Differences!) - C:\Users\Doris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pniinickecbjegedmgagmgikbolfgaij [2013-10-09]
CHR HKLM\...\Chrome\Extension: [ceikklieffoecpdlmfcdebiimbfjiofp] - C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha934\ch\WebexpEnhancedV1alpha934.crx [2013-10-09]
CHR HKLM\...\Chrome\Extension: [mhbkpgkjpamabmkcbegecpomahldalif] - C:\Program Files\VideoPlayerV3\VideoPlayerV3beta358\ch\VideoPlayerV3beta358.crx [2013-10-09]
CHR HKLM\...\Chrome\Extension: [npiecjlhkngdinoeekmccdbjdgclmnbk] - C:\Users\Doris\AppData\Local\CRE\npiecjlhkngdinoeekmccdbjdgclmnbk.crx [2013-10-09]
CHR HKCU\...\Chrome\Extension: [npiecjlhkngdinoeekmccdbjdgclmnbk] - C:\Users\Doris\AppData\Local\CRE\npiecjlhkngdinoeekmccdbjdgclmnbk.crx [2013-10-09]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
========================== Services (Whitelisted) =================
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-09] (AVAST Software)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1044816 2011-10-25] (Flexera Software, Inc.)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-02-17] (VIA Technologies, Inc.)
 
==================== Drivers (Whitelisted) ====================
 
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-02-09] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [79720 2013-10-23] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2013-10-23] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [775952 2014-02-09] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [410784 2014-02-09] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [64168 2014-02-09] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180248 2013-12-28] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2013-07-15] (Disc Soft Ltd)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [466008 2013-07-15] (Duplex Secure Ltd.)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [37064 2013-02-21] (Anchorfree Inc.)
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1801328 2011-02-17] (VIA Technologies, Inc.)
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)
S2 adfs; No ImagePath
S3 catchme; \??\C:\Users\Doris\AppData\Local\Temp\catchme.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-02-08 12:05 - 2014-02-08 12:05 - 00000000 ____D () C:\Users\JUAN\AppData\Roaming\Malwarebytes
2014-02-05 20:01 - 2014-02-05 20:01 - 00000540 _____ () C:\Windows\PFRO.log
2014-02-05 17:23 - 2013-11-26 04:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-05 17:23 - 2013-11-26 03:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-05 17:23 - 2013-11-26 03:22 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-05 17:23 - 2013-11-26 02:53 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-05 17:23 - 2013-11-26 02:52 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-05 17:23 - 2013-11-26 02:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-05 17:23 - 2013-11-26 02:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-05 17:23 - 2013-11-26 02:36 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-05 17:23 - 2013-11-26 02:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-05 17:23 - 2013-11-26 02:29 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-05 17:23 - 2013-11-26 02:29 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-05 17:23 - 2013-11-26 02:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-05 17:23 - 2013-11-26 02:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-05 17:23 - 2013-11-26 02:13 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-05 17:23 - 2013-11-26 01:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-05 17:23 - 2013-11-26 01:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-05 17:23 - 2013-11-26 00:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-05 17:23 - 2013-11-26 00:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-05 17:23 - 2013-11-26 00:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-05 16:46 - 2014-02-05 16:46 - 00127393 _____ () C:\Users\Doris\Desktop\Combofix 05 Feb 2014.txt
2014-02-05 16:06 - 2014-02-05 16:06 - 00127393 _____ () C:\ComboFix.txt
2014-02-05 11:47 - 2014-02-05 11:51 - 00000000 ____D () C:\Windows\rescache
2014-02-04 23:04 - 2014-02-10 10:04 - 00001540 _____ () C:\Windows\setupact.log
2014-02-04 23:04 - 2014-02-04 23:04 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-04 17:50 - 2014-02-04 17:50 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-02-04 17:50 - 2014-02-04 17:50 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-02-04 17:50 - 2014-02-04 17:50 - 00645120 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-02-04 17:50 - 2014-02-04 17:50 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-02-04 17:50 - 2014-02-04 17:50 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-04 17:50 - 2014-02-04 17:50 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-04 17:50 - 2014-02-04 17:50 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-04 17:50 - 2014-02-04 17:50 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-02-04 17:50 - 2014-02-04 17:50 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-02-04 17:50 - 2014-02-04 17:50 - 00244736 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-02-04 17:50 - 2014-02-04 17:50 - 00238288 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-02-04 17:50 - 2014-02-04 17:50 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-04 17:50 - 2014-02-04 17:50 - 00208384 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-02-04 17:50 - 2014-02-04 17:50 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-02-04 17:50 - 2014-02-04 17:50 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-02-04 17:50 - 2014-02-04 17:50 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-04 17:50 - 2014-02-04 17:50 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-02-04 17:50 - 2014-02-04 17:50 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-02-04 17:50 - 2014-02-04 17:50 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-02-04 17:50 - 2014-02-04 17:50 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-02-04 17:50 - 2014-02-04 17:50 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-02-04 17:50 - 2014-02-04 17:50 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-02-04 17:50 - 2014-02-04 17:50 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-02-04 17:50 - 2014-02-04 17:50 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-02-04 17:50 - 2014-02-04 17:50 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-02-04 17:50 - 2014-02-04 17:50 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-04 17:50 - 2014-02-04 17:50 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-02-04 17:50 - 2014-02-04 17:50 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-02-04 17:50 - 2014-02-04 17:50 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-02-04 17:50 - 2014-02-04 17:50 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-02-04 17:50 - 2014-02-04 17:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-02-04 17:50 - 2014-02-04 17:50 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-02-04 17:50 - 2014-02-04 17:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-02-04 17:50 - 2014-02-04 17:50 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-02-04 17:50 - 2014-02-04 17:50 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-02-04 17:50 - 2014-02-04 17:50 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-02-04 17:50 - 2014-02-04 17:50 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-02-04 17:49 - 2014-02-04 17:55 - 00010121 _____ () C:\Windows\IE11_main.log
2014-01-31 11:07 - 2014-01-31 11:07 - 00000347 _____ () C:\Users\Doris\Desktop\1.txt
2014-01-28 10:24 - 2011-06-26 00:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-01-28 10:24 - 2010-11-07 11:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-01-28 10:24 - 2009-04-19 22:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-01-28 10:24 - 2000-08-30 18:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-01-28 10:24 - 2000-08-30 18:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-01-28 10:24 - 2000-08-30 18:00 - 00098816 _____ () C:\Windows\sed.exe
2014-01-28 10:24 - 2000-08-30 18:00 - 00080412 _____ () C:\Windows\grep.exe
2014-01-28 10:24 - 2000-08-30 18:00 - 00068096 _____ () C:\Windows\zip.exe
2014-01-28 10:23 - 2014-02-05 16:06 - 00000000 ____D () C:\Qoobox
2014-01-28 10:22 - 2014-01-31 12:26 - 00000000 ____D () C:\Windows\erdnt
2014-01-25 14:36 - 2014-02-10 11:01 - 00000000 ____D () C:\FRST
2014-01-24 20:49 - 2014-01-24 20:49 - 00000000 ____D () C:\ProgramData\McAfee
2014-01-17 14:41 - 2014-01-22 15:35 - 00015233 _____ () C:\Users\Doris\Desktop\attach.txt
2014-01-17 14:41 - 2014-01-22 15:34 - 00011128 _____ () C:\Users\Doris\Desktop\dds.txt
2014-01-17 14:03 - 2014-01-17 14:03 - 00000500 _____ () C:\Users\Doris\Desktop\ESETScan 2014 2.txt
2014-01-16 10:19 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-01-16 10:18 - 2013-12-18 21:10 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-01-16 10:18 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-01-16 10:18 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-01-16 10:14 - 2014-01-16 10:18 - 00005132 _____ () C:\Windows\system32\jupdate-1.7.0_51-b13.log
2014-01-16 09:43 - 2014-01-16 09:43 - 00001067 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-16 09:43 - 2014-01-16 09:43 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-01-16 09:43 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-15 13:17 - 2014-01-15 13:17 - 00000000 ____D () C:\Program Files\ESET
2014-01-15 12:32 - 2014-01-15 12:32 - 00000000 ____D () C:\Windows\ERUNT
2014-01-15 11:32 - 2014-01-15 12:06 - 00000000 ____D () C:\AdwCleaner
2014-01-15 10:35 - 2013-11-26 19:14 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 10:35 - 2013-11-26 19:13 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 10:35 - 2013-11-26 19:13 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 10:35 - 2013-11-26 19:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 10:35 - 2013-11-26 19:13 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 10:35 - 2013-11-26 19:13 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 10:35 - 2013-11-26 19:13 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 10:35 - 2013-11-26 05:11 - 00240576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 10:35 - 2013-11-26 04:10 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-12 17:29 - 2014-01-12 17:29 - 00000000 ____D () C:\Users\Doris\AppData\Local\Emftion
2014-01-11 14:28 - 2014-01-11 14:56 - 00098018 _____ () C:\Users\ANA\Downloads\Frozen (2013) DVDScr XViD AC3-FiNGERBLaSTs.srt
 
