Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HELP ME NOW PLEASE


  • This topic is locked This topic is locked
9 replies to this topic

#1 jrebar

jrebar

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 17 November 2014 - 12:54 AM

My computer its running slow, Mozilla and google browsers are slow to, more than internet explorer from Microsoft

 

 Attached is a report from hijackthis scan I've made

 

ThanksAttached File  hijackthis.log   11KB   3 downloads


Edited by Orange Blossom, 17 November 2014 - 01:02 AM.
Moved from Windows 8 to log forum. ~ OB


BC AdBot (Login to Remove)

 


#2 jrebar

jrebar
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 17 November 2014 - 01:23 AM

I've already try to install ad such as wot or adblocks and don't let me do it



#3 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,291 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:04:20 PM

Posted 21 November 2014 - 10:42 AM

Hi, jrebar! I'm going to try to help you out. :)

Before we get started, here are some things I need you to remember:

  • Please don't make any changes to your computer, or run programs, without asking me first! This will make it practically impossible for me to assist you.
  • Always read my posts completely before doing anything, and follow the instructions in the order I give them to you, unless stated otherwise.
  • If you're getting help elsewhere, or have already resolved the problem, please let me know so I can close this thread.
  • Please respond to me within five days of me replying to you. If you need more time, please let me know. I will close topics that I have not received a response from within five days.
  • Please be patient with me. I need some time to analyze your logs and responses so I can correctly help you. I should respond to you within two days, but if I haven't, please send me a PM! I may have missed your response. Bribing me with candy for faster replies is not advised.
  • If something goes wrong, you don't understand something, or you don't know what to do, please stop and ask me before proceeding with any further steps!

First, let's run a scan with FRST to get some more information.

Farbar Recovery Scan Tool
 
I need you to run a scan with FRST.

  • Download the version of FRST that is designed for your system from here, and save it to your desktop. If you don't know which one is designed for your system, download both and try running both. Only one will work correctly, and that's the one you need to use.
  • Double click the program to run it. Accept the disclaimer and click the Scan button.
  • Once it's done scanning, FRST will create two logs on your desktop, FRST.txt and Addition.txt. Please copy and paste both into your reply, one at a time.

Gunto


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#4 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,291 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:04:20 PM

Posted 24 November 2014 - 07:13 PM

Hi,

It's been three days since my last post, so I am bumping the topic just in case you missed my previous post. If you need more time to get back to me, please let me know, because I'll assume you're inactive otherwise.

If I still haven't heard from you in two days, this topic will be locked, so please get back to me by then.

Gunto


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#5 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,291 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:04:20 PM

Posted 28 November 2014 - 12:55 AM

This topic is now locked due to the lack of feedback.

 

If you still need help, please send me (or any moderator if I am unavailable) a PM asking for this topic to be unlocked.


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#6 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,291 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:04:20 PM

Posted 30 November 2014 - 11:41 PM

This topic has been reopened by request.


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#7 jrebar

jrebar
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:04:20 PM

Posted 01 December 2014 - 09:05 PM

Thanks Gunto, attached are the files that the scan from FRST:

 

 

