Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-12-2015 Ran by margarito (2015-12-06 08:47:54) Running from C:\Users\margarito\Desktop Windows 8.1 (X64) (2015-07-27 01:18:54) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-3706478320-2513481521-3289856772-500 - Administrator - Disabled) Guest (S-1-5-21-3706478320-2513481521-3289856772-501 - Limited - Disabled) margarito (S-1-5-21-3706478320-2513481521-3289856772-1001 - Administrator - Enabled) => C:\Users\margarito rocio_000 (S-1-5-21-3706478320-2513481521-3289856772-1002 - Limited - Enabled) => C:\Users\rocio_000 ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Trend Micro Internet Security (Disabled - Up to date) {8242D66F-41BD-4049-C2E6-E578E73B62A0} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Trend Micro Internet Security (Disabled - Up to date) {3923378B-6787-4FC7-F856-DE0A9CBC281D} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.4.0.180 - Adobe Systems Incorporated) Adobe Flash Player 19 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 19.0.0.245 - Adobe Systems Incorporated) Adobe Premiere Pro CC 2015 (HKLM-x32\...\{38C72D42-0672-43B1-9E05-E7631684F9A1}) (Version: 9.0.2 - Adobe Systems Incorporated) Alcor Micro USB Card Reader Driver (HKLM-x32\...\InstallShield_{5CA55DFC-2008-460F-B7A7-FB92100C4494}) (Version: 20.4.10117.43857 - Alcor Micro Corp.) Alcor Micro USB Card Reader Driver (x32 Version: 20.4.10117.43857 - Alcor Micro Corp.) Hidden ASUS FlipLock (HKLM\...\{9BF8EF7C-4AA1-4CA7-93DB-8F543EB35F4E}) (Version: 1.0.5 - ASUS) ASUS GIFTBOX Desktop (HKLM-x32\...\{4701E5AB-AF91-4D40-8F18-358CC80E4E5B}) (Version: 1.1.6 - ASUS) ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.3.4 - ASUS) ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.2.19 - ASUS) ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.01.0003 - ASUS) ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 3.1.9 - ASUS) ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0037 - ASUS) CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Device Setup (HKLM-x32\...\{1F07F2C7-596F-4F34-B805-2C61A3E50E5A}) (Version: 1.0.18 - ASUSTek Computer Inc.) ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) e-Sword (HKLM-x32\...\{463178C4-E707-41EE-BE8A-080C62BF526D}) (Version: 10.04.0000 - Rick Meyers) Foxit PhantomPDF (HKLM-x32\...\{FC76E6BB-7CBB-4CD6-8178-3BCADC0526C3}) (Version: 6.0.62.801 - Foxit Corporation) Intel(R) Dynamic Platform and Thermal Framework (HKLM-x32\...\FFD10ECE-F715-4a86-9BD8-F6F47DA5DA1C) (Version: 7.1.0.2105 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.6.0.1038 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation) Intel(R) Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 1.1.165.0 - Intel Corporation) MCShield ::Anti-Malware Tool:: (HKLM-x32\...\MCShield) (Version: 3.0.5.28 - MyCity) Mediatek Bluetooth (HKLM\...\{878D7C14-18BD-7A70-9292-C0B3CE374125}) (Version: 11.0.754.0 - Mediatek) Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4771.1004 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4771.1004 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4771.1004 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4771.1004 - Microsoft Corporation) Hidden Opera Stable 33.0.1990.115 (HKLM-x32\...\Opera 33.0.1990.115) (Version: 33.0.1990.115 - Opera Software) Opera Stable 33.0.1990.115 (HKU\S-1-5-21-3706478320-2513481521-3289856772-1002\...\Opera 33.0.1990.115) (Version: 33.0.1990.115 - Opera Software) Ralink RT2860 Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 5.0.47.0 - Ralink) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7266 - Realtek Semiconductor Corp.) Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.5.0.9082 - Microsoft Corporation) Skype™ 7.15 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.15.103 - Skype Technologies S.A.) ST Microelectronics 3 Axis Digital Accelerometer Solution (HKLM-x32\...\{9C24F411-9CA7-4A8A-91F3-F08A4A38EB31}) (Version: 4.07.0057 - ST Microelectronics) Trend Micro Internet Security (HKLM\...\{ABBD4BA8-6703-40D2-AB1E-5BB1F7DB49A4}) (Version: 10.0 - Trend Micro Inc.) Trend Micro Password Manager (HKLM\...\3A0FB4E3-2C0D-4572-A24D-67F1CAABDDP35_is1) (Version: 3.5.0.1288 - Trend Micro Inc.) Trend Micro Titanium (Version: 10.0 - Trend Micro Inc.) Hidden Windows Driver Package - ASUS (ATP) Mouse (07/02/2014 1.0.0.228) (HKLM\...