Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-11-2015 Ran by margarito (administrator) on MARGARITO (08-11-2015 16:21:35) Running from C:\Users\margarito\Desktop Loaded Profiles: margarito (Available Profiles: margarito & rocio_000) Platform: Windows 8.1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Opera) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe (ASUS) C:\Program Files (x86)\ASUS\ASUS GIFTBOX Desktop\ASUSGiftBoxDesktop.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe (Intel Corporation) C:\Windows\System32\DptfParticipantProcessorService.exe (Intel Corporation) C:\Windows\System32\DptfPolicyConfigTDPService.exe (Intel Corporation) C:\Windows\System32\DptfPolicyLpmService.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtWatchDog.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\TMIDS\PwmSvc.exe (ASUS) C:\Program Files\ASUS\ASUS FlipLock\TransformService.exe (Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe (ASUSTek Computer INC.) C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe (ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Intel Corporation) C:\Windows\System32\igfxTray.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe (STMicroelectronics) C:\Program Files (x86)\ST Microelectronics\ST_ACCEL\FFP_Manager.exe (Intel Corporation) C:\Windows\System32\DptfPolicyLpmServiceHelper.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe (Trend Micro Inc.) C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe () C:\Program Files\Trend Micro\TMIDS\tower\PwmTower.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe () C:\Program Files\Trend Micro\TMIDS\tower\PwmTower.exe () C:\Program Files\Trend Micro\TMIDS\tower\PwmTower.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (MyCity) C:\Program Files (x86)\MCShield\MCShieldRTM.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Opera Software) C:\Program Files (x86)\Opera\33.0.1990.58\opera.exe (Opera Software) C:\Program Files (x86)\Opera\33.0.1990.58\opera_crashreporter.exe (Opera Software) C:\Program Files (x86)\Opera\33.0.1990.58\opera.exe (Opera Software) C:\Program Files (x86)\Opera\33.0.1990.58\opera.exe (Opera Software) C:\Program Files (x86)\Opera\33.0.1990.58\opera.exe (AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe (Opera Software) C:\Program Files (x86)\Opera\33.0.1990.58\opera.exe (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe (Opera Software) C:\Program Files (x86)\Opera\33.0.1990.58\opera.exe (Opera Software) C:\Program Files (x86)\Opera\33.0.1990.58\opera.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [ASUS HDD Protection Tray Application] => C:\Program Files (x86)\ST Microelectronics\ST_ACCEL\FFP_Manager.exe [54272 2014-02-12] (STMicroelectronics) HKLM\...\Run: [DptfPolicyLpmServiceHelper] => C:\Windows\system32\DptfPolicyLpmServiceHelper.exe [114048 2013-10-17] (Intel Corporation) HKLM\...\Run: [Trend Micro Client Framework] => C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [246264 2015-07-16] (Trend Micro Inc.) HKLM\...\Run: [Platinum] => C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSessionAgent.exe [1258496 2015-07-16] (Trend Micro Inc.) HKLM\...\Run: [ZAM] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [12588672 2015-10-23] (Zemana Ltd.) HKU\S-1-5-21-3706478320-2513481521-3289856772-1001\...\Run: [MCShield Monitor] => C:\Program Files (x86)\MCShield\mcshieldrtm.exe [650816 2014-04-11] (MyCity) HKU\S-1-5-21-3706478320-2513481521-3289856772-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8418584 2015-07-17] (Piriform Ltd) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-27] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-27] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-27] (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 200.94.160.248 200.94.160.246 Tcpip\..