This is FRST archive:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-11-2014 01
Ran by josealejandro (administrator) on ALEX-PC on 30-11-2014 16:12:55
Running from C:\Users\josealejandro\Desktop
Loaded Profile: josealejandro (Available profiles: josealejandro)
Platform: Windows 8.1 (X64) OS Language: Inglés (Estados Unidos)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SppExtComObj.Exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296520 2013-09-11] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [178016 2013-08-21] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-08-17] (TOSHIBA Corporation)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516512 2013-07-23] (TOSHIBA)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4137110049-3648854630-416167864-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-4137110049-3648854630-416167864-1001\...\Run: [Facebook Update] => C:\Users\josealejandro\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-10-16] (Facebook Inc.)
HKU\S-1-5-21-4137110049-3648854630-416167864-1001\...\Run: [EADM] => C:\Program Files (x86)\Origin\Origin.exe [3618648 2014-11-25] (Electronic Arts)
HKU\S-1-5-21-4137110049-3648854630-416167864-1001\...\MountPoints2: {15061559-6d2b-11e3-825f-008cfa7ee0eb} - "F:\LGAutoRun.exe"
HKU\S-1-5-21-4137110049-3648854630-416167864-1001\...\MountPoints2: {3dd624a3-0c97-11e4-8267-008cfa7ee0eb} - "E:\setup.exe"
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-4137110049-3648854630-416167864-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-4137110049-3648854630-416167864-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com/?pc=TNJB
HKU\S-1-5-21-4137110049-3648854630-416167864-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://mystart.toshiba.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://mystart.toshiba.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://mystart.toshiba.com
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM -> DefaultScope {1E1D3729-61E3-45F3-AD18-C880E3D026D7} URL = http://rocket-find.com/results.php?f=4&q={searchTerms}&a=rckt_dsites02_14_29_ie&cd=2XzuyEtN2Y1L1Qzu0AyE0D0BtAtDyCzy0E0EtAyDtA0DtA0FtN0D0Tzu0SzytByBtN1L2XzutBtFtBtCtFtCyEtFyEtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAyCzz0D0CyCtCyCtGtC0FtAzztGzz0FyCtDtGtB0ByCyDtGyDyCtCyBzytCtA0BzzyCyBzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBzy0AtAzy0B0F0BtGtDtCtDzztGtAtA0FzztGtB0B0C0DtGyD0EtCyB0AyB0CtC0ByCtCyE2Q&cr=674643994&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {1E1D3729-61E3-45F3-AD18-C880E3D026D7} URL = http://rocket-find.com/results.php?f=4&q={searchTerms}&a=rckt_dsites02_14_29_ie&cd=2XzuyEtN2Y1L1Qzu0AyE0D0BtAtDyCzy0E0EtAyDtA0DtA0FtN0D0Tzu0SzytByBtN1L2XzutBtFtBtCtFtCyEtFyEtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAyCzz0D0CyCtCyCtGtC0FtAzztGzz0FyCtDtGtB0ByCyDtGyDyCtCyBzytCtA0BzzyCyBzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBzy0AtAzy0B0F0BtGtDtCtDzztGtAtA0FzztGtB0B0C0DtGyD0EtCyB0AyB0CtC0ByCtCyE2Q&cr=674643994&ir=
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: No Name -> {41524553-2D56-3700-76A7-7A786E7484D7} ->  No File
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\josealejandro\AppData\Roaming\Mozilla\Firefox\Profiles\041mbb8l.default
FF SearchEngineOrder.3: Bing
FF Homepage: hxxp://google.com.mx/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files (x86)\SkypeWebPlugin\3.1.15602.22612\npSkypeWebPlugin64.dll (Skype)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files (x86)\SkypeWebPlugin\3.1.15602.22612\npSkypeWebPlugin.dll (Skype)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4137110049-3648854630-416167864-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\josealejandro\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKU\S-1-5-21-4137110049-3648854630-416167864-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\josealejandro\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF user.js: detected! => C:\Users\josealejandro\AppData\Roaming\Mozilla\Firefox\Profiles\041mbb8l.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mercadolibre-mx.xml
FF Extension: GreaatSave4U - C:\Users\josealejandro\AppData\Roaming\Mozilla\Firefox\Profiles\041mbb8l.default\Extensions\0dUaCL6wl@f.com [2014-09-27]
FF Extension: DigiSaveeri - C:\Users\josealejandro\AppData\Roaming\Mozilla\Firefox\Profiles\041mbb8l.default\Extensions\6@qfU.net [2014-10-04]
FF Extension: YooutuBoeAdiBlocckeu - C:\Users\josealejandro\AppData\Roaming\Mozilla\Firefox\Profiles\041mbb8l.default\Extensions\9@cenZC.com [2014-09-18]
FF Extension: GooSSave - C:\Users\josealejandro\AppData\Roaming\Mozilla\Firefox\Profiles\041mbb8l.default\Extensions\A6@Ur.org [2014-09-18]
FF Extension: WebbiNug - C:\Users\josealejandro\AppData\Roaming\Mozilla\Firefox\Profiles\041mbb8l.default\Extensions\Hp@wy.com [2014-10-07]
FF Extension: NextCCouPo - C:\Users\josealejandro\AppData\Roaming\Mozilla\Firefox\Profiles\041mbb8l.default\Extensions\qZ@vvqyf3Yt.net [2014-10-07]
FF Extension: Site Matcher - C:\Users\josealejandro\AppData\Roaming\Mozilla\Firefox\Profiles\041mbb8l.default\Extensions\sitematcher_src@sitematcher_src.com [2014-07-15]
FF Extension: Weobbing - C:\Users\josealejandro\AppData\Roaming\Mozilla\Firefox\Profiles\041mbb8l.default\Extensions\UUf@E.org [2014-10-07]
FF Extension: NextCoupp - C:\Users\josealejandro\AppData\Roaming\Mozilla\Firefox\Profiles\041mbb8l.default\Extensions\Xt2CMq@5k3y.net [2014-10-07]
FF Extension: Español (México) Language Pack - C:\Users\josealejandro\AppData\Roaming\Mozilla\Firefox\Profiles\041mbb8l.default\Extensions\langpack-es-MX@firefox.mozilla.org.xpi [2014-09-04]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-09-19]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\josealejandro\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Diapositivas de Google) - C:\Users\josealejandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-21]
CHR Extension: (NextCCouPo) - C:\Users\josealejandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeencpbkcoaklpeejhchehkglplnhhao [2014-10-05]
CHR Extension: (Google Docs) - C:\Users\josealejandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-21]
CHR Extension: (Google Drive) - C:\Users\josealejandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-21]
CHR Extension: (YouTube) - C:\Users\josealejandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-21]
CHR Extension: (Búsqueda de Google) - C:\Users\josealejandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-21]
CHR Extension: (Weobbing) - C:\Users\josealejandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\egjnoaglnlaekjgfdcbmohnjfeiibkmc [2014-10-05]
CHR Extension: (Hojas de cálculo de Google) - C:\Users\josealejandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-21]
CHR Extension: (Twitch Stream) - C:\Users\josealejandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjaicoojlfoococemdcaollmhaiolole [2014-09-27]
CHR Extension: (WebbiNug) - C:\Users\josealejandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmdjlbcagdaahpodbgbhlemkicdennkl [2014-10-05]
CHR Extension: (Facebook Platinum) - C:\Users\josealejandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfodbocncpdocjdknjadipkgbbagld [2014-10-01]
CHR Extension: (NextCoupp) - C:\Users\josealejandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgnlfkpebloeplknokebaafcmmhmppc [2014-10-05]
CHR Extension: (Google Wallet) - C:\Users\josealejandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-21]
CHR Extension: (Gmail) - C:\Users\josealejandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-21]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
S4 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [19792 2013-09-10] ()
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [255040 2014-08-30] (WildTangent)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-03] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1854056 2012-12-07] (Microsoft Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1900400 2014-11-25] (Electronic Arts)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-07-16] (Disc Soft Ltd)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2945240 2013-09-12] (Realtek Semiconductor Corporation                           )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2014-08-06] (Synaptics Incorporated)
R3 tapoas; C:\Windows\system32\DRIVERS\tapoas.sys [30720 2012-07-15] (The OpenVPN Project)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (Windows ® Win 7 DDK provider)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 X6va022; \??\C:\Windows\SysWOW64\Drivers\X6va022 [X]
S3 X6va025; \??\C:\Windows\SysWOW64\Drivers\X6va025 [X]
S3 X6va028; \??\C:\Windows\SysWOW64\Drivers\X6va028 [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-30 16:12 - 2014-11-30 16:14 - 00020556 _____ () C:\Users\josealejandro\Desktop\FRST.txt
2014-11-30 16:12 - 2014-11-30 16:13 - 00000000 ____D () C:\FRST
2014-11-30 16:10 - 2014-11-30 16:11 - 02117120 _____ (Farbar) C:\Users\josealejandro\Desktop\FRST64.exe
2014-11-28 00:05 - 2014-11-28 00:05 - 01184248 _____ (TODO: <Nombre de la compañía>) C:\Users\josealejandro\Downloads\Setup v2 1 (2).exe
2014-11-28 00:04 - 2014-11-28 00:04 - 02763317 _____ () C:\Users\josealejandro\Documents\adicciones.pptx
2014-11-25 23:41 - 2014-11-29 18:06 - 00000000 ____D () C:\Users\josealejandro\Documents\FIFA 14
2014-11-25 23:41 - 2014-11-25 23:41 - 00000983 _____ () C:\Users\Public\Desktop\FIFA 14.lnk
2014-11-25 23:41 - 2014-11-25 23:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FIFA 14
2014-11-25 10:31 - 2014-11-25 10:31 - 01060336 _____ () C:\Users\josealejandro\Downloads\Setup v2 1 (1).exe
2014-11-24 21:03 - 2014-11-26 22:03 - 04076527 _____ () C:\Users\josealejandro\Desktop\PAP.pptx
2014-11-20 12:48 - 2014-11-20 12:51 - 00000000 ____D () C:\Users\josealejandro\Downloads\LIBROS
2014-11-20 12:47 - 2014-11-24 20:08 - 00000000 ____D () C:\Users\josealejandro\Downloads\IMAGENES FACEBOOK
2014-11-20 12:44 - 2014-11-29 10:18 - 00000000 ____D () C:\Users\josealejandro\Downloads\ADMINISTRACION 1ER SEMESTRE
2014-11-20 12:04 - 2014-11-20 12:04 - 00000000 ____D () C:\Users\josealejandro\Downloads\Forrest Gump
2014-11-20 11:41 - 2014-11-30 10:29 - 00003758 _____ () C:\Windows\System32\Tasks\AutoKMS
2014-11-19 13:52 - 2014-11-09 16:19 - 00991232 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 13:52 - 2014-11-09 16:19 - 00806400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 13:52 - 2014-11-09 16:18 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 13:52 - 2014-11-09 16:18 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-18 11:05 - 2014-11-18 11:05 - 00718336 _____ () C:\Users\josealejandro\Downloads\Setup v2 1.exe
2014-11-17 18:18 - 2014-11-17 18:19 - 00000000 ____D () C:\32788R22FWJFW
2014-11-16 22:40 - 2014-11-16 22:40 - 00011266 _____ () C:\Users\josealejandro\Desktop\hijackthis.log
2014-11-16 21:16 - 2014-11-20 12:43 - 00000000 ____D () C:\Users\josealejandro\Downloads\Computer Clean-Up Kit
2014-11-15 17:33 - 2014-11-15 17:33 - 03810053 _____ () C:\Users\josealejandro\Downloads\reticulas 2004 residencias profesionales y titulacion-info y formatos.rar
2014-11-15 10:53 - 2014-11-15 10:53 - 00000000 __SHD () C:\Users\josealejandro\AppData\Local\EmieBrowserModeList
2014-11-15 10:38 - 2014-11-15 10:38 - 00399224 _____ (Premium Installer ) C:\Users\josealejandro\Downloads\setup (9).exe
2014-11-15 01:00 - 2014-11-15 01:00 - 00000000 ____D () C:\Users\josealejandro\Documents\FIFA World