\7504488B89E0121B0737D63957491C9CD2633065) (Version: 07/02/2014 1.0.0.228 - ASUS) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-3706478320-2513481521-3289856772-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation) CustomCLSID: HKU\S-1-5-21-3706478320-2513481521-3289856772-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems) CustomCLSID: HKU\S-1-5-21-3706478320-2513481521-3289856772-1002_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation) ==================== Restore Points ========================= 22-11-2015 13:03:55 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 24-11-2015 22:58:01 Windows Live Essentials 24-11-2015 22:59:25 Installed DirectX 03-12-2015 11:45:14 Scheduled Checkpoint ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 06:25 - 2015-11-13 21:09 - 00000035 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {03EE0F45-1FCC-4AF4-9E35-2320683301FE} - System32\Tasks\Opera scheduled Autoupdate 1439743809 => C:\Users\rocio_000\AppData\Local\Programs\Opera\launcher.exe [2015-11-16] (Opera Software) Task: {0CFC3BF0-C567-43F1-924A-6CD03A8E554B} - System32\Tasks\{8BDDE9A1-29CB-4A26-B7D2-A29AAE842AEF} => Iexplore.exe hxxp://ui.skype.com/ui/0/7.6.0.105/en/abandoninstall?page=tsProgressBar Task: {1ADE276F-F513-42B1-A246-7458BBBE26BA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-07-17] (Piriform Ltd) Task: {1CC47C23-A8D3-4FFF-9111-504EA419470A} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2014-04-02] (ASUS) Task: {25A50D76-141D-475F-A60F-5B5694986851} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-13] (Microsoft Corporation) Task: {34E138C0-DF66-4A00-B250-59D6E31D6BF2} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2014-06-11] (ASUSTek Computer Inc.) Task: {385F6444-D112-4833-B097-44EC22670864} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2014-03-27] (ASUSTek Computer Inc.) Task: {38A1A3EB-5DDB-44FF-9967-D1DD600B184B} - System32\Tasks\{F9D14F55-5131-44B9-9DE2-C9FA02F1F1ED} => Iexplore.exe hxxp://ui.skype.com/ui/0/7.6.0.105/en/abandoninstall?page=tsProgressBar Task: {52B65675-FEDC-4A0F-B83E-82C5166FDF9D} - System32\Tasks\ASUS Patch for Touch Panel => C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe [2013-01-09] (ASUSTek Computer INC.) Task: {55D3A2BE-451C-4C0A-8E14-5C763B5296C6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-27] (Microsoft Corporation) Task: {5690FF7C-204A-4129-8F53-42C162C0D81C} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-13] (Microsoft Corporation) Task: {5E4E1978-9BF4-4A91-BD73-7C1937761E3A} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2015-02-12] () Task: {610391EB-A0AB-445C-9B5F-8AE556CB1A21} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2014-09-02] (ASUSTek Computer Inc.) Task: {75AC1223-EB1E-449B-9B28-01AA3709239A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-10-27] (Microsoft Corporation) Task: {81389923-B196-4E90-9BB6-A4CB9206EC77} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2014-05-26] (Realtek Semiconductor) Task: {90452889-390A-4AD4-ACCB-0E43B7A6F733} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2014-07-29] (AsusTek) Task: {AD3EE755-CE6A-4375-BFD4-29402EEC243D} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-rocio2295@hotmail.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-10-30] (Adobe Systems Incorporated) Task: {BD70FBD3-9107-4C43-978A-2B06FE75A186} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-23] (ASUSTeK Computer Inc.) Task: {C343F0EF-DC88-443C-8DEB-80428B719C57} - System32\Tasks\RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2014-06-04] (Realtek Semiconductor) Task: {D976D4E5-DCC7-4282-B8B9-6EC6FDA3D1DB} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_19_0_0_245_pepper.exe [2015-11-10] (Adobe Systems Incorporated) Task: {DADD80B4-B891-4D76-BE33-4C71529B6E76} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-11-14] (Microsoft Corporation) Task: {DE2A0257-9B0A-4227-82A7-CFA9535B9B49} - System32\Tasks\Opera scheduled Autoupdate 1441551916 => C:\Program Files (x86)\Opera\launcher.exe [2015-11-16] (Opera Software) Task: {E5DCC4E3-C324-4EEB-B77E-09D44297B8E7} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-23] (ASUSTeK