\Interfaces\{FB643AE5-B5C6-4917-A7B2-45FF35F3CEC4}: [DhcpNameServer] 200.94.160.248 200.94.160.246 Internet Explorer: ================== HKU\S-1-5-21-3706478320-2513481521-3289856772-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus13.msn.com/?pc=ASJB HKU\S-1-5-21-3706478320-2513481521-3289856772-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://prodigy.msn.com/es-mx/?ocid=iehp BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-09-29] (Microsoft Corporation) BHO: Trend Micro Security Toolbar Helper -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2015-09-08] (Trend Micro Inc.) BHO: Trend Micro Network Filter Plugin -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files\Trend Micro\AMSP\module\20013\3.8.1222\2.0.1084\TmopIEPlg.dll [2015-07-16] (Trend Micro Inc.) BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation) BHO: Trend Micro IE Protection -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1035\9.1.1035\TmBpIe64.dll [2015-08-16] (Trend Micro Inc.) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-10-27] (Microsoft Corporation) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-09-29] (Microsoft Corporation) BHO-x32: Trend Micro Security Toolbar Helper -> {43C6D902-A1C5-45c9-91F6-FD9E90337E18} -> C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2015-09-08] (Trend Micro Inc.) BHO-x32: Trend Micro Network Filter Plugin -> {959A5673-7971-48e6-AF54-58F745AC4ABC} -> C:\Program Files\Trend Micro\AMSP\module\20013\3.8.1222\2.0.1084\TmopIEPlg32.dll [2015-07-16] (Trend Micro Inc.) BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation) BHO-x32: Trend Micro IE Protection -> {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} -> C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1035\9.1.1035\TmBpIe32.dll [2015-08-16] (Trend Micro Inc.) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-10-27] (Microsoft Corporation) Toolbar: HKLM - Trend Micro Security Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2015-09-08] (Trend Micro Inc.) Toolbar: HKLM-x32 - Trend Micro Security Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2015-09-08] (Trend Micro Inc.) Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - No File Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-08-25] (Microsoft Corporation) Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation) Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation) Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1035\9.1.1035\TmBpIe64.dll [2015-08-16] (Trend Micro Inc.) Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1035\9.1.1035\TmBpIe32.dll [2015-08-16] (Trend Micro Inc.) Handler: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\3.8.1222\2.0.1084\TmopIEPlg.dll [2015-07-16] (Trend Micro Inc.) Handler-x32: tmop - {69FD7CE3-4604-4fe6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\3.8.1222\2.0.1084\TmopIEPlg32.dll [2015-07-16] (Trend Micro Inc.) Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ToolbarIE.dll [2015-09-08] (Trend Micro Inc.) Handler-x32: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll [2015-09-08] (Trend Micro Inc.) Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\plugin\ToolbarIE64\ProToolbarIMRatingActiveX.dll [2015-07-16] (Trend Micro Inc.) Handler-x32: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll [2015-07-16] (Trend Micro Inc.) Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\Windows\System32\urlmon.dll [2015-09-10] (Microsoft Corporation) Filter-x32: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\Windows\SysWOW64\urlmon.dll [2015-09-10] (Microsoft Corporation) Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - No File Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - No File Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - No File FireFox: ======== FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2013-12-18] () FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2013-12-18] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-10-23] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-10-23] (Intel Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-08-25] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-08-25] (Microsoft Corporation) FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-05] () FF HKLM\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1035\9.1.1035\firefoxextension FF Extension: Trend Micro BEP Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1035\9.1.1035\firefoxextension [2015-09-24] FF HKLM-x32\...