==================== One Month Modified Files and Folders =======
 
2014-02-10 11:03 - 2012-02-16 13:18 - 00001086 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-10 11:01 - 2014-01-25 14:36 - 00000000 ____D () C:\FRST
2014-02-10 10:58 - 2012-11-01 10:42 - 00000838 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-10 10:29 - 2012-05-24 19:07 - 00001116 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1167016168-3567840934-799961921-1000UA.job
2014-02-10 10:28 - 2013-06-09 20:53 - 01451179 _____ () C:\Windows\WindowsUpdate.log
2014-02-10 10:04 - 2014-02-04 23:04 - 00001540 _____ () C:\Windows\setupact.log
2014-02-10 10:04 - 2012-02-16 13:18 - 00001082 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-10 10:04 - 2009-07-13 22:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-09 21:53 - 2012-05-20 19:24 - 00000000 ____D () C:\Users\Doris\AppData\Roaming\Skype
2014-02-09 19:29 - 2012-05-24 19:07 - 00001094 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1167016168-3567840934-799961921-1000Core.job
2014-02-09 10:13 - 2012-12-20 00:09 - 00002047 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-02-09 10:12 - 2013-12-28 15:06 - 00064168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-02-09 10:12 - 2012-12-20 00:09 - 00775952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-02-09 10:12 - 2012-12-20 00:09 - 00410784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-02-09 10:12 - 2012-12-20 00:09 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-02-09 10:11 - 2012-12-20 00:08 - 00270240 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-02-09 10:11 - 2012-12-20 00:08 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-02-09 10:00 - 2012-01-22 14:53 - 00000000 ____D () C:\Users\JUAN\AppData\Roaming\Dropbox
2014-02-09 09:59 - 2012-01-22 15:08 - 00000000 ___RD () C:\Users\JUAN\Dropbox
2014-02-08 23:47 - 2011-11-05 19:20 - 00000000 ____D () C:\Users\Doris\AppData\Roaming\vlc
2014-02-08 19:16 - 2009-07-13 22:34 - 00014016 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-08 19:16 - 2009-07-13 22:34 - 00014016 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-08 12:05 - 2014-02-08 12:05 - 00000000 ____D () C:\Users\JUAN\AppData\Roaming\Malwarebytes
2014-02-08 12:05 - 2012-06-12 17:00 - 00407930 _____ () C:\Windows\system32\perfh011.dat
2014-02-08 12:05 - 2012-06-12 17:00 - 00121428 _____ () C:\Windows\system32\perfc011.dat
2014-02-08 12:05 - 2011-10-25 17:22 - 02198690 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-05 20:01 - 2014-02-05 20:01 - 00000540 _____ () C:\Windows\PFRO.log
2014-02-05 16:46 - 2014-02-05 16:46 - 00127393 _____ () C:\Users\Doris\Desktop\Combofix 05 Feb 2014.txt
2014-02-05 16:06 - 2014-02-05 16:06 - 00127393 _____ () C:\ComboFix.txt
2014-02-05 16:06 - 2014-01-28 10:23 - 00000000 ____D () C:\Qoobox
2014-02-05 16:02 - 2009-07-13 20:04 - 00000215 _____ () C:\Windows\system.ini
2014-02-05 11:51 - 2014-02-05 11:47 - 00000000 ____D () C:\Windows\rescache
2014-02-05 00:59 - 2012-04-01 22:26 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-05 00:59 - 2011-11-09 20:11 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-04 23:04 - 2014-02-04 23:04 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-04 23:03 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\system32\ja-JP
2014-02-04 17:55 - 2014-02-04 17:49 - 00010121 _____ () C:\Windows\IE11_main.log
2014-02-04 17:50 - 2014-02-04 17:50 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-02-04 17:50 - 2014-02-04 17:50 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-02-04 17:50 - 2014-02-04 17:50 - 00645120 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-02-04 17:50 - 2014-02-04 17:50 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-02-04 17:50 - 2014-02-04 17:50 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-04 17:50 - 2014-02-04 17:50 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-04 17:50 - 2014-02-04 17:50 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-04 17:50 - 2014-02-04 17:50 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-02-04 17:50 - 2014-02-04 17:50 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-02-04 17:50 - 2014-02-04 17:50 - 00244736 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-02-04 17:50 - 2014-02-04 17:50 - 00238288 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-02-04 17:50 - 2014-02-04 17:50 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-04 17:50 - 2014-02-04 17:50 - 00208384 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-02-04 17:50 - 2014-02-04 17:50 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-02-04 17:50 - 2014-02-04 17:50 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-02-04 17:50 - 2014-02-04 17:50 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-04 17:50 - 2014-02-04 17:50 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-02-04 17:50 - 2014-02-04 17:50 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-02-04 17:50 - 2014-02-04 17:50 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-02-04 17:50 - 2014-02-04 17:50 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-02-04 17:50 - 2014-02-04 17:50 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-02-04 17:50 - 2014-02-04 17:50 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-02-04 17:50 - 2014-02-04 17:50 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-02-04 17:50 - 2014-02-04 17:50 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-02-04 17:50 - 2014-02-04 17:50 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-02-04 17:50 - 2014-02-04 17:50 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-04 17:50 - 2014-02-04 17:50 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-02-04 17:50 - 2014-02-04 17:50 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-02-04 17:50 - 2014-02-04 17:50 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-02-04 17:50 - 2014-02-04 17:50 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-02-04 17:50 - 2014-02-04 17:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-02-04 17:50 - 2014-02-04 17:50 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-02-04 17:50 - 2014-02-04 17:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-02-04 17:50 - 2014-02-04 17:50 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-02-04 17:50 - 2014-02-04 17:50 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-02-04 17:50 - 2014-02-04 17:50 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-02-04 17:50 - 2014-02-04 17:50 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-02-04 10:41 - 2013-02-18 21:51 - 00000000 ____D () C:\Users\Doris\AppData\Local\CrashDumps
2014-02-01 17:03 - 2011-10-25 17:54 - 00000000 ____D () C:\Users\Doris\AppData\Roaming\Adobe
2014-01-31 12:26 - 2014-01-28 10:22 - 00000000 ____D () C:\Windows\erdnt
2014-01-31 11:07 - 2014-01-31 11:07 - 00000347 _____ () C:\Users\Doris\Desktop\1.txt
2014-01-28 10:54 - 2009-07-13 20:37 - 00000000 __RHD () C:\Users\Default
2014-01-28 10:54 - 2009-07-13 20:37 - 00000000 ___RD () C:\Users\Public
2014-01-24 20:55 - 2013-08-17 17:36 - 00000000 ____D () C:\Users\Doris\AppData\Local\Adobe
2014-01-24 20:49 - 2014-01-24 20:49 - 00000000 ____D () C:\ProgramData\McAfee
2014-01-24 20:42 - 2011-10-25 17:16 - 00000000 ____D () C:\Program Files\WinRAR
2014-01-22 18:11 - 2014-01-22 18:11 - 00000851 _____ () C:\Users\Doris\Desktop\µTorrent.lnk
2014-01-22 18:11 - 2014-01-22 18:11 - 00000831 _____ () C:\Users\Doris\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2014-01-22 15:35 - 2014-01-17 14:41 - 00015233 _____ () C:\Users\Doris\Desktop\attach.txt
2014-01-22 15:34 - 2014-01-17 14:41 - 00011128 _____ () C:\Users\Doris\Desktop\dds.txt
2014-01-17 14:29 - 2013-07-29 11:42 - 00000000 ____D () C:\Users\Doris\AppData\Local\JDownloader 0.9
2014-01-17 14:24 - 2011-10-25 18:15 - 00000000 ____D () C:\ProgramData\Nero
2014-01-17 14:03 - 2014-01-17 14:03 - 00000500 _____ () C:\Users\Doris\Desktop\ESETScan 2014 2.txt
2014-01-16 12:36 - 2013-08-21 16:43 - 00000000 ____D () C:\Users\Doris\Desktop\Programas
2014-01-16 12:31 - 2012-02-16 13:18 - 00000000 ____D () C:\Program Files\Google
2014-01-16 12:24 - 2013-12-04 13:43 - 00000000 ____D () C:\Program Files\Canon
2014-01-16 12:09 - 2012-04-07 22:04 - 00000000 ____D () C:\Windows\Minidump
2014-01-16 12:07 - 2014-01-10 09:35 - 00000000 ____D () C:\Program Files\VideoPlayerV3
2014-01-16 12:07 - 2011-10-28 12:13 - 00000000 ____D () C:\Users\JUAN\AppData\Roaming\Adobe
2014-01-16 10:21 - 2013-09-24 17:51 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-16 10:18 - 2014-01-16 10:14 - 00005132 _____ () C:\Windows\system32\jupdate-1.7.0_51-b13.log
2014-01-16 10:18 - 2011-11-06 10:36 - 00000000 ____D () C:\Program Files\Java
2014-01-16 09:43 - 2014-01-16 09:43 - 00001067 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-16 09:43 - 2014-01-16 09:43 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-01-15 19:33 - 2009-07-13 22:33 - 02339432 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-15 18:38 - 2013-08-14 20:25 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-15 18:34 - 2011-11-02 20:37 - 83425928 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-15 17:58 - 2011-11-01 16:30 - 00000000 ____D () C:\Program Files\uTorrent
2014-01-15 13:17 - 2014-01-15 13:17 - 00000000 ____D () C:\Program Files\ESET
2014-01-15 12:32 - 2014-01-15 12:32 - 00000000 ____D () C:\Windows\ERUNT
2014-01-15 12:06 - 2014-01-15 11:32 - 00000000 ____D () C:\AdwCleaner
2014-01-14 09:54 - 2011-11-08 13:23 - 00000000 ____D () C:\Users\JUAN\AppData\Roaming\vlc
2014-01-12 17:29 - 2014-01-12 17:29 - 00000000 ____D () C:\Users\Doris\AppData\Local\Emftion
2014-01-11 20:45 - 2012-06-10 11:19 - 00000000 ____D () C:\Users\ANA\AppData\Roaming\vlc
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-02-08 10:56
 
