Sirefef Infection. Constantly restarts.

Solved
By NeonBonez
Jun 27, 2012
  1. Hi, I'm running Windows 7 Enterprise (64-bit version) and I've been infected with Sirefef.Y and Sirefef.B Microsoft Security Essentials detects them but is unable to remove it because it reboots after a minute. I've already used the frst64 program and it showed the following:


    Scan result of Farbar Recovery Scan Tool Version: 25-06-2012
    Ran by SYSTEM at 27-06-2012 18:59:38
    Running from H:\
    Windows 7 Enterprise (X64) OS Language: Spanish Modern Sort
    The current controlset is ControlSet001
    ========================== Registry (Whitelisted) =============
    HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [8306208 2009-10-21] (Realtek Semiconductor)
    HKLM\...\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe [x]
    HKLM\...\Run: [VX3000] C:\Windows\vVX3000.exe [762736 2010-05-20] (Microsoft Corporation)
    HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [167704 2011-09-01] (Intel Corporation)
    HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [392472 2011-09-01] (Intel Corporation)
    HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [416024 2011-09-01] (Intel Corporation)
    HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-27] (Microsoft Corporation)
    HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-02] (Apple Inc.)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-10] (Hewlett-Packard)
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-02] (Apple Inc.)
    HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [79192 2011-02-18] (Research In Motion Limited)
    HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
    HKLM-x32\...\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" [119152 2010-05-20] (Microsoft Corporation)
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s [89456 2011-03-07] (Elaborate Bytes AG)
    HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
    HKLM-x32\...\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START [83336 2009-07-22] (TOSHIBA CORPORATION)
    HKLM-x32\...\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot [296056 2012-06-14] (RealNetworks, Inc.)
    HKU\Javier Payes\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1242448 2012-04-05] (Valve Corporation)
    Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
    Tcpip\Parameters: [DhcpNameServer] 10.1.2.254 10.1.2.214 10.1.2.253
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
    ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\Rainmeter.lnk
    ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()
    ==================== Services (Whitelisted) ======
    2 Capture Device Service; "C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe" [200704 2006-08-11] (InterVideo Inc.)
    3 LiveUpdate; "C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE" [3093880 2009-07-13] (Symantec Corporation)
    2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-27] (Microsoft Corporation)
    2 RapiMgr; C:\Windows\WindowsMobile\rapimgr.dll [225672 2007-05-31] (Microsoft Corporation)
    2 UNS; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" [2320920 2009-12-09] (Intel Corporation)
    2 WcesComm; C:\Windows\WindowsMobile\wcescomm.dll [443784 2007-05-31] (Microsoft Corporation)
    ========================== Drivers (Whitelisted) =============
    1 ASPI32; C:\Windows\SysWow64\Drivers\ASPI32.sys [25244 1999-09-10] (Adaptec)
    3 BthAvrcp; C:\Windows\System32\Drivers\BthAvrcp.sys [29184 2009-08-13] (CSR, plc)
    3 e1kexpress; C:\Windows\System32\DRIVERS\e1k62x64.sys [301232 2010-04-06] (Intel Corporation)
    1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [475696 2010-09-16] (Symantec Corporation)
    3 epmntdrv; \??\C:\Windows\system32\epmntdrv.sys [16776 2011-07-29] ()
    3 EuGdiDrv; \??\C:\Windows\system32\EuGdiDrv.sys [9096 2011-07-29] ()
    3 nmwcdcx64; C:\Windows\System32\drivers\ccdcmbox64.sys [23552 2008-05-02] (Nokia)
    3 nmwcdx64; C:\Windows\System32\Drivers\nmwcdx64.sys [173056 2007-06-28] (Nokia)
    3 PPJoyBus; C:\Windows\System32\DRIVERS\PPJoyBus64.sys [20032 2009-11-04] (Deon van der Westhuysen)
    3 PPortJoystick; C:\Windows\System32\DRIVERS\PPortJoy64.sys [39488 2009-11-04] (Deon van der Westhuysen)
    2 SecDrv; C:\Windows\SysWow64\Drivers\SecDrv.sys [11376 2002-10-08] ()
    3 tap0901; C:\Windows\System32\Drivers\tap0901.sys [30720 2010-11-23] (The OpenVPN Project)
    3 tosporte; C:\Windows\System32\Drivers\tosporte.sys [54664 2009-06-17] (TOSHIBA Corporation)
    3 tosrfbd; C:\Windows\System32\Drivers\tosrfbd.sys [291760 2010-12-12] (TOSHIBA CORPORATION)
    3 tosrfbnp; C:\Windows\System32\Drivers\tosrfbnp.sys [50864 2010-11-11] (TOSHIBA Corporation)