\Firefox\Extensions: [tmbepff@trendmicro.com] - C:\Program Files\Trend Micro\AMSP\module\20002\9.1.1035\9.1.1035\firefoxextension FF HKLM-x32\...\Firefox\Extensions: [{22181a4d-af90-4ca3-a569-faed9118d6bc}] - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension FF Extension: Trend Micro Toolbar - C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2015-09-24] FF HKLM-x32\...\Firefox\Extensions: [{BBB77B49-9FF4-4d5c-8FE2-92B1D6CD696C}] - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension FF Extension: Trend Micro Osprey Firefox Extension - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension [2015-09-24] Opera: ======= OPR Extension: (WOT) - C:\Users\margarito\AppData\Roaming\Opera Software\Opera Stable\Extensions\eeokceolphhfjdfcibaiiopmekmcbedp [2015-09-06] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 ASUSGiftBoxDekstop; C:\Program Files (x86)\ASUS\ASUS GIFTBOX Desktop\ASUSGIFTBOXDesktop.exe [315704 2015-07-20] (ASUS) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2780856 2015-10-07] (Microsoft Corporation) R2 DACoreService; C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe [432528 2013-05-02] (Nuance Communications, Inc.) R2 DptfParticipantProcessorService; C:\Windows\system32\DptfParticipantProcessorService.exe [117704 2013-10-17] (Intel Corporation) R2 DptfPolicyConfigTDPService; C:\Windows\system32\DptfPolicyConfigTDPService.exe [116680 2013-10-17] (Intel Corporation) R2 DptfPolicyLpmService; C:\Windows\system32\DptfPolicyLpmService.exe [126952 2013-10-17] (Intel Corporation) R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-24] (WildTangent) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282072 2014-03-17] (Intel Corporation) S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [827392 2013-09-02] (Intel(R) Corporation) [File not signed] R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-10-23] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-10-23] (Intel Corporation) S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation) R2 Platinum Host Service; C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe [1137664 2015-07-16] (Trend Micro Inc.) R2 PwmSvc; C:\Program Files\Trend Micro\TMIDS\PwmSvc.exe [1432840 2015-08-27] (Trend Micro Inc.) R2 TransformService; C:\Program Files\ASUS\ASUS FlipLock\TransformService.exe [73528 2014-07-08] (ASUS) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation) R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [12588672 2015-10-23] (Zemana Ltd.) R2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad -bt=0 [X] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [73512 2014-07-29] (ASUS Corporation) S3 AX88772; C:\Windows\system32\DRIVERS\ax88772.sys [113864 2013-07-18] (ASIX Electronics Corp.) S3 BrSerIf; C:\Windows\system32\DRIVERS\BrSerIf.sys [97280 2006-12-12] (Brother Industries Ltd.) S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [132608 2015-01-29] (Microsoft Corporation) S3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [32768 2014-10-08] (Microsoft Corporation) S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation) R3 DptfDevProc; C:\Windows\system32\DRIVERS\DptfDevProc.sys [289744 2013-10-17] (Intel Corporation) R3 DptfManager; C:\Windows\system32\DRIVERS\DptfManager.sys [494296 2013-10-17] (Intel Corporation) S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation) R3 iaLPSS_GPIO; C:\Windows\System32\drivers\iaLPSS_GPIO.sys [24568 2013-08-08] (Intel Corporation) R3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [99320 2013-08-08] (Intel Corporation) R3 INVN_MotionApps; C:\Windows\system32\DRIVERS\WUDFRd.sys [226304 2014-10-28] (Microsoft Corporation) R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [17280 2012-08-05] ( ) R3 m76usb; C:\Windows\System32\drivers\m76usb.sys [539336 2014-04-28] (Ralink Technology Corp.