Computer Inc.) Task: {E74A65E3-943C-40AF-9681-11FF96AA9E78} - System32\Tasks\{FADAFCD0-8C17-4AD3-BF75-99B9862518AC} => Iexplore.exe hxxp://ui.skype.com/ui/0/7.6.0.105/en/abandoninstall?page=tsProgressBar Task: {EA5D8735-F5EA-4286-A5CC-C26FEEB6E1D3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-10] (Adobe Systems Incorporated) Task: {EF2ADD8F-2D6C-427A-9DA1-C6C25FE2E4DB} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-10-13] (Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_19_0_0_245_pepper.exe Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2015-11-13 21:33 - 2015-03-31 04:08 - 00026408 _____ () C:\Program Files\Trend Micro\AMSP\boost_system-vc110-mt-1_57.dll 2015-11-13 21:33 - 2015-03-31 04:08 - 00058320 _____ () C:\Program Files\Trend Micro\AMSP\boost_date_time-vc110-mt-1_57.dll 2015-11-13 21:33 - 2015-03-31 04:09 - 00686608 _____ () C:\Program Files\Trend Micro\AMSP\sqlite3.dll 2015-11-13 21:33 - 2015-03-31 04:08 - 00110320 _____ () C:\Program Files\Trend Micro\AMSP\boost_thread-vc110-mt-1_57.dll 2015-11-13 21:33 - 2015-03-31 04:08 - 00036160 _____ () C:\Program Files\Trend Micro\AMSP\boost_chrono-vc110-mt-1_57.dll 2015-11-13 21:33 - 2015-03-31 04:09 - 01314920 _____ () C:\Program Files\Trend Micro\AMSP\libprotobuf.dll 2015-11-13 21:26 - 2015-07-16 11:31 - 00168544 _____ () C:\Program Files\Trend Micro\UniClient\plugins\LUADLL.dll 2015-08-25 06:56 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2015-11-13 21:35 - 2015-07-16 11:31 - 00089088 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_thread-vc110-mt-1_52.dll 2015-11-13 21:35 - 2015-07-16 11:31 - 00018944 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_system-vc110-mt-1_52.dll 2015-11-13 21:35 - 2015-07-16 11:31 - 00049664 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_date_time-vc110-mt-1_52.dll 2015-11-13 21:35 - 2015-07-16 11:31 - 00761856 _____ () C:\Program Files\Trend Micro\Titanium\plugin\Pt\boost_regex-vc110-mt-1_52.dll 2015-07-26 18:51 - 2014-08-01 20:17 - 00048128 _____ () C:\Program Files\Trend Micro\TMIDS\boost_date_time-vc110-mt-1_49.dll 2015-11-14 04:23 - 2015-11-14 04:23 - 00553120 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll 2015-10-27 15:27 - 2015-09-01 09:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2015-07-26 18:51 - 2015-10-27 12:42 - 46393608 _____ () C:\Program Files\Trend Micro\TMIDS\tower\PwmTower.exe 2014-11-07 18:43 - 2014-02-12 17:19 - 00243200 _____ () C:\Program Files (x86)\ST Microelectronics\ST_ACCEL\FFP_DT.dll 2015-11-13 21:26 - 2015-07-16 11:31 - 00065520 _____ () C:\Program Files\Trend Micro\Titanium\plugin\fcMsgDispatcher.dll 2015-11-14 04:22 - 2015-11-14 04:22 - 31401120 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe 2015-11-08 09:13 - 2015-11-08 09:13 - 01282048 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.Devices\bf5509cf3a0d2e3afbd0c33e9153ecbd\Windows.Devices.ni.dll 2015-08-01 18:59 - 2015-08-01 18:59 - 00228864 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\Windows.Foundation\f7e726805e56676bd7b8662a3d842b0e\Windows.Foundation.ni.dll 2014-07-08 15:17 - 2014-07-08 15:17 - 00009216 _____ () C:\Program Files\ASUS\ASUS FlipLock\WMIProc.dll 2014-11-07 18:30 - 2013-10-23 14:44 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2014-04-02 15:46 - 2014-04-02 15:46 - 00117248 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll 2014-04-02 15:46 - 2014-04-02 15:46 - 00037936 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll 2014-04-02 15:46 - 2014-04-02 15:46 - 00018992 _____ () C:\Program Files (x86)\ASUS\Splendid\AMDColorEnhance.dll 2014-04-02 15:46 - 2014-04-02 15:46 - 00020528 _____ () C:\Program Files (x86)\ASUS\Splendid\AMDRegammaAndGamut.dll 2015-11-16 17:43 - 2015-11-16 17:43 - 40523440 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libcef.dll 2015-11-16 17:43 - 2015-11-16 17:43 - 01365680 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libglesv2.dll 2015-11-16 17:43 - 2015-11-16 17:43 - 00219312 _____ () C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\CEF\libegl.dll 2015-11-13 22:27 - 2015-11-13 22:27 - 00124416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\fs-ext\build\Release\fs-ext.node 2015-11-13 22:27 - 2015-11-13 22:27 - 