2014-11-15 00:59 - 2014-11-15 00:59 - 00001212 _____ () C:\Users\Public\Desktop\EA SPORTS FIFA World.lnk
2014-11-15 00:59 - 2014-11-15 00:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA SPORTS FIFA World
2014-11-14 23:09 - 2014-11-14 23:10 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-11-14 23:04 - 2014-11-30 10:22 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-11-14 23:04 - 2014-11-14 23:04 - 00001002 _____ () C:\Users\Public\Desktop\Origin.lnk
2014-11-14 23:04 - 2014-11-14 23:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
2014-11-14 23:02 - 2014-11-14 23:03 - 17101208 _____ (Electronic Arts, Inc.) C:\Users\josealejandro\Downloads\OriginThinSetup.exe
2014-11-14 12:31 - 2014-11-20 13:51 - 00714208 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-14 12:31 - 2014-11-20 13:51 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-13 20:47 - 2014-11-13 20:47 - 00079216 _____ (Premium Installer ) C:\Users\josealejandro\Downloads\setup (8).exe
2014-11-12 19:41 - 2014-11-12 20:00 - 00000000 ____D () C:\Users\josealejandro\Downloads\Ricardo Arjona Discografia 1985 - 2014
2014-11-12 19:02 - 2014-11-12 19:02 - 00001182 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-11-12 19:02 - 2014-11-12 19:02 - 00001170 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-11-12 19:02 - 2014-11-12 19:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-12 17:08 - 2014-10-10 17:58 - 03320320 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-12 17:08 - 2014-10-10 17:53 - 03607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-12 17:08 - 2014-10-07 22:32 - 02773504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-11-12 17:08 - 2014-10-07 22:19 - 02459136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-11-12 17:07 - 2014-10-12 19:33 - 00116032 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-11-12 17:07 - 2014-10-08 00:30 - 00110080 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-11-12 17:07 - 2014-10-08 00:09 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-11-12 17:07 - 2014-10-07 23:27 - 00325120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-11-12 17:07 - 2014-09-21 21:38 - 01519488 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2014-11-12 17:07 - 2014-09-21 20:06 - 00258368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2014-11-12 17:07 - 2014-09-21 20:06 - 00114496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2014-11-12 17:07 - 2014-09-21 19:49 - 00035320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2014-11-12 17:07 - 2014-09-18 17:16 - 01346048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2014-11-12 17:07 - 2014-09-02 15:08 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\winshfhc.dll
2014-11-12 17:07 - 2014-09-02 15:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winshfhc.dll
2014-11-12 16:36 - 2014-10-09 18:58 - 00177472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 16:36 - 2014-10-09 18:58 - 00027456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-11-12 16:36 - 2014-10-09 18:44 - 00563976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-11-12 16:36 - 2014-10-08 00:37 - 00736768 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 16:36 - 2014-10-08 00:37 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 16:36 - 2014-10-08 00:34 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-11-12 16:36 - 2014-10-08 00:24 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\rfxvmt.dll
2014-11-12 16:36 - 2014-10-07 23:56 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2014-11-12 16:36 - 2014-10-07 23:51 - 00736768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 16:36 - 2014-10-07 23:51 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 16:36 - 2014-10-07 23:18 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2014-11-12 16:36 - 2014-10-07 23:17 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 16:36 - 2014-10-07 22:23 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-11-12 16:36 - 2014-09-27 00:13 - 00104336 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2014-11-12 16:36 - 2014-09-26 22:24 - 00088800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
2014-11-12 16:36 - 2014-09-26 20:38 - 00426496 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 16:36 - 2014-09-26 20:30 - 00185856 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2014-11-12 16:36 - 2014-09-26 20:17 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 16:35 - 2014-10-30 22:28 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 16:35 - 2014-10-30 20:42 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-12 16:35 - 2014-10-18 02:55 - 00055776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-11-12 16:35 - 2014-10-18 01:09 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-11-12 16:35 - 2014-10-18 01:09 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-11-12 16:35 - 2014-10-18 00:25 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-11-12 16:35 - 2014-10-17 23:50 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll
2014-11-12 16:35 - 2014-10-17 23:38 - 03557376 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-11-12 16:35 - 2014-10-17 23:27 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-11-12 16:35 - 2014-10-17 23:26 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-11-12 16:35 - 2014-10-17 23:23 - 00407552 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-11-12 16:35 - 2014-10-17 23:23 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-11-12 16:35 - 2014-10-17 23:21 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-11-12 16:35 - 2014-10-17 23:20 - 01714176 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-11-12 16:35 - 2014-10-17 23:14 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-11-12 16:35 - 2014-10-17 23:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-11-12 16:35 - 2014-10-17 23:12 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-11-12 16:35 - 2014-10-17 23:11 - 00723968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-11-12 16:35 - 2014-10-17 00:01 - 00789184 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 16:35 - 2014-10-16 23:58 - 00602768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-12 16:34 - 2014-10-30 20:59 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 16:34 - 2014-10-30 19:30 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-12 16:33 - 2014-10-30 22:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-11-12 16:33 - 2014-10-30 22:12 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-11-12 16:33 - 2014-10-30 22:10 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-11-12 16:33 - 2014-10-30 22:09 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-11-12 16:33 - 2014-10-30 22:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-11-12 16:33 - 2014-10-30 22:06 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 16:33 - 2014-10-30 22:06 - 00237568 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-11-12 16:33 - 2014-10-30 22:06 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-12 16:33 - 2014-10-30 22:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-12 16:33 - 2014-10-30 22:05 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 16:33 - 2014-10-30 22:05 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-11-12 16:33 - 2014-10-30 22:04 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-12 16:33 - 2014-10-30 21:57 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 16:33 - 2014-10-30 21:56 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-12 16:33 - 2014-10-30 21:54 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-11-12 16:33 - 2014-10-30 21:53 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 16:33 - 2014-10-30 21:52 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2014-11-12 16:33 - 2014-10-30 21:51 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-11-12 16:33 - 2014-10-30 21:51 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 16:33 - 2014-10-30 21:51 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-12 16:33 - 2014-10-30 21:50 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 16:33 - 2014-10-30 21:50 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-12 16:33 - 2014-10-30 21:40 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-11-12 16:33 - 2014-10-30 21:38 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 16:33 - 2014-10-30 21:30 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-12 16:33 - 2014-10-30 21:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-11-12 16:33 - 2014-10-30 21:29 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-11-12 16:33 - 2014-10-30 21:28 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-11-12 16:33 - 2014-10-30 21:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-12 16:33 - 2014-10-30 21:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 16:33 - 2014-10-30 21:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-11-12 16:33 - 2014-10-30 21:23 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-11-12 16:33 - 2014-10-30 21:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 16:33 - 2014-10-30 21:19 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-11-12 16:33 - 2014-10-30 21:15 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2014-11-12 16:33 - 2014-10-30 21:08 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-11-12 16:33 - 2014-10-30 21:06 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-12 16:33 - 2014-10-30 21:05 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 16:33 - 2014-10-30 21:05 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-12 16:33 - 2014-10-30 21:03 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 16:33 - 2014-10-30 20:45 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 16:33 - 2014-10-30 20:44 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2014-11-12 16:33 - 2014-10-30 20:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-11-12 16:33 - 2014-10-30 20:32 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 16:33 - 2014-10-30 20:28 - 00137728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-11-12 16:33 - 2014-10-30 20:28 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-11-12 16:33 - 2014-10-30 20:27 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-11-12 16:33 - 2014-10-30 20:26 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-11-12 16:33 - 2014-10-30 20:25 - 00011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-11-12 16:33 - 2014-10-30 20:24 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-12 16:33 - 2014-10-30 20:24 - 00235520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-11-12 16:33 - 2014-10-30 20:24 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-12 16:33 - 2014-10-30 20:23 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-11-12 16:33 - 2014-10-30 20:23 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-12 16:33 - 2014-10-30 20:22 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-12 16:33 - 2014-10-30 20:20 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-12 16:33 - 2014-10-30 20:18 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-12 16:33 - 2014-10-30 20:16 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-12 16:33 - 2014-10-30 20:15 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-12 16:33 - 2014-10-30 20:14 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-11-12 16:33 - 2014-10-30 20:13 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-12 16:33 - 2014-10-30 20:13 - 00099328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