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-10-23] (Intel Corporation) R3 SensorsAlsDriver; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-28] (Microsoft Corporation) R3 SensorsServiceDriver; C:\Windows\System32\drivers\WUDFRd.sys [226304 2014-10-28] (Microsoft Corporation) R3 ST_ACCEL; C:\Windows\system32\DRIVERS\ST_Accel.sys [125104 2014-06-06] (STMicroelectronics) R1 tmactmon; C:\Windows\system32\DRIVERS\tmactmon.sys [134280 2015-07-21] (Trend Micro Inc.) R0 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [326896 2015-07-21] (Trend Micro Inc.) R0 TMEBC; C:\Windows\System32\DRIVERS\TMEBC64.sys [59712 2015-06-11] (Trend Micro Inc.) R3 tmeevw; C:\Windows\system32\DRIVERS\tmeevw.sys [116576 2015-06-07] (Trend Micro Inc.) S0 tmel; C:\Windows\System32\DRIVERS\tmel.sys [39056 2015-06-22] (Trend Micro Inc.) R1 tmevtmgr; C:\Windows\system32\DRIVERS\tmevtmgr.sys [100320 2015-07-21] (Trend Micro Inc.) R3 tmnciesc; C:\Windows\system32\DRIVERS\tmnciesc.sys [416608 2015-05-28] (Trend Micro Inc.) R1 tmumh; C:\Windows\system32\DRIVERS\TMUMH.sys [91536 2015-06-28] (Trend Micro Inc.) R2 tmusa; C:\Windows\system32\DRIVERS\tmusa.sys [116528 2015-06-26] (Trend Micro Inc.) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation) R1 ZAM; C:\Windows\System32\drivers\zam64.sys [111992 2015-10-24] (Zemana Ltd.) R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [111992 2015-10-24] (Zemana Ltd.) U0 msahci; system32\drivers\msahci.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-11-08 16:21 - 2015-11-08 16:21 - 00022048 _____ C:\Users\margarito\Desktop\FRST.txt 2015-11-08 16:20 - 2015-11-08 16:20 - 00000000 ____D C:\Users\margarito\Desktop\FRST-OlderVersion 2015-11-04 13:50 - 2015-11-04 13:50 - 00045486 _____ C:\Users\margarito\Downloads\FRST.txt 2015-11-04 13:50 - 2015-11-04 13:50 - 00025834 _____ C:\Users\margarito\Downloads\Addition.txt 2015-11-03 19:23 - 2015-11-03 19:23 - 00000000 ____D C:\Users\rocio_000\Tracing 2015-11-02 21:02 - 2015-11-03 10:07 - 05261251 _____ C:\Users\rocio_000\Desktop\estrategias de busqueda.pptx 2015-11-02 19:55 - 2015-11-02 19:55 - 00445952 _____ C:\Users\rocio_000\Downloads\Estrategias de Busqueda.ppt 2015-10-24 10:35 - 2015-10-24 10:37 - 00000000 ____D C:\Users\rocio_000\Desktop\UninstallerData 2015-10-24 10:35 - 2015-10-24 10:35 - 00002445 _____ C:\Users\rocio_000\.com.zerog.registry.xml 2015-10-24 10:35 - 2015-10-24 10:35 - 00000000 ____D C:\Users\rocio_000\Documents\My Cmaps 2015-10-24 10:35 - 2015-10-24 10:35 - 00000000 ____D C:\Users\rocio_000\AppData\Roaming\CmapTools 2015-10-24 10:33 - 2015-10-24 10:33 - 00000000 ___HD C:\Users\rocio_000\InstallAnywhere 2015-10-24 10:31 - 2015-10-24 10:32 - 99500328 _____ (Flexera Software) C:\Users\rocio_000\Downloads\WinCmapTools_v6.01.01_07-23-15.exe 2015-10-24 08:20 - 2015-10-24 08:20 - 00001090 _____ C:\Users\Public\Desktop\Zemana AntiMalware.lnk 2015-10-24 08:20 - 2015-10-24 08:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware 2015-10-23 20:23 - 2015-11-08 16:21 - 00000000 ____D C:\FRST 2015-10-23 20:22 - 2015-11-08 16:20 - 02198528 _____ (Farbar) C:\Users\margarito\Desktop\FRST64.exe 2015-10-23 08:02 - 2015-11-08 12:08 - 00022970 _____ C:\Windows\PFRO.log 2015-10-23 08:02 - 2015-10-23 08:02 - 00486904 _____ C:\Windows\system32\FNTCACHE.DAT 2015-10-20 08:12 - 2015-11-08 12:08 - 00001374 _____ C:\Windows\setupact.log 2015-10-20 08:12 - 2015-10-20 08:12 - 00000000 _____ C:\Windows\setuperr.log 2015-10-20 07:55 - 2015-11-08 16:14 - 01741653 _____ C:\Windows\WindowsUpdate.log 2015-10-17 11:08 - 2015-11-08 13:34 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-10-17 11:08 - 2015-11-07 17:43 - 00000892 _____ C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job 2015-10-17 11:08 - 2015-10-17 11:08 - 00003866 _____ C:\Windows\System32\Tasks\Adobe Flash Player PPAPI Notifier 2015-10-17 11:08 - 2015-10-17 11:08 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-10-17 11:08 - 2015-10-17 11:08 - 00000000 ____D C:\Users\margarito\AppData\Local\Adobe 2015-10-17 11:07 - 2015-10-17 11:08 - 00000000 ____D C:\Users\rocio_000\AppData\Local\Adobe 2015-10-14 20:22 - 2015-08-22 06:42 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll 2015-10-14 20:22 - 2015-08-22 06:42 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll 2015-10-14 20:22 - 2015-08-22 06:42 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll 2015-10-14 20:22 - 2015-08-22 06:42 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll 2015-10-14 20:22 - 2015-08-22 06:42 