    1 Tosrfcom; C:\Windows\System32\Drivers\Tosrfcom.sys [82224 2010-11-29] (TOSHIBA Corporation)
    3 Tosrfhid; C:\Windows\System32\Drivers\Tosrfhid.sys [94528 2010-08-30] (TOSHIBA Corporation.)
    3 tosrfnds; C:\Windows\System32\Drivers\tosrfnds.sys [26472 2009-07-24] (TOSHIBA Corporation.)
    3 TosRfSnd; C:\Windows\System32\Drivers\TosRfSnd.sys [63488 2010-04-26] (TOSHIBA Corporation)
    3 upperdev; C:\Windows\System32\DRIVERS\usbser_lowerfltx64.sys [8704 2008-05-02] (Windows (R) Codename Longhorn DDK provider)
    3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltx64j.sys [8704 2008-05-02] (Windows (R) Codename Longhorn DDK provider)
    3 VX3000; C:\Windows\System32\Drivers\VX3000.sys [2060144 2010-05-20] (Microsoft Corporation)
    3 WCG200NTamd64; C:\Windows\System32\DRIVERS\WCG200V2NTamd64.sys [18560 2006-01-12] (Cisco-Linksys, LLC.)
    3 BlueletAudio; C:\Windows\System32\DRIVERS\blueletaudio.sys [x]
    3 BlueletSCOAudio; C:\Windows\System32\DRIVERS\BlueletSCOAudio.sys [x]
    3 BT; C:\Windows\System32\DRIVERS\btnetdrv.sys [x]
    3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [x]
    0 BTHidEnum; C:\Windows\System32\Drivers\vbtenum.sys [x]
    0 BTHidMgr; C:\Windows\System32\Drivers\BTHidMgr.sys [x]
    3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
    3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
    3 VComm; C:\Windows\System32\DRIVERS\VComm.sys [x]
    3 VcommMgr; C:\Windows\System32\Drivers\VcommMgr.sys [x]
    3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]
    3 VHidMinidrv; C:\Windows\System32\drivers\VHIDMini.sys [x]
    ========================== NetSvcs (Whitelisted) ===========
  2. NeonBonez

    NeonBonez Newcomer, in training Topic Starter Posts: 23

    ============ One Month Created Files and Folders ==============
    2012-06-28 00:25 - 2012-06-28 00:25 - 00328704 ___AC (Microsoft Corporation) C:\Windows\System32\services.exe.443E440A2239DFD4
    2012-06-28 00:21 - 2012-06-28 00:25 - 10063000 ___AC (Malwarebytes Corporation ) C:\Users\Javier Payes\Downloads\mbam-setup-1.61.0.1400.exe
    2012-06-28 00:20 - 2012-06-28 00:20 - 00000068 ___AC C:\Users\Javier Payes\Desktop\Preliminary Virus and Malware Removal.URL
    2012-06-28 00:17 - 2012-06-28 00:21 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-28 00:17 - 2012-06-28 00:21 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-28 00:17 - 2012-06-28 00:21 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-28 00:17 - 2012-06-28 00:21 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-28 00:17 - 2012-06-28 00:21 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-28 00:17 - 2012-06-28 00:21 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-28 00:17 - 2012-06-28 00:21 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-28 00:16 - 2012-06-28 00:21 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-28 00:16 - 2012-06-28 00:21 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-27 18:59 - 2012-06-27 19:00 - 00000000 ___DC C:\FRST
    2012-06-24 22:01 - 2012-06-24 22:01 - 00000000 ___DC C:\Users\Javier Payes\AppData\Local\Macromedia
    2012-06-24 21:51 - 2012-06-24 21:51 - 00000000 ___DC C:\Program Files (x86)\Microsoft Security Client
    2012-06-24 21:50 - 2012-06-24 21:51 - 00000000 ___DC C:\Program Files\Microsoft Security Client
    2012-06-24 21:14 - 2012-06-24 21:25 - 12621696 ___AC (Microsoft Corporation) C:\Users\Javier Payes\Downloads\mseinstall.exe
    2012-06-22 00:55 - 2012-06-22 00:58 - 28102070 ___AC C:\Users\Javier Payes\Downloads\NINTEMOD_Mario_64_completo.zip
    2012-06-22 00:18 - 2012-06-22 00:18 - 00000000 ___DC C:\Users\Javier Payes\Downloads\DiscEX-v0.8b-cred(1)