2014-11-12 16:33 - 2014-10-30 20:12 - 00661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-11-12 16:33 - 2014-10-30 20:12 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-12 16:33 - 2014-10-30 20:11 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-12 16:33 - 2014-10-30 20:03 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-11-12 16:33 - 2014-10-30 20:02 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 16:33 - 2014-10-30 19:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-12 16:33 - 2014-10-30 19:56 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-11-12 16:33 - 2014-10-30 19:56 - 00090624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-11-12 16:33 - 2014-10-30 19:56 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-11-12 16:33 - 2014-10-30 19:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-12 16:33 - 2014-10-30 19:53 - 00052736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-11-12 16:33 - 2014-10-30 19:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-12 16:33 - 2014-10-30 19:51 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-11-12 16:33 - 2014-10-30 19:50 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-12 16:33 - 2014-10-30 19:48 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-11-12 16:33 - 2014-10-30 19:46 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-12 16:33 - 2014-10-30 19:46 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2014-11-12 16:33 - 2014-10-30 19:42 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-11-12 16:33 - 2014-10-30 19:40 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-12 16:33 - 2014-10-30 19:40 - 00325632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-12 16:33 - 2014-10-30 19:39 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-12 16:33 - 2014-10-30 19:26 - 01042944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2014-11-12 16:33 - 2014-10-30 19:24 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-11-12 16:33 - 2014-10-30 19:17 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-12 16:33 - 2014-10-30 19:13 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-12 16:33 - 2014-10-30 19:11 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-12 16:32 - 2014-11-04 16:38 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-12 16:32 - 2014-11-03 17:10 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-12 16:32 - 2014-10-30 21:53 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2014-11-12 16:32 - 2014-10-30 21:49 - 00537088 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-12 16:32 - 2014-10-30 21:24 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-11-12 16:32 - 2014-10-22 22:48 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 16:32 - 2014-10-22 22:05 - 00072192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 16:32 - 2014-10-06 23:28 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 16:32 - 2014-10-06 23:27 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 16:32 - 2014-10-06 23:27 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 16:32 - 2014-10-06 23:27 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-11-12 16:32 - 2014-10-06 23:27 - 00108432 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 16:32 - 2014-10-06 20:34 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 16:32 - 2014-10-06 20:34 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 16:32 - 2014-10-06 20:33 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 16:32 - 2014-10-06 20:30 - 04182016 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 16:32 - 2014-10-06 18:54 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2014-11-12 16:32 - 2014-10-06 18:46 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 16:32 - 2014-08-22 22:18 - 02149376 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 16:32 - 2014-08-22 22:03 - 01346048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 16:31 - 2014-09-09 23:25 - 00474432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-11-12 16:31 - 2014-09-07 20:07 - 02497344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-11-12 16:31 - 2014-09-07 20:07 - 00428864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-11-12 16:31 - 2014-09-07 15:08 - 00389176 _____ () C:\Windows\system32\ApnDatabase.xml
2014-11-12 16:31 - 2014-09-04 15:30 - 00822272 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2014-11-12 16:31 - 2014-09-04 15:21 - 01053184 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-11-12 16:31 - 2014-09-03 20:05 - 00836176 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2014-11-12 16:31 - 2014-09-03 19:22 - 00670384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2014-11-12 16:31 - 2014-09-03 18:01 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2014-11-12 16:31 - 2014-09-03 17:32 - 00334336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2014-11-12 16:31 - 2014-08-30 17:17 - 00148800 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2014-11-12 16:31 - 2014-08-30 17:15 - 21197152 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-11-12 16:31 - 2014-08-30 15:59 - 18723112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-11-12 16:31 - 2014-08-30 15:05 - 00615424 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOMEX.dll
2014-11-12 16:31 - 2014-08-30 14:58 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\FXSAPI.dll
2014-11-12 16:31 - 2014-08-30 14:04 - 00941568 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2014-11-12 16:31 - 2014-08-30 13:53 - 00239104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FXSAPI.dll
2014-11-12 16:31 - 2014-08-30 13:17 - 00799744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2014-11-12 16:31 - 2014-08-27 19:55 - 07484224 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-11-12 16:31 - 2014-08-27 17:21 - 02480128 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-11-12 16:31 - 2014-08-27 17:06 - 02030592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-11-12 16:31 - 2014-08-22 22:14 - 13424128 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-11-12 16:31 - 2014-08-22 22:04 - 11820544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-11-12 16:31 - 2014-08-22 21:50 - 02714112 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2014-11-12 16:31 - 2014-08-01 17:51 - 00545792 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll
2014-11-12 16:31 - 2014-08-01 17:35 - 00485376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll
2014-11-10 16:28 - 2014-11-10 16:29 - 32601272 _____ (Microsoft Corporation) C:\Users\josealejandro\Downloads\Windows-KB890830-x64-V5.17.exe
2014-11-08 15:21 - 2014-11-08 15:21 - 00080752 _____ (Premium Installer ) C:\Users\josealejandro\Downloads\setup (2).exe
2014-11-07 14:28 - 2014-11-06 17:37 - 312207431 _____ () C:\Users\josealejandro\Desktop\VID_20141106_173750.3gp
2014-11-07 14:22 - 2014-11-07 14:22 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2014-11-02 09:50 - 2014-11-02 09:50 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\7B6C1726.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-30 16:00 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\sru
2014-11-30 15:58 - 2013-11-14 21:31 - 00001082 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-30 15:55 - 2014-07-15 19:55 - 00000330 _____ () C:\Windows\Tasks\Rocket Updater.job
2014-11-30 15:32 - 2013-12-24 16:23 - 00000838 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-30 15:19 - 2013-11-14 21:15 - 01099551 _____ () C:\Windows\WindowsUpdate.log
2014-11-30 10:27 - 2013-12-18 21:19 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4137110049-3648854630-416167864-1001
2014-11-30 10:26 - 2014-10-16 10:21 - 00000976 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4137110049-3648854630-416167864-1001UA.job
2014-11-30 10:26 - 2014-10-16 10:21 - 00000954 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4137110049-3648854630-416167864-1001Core.job
2014-11-30 10:25 - 2013-12-18 21:28 - 00003954 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{DA403219-9DC6-406C-9D61-7CB0D14EE6FB}
2014-11-30 10:24 - 2014-07-17 22:11 - 00000000 ____D () C:\ProgramData\Origin
2014-11-30 10:22 - 2013-12-18 21:17 - 00000000 __RDO () C:\Users\josealejandro\SkyDrive
2014-11-30 10:22 - 2013-11-14 21:31 - 00001078 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-30 00:22 - 2013-12-26 11:11 - 00000000 ____D () C:\Users\josealejandro\AppData\Local\CrashDumps
2014-11-29 22:06 - 2014-09-21 12:55 - 00002212 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-29 22:02 - 2013-08-22 07:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-29 22:01 - 2013-08-22 06:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-11-29 21:58 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-29 08:19 - 2013-12-18 22:36 - 00808994 _____ () C:\Windows\system32\perfh00A.dat
2014-11-29 08:19 - 2013-12-18 22:36 - 00166346 _____ () C:\Windows\system32\perfc00A.dat
2014-11-29 08:19 - 2013-09-12 21:20 - 01829802 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-29 08:18 - 2013-08-22 07:46 - 00053445 _____ () C:\Windows\setupact.log
2014-11-28 19:43 - 2013-12-18 21:13 - 00000000 ____D () C:\Users\josealejandro\AppData\Local\Packages
2014-11-28 19:19 - 2014-02-05 20:08 - 03874304 ___SH () C:\Users\josealejandro\Downloads\Thumbs.db
2014-11-28 17:07 - 2014-08-17 10:50 - 00000000 ____D () C:\Users\josealejandro\AppData\Roaming\Skype
2014-11-28 10:13 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-11-27 14:11 - 2014-01-26 20:59 - 00249856 ___SH () C:\Users\josealejandro\Desktop\Thumbs.db
2014-11-25 22:36 - 2014-07-16 15:58 - 00000000 ____D () C:\Games
2014-11-25 21:16 - 2013-08-22 08:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-11-25 12:32 - 2013-12-24 16:23 - 00003726 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-22 00:52 - 2014-07-27 00:32 - 00063004 _____ () C:\Windows\DirectX.log
2014-11-20 18:35 - 2013-12-23 20:43 - 00000000 ____D () C:\Users\josealejandro\AppData\Roaming\uTorrent
2014-11-16 22:39 - 2013-12-18 21:13 - 00000000 ____D () C:\Users\josealejandro\AppData\Local\VirtualStore
2014-11-15 19:34 - 2013-08-22 08:36 - 00000000 ____D () C:\Windows\rescache
2014-11-15 14:56 - 2013-09-12 21:09 - 01046826 _____ () C:\Windows\PFRO.log
2014-11-14 23:09 - 2014-07-17 22:14 - 00000000 ____D () C:\Users\josealejandro\AppData\Roaming\Origin
2014-11-14 12:30 - 2013-08-22 07:44 - 00482984 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-14 00:07 - 2014-07-14 00:39 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-14 00:07 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-14 00:07 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-14 00:07 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-11-14 00:07 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-11-12 19:02 - 2014-09-19 10:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-12 17:18 - 2013-08-22 08:36 - 00000000 ___RD () C:\Windows\ToastData
2014-11-12 17:18 - 2013-08-22 08:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2014-11-12 17:17 - 2013-12-23 19:42 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 17:11 - 2013-12-23 19:42 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-07 15:15 - 2014-10-23 20:19 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-11-02 13:38 - 2014-09-28 16:15 - 00000000 ____D () C:\Users\josealejandro\Desktop\minecraft
2014-11-02 13:34 - 2014-10-23 20:35 - 00000000 ____D () C:\Users\josealejandro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam

Some content of TEMP:
====================
C:\Users\josealejandro\AppData\Local\Temp\BlueStacks-SplitInstaller_native_b.exe
C:\Users\josealejandro\AppData\Local\Temp\optprosetup.exe
C:\Users\josealejandro\AppData\Local\Temp\ose00000.exe
C:\Users\josealejandro\AppData\Local\Temp\ose00001.exe
C:\Users\josealejandro\AppData\Local\Temp\ose00005.exe
C:\Users\josealejandro\AppData\Local\Temp\Uninstall.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-11-26 17:38

==================== End Of Log ============================

 

 

This is the Addition file:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 30-11-2014 01
Ran by josealejandro at 2014-11-30 16:15:32
Running from C:\Users\josealejandro\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

"FIFA 14" (HKLM-x32\...\{6049054B-DB11-48E1-A583-9A565D5C8856}_is1) (Version: 1.3.0.0 - )
µTorrent (HKU\S-1-5-21-4137110049-3648854630-416167864-1001\...\uTorrent) (Version: 3.4.2.34944 - BitTorrent Inc.)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Arma 3 (HKLM-x32\...\Steam App 107410) (Version:  - Bohemia Interactive)
aTube Catcher (HKLM-x32\...\aTube Catcher) (Version: 3.8.7971 - DsNET Corp)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Counter-Strike Nexon: Zombies (HKLM-x32\...\Steam App 273110) (Version:  - Nexon)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
DTS Sound (HKLM-x32\...\{2DFA9084-CEB3-4A48-B9F7-9038FEF1B8F4}) (Version: 1.01.2700 - DTS, Inc.)
EA SPORTS FIFA World (HKLM-x32\...\{8F9AC744-EEF6-43DB-A4B6-FA1A18F1C640}) (Version: 9.2.0.56703 - Electronic Arts, Inc.)
Eines de correcció del Microsoft Office 2013: català (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
F.E.A.R. Online (HKLM-x32\...\Steam App 223650) (Version:  - InPlay Interactive)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Ferramentas de verificación de Microsoft Office 2013 - Galego (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
GeoGebra 5 (HKLM-x32\...\GeoGebra 5) (Version: 5.0.4.0 - International GeoGebra Institute)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.)
Google Drive (HKLM-x32\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Just Cause 2: Multiplayer Mod (HKLM-x32\...\Steam App 259080) (Version:  - JC2-MP Team)
King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden
Microsoft Office Professional Plus 2013 (HKLM-x32\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Project Professional 2013 (HKLM-x32\...\Office15.PRJPRO) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Visio Professional 2013 (HKLM-x32\...\Office15.VISPRO) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d07b0db5-8dad-40e1-be90-88026298a46b}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{2749c485-3a8b-4533-92ff-7cf6e8221cff}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 33.1 (x86 es-MX) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 es-MX)) (Version: 33.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.1 - Mozilla)
No More Room in Hell (HKLM-x32\...\Steam App 224260) (Version:  - No More Room in Hell Team)
Operation7 (HKLM-x32\...\Operation7) (Version: 20140610 - Axeso5)
Origin (HKLM-x32\...\Origin) (Version: 9.5.1.571 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office - Français (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Qualcomm Atheros Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39052 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\InstallShield_{95F38874-065A-40AB-AFC1-B764B192FFE7}) (Version: 2.00.0002 - REALTEK Semiconductor Corp.)
REALTEK Wireless LAN Driver (x32 Version: 2.00.0002 - REALTEK Semiconductor Corp.) Hidden
Revisores de Texto do Microsoft Office 2013 – Português do Brasil (x32 Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype Web Plugin (HKLM-x32\...\{69F300CB-D6BF-41DD-B7CC-983BAFF4EE15}) (Version: 3.1.15602.22612 - Skype Technologies S.A.)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.10.51 - Synaptics Incorporated)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM\...\{21A63CA3-75C0-4E56-B602-B7CD2EF6B621}) (Version: 9.0.2.4 - Toshiba Corporation)
TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.17.0 - Toshiba Corporation)
Toshiba Book Place (HKLM-x32\...\{11244D6B-9842-440F-8579-6A4D771A0D9B}) (Version: 3.3.9661 - K-NFB Reading Technology, Inc.)
TOSHIBA Display Utility (HKLM\...\{F64E9295-E1B3-4EEA-86D3-AF44A0087B06}) (Version: 1.1.16.0 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.2.0.6404 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.1.0002.6401 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\{B1786E63-2127-42C9-95A3-146E5F727BF1}) (Version: v2.1.0.14 - Toshiba Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.9.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.1.02.55065006 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{FBFCEEA5-96EA-4C8E-9262-43CBBEBAE413}) (Version: 2.6.8 - Toshiba Corporation)
TOSHIBA Start (HKLM-x32\...\{A74C9CC1-2211-4A75-A688-6F7CFE2C2B12}) (Version: 1.00.02 - TOSHIBA America Information Systems, Inc)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0032 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.1.2.32001 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.3.27.102 - Toshiba Corporation)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
Unity Web Player (HKU\S-1-5-21-4137110049-3648854630-416167864-1001\...\UnityWebPlayer) (Version: 4.5.2f1 - Unity Technologies ApS)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.11.2 - WildTangent) Hidden
Windows Movie Maker 2.6 (HKLM-x32\...\{B3DAF54F-DB25-4586-9EF1-96D24BB14088}) (Version: 2.6.4037.0 - Microsoft Corporation)
WinRAR 4.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