==================== End Of Log ============================

Edited by Juanmik, 10 February 2014 - 12:13 PM.


#11 Juanmik

Juanmik
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:05:03 AM

Posted 10 February 2014 - 12:15 PM

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 09-02-2014 03
Ran by Doris at 2014-02-10 11:03:15
Running from D:\Users\Doris\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
Acoustica CD/DVD Label Maker (Version:  - )
Adobe AIR (Version: 3.9.0.1030 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.9.0.1030 - Adobe Systems Incorporated) Hidden
Adobe Digital Editions 2.0 (Version: 2.0 - Adobe Systems Incorporated)
Adobe Flash Player 12 ActiveX (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Media Player (Version: 0.0.0 - Adobe Systems Incorporated) Hidden
Adobe Media Player (Version: 1.1 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Español (Version: 11.0.06 - Adobe Systems Incorporated)
Apple Software Update (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (Version: 1.0.0.35 - Atheros Communications Inc.)
Autodesk Inventor Fusion 2012 (Version: 1.0.0.79 - Autodesk, Inc.)
Autodesk Inventor Fusion 2012 (Version: 1.0.0.79 - Autodesk, Inc.) Hidden
Autodesk Inventor Fusion 2012 Language Pack (Version: 1.0.0.79 - Autodesk, Inc.) Hidden
Autodesk Inventor Fusion plug-in for AutoCAD 2012 (Version: 0.0.1.138 - Autodesk)
Autodesk Inventor Fusion plug-in for AutoCAD 2012 (Version: 0.0.1.138 - Autodesk) Hidden
Autodesk Inventor Fusion plug-in language pack for AutoCAD 2012 (Version: 0.0.1.138 - Autodesk) Hidden
Autodesk Material Library 2012 (Version: 2.5.0.8 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2012 (Version: 2.5.0.8 - Autodesk)
avast! Free Antivirus (Version: 9.0.2013 - Avast Software)
Canon Utilities PhotoStitch (Version: 3.1.23.47 - Canon Inc.)
CCleaner (Version: 3.03 - Piriform)
CEP (Color Enable Package) v.9.2 (beta) (Version: 9.2 (beta) - Numenor, for ModTheSims2)
Compatibilidad con Aplicaciones de Apple (Version: 2.3.4 - Apple Inc.)
DAEMON Tools Lite (Version: 4.47.1.0335 - Disc Soft Ltd)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (Version:  - Microsoft)
DVD Flick 1.3.0.7 (Version: 1.3.0.7 - Dennis Meuwissen)
Facebook Video Calling 2.0.0.447 (Version: 2.0.447 - Skype Limited)
FARO LS 1.1.406.58 (Version: 4.6.58.2 - FARO Scanner Production)
FreeOCR v4.2 (Version:  - )
Google Chrome (Version: 32.0.1700.107 - Google Inc.)
Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden
ImgBurn (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.1892 - Intel Corporation)
Intel® TV Wizard (Version:  - Intel Corporation)
IrfanView (remove only) (Version: 4.36 - Irfan Skiljan)
Java 7 Update 51 (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
LightScribe System Software (Version: 1.18.6.1 - LightScribe)
Los Sims 2 (Version:  - )
Los Sims 2 Abren Negocios (Version:  - )
Los Sims 2 Universitarios (Version:  - )
Los Sims 2: Noctámbulos (Version:  - )
Los Sims™ 2 Bon Voyage (Version:  - Electronic Arts)
Los Sims™ 2 Cocina y Baño Diseño de Interiores Accesorios (Version:  - Electronic Arts)
Los Sims™ 2 Comparten Piso (Version:  - Electronic Arts)
Los Sims™ 2 H&M® Moda Accesorios (Version:  - )
Los Sims™ 2 IKEA® Accesorios para el hogar (Version:  - Electronic Arts)
Los Sims™ 2 Mansiones y Jardines Accesorios (Version:  - Electronic Arts)
Los Sims™ 2 Todo Glamour Accesorios (Version:  - )
Los Sims™ 2 y Las Cuatro Estaciones (Version:  - )
Malwarebytes Anti-Malware versión 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Basque) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Catalan) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Galician) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Portuguese (Brazil)) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (Spanish) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Primary Interoperability Assemblies 2005 (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)
Platform (Version: 1.36 - VIA Technologies, Inc.) Hidden
QuickTime (Version: 7.74.80.86 - Apple Inc.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version:  - Microsoft) Hidden
Sims2Pack Clean Installer (Version:  - )
Skype™ 6.11 (Version: 6.11.102 - Skype Technologies S.A.)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (Version:  - Microsoft)
VBA (2627.01) (Version: 6.03.00.9402 - Microsoft Corporation) Hidden
VBA (2627.4) (Version: 6.03.00.9402 - Microsoft Corporation) Hidden
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VIA Administrador de dispositivos de plataforma (Version: 1.36 - VIA Technologies, Inc.)
VLC media player 2.1.2 (Version: 2.1.2 - VideoLAN)
Windows Media Player Firefox Plugin (Version: 1.0.0.8 - Microsoft Corp)
Windows Movie Maker 2.6 (Version: 2.6.4037.0 - Microsoft Corporation)
WinRAR 5.01 (32-bit) (Version: 5.01.0 - win.rar GmbH)
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
2009-07-13 20:04 - 2014-01-31 12:35 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {085FE5C1-4A30-4042-9006-F604277F7AFE} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1167016168-3567840934-799961921-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {09111DCA-52AB-4F18-B28E-C51B8260C8CC} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1167016168-3567840934-799961921-1000Core => C:\Users\Doris\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)
Task: {3A81C6E4-D39E-4813-AD71-CFBF775B83C3} - System32\Tasks\{A72ED35B-45B5-4DD0-B667-CADE2ED50B44} => C:\Program Files\EA GAMES\Los Sims 2\TSBin\Sims2.exe [2005-09-27] (Maxis, a division of Electronic Arts Inc.)
Task: {4914F7C0-ED5E-4E80-9397-357149C29E0C} - System32\Tasks\{86FEB58A-8261-4619-A33E-066B36172E91} => C:\Program Files\EA GAMES\Los Sims 2\TSBin\Sims2.exe [2005-09-27] (Maxis, a division of Electronic Arts Inc.)
Task: {53302BF7-142A-4B42-8D54-DB7F811B1A76} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-05] (Adobe Systems Incorporated)
Task: {6AB3BED8-8C3E-4C43-99C9-C242CFE1168B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {7AABA7C0-34B7-4C1B-B76A-62D42FA099B7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-02-16] (Google Inc.)
Task: {93C788C8-E224-4ED8-A98F-689A094E7BFC} - System32\Tasks\{AB881937-61A9-4C9F-9FC4-BAB49F85B3D3} => J:\Software\Autocad2008\AUTOCAD 2008\A08.SPA.wWw.PcLoCa.Com\x86\Setup.exe
Task: {A04CAEFE-B5A8-46EB-8D27-83BA8A6522DB} - System32\Tasks\{1E426BCF-CCB3-42AE-9AE2-D1DAC3CF8946} => C:\Program Files\Hotspot Shield\bin\openvpntray.exe
Task: {AABB2506-878B-43C4-B864-8912CF82AF86} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1167016168-3567840934-799961921-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {C8AACA25-570E-48CE-AA93-5A7E1D790282} - System32\Tasks\{4B5C7632-3B9F-42A7-B787-E9F54036DC57} => C:\Program Files\EA GAMES\Los Sims 2\TSBin\Sims2.exe [2005-09-27] (Maxis, a division of Electronic Arts Inc.)
Task: {D837D016-18E5-4D0E-8296-B26254DD0CAC} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1167016168-3567840934-799961921-1000UA => C:\Users\Doris\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)
Task: {DF1A57E1-2E55-417B-ACE5-7CB0816DF05B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-02-16] (Google Inc.)
Task: {F6F8E638-11B3-4A60-BE80-0F0EFC119917} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-02-09] (AVAST Software)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1167016168-3567840934-799961921-1000Core.job => C:\Users\Doris\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1167016168-3567840934-799961921-1000UA.job => C:\Users\Doris\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SidebarExecute.job => C:\Program Files\Windows Sidebar\sidebar.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-01-12 17:29 - 2014-01-12 17:29 - 00028672 _____ () C:\Users\Doris\AppData\Local\Emftion\HandlerEventImage.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2011-10-25 17:20 - 2011-02-22 00:02 - 00080496 _____ () C:\Program Files\VIA\VIAudioi\VDeck\QsApoApi.dll
2011-10-25 17:20 - 2011-02-22 00:02 - 00113264 _____ () C:\Program Files\VIA\VIAudioi\VDeck\Dts2ApoApi.dll
2011-10-25 17:20 - 2011-02-22 00:02 - 00623216 _____ () C:\Program Files\VIA\VIAudioi\VDeck\Skin.dll
2013-10-23 18:21 - 2013-10-23 18:21 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-02-03 23:11 - 2014-02-01 17:41 - 00715592 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.107\libglesv2.dll
2014-02-03 23:11 - 2014-02-01 17:41 - 00100168 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.107\libegl.dll
2014-02-03 23:11 - 2014-02-01 17:42 - 04055368 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.107\pdf.dll
2014-02-03 23:11 - 2014-02-01 17:42 - 00399688 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll
2014-02-03 23:11 - 2014-02-01 17:41 - 01634632 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.107\ffmpegsumo.dll
2014-02-03 23:11 - 2014-02-01 17:42 - 13616456 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Faulty Device Manager Devices =============
 