    2012-06-22 00:13 - 2012-06-22 00:13 - 00000000 ___DC C:\Users\Javier Payes\AppData\Roaming\Hive Cluster
    2012-06-21 23:43 - 2012-06-21 23:43 - 00001069 ___AC C:\Users\Javier Payes\Desktop\Super Meat Boy.lnk
    2012-06-21 23:43 - 2012-06-21 23:43 - 00000000 ___DC C:\Program Files (x86)\Super Meat Boy
    2012-06-21 23:41 - 2012-06-21 23:41 - 00196921 ___AC (Team USB Loader GX) C:\Users\Javier Payes\Downloads\USBLoaderGX_Installer_v1.8(1).exe
    2012-06-21 23:35 - 2012-06-21 23:35 - 00196921 ___AC (Team USB Loader GX) C:\Users\Javier Payes\Downloads\USBLoaderGX_Installer_v1.8.exe
    2012-06-21 23:35 - 2012-06-21 23:35 - 00161942 ___AC C:\Users\Javier Payes\Downloads\DML Installer 1.1 WiiPower.zip
    2012-06-21 23:34 - 2012-06-21 23:35 - 00720170 ___AC C:\Users\Javier Payes\Downloads\DiscEX-v0.8b-cred(1).rar
    2012-06-21 21:44 - 2012-06-21 21:44 - 00000000 _SHDC C:\Windows\System32\%APPDATA%
    2012-06-20 01:34 - 2012-06-20 01:51 - 15946217 ___AC C:\Users\Javier Payes\Downloads\hawkthorne-win-x64(6).zip
    2012-06-19 03:32 - 2012-06-18 20:47 - 00000000 ___DC C:\Users\Javier Payes\Downloads\Glen Hansard - Rhythm and Repose (2012)
    2012-06-19 03:14 - 2012-06-19 03:15 - 03544292 ___AC C:\Users\Javier Payes\Downloads\Strangest Feeling - JessieWare.mp3
    2012-06-19 03:13 - 2012-06-19 03:32 - 112012819 ___AC C:\Users\Javier Payes\Downloads\www.NewAlbumReleases.net_Glen Hansard - Rhythm and Repose (2012).rar
    2012-06-19 03:13 - 2012-06-19 03:14 - 05085726 ___AC C:\Users\Javier Payes\Downloads\Jessie Ware - Running (Disclosure Remix) - JessieWare.mp3
    2012-06-19 03:13 - 2012-06-19 03:14 - 04304142 ___AC C:\Users\Javier Payes\Downloads\Jessie Ware - Running - JessieWare.mp3
    2012-06-19 03:13 - 2012-06-19 03:14 - 03912514 ___AC C:\Users\Javier Payes\Downloads\Jessie Ware - What You Won't Do For Love - JessieWare.mp3
    2012-06-19 03:13 - 2012-06-19 03:14 - 03326118 ___AC C:\Users\Javier Payes\Downloads\Jessie Ware - 110% - JessieWare.mp3
    2012-06-15 16:15 - 2012-06-15 16:15 - 00000000 ___DC C:\Users\Javier Payes\Downloads\www.NewAlbumReleases.net_Fiona Apple - The Idler Wheel (2012)
    2012-06-15 15:58 - 2012-06-15 16:12 - 87436733 ___AC C:\Users\Javier Payes\Downloads\www.NewAlbumReleases.net_Fiona Apple - The Idler Wheel (2012).rar
    2012-06-15 15:44 - 2012-06-15 15:44 - 00000000 ___DC C:\Users\Javier Payes\AppData\Local\{B0DA6E0E-25E6-4C6C-97A2-E21D25D8C269}
    2012-06-15 14:58 - 2012-06-15 14:58 - 01961925 ___AC C:\Users\Javier Payes\Downloads\Scan.jpeg
    2012-06-15 01:45 - 2012-06-15 01:45 - 00000000 ___DC C:\Users\Javier Payes\Downloads\M-1161
    2012-06-15 00:59 - 2012-06-15 00:59 - 00000000 ___DC C:\Users\Javier Payes\Downloads\SP MANUAL
    2012-06-15 00:58 - 2012-06-15 01:17 - 251265724 ___AC C:\Users\Javier Payes\Downloads\H428.wmv
    2012-06-15 00:58 - 2012-06-15 00:59 - 03109005 ___AC C:\Users\Javier Payes\Downloads\SP MANUAL.rar
    2012-06-15 00:24 - 2012-06-15 00:54 - 00000000 ___DC C:\Users\Javier Payes\Documents\Hipertensión Arterial
    2012-06-15 00:24 - 2012-06-15 00:24 - 00190520 ___AC C:\Users\Javier Payes\Documents\Hipertensión Arterial.pptx
    2012-06-15 00:11 - 2012-06-19 22:50 - 188674912 ___AC C:\Users\Javier Payes\Downloads\FHarp.mp4.part
    2012-06-14 23:24 - 2012-06-15 00:28 - 285658457 ___AC C:\Users\Javier Payes\Downloads\M-1161.zip
    2012-06-14 22:36 - 2012-06-14 23:06 - 12995712 ___AC C:\Users\Javier Payes\Downloads\ID-Clip-261.flv
    2012-06-14 21:38 - 2012-06-14 22:05 - 124186910 ___AC C:\Users\Javier Payes\Downloads\ID-Clip-255.flv