00188416 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-vulcanjs\build\Release\VulcanJS.node 2015-11-13 22:27 - 2015-11-13 22:27 - 00121344 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ref\build\Release\binding.node 2015-11-13 22:27 - 2015-11-13 22:27 - 00129536 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\ffi\build\Release\ffi_bindings.node 2015-11-17 18:32 - 2015-11-17 18:32 - 00158384 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\node-ProxyResolver\native\ProxyResolverWin.dll 2015-11-13 22:27 - 2015-11-13 22:27 - 00081408 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\js\node_modules\idle-gc\build\Release\idle-gc.node 2015-11-14 03:30 - 2015-11-14 03:30 - 00147136 ____R () C:\Program Files (x86)\Skype\Phone\ssScreenVVS2.dll 2015-11-19 10:04 - 2015-11-19 10:04 - 60736120 _____ () C:\Program Files (x86)\Opera\33.0.1990.115\opera.dll 2015-11-19 10:04 - 2015-11-19 10:04 - 01919608 _____ () C:\Program Files (x86)\Opera\33.0.1990.115\libglesv2.dll 2015-11-19 10:04 - 2015-11-19 10:04 - 00081528 _____ () C:\Program Files (x86)\Opera\33.0.1990.115\libegl.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-3706478320-2513481521-3289856772-1001\...\trendmicro.com -> hxxps://pwm.trendmicro.com IE trusted site: HKU\S-1-5-21-3706478320-2513481521-3289856772-1002\...\sharepoint.com -> hxxps://alumnosuacj.sharepoint.com IE trusted site: HKU\S-1-5-21-3706478320-2513481521-3289856772-1002\...\trendmicro.com -> hxxps://pwm.trendmicro.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3706478320-2513481521-3289856772-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\margarito\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img10.jpg HKU\S-1-5-21-3706478320-2513481521-3289856772-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\rocio_000\Pictures\pop art X by.jpg DNS Servers: 200.94.160.248 - 200.94.160.246 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKU\S-1-5-21-3706478320-2513481521-3289856772-1001\...\StartupApproved\Run: => "CCleaner Monitoring" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [TCP Query User{9E3EA43D-C228-46E8-9053-630895F25552}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{6498EE63-FACD-4BEB-AF3C-0A74B6088D4E}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [TCP Query User{97353CFF-28D2-4325-80CC-A69FAC6C5116}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [UDP Query User{5A992E1F-D60F-4913-9AC3-170AB393E606}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe FirewallRules: [{2F8A1F2F-D265-4C0A-8A0E-2C925457990E}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe FirewallRules: [{E3AA3897-FD16-4D79-8C7F-263E41B0A94E}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe FirewallRules: [{032D4510-26C3-4DA8-8BF8-13736C8FDCC6}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe FirewallRules: [{CDC24945-4B44-42C8-84EA-5A3E6ADFABD0}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe FirewallRules: [{64F145BE-25E2-4328-B47B-38C6C3CB073D}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe FirewallRules: [{CBEACD87-5F3B-4FB9-B2DB-02C4C77E7F90}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{A0D0A64A-2B0F-4FD4-AE33-9CAAC8B9ACBB}] => (Allow) LPort=2869 FirewallRules: [{B3FA62CB-6323-46B4-8210-01412B956AE3}] => (Allow) LPort=1900 ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (12/06/2015 07:52:14 AM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY) Description: There was an error with the Windows Location Provider database Error: (12/06/2015 07:52:09 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: WUDFHost.exe, version: 6.3.9600.17415, time stamp: 0x5450412e Faulting module name: ntdll.dll, version: 6.3.9600.18007, time stamp: 0x55c4c16b Exception code: 0xc0000409 Fault offset: 0x0000000000082118 Faulting process id: 0x480 Faulting application start time: 0xWUDFHost.exe0 Faulting application path: WUDFHost.exe1 Faulting module path: WUDFHost.exe2 Report Id: WUDFHost.exe3 Faulting package full name: WUDFHost.exe4 Faulting package-relative application ID: WUDFHost.exe5 Error: (12/06/2015 07:22:13 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: GWXUX.exe, version: 6.3.9600.18064, time stamp: 0x56042d8f Faulting module name: RPCRT4.dll, version: 6.3.9600.17919, time