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll 2015-10-14 20:22 - 2015-08-22 06:42 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll 2015-10-14 20:22 - 2015-08-22 06:42 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll 2015-10-14 20:22 - 2015-08-22 06:42 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll 2015-10-14 20:22 - 2015-08-22 06:42 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll 2015-10-14 20:22 - 2015-08-22 06:42 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll 2015-10-14 20:22 - 2015-08-22 06:42 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll 2015-10-14 20:22 - 2015-08-22 06:42 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll 2015-10-14 20:22 - 2015-08-22 06:42 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll 2015-10-14 20:22 - 2015-08-22 06:42 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll 2015-10-14 20:22 - 2015-08-22 06:42 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll 2015-10-14 20:22 - 2015-08-22 06:42 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll 2015-10-14 20:22 - 2015-08-22 06:35 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll 2015-10-14 20:22 - 2015-08-22 06:35 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll 2015-10-14 20:22 - 2015-08-22 06:35 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll 2015-10-14 20:22 - 2015-08-22 06:35 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll 2015-10-14 20:22 - 2015-08-22 06:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll 2015-10-14 20:22 - 2015-08-22 06:35 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll 2015-10-14 20:22 - 2015-08-22 06:35 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll 2015-10-14 20:22 - 2015-08-22 06:35 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll 2015-10-14 20:22 - 2015-08-22 06:35 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll 2015-10-14 20:22 - 2015-08-22 06:35 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll 2015-10-14 20:22 - 2015-08-22 06:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll 2015-10-14 20:22 - 2015-08-22 06:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll 2015-10-14 20:22 - 2015-08-22 06:35 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll 2015-10-14 20:22 - 2015-08-22 06:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll 2015-10-14 20:22 - 2015-08-22 06:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll 2015-10-14 20:22 - 2015-08-22 06:35 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll 2015-10-14 20:22 - 2015-08-07 14:40 - 01134752 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2015-10-14 20:22 - 2015-08-07 14:40 - 00686960 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2015-10-14 20:22 - 2015-08-07 14:40 - 00507176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2015-10-14 20:22 - 2015-08-07 07:13 - 00862720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2015-10-14 20:21 - 2015-09-18 20:18 - 00035384 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe 2015-10-14 20:21 - 2015-09-18 06:42 - 01290752 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-10-14 20:21 - 2015-09-18 06:42 - 01163776 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-10-14 20:21 - 2015-09-18 06:42 - 00766464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-10-14 20:21 - 2015-09-18 06:42 - 00699904 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-10-14 20:21 - 2015-09-18 06:42 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-10-14 20:21 - 2015-09-18 06:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2015-10-14 20:17 - 2015-08-06 10:05 - 00669184 _____ (Microsoft Corporation) C:\Windows\system32\hhctrl.ocx 2015-10-14 20:17 - 2015-08-06 09:37 - 00536576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hhctrl.ocx 2015-10-14 20:12 - 2015-08-06 09:47 - 04710400 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll 2015-10-14 20:12 - 2015-08-06 09:18 - 04068352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll 2015-10-14 20:12 - 2015-07-16 11:58 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\NcdAutoSetup.dll 2015-10-14 18:33 - 2015-09-29 05:31 - 07457624 