Name: adfs
Description: adfs
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: adfs
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/09/2014 10:03:56 AM) (Source: VSS) (User: )
Description: Error del Servicio de instantáneas de volumen: error inesperado al consultar la interfaz IVssWriterCallback. HR = 0x80070005, Acceso denegado.
.
A menudo ocurre por una configuración de seguridad incorrecta en el proceso de escritura o de solicitud.
 
 
Operación:
   Recopilando datos del escritor
 
Contexto:
   Id. de clase del escritor: {e8132975-6f93-4464-a53e-1050253ae220}
   Nombre del escritor: System Writer
   Id. de instancia del escritor: {d3a8b3b0-4922-4b68-a3b3-92e525efe1e7}
 
Error: (02/08/2014 00:48:10 PM) (Source: System Restore) (User: )
Description: No se pudo crear el punto de restauración programado. Información adicional: (0x81000101).
 
Error: (02/08/2014 00:48:07 PM) (Source: System Restore) (User: )
Description: No se pudo crear el punto de restauración (proceso = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; descripción = Punto de control programado; error = 0x81000101).
 
Error: (02/06/2014 10:29:14 PM) (Source: Google Update) (User: Doris-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s
 
Error: (02/05/2014 03:43:00 PM) (Source: System Restore) (User: )
Description: No se pudo crear el punto de restauración (proceso = C:\Windows\system32\wbem\wmiprvse.exe; descripción = ComboFix created restore point; error = 0x800706be).
 
Error: (02/05/2014 01:29:19 PM) (Source: Google Update) (User: Doris-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s
 
Error: (02/04/2014 10:40:53 AM) (Source: Application Error) (User: )
Description: Nombre de la aplicación con errores: EXCEL.EXE, versión: 14.0.7109.5000, marca de tiempo: 0x522a4031
Nombre del módulo con errores: EXCEL.EXE, versión: 14.0.7109.5000, marca de tiempo: 0x522a4031
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x00401fd6
Id. del proceso con errores: 0x8f4
Hora de inicio de la aplicación con errores: 0xEXCEL.EXE0
Ruta de acceso de la aplicación con errores: EXCEL.EXE1
Ruta de acceso del módulo con errores: EXCEL.EXE2
Id. del informe: EXCEL.EXE3
 
Error: (02/03/2014 10:29:18 PM) (Source: Google Update) (User: Doris-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s
 
Error: (02/01/2014 10:58:40 AM) (Source: Application Error) (User: )
Description: Nombre de la aplicación con errores: AvastUI.exe, versión: 9.0.2011.263, marca de tiempo: 0x52af800a
Nombre del módulo con errores: ole32.DLL, versión: 6.1.7601.17514, marca de tiempo: 0x4ce7b96f
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x0002d7f1
Id. del proceso con errores: 0xd54
Hora de inicio de la aplicación con errores: 0xAvastUI.exe0
Ruta de acceso de la aplicación con errores: AvastUI.exe1
Ruta de acceso del módulo con errores: AvastUI.exe2
Id. del informe: AvastUI.exe3
 
Error: (01/31/2014 10:29:27 AM) (Source: Google Update) (User: Doris-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s
 
 
System errors:
=============
Error: (02/10/2014 10:04:28 AM) (Source: Service Control Manager) (User: )
Description: El servicio adfs no pudo iniciarse debido al siguiente error: 
%%2
 
Error: (02/10/2014 10:04:12 AM) (Source: Microsoft-Windows-Kernel-Processor-Power) (User: NT AUTHORITY)
Description: Se deshabilitaron algunas características de administración de energía en estado de rendimiento del procesador debido a un problema conocido de firmware. Consulte al fabricante del equipo si hay firmware actualizado.
 
Error: (02/10/2014 00:19:53 AM) (Source: DCOM) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (02/09/2014 09:47:29 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
 
Error: (02/09/2014 07:38:05 PM) (Source: volsnap) (User: )
Description: Se anularon las instantáneas del volumen C: porque el almacenamiento de instantáneas no pudo crecer debido a un límite impuesto por el usuario.
 
Error: (02/09/2014 03:36:08 PM) (Source: Service Control Manager) (User: )
Description: El servicio adfs no pudo iniciarse debido al siguiente error: 
%%2
 
Error: (02/09/2014 03:35:49 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (User: NT AUTHORITY)
Description: Se deshabilitaron algunas características de administración de energía en estado de rendimiento del procesador debido a un problema conocido de firmware. Consulte al fabricante del equipo si hay firmware actualizado.
 