27-10-2014 21:57:23 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005
13-11-2014 00:08:11 Windows Update
15-11-2014 07:48:50 Installed DirectX
19-11-2014 21:32:34 Windows Update
22-11-2014 07:49:12 Installed DirectX
26-11-2014 04:15:08 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 06:25 - 2013-08-22 06:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0749190E-7C28-42F5-A600-815A434A821B} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-08-21] ()
Task: {33AFEB7B-5085-4FE4-A36D-8CC44F496F6E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {44AF2750-7BBB-4339-A0E1-886CDA70FDDE} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe
Task: {4CF7A038-9CFE-4389-985C-B22C65D63F18} - System32\Tasks\Rocket Updater => C:\Users\JOSEAL~1\AppData\Roaming\ROCKET~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {649A9AF4-001A-4FFD-B69C-5129AA958028} - System32\Tasks\Resolution+ Setting Task => C:\Program Files\Toshiba\TOSHIBA Smart View Utility\Plugins\ResolutionPlus\TosRegPermissionChg.exe [2013-11-07] (TOSHIBA Corporation)
Task: {6D5EC20A-2933-467E-93EE-6CF9C2CFD574} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-21] (Google Inc.)
Task: {6DCBE771-7881-4360-A6E8-14AF4E8F8F01} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4137110049-3648854630-416167864-1001Core => C:\Users\josealejandro\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-10-16] (Facebook Inc.)
Task: {6FB4CD24-13B3-4408-AB8E-B80DF95C935A} - System32\Tasks\Microsoft\Office\Office First Run Task => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2012-12-07] (Microsoft Corporation)
Task: {8B598C83-C98E-45D9-A7DE-295711F4E515} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-21] (Google Inc.)
Task: {9AFE9A48-6C99-482A-A9B6-4644FFBA0DB4} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-08-06] (Synaptics Incorporated)
Task: {A2BA3042-88E0-4133-9036-F22CF9701AEA} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-4137110049-3648854630-416167864-1001UA => C:\Users\josealejandro\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-10-16] (Facebook Inc.)
Task: {A870AAC7-8290-4E37-99FE-38631976A0A9} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe
Task: {AA46F094-EBA1-4571-863B-0BD30C07038A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-25] (Adobe Systems Incorporated)
Task: {B152EB92-F2C4-49B0-A669-4AE4D7FFADBB} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-07-31] (TOSHIBA Corporation)
Task: {C439F49F-BF0E-47C6-B21B-4D8AE2821E70} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe
Task: {D587C9C6-6E0F-4EB3-8B36-6F43C613454B} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2013-08-21] (Realtek Semiconductor)
Task: {DDA2C8A2-F16E-4726-A253-A6450B14E1EB} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-11-12] (Microsoft Corporation)
Task: {E18D0EFB-E0D0-43E4-8E17-3176D4E5BD2C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {F884C0D1-3409-4489-8E63-259A74C89FD3} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4137110049-3648854630-416167864-1001Core.job => C:\Users\josealejandro\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4137110049-3648854630-416167864-1001UA.job => C:\Users\josealejandro\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Rocket Updater.job => C:\Users\JOSEAL~1\AppData\Roaming\ROCKET~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2013-09-10 13:54 - 2013-09-10 13:54 - 00019792 _____ () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
2013-12-23 18:31 - 2012-11-10 10:28 - 00377408 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2rui.dll
2013-12-23 18:31 - 2012-12-07 07:04 - 00513616 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2r64.dll
2013-12-23 18:31 - 2012-12-07 07:05 - 00607312 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2013-12-24 13:01 - 2012-02-17 20:55 - 00193536 _____ () C:\Program Files\WinRAR\rarext.dll
2013-08-12 19:52 - 2013-08-12 19:52 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-07-18 18:38 - 2012-07-18 18:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2013-11-14 20:53 - 2013-09-03 17:52 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2014-11-12 19:02 - 2014-11-06 17:09 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\josealejandro\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: c2cautoupdatesvc => 2
MSCONFIG\Services: c2cpnrsvc => 2
MSCONFIG\Services: DragonUpdater => 2
MSCONFIG\Services: smphost => 3
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run32: => "mobilegeni daemon"
HKU\S-1-5-21-4137110049-3648854630-416167864-1001\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKU\S-1-5-21-4137110049-3648854630-416167864-1001\...\StartupApproved\Run: => "NextLive"
HKU\S-1-5-21-4137110049-3648854630-416167864-1001\...\StartupApproved\Run: => "Browser Infrastructure Helper"

========================= Accounts: ==========================

Administrator (S-1-5-21-4137110049-3648854630-416167864-500 - Administrator - Disabled)
Guest (S-1-5-21-4137110049-3648854630-416167864-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4137110049-3648854630-416167864-1003 - Limited - Enabled)
josealejandro (S-1-5-21-4137110049-3648854630-416167864-1001 - Administrator - Enabled) => C:\Users\josealejandro

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/30/2014 11:01:40 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (11/30/2014 10:23:37 AM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: El número debe ser no negativo y menor que o igual a Int32.MaxValue o -1.
Nombre del parámetro: dueTime
Stack Trace:
   en System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   en System.Timers.Timer.set_Enabled(Boolean value)
   en SnappCloud.ActivationReminder.AraClient.PostInit()
   en SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (11/30/2014 00:22:18 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: IEXPLORE.EXE, versión: 11.0.9600.17416, marca de tiempo: 0x5452eed9
Nombre del módulo con errores: igd10iumd32.dll, versión: 10.18.10.3308, marca de tiempo: 0x52379e8f
Código de excepción: 0xc0000005
Desplazamiento de errores: 0x00079ff7
Identificador del proceso con errores: 0x5844
Hora de inicio de la aplicación con errores: 0xIEXPLORE.EXE0
Ruta de acceso de la aplicación con errores: IEXPLORE.EXE1
Ruta de acceso del módulo con errores: IEXPLORE.EXE2
Identificador del informe: IEXPLORE.EXE3
Nombre completo del paquete con errores: IEXPLORE.EXE4
Identificador de aplicación relativa del paquete con errores: IEXPLORE.EXE5

Error: (11/29/2014 11:01:18 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: El programa IEXPLORE.EXE, versión 11.0.9600.17416, dejó de interactuar con Windows y se cerró. Para ver si hay más información disponible acerca del problema, compruebe el historial de problemas en el panel de control Centro de actividades.

Identificador de proceso: 1280

Hora de inicio: 01d00c5b7d538e36

Hora de finalización: 4294967295

Ruta de acceso de la aplicación: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Identificador de informe: 49264236-7856-11e4-829c-008cfa7ee0eb

Nombre completo de paquete con errores:

Identificador de aplicación relativa del paquete con errores:

Error: (11/29/2014 10:05:23 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: El número debe ser no negativo y menor que o igual a Int32.MaxValue o -1.
Nombre del parámetro: dueTime
Stack Trace:
   en System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   en System.Timers.Timer.set_Enabled(Boolean value)
   en SnappCloud.ActivationReminder.AraClient.PostInit()
   en SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (11/29/2014 09:06:31 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: El número debe ser no negativo y menor que o igual a Int32.MaxValue o -1.
Nombre del parámetro: dueTime
Stack Trace:
   en System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   en System.Timers.Timer.set_Enabled(Boolean value)
   en SnappCloud.ActivationReminder.AraClient.PostInit()
   en SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (11/29/2014 01:57:22 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: El número debe ser no negativo y menor que o igual a Int32.MaxValue o -1.
Nombre del parámetro: dueTime
Stack Trace:
   en System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   en System.Timers.Timer.set_Enabled(Boolean value)
   en SnappCloud.ActivationReminder.AraClient.PostInit()
   en SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (11/29/2014 08:13:52 AM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: El número debe ser no negativo y menor que o igual a Int32.MaxValue o -1.
Nombre del parámetro: dueTime
Stack Trace:
   en System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   en System.Timers.Timer.set_Enabled(Boolean value)
   en SnappCloud.ActivationReminder.AraClient.PostInit()
   en SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (11/29/2014 01:31:20 AM) (Source: Google Update) (EventID: 20) (User: ALEX-PC)
Description: Network Request Error.
Error: 0x80072ee2. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee2. Http s

Error: (11/28/2014 11:24:38 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: El número debe ser no negativo y menor que o igual a Int32.MaxValue o -1.
Nombre del parámetro: dueTime
Stack Trace:
   en System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   en System.Timers.Timer.set_Enabled(Boolean value)
   en SnappCloud.ActivationReminder.AraClient.PostInit()
   en SnappCloud.ActivationReminder.Program.Main(String[] args)

System errors:
=============
Error: (11/30/2014 03:02:19 PM) (Source: Server) (EventID: 2505) (User: )
Description: El servidor no pudo enlazarse al transporte \Device\NetBT_Tcpip_{49254522-2240-4E24-82D8-CCAC62B0096D} debido a que otro equipo en la red tiene el mismo nombre. No se puede iniciar el servidor.

Error: (11/30/2014 00:28:38 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (11/30/2014 01:42:20 AM) (Source: DCOM) (EventID: 10010) (User: ALEX-PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (11/30/2014 01:42:20 AM) (Source: DCOM) (EventID: 10010) (User: ALEX-PC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (11/29/2014 10:00:42 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (11/29/2014 06:12:46 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (11/29/2014 10:20:44 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (11/29/2014 09:10:11 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: No se pudo registrar el nombre "WORKGROUP      :1d" en la interfaz con dirección IP 192.168.6.138.
El equipo la con dirección IP 192.168.6.187 no admite el nombre reclamado por este equipo.