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-10-14 18:33 - 2015-09-29 05:31 - 01658536 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi 2015-10-14 18:33 - 2015-09-29 05:31 - 01519592 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe 2015-10-14 18:33 - 2015-09-29 05:31 - 01487008 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi 2015-10-14 18:33 - 2015-09-29 05:31 - 01355848 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe 2015-10-14 18:33 - 2015-09-24 09:42 - 00348672 _____ (Microsoft Corporation) C:\Windows\system32\bdesvc.dll 2015-10-14 18:33 - 2015-09-24 09:40 - 00737280 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll 2015-10-14 18:33 - 2015-09-10 11:02 - 25851392 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-10-14 18:33 - 2015-09-10 10:09 - 20358144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-10-14 18:33 - 2015-08-26 19:43 - 22372152 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2015-10-14 18:33 - 2015-08-26 19:42 - 19795904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2015-10-14 18:33 - 2015-08-07 14:40 - 01736520 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-10-14 18:33 - 2015-08-07 14:40 - 01499920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-10-14 18:32 - 2015-09-10 10:19 - 00585728 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-10-14 18:32 - 2015-09-10 10:18 - 02886656 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-10-14 18:32 - 2015-09-10 10:18 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-10-14 18:32 - 2015-09-10 10:14 - 05990400 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-10-14 18:32 - 2015-09-10 10:06 - 00616960 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-10-14 18:32 - 2015-09-10 10:04 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-10-14 18:32 - 2015-09-10 09:51 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-10-14 18:32 - 2015-09-10 09:39 - 00504832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-10-14 18:32 - 2015-09-10 09:37 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-10-14 18:32 - 2015-09-10 09:37 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-10-14 18:32 - 2015-09-10 09:35 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-10-14 18:32 - 2015-09-10 09:33 - 02279936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-10-14 18:32 - 2015-09-10 09:28 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll 2015-10-14 18:32 - 2015-09-10 09:28 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-10-14 18:32 - 2015-09-10 09:27 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-10-14 18:32 - 2015-09-10 09:24 - 14456832 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-10-14 18:32 - 2015-09-10 09:21 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2015-10-14 18:32 - 2015-09-10 09:19 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-10-14 18:32 - 2015-09-10 09:19 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-10-14 18:32 - 2015-09-10 09:19 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-10-14 18:32 - 2015-09-10 09:17 - 02126336 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-10-14 18:32 - 2015-09-10 09:17 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-10-14 18:32 - 2015-09-10 09:07 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-10-14 18:32 - 2015-09-10 09:05 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-10-14 18:32 - 2015-09-10 09:02 - 04527616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-10-14 18:32 - 2015-09-10 09:01 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll 2015-10-14 18:32 - 2015-09-10 09:00 - 12853760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-10-14 18:32 - 2015-09-10 08:57 - 02487808 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-10-14 18:32 - 2015-09-10 08:57 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2015-10-14 18:32 - 2015-09-10 08:55 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-10-14 18:32 - 2015-09-10 08:55 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-10-14 18:32 - 2015-09-10 08:55 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-10-14 18:32 - 2015-09-10 08:45 - 01546752 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-10-14 