Error: (02/09/2014 09:58:17 AM) (Source: Service Control Manager) (User: )
Description: El servicio adfs no pudo iniciarse debido al siguiente error: 
%%2
 
Error: (02/09/2014 09:58:02 AM) (Source: Microsoft-Windows-Kernel-Processor-Power) (User: NT AUTHORITY)
Description: Se deshabilitaron algunas características de administración de energía en estado de rendimiento del procesador debido a un problema conocido de firmware. Consulte al fabricante del equipo si hay firmware actualizado.
 
Error: (02/08/2014 10:05:15 PM) (Source: Service Control Manager) (User: )
Description: El servicio adfs no pudo iniciarse debido al siguiente error: 
%%2
 
 
Microsoft Office Sessions:
=========================
Error: (02/09/2014 10:03:56 AM) (Source: VSS)(User: )
Description: 0x80070005, Acceso denegado.
 
 
Operación:
   Recopilando datos del escritor
 
Contexto:
   Id. de clase del escritor: {e8132975-6f93-4464-a53e-1050253ae220}
   Nombre del escritor: System Writer
   Id. de instancia del escritor: {d3a8b3b0-4922-4b68-a3b3-92e525efe1e7}
 
Error: (02/08/2014 00:48:10 PM) (Source: System Restore)(User: )
Description: 0x81000101
 
Error: (02/08/2014 00:48:07 PM) (Source: System Restore)(User: )
Description: C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreationPunto de control programado0x81000101
 
Error: (02/06/2014 10:29:14 PM) (Source: Google Update)(User: Doris-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s
 
Error: (02/05/2014 03:43:00 PM) (Source: System Restore)(User: )
Description: C:\Windows\system32\wbem\wmiprvse.exeComboFix created restore point0x800706be
 
Error: (02/05/2014 01:29:19 PM) (Source: Google Update)(User: Doris-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s
 
Error: (02/04/2014 10:40:53 AM) (Source: Application Error)(User: )
Description: EXCEL.EXE14.0.7109.5000522a4031EXCEL.EXE14.0.7109.5000522a4031c000000500401fd68f401cf21c7cb4fe852C:\Program Files\Microsoft Office\Office14\EXCEL.EXEC:\Program Files\Microsoft Office\Office14\EXCEL.EXE1c791086-8dbb-11e3-9c00-002522e24d2d
 
Error: (02/03/2014 10:29:18 PM) (Source: Google Update)(User: Doris-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s
 
Error: (02/01/2014 10:58:40 AM) (Source: Application Error)(User: )
Description: AvastUI.exe9.0.2011.26352af800aole32.DLL6.1.7601.175144ce7b96fc00000050002d7f1d5401cf1f6e599610e8C:\Program Files\AVAST Software\Avast\AvastUI.exeC:\Windows\system32\ole32.DLL18df9fc0-8b62-11e3-a7d7-002522e24d2d
 
Error: (01/31/2014 10:29:27 AM) (Source: Google Update)(User: Doris-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 49%
Total physical RAM: 2813.09 MB
Available physical RAM: 1413.07 MB
Total Pagefile: 5622.41 MB
Available Pagefile: 3976.04 MB
Total Virtual: 2047.88 MB
Available Virtual: 1912.96 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:51.39 GB) (Free:2.12 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: () (Fixed) (Total:97.65 GB) (Free:8.06 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149 GB) (Disk ID: E484E484)
Partition 1: (Active) - (Size=51 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=98 GB) - (Type=OF Extended)
 
==================== End Of Log ============================


#12 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:03 PM

Posted 25 February 2014 - 06:05 AM

I'm sorry I missed your post.


Download 51a5f31352b88-icon_MBAR.pngMalwarebytes Anti-Rootkit to your desktop.
  • Double-click "mbar.exe" to start the tool.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder and paste the content of the following files in your next reply:
    • "mbar-log-{date} (xx-xx-xx).txt"
    • "system-log.txt"


#13 Juanmik

Juanmik
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:05:03 AM

Posted 25 February 2014 - 04:04 PM

Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org
 
Database version: v2014.02.25.09
 
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 11.0.9600.16518
Doris :: DORIS-PC [administrator]
 
25/02/2014 13:12:41
mbar-log-2014-02-25 (13-12-41).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Kernel memory modifications detected. Deep Anti-Rootkit Scan engaged.
Objects scanned: 266016
Time elapsed: 52 minute(s), 47 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x86
 
Account is Administrative
 
Internet Explorer version: 11.0.9600.16518
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 3.058000 GHz
Memory total: 2949734400, free: 1716342784
 
Downloaded database version: v2014.02.25.09
Downloaded database version: v2014.02.20.01
=======================================
Initializing...
------------ Kernel report ------------
     02/25/2014 13:12:30
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\halmacpi.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\sptd.sys
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\intelide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\vmbus.sys
\SystemRoot\system32\drivers\winhv.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\System32\Drivers\aswVmm.sys
\SystemRoot\System32\Drivers\aswRvrt.sys
\SystemRoot\system32\DRIVERS\dtsoftbus01.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\??\C:\Windows\system32\drivers\aswSnx.sys
\??\C:\Windows\system32\drivers\aswSP.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\??\C:\Windows\system32\drivers\aswRdr2.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vpcnfltr.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\vpcvmm.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\igdkmd32.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\L1C62x86.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\drivers\i8042prt.sys
\SystemRoot\system32\drivers\kbdclass.sys
\SystemRoot\system32\drivers\mouclass.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\vpcusb.sys
\SystemRoot\system32\DRIVERS\usbrpm.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\vpchbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\viahduaa.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\aswMonFlt.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\parvdm.sys
\SystemRoot\system32\DRIVERS\idmwfp.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\??\C:\Windows\system32\drivers\aswStm.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\usp10.dll
\Windows\System32\clbcatq.dll
\Windows\System32\sechost.dll
\Windows\System32\difxapi.dll
\Windows\System32\gdi32.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\oleaut32.dll
\Windows\System32\nsi.dll
\Windows\System32\normaliz.dll
\Windows\System32\urlmon.dll
\Windows\System32\setupapi.dll
\Windows\System32\wininet.dll
\Windows\System32\lpk.dll
\Windows\System32\msctf.dll
\Windows\System32\comdlg32.dll
\Windows\System32\psapi.dll
\Windows\System32\msvcrt.dll
\Windows\System32\advapi32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\ws2_32.dll
\Windows\System32\kernel32.dll
\Windows\System32\Wldap32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\iertutil.dll
\Windows\System32\user32.dll
\Windows\System32\ole32.dll
\Windows\System32\shell32.dll
\Windows\System32\imm32.dll
\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
\Windows\System32\crypt32.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff86d758c0
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000072\
Lower Device Object: 0xffffffff86d72688
Lower Device Driver Name: \Driver\USBSTOR\
IRP handler 0 of \Driver\USBSTOR points to an unknown module
Unhooking enabled.
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff86d758c0
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000072\
Lower Device Object: 0xffffffff86d72688
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
Initialization returned 0x0
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff85ede5f8
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xffffffff8512d908
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
Initialization returned 0x0
Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0)
Load Function returned 0x0
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff85ede5f8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff85ede230, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff85ede5f8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff85df4918, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff8512d908, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xffffffffc2fc2828, 0xffffffff85ede5f8, 0xffffffff857cfac8
Lower DeviceData: 0xffffffffb3bccc80, 0xffffffff8512d908, 0xffffffff85538e40
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: E484E484
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 107763957
    Partition file system is NTFS
    Partition is bootable
 
    Partition 1 type is Extended with LBA (0xf)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 107764020  Numsec = 204796620
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 160041885696 bytes
Sector size: 512 bytes
 
Scanning physical sectors of unpartitioned space on drive 0 (1-62-312561808-312581808)...
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xffffffff86d758c0, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff86d75020, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff86d758c0, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xffffffff86d72688, DeviceName: \Device\00000072\, DriverName: \Driver\USBSTOR\
------------ End ----------
<<<2>>>
<<<3>>>
Volume: D:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scan finished
=======================================
 
 
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-63-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
 


#14 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:03 PM

Posted 25 February 2014 - 04:30 PM

Are there still these warnings from Avast?
We need a fresh FRST log:


Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste this log in your next reply.