Error: (11/29/2014 02:55:20 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (11/28/2014 11:17:15 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Microsoft Office Sessions:
=========================
Error: (11/30/2014 11:01:40 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005

Error: (11/30/2014 10:23:37 AM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: El número debe ser no negativo y menor que o igual a Int32.MaxValue o -1.
Nombre del parámetro: dueTime
Stack Trace:
   en System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   en System.Timers.Timer.set_Enabled(Boolean value)
   en SnappCloud.ActivationReminder.AraClient.PostInit()
   en SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (11/30/2014 00:22:18 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: IEXPLORE.EXE11.0.9600.174165452eed9igd10iumd32.dll10.18.10.330852379e8fc000000500079ff7584401d00c6cd1031288C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\SYSTEM32\igd10iumd32.dll9d2e896a-7861-11e4-829c-008cfa7ee0eb

Error: (11/29/2014 11:01:18 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.17416128001d00c5b7d538e364294967295C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE49264236-7856-11e4-829c-008cfa7ee0eb

Error: (11/29/2014 10:05:23 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: El número debe ser no negativo y menor que o igual a Int32.MaxValue o -1.
Nombre del parámetro: dueTime
Stack Trace:
   en System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   en System.Timers.Timer.set_Enabled(Boolean value)
   en SnappCloud.ActivationReminder.AraClient.PostInit()
   en SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (11/29/2014 09:06:31 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: El número debe ser no negativo y menor que o igual a Int32.MaxValue o -1.
Nombre del parámetro: dueTime
Stack Trace:
   en System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   en System.Timers.Timer.set_Enabled(Boolean value)
   en SnappCloud.ActivationReminder.AraClient.PostInit()
   en SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (11/29/2014 01:57:22 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: El número debe ser no negativo y menor que o igual a Int32.MaxValue o -1.
Nombre del parámetro: dueTime
Stack Trace:
   en System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   en System.Timers.Timer.set_Enabled(Boolean value)
   en SnappCloud.ActivationReminder.AraClient.PostInit()
   en SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (11/29/2014 08:13:52 AM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: El número debe ser no negativo y menor que o igual a Int32.MaxValue o -1.
Nombre del parámetro: dueTime
Stack Trace:
   en System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   en System.Timers.Timer.set_Enabled(Boolean value)
   en SnappCloud.ActivationReminder.AraClient.PostInit()
   en SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (11/29/2014 01:31:20 AM) (Source: Google Update) (EventID: 20) (User: ALEX-PC)
Description: Network Request Error.
Error: 0x80072ee2. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee2. Http s

Error: (11/28/2014 11:24:38 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: El número debe ser no negativo y menor que o igual a Int32.MaxValue o -1.
Nombre del parámetro: dueTime
Stack Trace:
   en System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   en System.Timers.Timer.set_Enabled(Boolean value)
   en SnappCloud.ActivationReminder.AraClient.PostInit()
   en SnappCloud.ActivationReminder.Program.Main(String[] args)

CodeIntegrity Errors:
===================================
  Date: 2014-11-26 17:45:19.141
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-23 22:26:57.495
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-15 19:03:20.382
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-01 16:50:10.661
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-10-25 18:13:44.675
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-10-20 21:22:28.928
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-10-16 19:59:09.682
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-10-07 19:08:28.021
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-10-03 16:55:09.207
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-09-30 08:56:39.967
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: Intel® Celeron® CPU 1005M @ 1.90GHz
Percentage of memory in use: 37%
Total physical RAM: 3975.27 MB
Available physical RAM: 2498.54 MB
Total Pagefile: 4679.27 MB
Available Pagefile: 2482.42 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB

==================== Drives ================================

Drive c: (TI10673200G) (Fixed) (Total:456.38 GB) (Free:321.54 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================Attached File  Addition.txt   37.13KB   0 downloadsAttached File  FRST.txt   51.98KB   0 downloads

 

 

 



#8 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,291 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:04:20 PM

Posted 02 December 2014 - 03:44 AM

Hi,

 

Alright, thanks for the logs! Now then, let's get to work. :)

 

Farbar Recovery Scan Tool

I need you to run a fix with FRST.

  • Open up Notepad, and copy and paste the text in the following box into the Notepad text field:
    HKLM\...\Run: [] => [X]
    HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
    HKU\S-1-5-21-4137110049-3648854630-416167864-1001\...\MountPoints2: {15061559-6d2b-11e3-825f-008cfa7ee0eb} - "F:\LGAutoRun.exe"
    HKU\S-1-5-21-4137110049-3648854630-416167864-1001\...\MountPoints2: {3dd624a3-0c97-11e4-8267-008cfa7ee0eb} - "E:\setup.exe"
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
    HKU\S-1-5-21-4137110049-3648854630-416167864-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
    SearchScopes: HKLM -> DefaultScope {1E1D3729-61E3-45F3-AD18-C880E3D026D7} URL = http://rocket-find.com/results.php?f=4&q={searchTerms}&a=rckt_dsites02_14_29_ie&cd=2XzuyEtN2Y1L1Qzu0AyE0D0BtAtDyCzy0E0EtAyDtA0DtA0FtN0D0Tzu0SzytByBtN1L2XzutBtFtBtCtFtCyEtFyEtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAyCzz0D0CyCtCyCtGtC0FtAzztGzz0FyCtDtGtB0ByCyDtGyDyCtCyBzytCtA0BzzyCyBzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBzy0AtAzy0B0F0BtGtDtCtDzztGtAtA0FzztGtB0B0C0DtGyD0EtCyB0AyB0CtC0ByCtCyE2Q&cr=674643994&ir=
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {1E1D3729-61E3-45F3-AD18-C880E3D026D7} URL = http://rocket-find.com/results.php?f=4&q={searchTerms}&a=rckt_dsites02_14_29_ie&cd=2XzuyEtN2Y1L1Qzu0AyE0D0BtAtDyCzy0E0EtAyDtA0DtA0FtN0D0Tzu0SzytByBtN1L2XzutBtFtBtCtFtCyEtFyEtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StAyCzz0D0CyCtCyCtGtC0FtAzztGzz0FyCtDtGtB0ByCyDtGyDyCtCyBzytCtA0BzzyCyBzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBzy0AtAzy0B0F0BtGtDtCtDzztGtAtA0FzztGtB0B0C0DtGyD0EtCyB0AyB0CtC0ByCtCyE2Q&cr=674643994&ir=
    SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
    SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    BHO: No Name -> {41524553-2D56-3700-76A7-7A786E7484D7} ->  No File
    FF Extension: GreaatSave4U - C:\Users\josealejandro\AppData\Roaming\Mozilla\Firefox\Profiles\041mbb8l.default\Extensions\0dUaCL6wl@f.com [2014-09-27]
    FF Extension: DigiSaveeri - C:\Users\josealejandro\AppData\Roaming\Mozilla\Firefox\Profiles\041mbb8l.default\Extensions\6@qfU.net [2014-10-04]
    FF Extension: YooutuBoeAdiBlocckeu - C:\Users\josealejandro\AppData\Roaming\Mozilla\Firefox\Profiles\041mbb8l.default\Extensions\9@cenZC.com [2014-09-18]
    FF Extension: GooSSave - C:\Users\josealejandro\AppData\Roaming\Mozilla\Firefox\Profiles\041mbb8l.default\Extensions\A6@Ur.org [2014-09-18]
    FF Extension: WebbiNug - C:\Users\josealejandro\AppData\Roaming\Mozilla\Firefox\Profiles\041mbb8l.default\Extensions\Hp@wy.com [2014-10-07]
    FF Extension: NextCCouPo - C:\Users\josealejandro\AppData\Roaming\Mozilla\Firefox\Profiles\041mbb8l.default\Extensions\qZ@vvqyf3Yt.net [2014-10-07]
    FF Extension: Site Matcher - C:\Users\josealejandro\AppData\Roaming\Mozilla\Firefox\Profiles\041mbb8l.default\Extensions\sitematcher_src@sitematcher_src.com [2014-07-15]
    FF Extension: Weobbing - C:\Users\josealejandro\AppData\Roaming\Mozilla\Firefox\Profiles\041mbb8l.default\Extensions\UUf@E.org [2014-10-07]
    FF Extension: NextCoupp - C:\Users\josealejandro\AppData\Roaming\Mozilla\Firefox\Profiles\041mbb8l.default\Extensions\Xt2CMq@5k3y.net [2014-10-07]
    CHR Extension: (NextCCouPo) - C:\Users\josealejandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\aeencpbkcoaklpeejhchehkglplnhhao [2014-10-05]
    CHR Extension: (Búsqueda de Google) - C:\Users\josealejandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-21]
    CHR Extension: (Weobbing) - C:\Users\josealejandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\egjnoaglnlaekjgfdcbmohnjfeiibkmc [2014-10-05]
    CHR Extension: (Hojas de cálculo de Google) - C:\Users\josealejandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-21]
    CHR Extension: (Facebook Platinum) - C:\Users\josealejandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfodbocncpdocjdknjadipkgbbagld [2014-10-01]
    CHR Extension: (NextCoupp) - C:\Users\josealejandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgnlfkpebloeplknokebaafcmmhmppc [2014-10-05]
    S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
    S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
    S3 X6va022; \??\C:\Windows\SysWOW64\Drivers\X6va022 [X]
    S3 X6va025; \??\C:\Windows\SysWOW64\Drivers\X6va025 [X]
    S3 X6va028; \??\C:\Windows\SysWOW64\Drivers\X6va028 [X]
    C:\Users\josealejandro\Downloads\Setup v2 1 (2).exe
    C:\Users\josealejandro\Downloads\Setup v2 1 (1).exe
    C:\Users\josealejandro\Downloads\Setup v2 1.exe
    C:\32788R22FWJFWC:\Users\josealejandro\Downloads\setup (9).exe
    C:\Users\josealejandro\Downloads\setup (8).exe
    C:\Users\josealejandro\Downloads\setup (2).exe
    C:\Windows\system32\Drivers\7B6C1726.sys
    C:\Users\josealejandro\AppData\Local\Temp\BlueStacks-SplitInstaller_native_b.exe
    C:\Users\josealejandro\AppData\Local\Temp\optprosetup.exe
    C:\Users\josealejandro\AppData\Local\Temp\ose00000.exe
    C:\Users\josealejandro\AppData\Local\Temp\ose00001.exe
    C:\Users\josealejandro\AppData\Local\Temp\ose00005.exe
    C:\Users\josealejandro\AppData\Local\Temp\Uninstall.exe
    Task: {4CF7A038-9CFE-4389-985C-B22C65D63F18} - System32\Tasks\Rocket Updater => C:\Users\JOSEAL~1\AppData\Roaming\ROCKET~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
    Task: {F884C0D1-3409-4489-8E63-259A74C89FD3} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
    Task: C:\Windows\Tasks\Rocket Updater.job => C:\Users\JOSEAL~1\AppData\Roaming\ROCKET~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
    C:\Program Files (x86)\Mobogenie
    C:\Users\JOSEAL~1\AppData\Roaming\ROCKET~1
    C:\Program Files (x86)\MyPC Backup
    Save it to the same location as FRST as fixlist.txt.
  • Open up FRST, and click the Fix button. If it asks you to reboot in order to complete the fix, please do so.
  • Once it's done fixing things, it will create Fixlog.txt in the same folder. Please copy and paste it into your reply.