18:32 - 2015-09-10 08:34 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-10-14 18:32 - 2015-09-10 08:31 - 02011136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-10-14 18:32 - 2015-09-10 08:27 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-10-14 18:32 - 2015-09-10 08:26 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-10-14 18:29 - 2015-09-29 05:29 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2015-10-14 18:29 - 2015-09-28 11:45 - 03705344 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2015-10-14 18:29 - 2015-09-28 11:26 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll 2015-10-14 18:29 - 2015-09-28 11:25 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2015-10-14 18:29 - 2015-09-28 11:25 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2015-10-14 18:29 - 2015-09-28 11:25 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2015-10-14 18:29 - 2015-09-28 11:22 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2015-10-14 18:29 - 2015-09-28 11:22 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2015-10-14 18:29 - 2015-09-28 11:22 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2015-10-14 18:29 - 2015-09-28 11:15 - 02243072 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2015-10-14 18:29 - 2015-09-28 11:13 - 00891904 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2015-10-14 18:29 - 2015-09-28 11:12 - 00721920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2015-10-12 06:05 - 2015-10-12 06:05 - 00000000 ___RD C:\Users\rocio_000\AppData\Roaming\Brother 2015-10-12 06:00 - 2015-10-12 06:00 - 00013934 _____ C:\Users\rocio_000\Downloads\Glucosa Rocio.xlsx 2015-10-11 08:42 - 2015-10-11 08:44 - 174471624 _____ C:\Users\margarito\Desktop\oh2a19gs.exe 2015-10-11 08:41 - 2015-10-11 08:49 - 00002542 _____ C:\Users\margarito\Desktop\Rkill.txt 2015-10-11 08:15 - 2015-10-11 08:15 - 00000000 ____D C:\Users\margarito\Tracing 2015-10-11 08:04 - 2015-10-11 08:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype 2015-10-10 21:32 - 2015-10-11 08:45 - 00000000 ____D C:\Users\margarito\Desktop\Seguridad ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-11-08 16:20 - 2015-07-26 19:02 - 00000000 ____D C:\Users\margarito\AppData\Roaming\Skype 2015-11-08 16:14 - 2015-07-26 18:24 - 00000000 __RDO C:\Users\margarito\OneDrive 2015-11-08 16:13 - 2015-09-06 15:02 - 00000093 _____ C:\Users\margarito\AppData\Roaming\sp_data.sys 2015-11-08 16:13 - 2015-07-26 21:42 - 00000000 ____D C:\ProgramData\MCShield 2015-11-08 16:12 - 2015-07-26 18:52 - 00000000 ____D C:\Users\margarito\AppData\Local\DP_Tower 2015-11-08 16:12 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\system32\sru 2015-11-08 13:40 - 2015-07-26 18:33 - 00003946 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{1A0360D2-2CFD-4D6D-A402-1998279E83B0} 2015-11-08 12:25 - 2015-07-26 18:26 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3706478320-2513481521-3289856772-1001 2015-11-08 12:13 - 2014-03-18 03:03 - 00863592 _____ C:\Windows\system32\PerfStringBackup.INI 2015-11-08 12:10 - 2013-08-22 06:25 - 00262144 ___SH C:\Windows\system32\config\ELAM 2015-11-08 12:08 - 2013-08-22 07:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-11-08 12:08 - 2013-08-22 06:25 - 00524288 ___SH C:\Windows\system32\config\BBI 2015-11-08 12:01 - 2015-08-24 13:20 - 00003464 _____ C:\Windows\System32\Tasks\ASUS Live Update2 2015-11-08 12:01 - 2015-08-23 16:29 - 00003474 _____ C:\Windows\System32\Tasks\ASUS Live Update1 2015-11-08 10:25 - 2015-08-10 14:59 - 00003600 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3706478320-2513481521-3289856772-1002 2015-11-08 09:51 - 2015-08-10 14:45 - 00000093 _____ C:\Users\rocio_000\AppData\Roaming\sp_data.sys 2015-11-08 09:50 - 2015-08-10 14:58 - 00000000 ___RD C:\Users\rocio_000\OneDrive 2015-11-08 09:49 - 2015-08-10 14:45 - 00000000 ____D C:\Users\rocio_000\AppData\Local\DP_Tower 2015-11-08 07:31 - 2015-07-26 18:19 - 00000000 ____D C:\Users\margarito\AppData\Local\Packages 2015-11-08 07:31 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\AppReadiness 2015-11-07 16:41 - 2015-09-01 08:15 - 00000000 ____D C:\Users\rocio_000\Desktop\teorias