stamp: 0x558ef5ee Exception code: 0xc0000005 Fault offset: 0x000000000000b636 Faulting process id: 0x1510 Faulting application start time: 0xGWXUX.exe0 Faulting application path: GWXUX.exe1 Faulting module path: GWXUX.exe2 Report Id: GWXUX.exe3 Faulting package full name: GWXUX.exe4 Faulting package-relative application ID: GWXUX.exe5 Error: (12/06/2015 06:48:12 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80070005 Error: (12/05/2015 08:47:46 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80070005 Error: (12/04/2015 08:14:26 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: ) Description: 80070005 Error: (12/03/2015 09:24:53 PM) (Source: EventSystem) (EventID: 4621) (User: ) Description: 80070005EventSystem.EventSubscription{46C896DE-CF99-4E3B-935A-4AF7DD2C7F60}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}DestinationReachableNoQOCInfo Error: (12/03/2015 09:24:53 PM) (Source: EventSystem) (EventID: 4621) (User: ) Description: 80070005EventSystem.EventSubscription{C0A964FC-23D1-46C5-8E2B-8DEAE8C65A9F}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}DestinationReachable Error: (12/03/2015 09:24:53 PM) (Source: EventSystem) (EventID: 4621) (User: ) Description: 80070005EventSystem.EventSubscription{DC296FCF-5AB5-4AC5-9D60-F80AB6A4D7D1}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}ConnectionLost Error: (12/03/2015 09:24:53 PM) (Source: EventSystem) (EventID: 4621) (User: ) Description: 80070005EventSystem.EventSubscription{0C1C205B-D3DD-4429-82B4-17645FE8F6FA}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}ConnectionMadeNoQOCInfo System errors: ============= Error: (12/05/2015 08:59:42 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB2267602 (Definition 1.211.1955.0). Error: (12/04/2015 07:12:48 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable Error: (12/04/2015 07:10:18 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB2267602 (Definition 1.211.1889.0). Error: (12/03/2015 01:42:51 PM) (Source: DCOM) (EventID: 10010) (User: margarito) Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9} Error: (12/03/2015 01:42:51 PM) (Source: DCOM) (EventID: 10010) (User: margarito) Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9} Error: (12/03/2015 01:42:51 PM) (Source: DCOM) (EventID: 10010) (User: margarito) Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9} Error: (12/03/2015 01:42:51 PM) (Source: DCOM) (EventID: 10010) (User: margarito) Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9} Error: (12/03/2015 10:29:12 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY) Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB2267602 (Definition 1.211.1724.0). Error: (12/03/2015 10:22:36 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The Windows Defender Service service failed to start due to the following error: %%577 Error: (12/03/2015 10:22:13 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: The previous system shutdown at 09:55:59 p. m. on ‎02/‎12/‎2015 was unexpected. CodeIntegrity: =================================== Date: 2015-12-03 10:22:36.937 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-12-02 19:26:19.830 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-12-01 16:47:00.152 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-11-28 09:42:15.359 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-11-25 20:27:00.450 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-11-25 20:14:53.441 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-11-25 11:41:52.702 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-11-22 14:53:32.169 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-11-21 11:58:48.667 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-11-19 19:02:36.115 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i3-4030U CPU @ 1.90GHz Percentage of memory in use: 40% Total physical RAM: 5529.43 MB Available physical RAM: 3270.42 MB Total Virtual: 6489.43 MB Available Virtual: 2574.98 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:444.65 GB) (Free:392.12 GB) NTFS ==>[system with boot components (obtained from drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: 81DE1150) Partition: GPT. ==================== End of Addition.txt ============================