#15 Juanmik

Juanmik
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:05:03 AM

Posted 26 February 2014 - 02:22 PM

Hello,

 

There are no more warnings from Avast. Two days ago I ran Eset Online Scanner, to see if the abscense of warnings was due to my computer being clean. But it still found some trojans, I can't find the log file of that day. So I am running Eset again. maybe what I need is a new antivirus.

 

FRST Analysis (done before Eset):

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-02-2014 01
Ran by Doris (administrator) on DORIS-PC on 26-02-2014 10:06:46
Running from D:\Users\Doris\Downloads
Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: Spanish Modern Sort
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(VIA Technologies, Inc.) C:\Windows\system32\viakaraokesrv.exe
(VIA) C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [HDAudDeck] - C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe [2145904 2011-02-22] (VIA)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [Wondershare Helper Compact.exe] - C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1686528 2012-03-27] (Wondershare)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-02-09] (AVAST Software)
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [280576 2013-06-04] (Microsoft Corporation)
HKU\S-1-5-21-1167016168-3567840934-799961921-1000\...\Run: [DAEMON Tools Lite] - C:\Program Files\DAEMON Tools Lite\DTLite.exe [3673184 2013-07-03] (Disc Soft Ltd)
HKU\S-1-5-21-1167016168-3567840934-799961921-1000\...\Run: [Emftion] - regsvr32.exe C:\Users\Doris\AppData\Local\Emftion\HandlerEventImage.dll <===== ATTENTION
Startup: C:\Users\JUAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Doris\AppData\Roaming\Dropbox\bin\Dropbox.exe (No File)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF93DBA4D7693CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = es
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {295516A5-2EE6-420C-9454-6130B1C0217B} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b2ie7
SearchScopes: HKCU - {976FE0D7-9323-40D4-821F-576FD671AA61} URL = http://www.google.com/search?q={searchTerms}
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} -  No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{F59A3707-D191-4FE7-A96D-AC2EAA0FD84B}: [NameServer]200.91.75.6,8.8.8.8
 
Chrome: 
=======
CHR HomePage: hxxp://google.com/
CHR DefaultNewTabURL: 
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\33.0.1750.117\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\33.0.1750.117\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\33.0.1750.117\pdf.dll ()
CHR Plugin: (Skype Click to Call) - C:\Users\Doris\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U11) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Doris\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll No File
CHR Extension: (Entanglement Web App) - C:\Users\Doris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2013-10-09]
CHR Extension: (Google Docs) - C:\Users\Doris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-01-19]
CHR Extension: (Lucidchart Diagramas - Online) - C:\Users\Doris\AppData\Local\Google\Chrome\User Data\Default\Extensions\apboafhkiegglekeafbckfjldecefkhn [2013-10-09]
CHR Extension: (Google Drive) - C:\Users\Doris\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-01-19]
CHR Extension: (Ribbet! Photo Editor) - C:\Users\Doris\AppData\Local\Google\Chrome\User Data\Default\Extensions\bikpkcdadljalhghbbipfkkhocppkhob [2013-08-02]
CHR Extension: (YouTube) - C:\Users\Doris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-19]
CHR Extension: (Búsqueda de Google) - C:\Users\Doris\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-19]
CHR Extension: (Search by Image (by Google)) - C:\Users\Doris\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm [2013-10-09]
CHR Extension: (Chinese Tutor Flashcards) - C:\Users\Doris\AppData\Local\Google\Chrome\User Data\Default\Extensions\egbbefchlgcnhjoncjebmkffamidfhae [2013-10-09]
CHR Extension: (Unit Convertor) - C:\Users\Doris\AppData\Local\Google\Chrome\User Data\Default\Extensions\eopnphfocejllklfamlopocijfjmpihi [2013-10-09]
CHR Extension: (Dictionary.com Extension) - C:\Users\Doris\AppData\Local\Google\Chrome\User Data\Default\Extensions\epkhgmlgiomobdlofllfmoejgjdojknn [2013-10-09]
CHR Extension: (Web Lab) - C:\Users\Doris\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgacgeibpdjllcjckbmgecpahipdjabe [2013-10-09]
CHR Extension: (Japanese Kana) - C:\Users\Doris\AppData\Local\Google\Chrome\User Data\Default\Extensions\hnhmomiblghhhfjleapinggmnjhinign [2013-10-09]
CHR Extension: (World Time Buddy) - C:\Users\Doris\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdhpjomiingppeefgnohkiapmnaeakoj [2013-10-09]
CHR Extension: (The Ultimate Free Stock Photo Search Addon) - C:\Users\Doris\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhpcplnfjajjmfnpahacllcleijddbap [2013-10-09]
CHR Extension: (Prueba de mecanografía - KeyHero) - C:\Users\Doris\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkcieoaeooeidmpaopkpjpjfakidlabm [2013-10-09]
CHR Extension: (Autodesk Homestyler) - C:\Users\Doris\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdmmkfaghgcicheaimnpffeeekheafkb [2013-10-09]
CHR Extension: (Movi Kanti Revo) - C:\Users\Doris\AppData\Local\Google\Chrome\User Data\Default\Extensions\kkdkcgeghhfjiglphfppinecpcpnnbne [2013-08-02]
CHR Extension: (Flower Birdie) - C:\Users\Doris\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmachmaeecbidjjclialaakeffcigiag [2014-01-03]
CHR Extension: (Learn Japanese Free - JapanesePod101.com) - C:\Users\Doris\AppData\Local\Google\Chrome\User Data\Default\Extensions\kndfdlmlcglgbpffaippjfioidjnkpjf [2013-10-09]
CHR Extension: (Konnichi wa Japón) - C:\Users\Doris\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdfdnaliaclmjmbfdjeloceogmdofhke [2013-10-09]
CHR Extension: (Google Wallet) - C:\Users\Doris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Origami Player) - C:\Users\Doris\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiomepakkenneiifjocbinkmmampfbdn [2013-10-09]
CHR Extension: (Palette para Chrome) - C:\Users\Doris\AppData\Local\Google\Chrome\User Data\Default\Extensions\oolpphfmdmjbojolagcbgdemojhcnlod [2013-10-09]
CHR Extension: (Psykopaint) - C:\Users\Doris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgjchkcfmigkkhedgjedmffdepgmpfil [2013-10-09]
CHR Extension: (Gmail) - C:\Users\Doris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-19]
CHR Extension: (Spot The Differences!) - C:\Users\Doris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pniinickecbjegedmgagmgikbolfgaij [2013-10-09]
CHR HKLM\...\Chrome\Extension: [ceikklieffoecpdlmfcdebiimbfjiofp] - C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha934\ch\WebexpEnhancedV1alpha934.crx [2013-10-09]
CHR HKLM\...\Chrome\Extension: [mhbkpgkjpamabmkcbegecpomahldalif] - C:\Program Files\VideoPlayerV3\VideoPlayerV3beta358\ch\VideoPlayerV3beta358.crx [2013-10-09]
CHR HKLM\...\Chrome\Extension: [npiecjlhkngdinoeekmccdbjdgclmnbk] - C:\Users\Doris\AppData\Local\CRE\npiecjlhkngdinoeekmccdbjdgclmnbk.crx [2013-10-09]
CHR HKCU\...\Chrome\Extension: [npiecjlhkngdinoeekmccdbjdgclmnbk] - C:\Users\Doris\AppData\Local\CRE\npiecjlhkngdinoeekmccdbjdgclmnbk.crx [2013-10-09]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
========================== Services (Whitelisted) =================
 
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-09] (AVAST Software)
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1044816 2011-10-25] (Flexera Software, Inc.)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2011-02-17] (VIA Technologies, Inc.)
 