de la comunicacion 2015-11-07 16:14 - 2015-08-10 15:14 - 00003946 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{75E20C1A-0DA7-4784-8306-AA92FA6F082F} 2015-11-05 08:47 - 2015-09-06 08:05 - 00003832 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1441551916 2015-11-05 08:47 - 2015-09-06 08:05 - 00001065 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2015-11-05 08:47 - 2015-09-06 08:05 - 00000000 ____D C:\Program Files (x86)\Opera 2015-11-05 08:47 - 2015-08-16 09:50 - 00004076 _____ C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1439743809 2015-11-05 08:47 - 2015-08-16 09:50 - 00001373 _____ C:\Users\rocio_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera.lnk 2015-11-04 08:39 - 2015-08-10 14:45 - 00000000 ____D C:\Users\rocio_000\AppData\Local\Packages 2015-11-03 21:04 - 2015-08-30 15:00 - 00000000 ____D C:\Users\rocio_000\AppData\Roaming\Skype 2015-11-03 19:23 - 2015-08-10 14:44 - 00000000 ____D C:\Users\rocio_000 2015-11-03 18:48 - 2015-09-01 08:13 - 00000000 ____D C:\Users\rocio_000\Desktop\introduccion a la teoria del diseno 2015-11-01 19:17 - 2015-09-06 08:25 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware 2015-10-27 15:29 - 2015-08-25 06:56 - 00000000 ____D C:\Program Files\Microsoft Office 15 2015-10-26 20:47 - 2015-09-01 08:14 - 00000000 ____D C:\Users\rocio_000\Desktop\analiis de cultura y el arte 2015-10-24 10:36 - 2015-08-10 14:44 - 00000000 ___RD C:\Users\rocio_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2015-10-24 08:20 - 2015-09-06 08:25 - 00111992 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zamguard64.sys 2015-10-24 08:20 - 2015-09-06 08:25 - 00111992 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys 2015-10-23 20:15 - 2015-07-26 18:16 - 00000000 ____D C:\Users\margarito 2015-10-20 19:32 - 2015-08-03 08:59 - 00000010 _____ C:\Users\margarito\AppData\Local\sponge.last.runtime.cache 2015-10-20 16:25 - 2015-07-26 19:33 - 00000000 ____D C:\Users\margarito\Documents\e-Sword 2015-10-19 16:00 - 2013-08-22 08:20 - 00000000 ____D C:\Windows\CbsTemp 2015-10-15 21:51 - 2015-07-31 18:16 - 00810488 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-10-15 21:51 - 2015-07-31 18:16 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-10-15 19:16 - 2013-08-22 08:36 - 00000000 ____D C:\Windows\rescache 2015-10-15 07:30 - 2013-08-22 08:36 - 00000000 ___RD C:\Windows\ToastData 2015-10-15 07:29 - 2015-07-30 23:40 - 00000000 ____D C:\Windows\system32\appraiser 2015-10-14 20:54 - 2015-07-30 22:25 - 00000000 ____D C:\Windows\system32\MRT 2015-10-14 20:52 - 2015-07-30 22:24 - 143481208 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-10-14 20:08 - 2014-09-24 08:40 - 00000000 ___RD C:\Program Files (x86)\Skype 2015-10-11 08:41 - 2015-09-12 07:10 - 00000000 ____D C:\Windows\pss 2015-10-11 08:04 - 2014-09-24 08:40 - 00000000 ____D C:\ProgramData\Skype ==================== Files in the root of some directories ======= 2015-09-06 15:02 - 2015-11-08 16:13 - 0000093 _____ () C:\Users\margarito\AppData\Roaming\sp_data.sys 2015-07-26 18:47 - 2015-07-26 18:47 - 0000036 _____ () C:\Users\margarito\AppData\Local\housecall.guid.cache 2015-08-03 08:59 - 2015-10-20 19:32 - 0000010 _____ () C:\Users\margarito\AppData\Local\sponge.last.runtime.cache 2014-11-07 18:36 - 2014-11-07 18:36 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2014-11-07 18:48 - 2014-03-25 18:11 - 0000137 _____ () C:\ProgramData\RefreshReg.vbs 2014-09-24 08:40 - 2014-03-26 13:50 - 0000124 _____ () C:\ProgramData\SetStretch.cmd 2014-09-24 08:40 - 2009-07-22 03:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe 2014-09-24 08:40 - 2012-09-07 04:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS Files to move or delete: ==================== C:\ProgramData\RefreshReg.vbs Some files in TEMP: ==================== C:\Users\margarito\AppData\Local\Temp\SkypeSetup.exe C:\Users\rocio_000\AppData\Local\Temp\Foxit PhantomPDF Updater.exe C:\Users\rocio_000\AppData\Local\Temp\remove.exe C:\Users\rocio_000\AppData\Local\Temp\SkypeSetup.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-11-02 18:50 ==================== End of FRST.txt ============================