    2012-06-14 21:27 - 2012-06-14 21:27 - 00198832 ___AC (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
    2012-06-14 21:27 - 2012-06-14 21:27 - 00006656 ___AC (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll
    2012-06-14 21:27 - 2012-06-14 21:27 - 00005632 ___AC (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll
    2012-06-14 21:26 - 2012-06-14 21:26 - 00499712 ___AC (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
    2012-06-14 21:26 - 2012-06-14 21:26 - 00348160 ___AC (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
    2012-06-14 21:26 - 2012-06-14 21:26 - 00272896 ___AC (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
    2012-06-14 21:02 - 2012-06-14 21:04 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-06-14 21:02 - 2012-06-14 21:04 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-06-14 21:02 - 2012-06-14 21:04 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-06-14 21:02 - 2012-06-14 21:04 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-06-14 21:02 - 2012-06-14 21:04 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-06-14 21:02 - 2012-06-14 21:04 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-06-14 21:02 - 2012-06-14 21:04 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-06-14 21:02 - 2012-06-14 21:04 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-06-14 21:02 - 2012-06-14 21:04 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-06-14 21:02 - 2012-06-14 21:04 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-06-14 21:02 - 2012-06-14 21:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-06-14 21:02 - 2012-06-14 21:04 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-06-14 21:02 - 2012-06-14 21:04 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-06-14 21:02 - 2012-06-14 21:04 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-06-14 21:02 - 2012-06-14 21:04 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-06-14 21:02 - 2012-06-14 21:04 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-06-14 21:02 - 2012-06-14 21:04 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-06-14 21:02 - 2012-06-14 21:04 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-06-14 21:02 - 2012-06-14 21:04 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-06-14 21:02 - 2012-06-14 21:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-06-14 21:02 - 2012-06-14 21:04 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-06-14 21:02 - 2012-06-14 21:04 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-06-14 21:02 - 2012-06-14 21:04 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-06-14 21:02 - 2012-06-14 21:04 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-06-14 21:02 - 2012-06-14 21:04 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-06-14 21:02 - 2012-06-14 21:04 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-06-14 21:02 - 2012-06-14 21:04 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-06-14 21:02 - 2012-06-14 21:04 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-06-13 19:31 - 2012-06-14 21:11 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
    2012-06-13 19:31 - 2012-06-14 21:11 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
    2012-06-13 19:31 - 2012-06-14 21:11 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
    2012-06-13 19:31 - 2012-06-14 21:06 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
    2012-06-13 19:31 - 2012-06-14 21:05 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-06-13 19:31 - 2012-06-14 21:05 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-06-13 19:31 - 2012-06-14 21:05 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-06-13 19:30 - 2012-06-14 21:05 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