==================== Drivers (Whitelisted) ====================
 
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-02-09] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [79720 2013-10-23] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2013-10-23] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [775952 2014-02-09] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [410784 2014-02-09] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [64168 2014-02-09] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180248 2013-12-28] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2013-07-15] (Disc Soft Ltd)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [466008 2013-07-15] (Duplex Secure Ltd.)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [37064 2013-02-21] (Anchorfree Inc.)
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1801328 2011-02-17] (VIA Technologies, Inc.)
R3 vpcbus; C:\Windows\System32\DRIVERS\vpchbus.sys [172416 2010-11-20] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [48128 2010-11-20] (Microsoft Corporation)
R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2010-11-20] (Microsoft Corporation)
R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [296064 2010-11-20] (Microsoft Corporation)
S2 adfs; No ImagePath
S3 catchme; \??\C:\Users\Doris\AppData\Local\Temp\catchme.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-02-25 22:55 - 2014-02-26 09:52 - 00000112 _____ () C:\Windows\setupact.log
2014-02-25 22:55 - 2014-02-25 22:55 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-25 13:12 - 2014-02-25 14:47 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-25 13:12 - 2014-02-25 13:12 - 00107224 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-02-25 13:11 - 2014-02-25 14:47 - 00000000 ____D () C:\Users\Doris\Desktop\mbar
2014-02-25 13:11 - 2014-02-25 13:11 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-02-19 21:49 - 2014-02-19 21:49 - 00000000 ____D () C:\Users\JUAN\AppData\Local\Wondershare
2014-02-16 18:26 - 2014-02-18 14:09 - 00000000 ____D () C:\Users\Doris\AppData\Roaming\Simple Sudoku
2014-02-16 18:26 - 2014-02-16 18:26 - 00000000 ____D () C:\Program Files\Simple Sudoku
2014-02-16 15:49 - 2014-02-16 15:49 - 00000000 ____D () C:\Users\Doris\Desktop\chatsync
2014-02-16 15:49 - 2014-02-16 15:43 - 02379776 _____ () C:\Users\Doris\Desktop\main.db
2014-02-16 15:42 - 2014-02-16 15:42 - 00002685 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-02-16 15:42 - 2014-02-16 15:42 - 00000000 ___RD () C:\Program Files\Skype
2014-02-16 15:42 - 2014-02-16 15:42 - 00000000 ____D () C:\Users\Doris\AppData\Local\Skype
2014-02-16 15:42 - 2014-02-16 15:42 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-02-14 14:41 - 2014-02-13 22:11 - 00045872 _____ () C:\Users\JUAN\Desktop\ESTADOS FINANCIEROS EMPRESA X - Practica Clase.xlsx
2014-02-12 18:01 - 2014-02-06 04:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-12 18:01 - 2014-02-06 04:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-12 18:01 - 2014-02-06 04:19 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-12 18:01 - 2014-02-06 04:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-12 18:01 - 2014-02-06 04:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-12 18:01 - 2014-02-06 03:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-12 18:01 - 2014-02-06 03:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-12 18:01 - 2014-02-06 03:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-12 18:01 - 2014-02-06 03:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-12 18:01 - 2014-02-06 03:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-12 18:01 - 2014-02-06 03:47 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-12 18:01 - 2014-02-06 03:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-12 18:01 - 2014-02-06 03:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-12 18:01 - 2014-02-06 03:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-12 18:01 - 2014-02-06 03:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-12 18:01 - 2014-02-06 03:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-12 18:01 - 2014-02-06 03:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-12 18:01 - 2014-02-06 03:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-12 18:01 - 2014-02-06 02:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-12 18:01 - 2014-02-06 02:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-12 18:01 - 2014-02-06 02:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-12 17:41 - 2013-12-21 02:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-12 11:28 - 2013-12-31 17:05 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-12 11:28 - 2013-12-05 20:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-12 11:28 - 2013-12-05 20:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-12 11:27 - 2013-12-24 17:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-12 11:27 - 2013-12-03 20:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-12 11:27 - 2013-12-03 20:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-12 11:27 - 2013-12-03 20:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-12 11:27 - 2013-12-03 20:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-12 11:27 - 2013-12-03 20:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-12 11:27 - 2013-12-03 19:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-12 11:27 - 2013-12-03 19:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-12 11:27 - 2013-12-03 19:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-12 11:27 - 2013-12-03 19:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-12 11:27 - 2013-11-26 02:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-02-08 12:05 - 2014-02-08 12:05 - 00000000 ____D () C:\Users\JUAN\AppData\Roaming\Malwarebytes
2014-02-05 16:46 - 2014-02-05 16:46 - 00127393 _____ () C:\Users\Doris\Desktop\Combofix 05 Feb 2014.txt
2014-02-05 16:06 - 2014-02-05 16:06 - 00127393 _____ () C:\ComboFix.txt
2014-02-04 17:50 - 2014-02-04 17:50 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-02-04 17:50 - 2014-02-04 17:50 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-02-04 17:50 - 2014-02-04 17:50 - 00645120 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-02-04 17:50 - 2014-02-04 17:50 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-02-04 17:50 - 2014-02-04 17:50 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-04 17:50 - 2014-02-04 17:50 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-02-04 17:50 - 2014-02-04 17:50 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-02-04 17:50 - 2014-02-04 17:50 - 00244736 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-02-04 17:50 - 2014-02-04 17:50 - 00238288 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-02-04 17:50 - 2014-02-04 17:50 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-04 17:50 - 2014-02-04 17:50 - 00208384 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-02-04 17:50 - 2014-02-04 17:50 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-02-04 17:50 - 2014-02-04 17:50 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-02-04 17:50 - 2014-02-04 17:50 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-02-04 17:50 - 2014-02-04 17:50 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-02-04 17:50 - 2014-02-04 17:50 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-02-04 17:50 - 2014-02-04 17:50 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-02-04 17:50 - 2014-02-04 17:50 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-02-04 17:50 - 2014-02-04 17:50 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-02-04 17:50 - 2014-02-04 17:50 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-02-04 17:50 - 2014-02-04 17:50 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-02-04 17:50 - 2014-02-04 17:50 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-02-04 17:50 - 2014-02-04 17:50 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-04 17:50 - 2014-02-04 17:50 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-02-04 17:50 - 2014-02-04 17:50 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-02-04 17:50 - 2014-02-04 17:50 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-02-04 17:50 - 2014-02-04 17:50 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-02-04 17:50 - 2014-02-04 17:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-02-04 17:50 - 2014-02-04 17:50 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-02-04 17:50 - 2014-02-04 17:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-02-04 17:50 - 2014-02-04 17:50 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-02-04 17:50 - 2014-02-04 17:50 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-02-04 17:50 - 2014-02-04 17:50 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-02-04 17:50 - 2014-02-04 17:50 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-01-31 11:07 - 2014-01-31 11:07 - 00000347 _____ () C:\Users\Doris\Desktop\1.txt
2014-01-28 10:24 - 2011-06-26 00:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-01-28 10:24 - 2010-11-07 11:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-01-28 10:24 - 2009-04-19 22:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-01-28 10:24 - 2000-08-30 18:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-01-28 10:24 - 2000-08-30 18:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-01-28 10:24 - 2000-08-30 18:00 - 00098816 _____ () C:\Windows\sed.exe
2014-01-28 10:24 - 2000-08-30 18:00 - 00080412 _____ () C:\Windows\grep.exe
2014-01-28 10:24 - 2000-08-30 18:00 - 00068096 _____ () C:\Windows\zip.exe
2014-01-28 10:23 - 2014-02-05 16:06 - 00000000 ____D () C:\Qoobox
2014-01-28 10:22 - 2014-01-31 12:26 - 00000000 ____D () C:\Windows\erdnt
 