Uninstall Programs

 

Next, I'll need you to uninstall a few things. However, I've got a few things to say before you do.

 

Your logs show that you may have pirated Microsoft Office. Is this true? While piracy is useful for getting programs for free, both pirated programs and programs used for piracy (such as keygens) are very commonly used to infect users with nasty malware. Even if the programs work as they are supposed to, there could be infections running in the background which could, in turn, be downloading more malware. Due to this, using pirated programs and programs used for piracy is very dangerous. If you did pirate it, I strongly recommend uninstalling Office along with the programs below to ensure you are malware-free, but I won't force you. If you do get rid of it, I can recommend a completely free alternative.

 

I also see that you have uTorrent installed. This is a peer-to-peer program, and although it is useful for sharing files, it is an extreme security risk. Even if not using it for illegal purposes, you may have your personal information shared without your knowledge, and can both download and even spread infections without knowing as well. The risk of this greatly increases with the sharing of illegal data. Because of the risks of using this program, I highly recommend you remove it from your computer. If you still want to keep it, let me know, and don't use it until we're done fixing your computer problems.

 

Lastly, do you use Adobe Reader? It's a perfectly legitimate program, but it's also very commonly targeted by malware that exploits its security vulnerabilities, so it's best to get rid of it if it's not needed. :) If you don't need it, please remove it along with the other programs below.

 

I need you to uninstall some programs using either Programs and Features or Revo Uninstaller. In addition to the programs mentioned above, I'm also having you remove some junk/unnecessary software.

If you want to use Programs and Features:

  • Hold down the Windows key, hit C, and then click Settings > Control Panel > Programs and Features.
  • Once it loads all the programs, uninstall the following, if present, one at a time:
    µTorrent

    Adobe Reader XI (11.0.09)  MUI

    Eines de correcció del Microsoft Office 2013: català

    Ferramentas de verificación de Microsoft Office 2013 - Galego

    Java 7 Update 67

    Microsoft Office Professional Plus 2013

    Microsoft Project Professional 2013

    Microsoft Visio Professional 2013

    Outils de vérification linguistique 2013 de Microsoft Office - Français

    Revisores de Texto do Microsoft Office 2013 – Português do Brasil

    WildTangent Games
    by double-clicking on it, and following the prompts in the uninstaller.

If you have any problems uninstalling a program using Programs and Features, proceed to the below method.

If you want to use Revo Uninstaller (which cleans up a bit better):

  • Download Revo from here, and save it to your desktop.
  • Double click the installer on your desktop, and let the program install.
  • Once it's done, double click the Revo Uninstaller shortcut on your desktop to run it. Once it loads all the programs, uninstall the following, if present, one at a time:
    µTorrent

    Adobe Reader XI (11.0.09)  MUI

    Eines de correcció del Microsoft Office 2013: català

    Ferramentas de verificación de Microsoft Office 2013 - Galego

    Java 7 Update 67

    Microsoft Office Professional Plus 2013

    Microsoft Project Professional 2013

    Microsoft Visio Professional 2013

    Outils de vérification linguistique 2013 de Microsoft Office - Français

    Revisores de Texto do Microsoft Office 2013 – Português do Brasil

    WildTangent Games

  • Double click the program, and say Yes on the prompt. Ensure the Moderate option is ticked, and click Next.
  • Follow the prompts in the built-in uninstaller, and then click Next in Revo.
  • If any registry remnants are found, check the bold items only. If there is a closed folder visible, click the + to expand it until you find the bold item. Then Delete the remnants.
  • Proceed again, and if any files/folders were found, delete those, too.

Final Notes

 

You appear to have disabled a few items via MSCONFIG:

MSCONFIG\Services: c2cautoupdatesvc => 2
MSCONFIG\Services: c2cpnrsvc => 2
MSCONFIG\Services: DragonUpdater => 2
MSCONFIG\Services: smphost => 3
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run32: => "mobilegeni daemon"
HKU\S-1-5-21-4137110049-3648854630-416167864-1001\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKU\S-1-5-21-4137110049-3648854630-416167864-1001\...\StartupApproved\Run: => "NextLive"
HKU\S-1-5-21-4137110049-3648854630-416167864-1001\...\StartupApproved\Run: => "Browser Infrastructure Helper"

 

MSCONFIG is rather messy with disabling items, and there are cleaner ways I can help you disable them. In light of this, please re-enable these items in MSCONFIG, and I will be happy to disable/remove any of them you want me to. :)

 

Can you please tell me what this file name in your downloads folder is, in English? I apologize, but I can't read any other languages. reticulas 2004 residencias profesionales y titulacion-info y formatos.rar

 

Finally, I would like you to rerun a scan with FRST to get a fresh look at your system. Only one text file will be made this time; please copy it into your reply. :)

 

Also, please let me know how the PC is running.

 

Gunto


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#9 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,291 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:04:20 PM

Posted 06 December 2014 - 02:05 PM

Hi,

It's been four days since my last post, so I am bumping the topic just in case you missed my previous reply. If you need more time to get back to me, please let me know, because I'll assume you're inactive otherwise.

If I still haven't heard from you in two days, this topic will be locked, so please get back to me by then.

Gunto


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...


#10 Gunto

Gunto

    Bleepin' Reject Phoenix


  • Malware Response Team
  • 1,291 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:North Las Vegas, Nevada, USA
  • Local time:04:20 PM

Posted 08 December 2014 - 01:39 PM

This topic is now locked due to the lack of feedback.

 

If you still need help, please send me (or any moderator if I am unavailable) a PM asking for this topic to be unlocked.


Beautiful avatar by Plumbeck!

 

Bury me in honor; when I'm dead and hit the ground, a love back home, it unfolds...





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users