==================== One Month Modified Files and Folders =======
 
2014-02-26 10:11 - 2012-02-16 13:18 - 00001086 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-26 10:06 - 2014-01-25 14:36 - 00000000 ____D () C:\FRST
2014-02-26 09:59 - 2013-06-09 20:53 - 01088400 _____ () C:\Windows\WindowsUpdate.log
2014-02-26 09:58 - 2012-11-01 10:42 - 00000838 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-26 09:53 - 2012-02-16 13:18 - 00001082 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-26 09:52 - 2014-02-25 22:55 - 00000112 _____ () C:\Windows\setupact.log
2014-02-26 09:52 - 2009-07-13 22:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-25 22:55 - 2014-02-25 22:55 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-25 19:32 - 2012-05-24 19:07 - 00001116 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1167016168-3567840934-799961921-1000UA.job
2014-02-25 19:32 - 2012-05-24 19:07 - 00001094 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1167016168-3567840934-799961921-1000Core.job
2014-02-25 14:47 - 2014-02-25 13:12 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-25 14:47 - 2014-02-25 13:11 - 00000000 ____D () C:\Users\Doris\Desktop\mbar
2014-02-25 13:53 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-02-25 13:12 - 2014-02-25 13:12 - 00107224 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-02-25 13:11 - 2014-02-25 13:11 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-02-25 11:14 - 2012-06-12 17:00 - 00409254 _____ () C:\Windows\system32\perfh011.dat
2014-02-25 11:14 - 2012-06-12 17:00 - 00122640 _____ () C:\Windows\system32\perfc011.dat
2014-02-25 11:14 - 2011-10-25 17:22 - 02179850 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-24 13:56 - 2009-07-13 22:34 - 00014016 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-24 13:56 - 2009-07-13 22:34 - 00014016 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-24 13:50 - 2011-11-01 16:29 - 00000000 ____D () C:\Users\Doris\AppData\Roaming\uTorrent
2014-02-23 19:17 - 2011-11-05 19:20 - 00000000 ____D () C:\Users\Doris\AppData\Roaming\vlc
2014-02-22 17:19 - 2012-01-22 15:08 - 00000000 ___RD () C:\Users\JUAN\Dropbox
2014-02-21 21:59 - 2012-04-01 22:26 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-21 21:59 - 2011-11-09 20:11 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-19 21:49 - 2014-02-19 21:49 - 00000000 ____D () C:\Users\JUAN\AppData\Local\Wondershare
2014-02-19 15:34 - 2011-10-25 17:13 - 00000000 ____D () C:\Users\Doris
2014-02-19 13:16 - 2012-01-22 14:53 - 00000000 ____D () C:\Users\JUAN\AppData\Roaming\Dropbox
2014-02-18 14:09 - 2014-02-16 18:26 - 00000000 ____D () C:\Users\Doris\AppData\Roaming\Simple Sudoku
2014-02-18 09:03 - 2009-07-13 22:53 - 00032642 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-16 18:26 - 2014-02-16 18:26 - 00000000 ____D () C:\Program Files\Simple Sudoku
2014-02-16 15:57 - 2012-05-20 19:24 - 00000000 ____D () C:\Users\Doris\AppData\Roaming\Skype
2014-02-16 15:49 - 2014-02-16 15:49 - 00000000 ____D () C:\Users\Doris\Desktop\chatsync
2014-02-16 15:43 - 2014-02-16 15:49 - 02379776 _____ () C:\Users\Doris\Desktop\main.db
2014-02-16 15:42 - 2014-02-16 15:42 - 00002685 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-02-16 15:42 - 2014-02-16 15:42 - 00000000 ___RD () C:\Program Files\Skype
2014-02-16 15:42 - 2014-02-16 15:42 - 00000000 ____D () C:\Users\Doris\AppData\Local\Skype
2014-02-16 15:42 - 2014-02-16 15:42 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-02-16 15:42 - 2012-05-20 17:16 - 00000000 ____D () C:\ProgramData\Skype
2014-02-16 00:19 - 2011-11-08 13:23 - 00000000 ____D () C:\Users\JUAN\AppData\Roaming\vlc
2014-02-13 22:11 - 2014-02-14 14:41 - 00045872 _____ () C:\Users\JUAN\Desktop\ESTADOS FINANCIEROS EMPRESA X - Practica Clase.xlsx
2014-02-12 18:04 - 2011-10-25 17:28 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-12 17:53 - 2013-08-14 20:25 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-12 17:49 - 2011-11-02 20:37 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-12 17:41 - 2009-07-13 20:04 - 00000478 _____ () C:\Windows\win.ini
2014-02-12 17:39 - 2009-07-13 20:37 - 00000000 ____D () C:\Windows\system32\ja-JP
2014-02-09 10:13 - 2012-12-20 00:09 - 00002047 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-02-09 10:12 - 2013-12-28 15:06 - 00064168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-02-09 10:12 - 2012-12-20 00:09 - 00775952 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-02-09 10:12 - 2012-12-20 00:09 - 00410784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-02-09 10:12 - 2012-12-20 00:09 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-02-09 10:11 - 2012-12-20 00:08 - 00270240 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-02-09 10:11 - 2012-12-20 00:08 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-02-08 12:05 - 2014-02-08 12:05 - 00000000 ____D () C:\Users\JUAN\AppData\Roaming\Malwarebytes
2014-02-06 04:38 - 2014-02-12 18:01 - 17103872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-06 04:20 - 2014-02-12 18:01 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-06 04:19 - 2014-02-12 18:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-06 04:01 - 2014-02-12 18:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-06 04:00 - 2014-02-12 18:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-06 03:57 - 2014-02-12 18:01 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-06 03:52 - 2014-02-12 18:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-06 03:52 - 2014-02-12 18:01 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-06 03:49 - 2014-02-12 18:01 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-06 03:47 - 2014-02-12 18:01 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-06 03:47 - 2014-02-12 18:01 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-06 03:46 - 2014-02-12 18:01 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-06 03:34 - 2014-02-12 18:01 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-06 03:25 - 2014-02-12 18:01 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-06 03:25 - 2014-02-12 18:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-06 03:13 - 2014-02-12 18:01 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-06 03:09 - 2014-02-12 18:01 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-06 03:03 - 2014-02-12 18:01 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-06 02:41 - 2014-02-12 18:01 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-06 02:36 - 2014-02-12 18:01 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-06 02:34 - 2014-02-12 18:01 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-05 16:46 - 2014-02-05 16:46 - 00127393 _____ () C:\Users\Doris\Desktop\Combofix 05 Feb 2014.txt
2014-02-05 16:06 - 2014-02-05 16:06 - 00127393 _____ () C:\ComboFix.txt
2014-02-05 16:06 - 2014-01-28 10:23 - 00000000 ____D () C:\Qoobox
2014-02-05 16:02 - 2009-07-13 20:04 - 00000215 _____ () C:\Windows\system.ini
2014-02-04 17:50 - 2014-02-04 17:50 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-02-04 17:50 - 2014-02-04 17:50 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-02-04 17:50 - 2014-02-04 17:50 - 00645120 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-02-04 17:50 - 2014-02-04 17:50 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-02-04 17:50 - 2014-02-04 17:50 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-04 17:50 - 2014-02-04 17:50 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-02-04 17:50 - 2014-02-04 17:50 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-02-04 17:50 - 2014-02-04 17:50 - 00244736 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-02-04 17:50 - 2014-02-04 17:50 - 00238288 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-02-04 17:50 - 2014-02-04 17:50 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-04 17:50 - 2014-02-04 17:50 - 00208384 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-02-04 17:50 - 2014-02-04 17:50 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-02-04 17:50 - 2014-02-04 17:50 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-02-04 17:50 - 2014-02-04 17:50 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-02-04 17:50 - 2014-02-04 17:50 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-02-04 17:50 - 2014-02-04 17:50 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-02-04 17:50 - 2014-02-04 17:50 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-02-04 17:50 - 2014-02-04 17:50 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-02-04 17:50 - 2014-02-04 17:50 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-02-04 17:50 - 2014-02-04 17:50 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-02-04 17:50 - 2014-02-04 17:50 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-02-04 17:50 - 2014-02-04 17:50 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-02-04 17:50 - 2014-02-04 17:50 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-04 17:50 - 2014-02-04 17:50 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-02-04 17:50 - 2014-02-04 17:50 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-02-04 17:50 - 2014-02-04 17:50 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-02-04 17:50 - 2014-02-04 17:50 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-02-04 17:50 - 2014-02-04 17:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-02-04 17:50 - 2014-02-04 17:50 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-02-04 17:50 - 2014-02-04 17:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-02-04 17:50 - 2014-02-04 17:50 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-02-04 17:50 - 2014-02-04 17:50 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-02-04 17:50 - 2014-02-04 17:50 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-02-04 17:50 - 2014-02-04 17:50 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-02-04 10:41 - 2013-02-18 21:51 - 00000000 ____D () C:\Users\Doris\AppData\Local\CrashDumps
2014-02-01 17:03 - 2011-10-25 17:54 - 00000000 ____D () C:\Users\Doris\AppData\Roaming\Adobe
2014-01-31 12:26 - 2014-01-28 10:22 - 00000000 ____D () C:\Windows\erdnt
2014-01-31 11:07 - 2014-01-31 11:07 - 00000347 _____ () C:\Users\Doris\Desktop\1.txt
2014-01-28 10:54 - 2009-07-13 20:37 - 00000000 __RHD () C:\Users\Default
2014-01-28 10:54 - 2009-07-13 20:37 - 00000000 ___RD () C:\Users\Public
 
==================== Bamital & volsnap Check =================
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-02-18 23:19
 
==================== End Of Log ============================





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users