    2012-06-13 19:30 - 2012-06-14 21:05 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-06-13 19:30 - 2012-06-14 21:05 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2012-06-13 19:30 - 2012-06-14 21:05 - 01112064 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
    2012-06-13 19:30 - 2012-06-14 21:05 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
    2012-06-13 19:30 - 2012-06-14 21:04 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-06-13 19:30 - 2012-06-14 21:04 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2012-06-13 19:30 - 2012-06-14 21:04 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2012-06-13 19:30 - 2012-06-14 21:04 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2012-06-13 19:30 - 2012-06-14 21:04 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2012-06-13 19:30 - 2012-06-14 21:04 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2012-06-12 14:51 - 2012-06-12 14:58 - 56727340 ___AC C:\Users\Javier Payes\Downloads\Fiona_Apple_-_12.rar.part
    2012-06-10 23:11 - 2012-06-10 23:11 - 00000000 ___DC C:\Users\Javier Payes\Downloads\hawkthorne-win-x64(5)
    2012-06-10 23:08 - 2012-06-10 23:08 - 08458279 ___AC C:\Users\Javier Payes\Downloads\hawkthorne-win-x64(5).zip
    2012-06-10 21:43 - 2012-06-10 21:43 - 00000000 ___DC C:\Users\Javier Payes\Downloads\www.NewAlbumReleases.net_Florrie - Late (2012)
    2012-06-10 21:15 - 2012-06-10 21:16 - 12511934 ___AC C:\Users\Javier Payes\Downloads\Fifteen.mp3
    2012-06-10 21:11 - 2012-06-10 21:43 - 32730391 ___AC C:\Users\Javier Payes\Downloads\www.NewAlbumReleases.net_Florrie - Late (2012).rar
    2012-06-09 22:54 - 2012-06-09 22:54 - 00000000 ___DC C:\Users\Javier Payes\Downloads\hawkthorne-win-x64(4)
    2012-06-09 22:53 - 2012-06-09 22:54 - 07894861 ___AC C:\Users\Javier Payes\Downloads\hawkthorne-win-x64(4).zip
    2012-06-06 02:35 - 2012-06-14 22:00 - 477821224 ___AC C:\Users\Javier Payes\Downloads\HN.mp4
    2012-06-06 00:05 - 2012-06-19 22:40 - 02008337 ___AC C:\Users\Javier Payes\Downloads\ID.flv.part
    2012-06-06 00:03 - 2012-06-06 00:03 - 00000000 ___AC C:\Users\Javier Payes\Downloads\H426.wmv.part
    2012-06-05 15:51 - 2012-06-05 15:51 - 00000011 ___AC C:\Users\Javier Payes\Downloads\GetAttachment.aspx
    2012-06-04 22:41 - 2012-06-04 22:41 - 00000000 ___DC C:\Users\Javier Payes\AppData\Local\Toshiba
    2012-06-04 22:41 - 2012-06-04 22:41 - 00000000 ___DC C:\Users\All Users\TOSHIBA
    2012-06-04 22:36 - 2012-06-04 22:36 - 00000000 _SHDC C:\Windows\SysWOW64\%APPDATA%
    2012-06-04 22:35 - 2012-06-04 22:35 - 00000000 ___DC C:\Program Files (x86)\Toshiba
    2012-06-04 22:35 - 2009-06-19 03:42 - 00040832 ___AC (TOSHIBA CORPORATION.) C:\Windows\System32\Drivers\TosBtCi.dll
    2012-06-04 18:15 - 2012-06-04 18:15 - 00451689 ___AC C:\Users\Javier Payes\Downloads\pacman_championship_c3.jar
    2012-06-04 17:31 - 2012-06-04 17:40 - 88149800 ___AC C:\Users\Javier Payes\Downloads\Nintendo Direct Pre E3 2012(360p_H.264-AAC).mp4
    2012-06-04 04:03 - 2012-06-04 04:03 - 00000000 ___DC C:\Users\Javier Payes\Downloads\hawkthorne-win-x64(3)
    2012-06-04 04:01 - 2012-06-04 04:03 - 08801128 ___AC C:\Users\Javier Payes\Downloads\hawkthorne-win-x64(3).zip
    2012-05-31 03:55 - 2012-05-31 03:55 - 00000000 ___DC C:\Users\Javier Payes\Downloads\hawkthorne-win-x64(2)
    2012-05-31 03:50 - 2012-05-31 03:58 - 00000000 ___DC C:\Users\Javier Payes\Documents\Onchocerca volvulus
    2012-05-31 03:49 - 2012-05-31 03:49 - 01724222 ___AC C:\Users\Javier Payes\Documents\Onchocerca volvulus.pptx
    2012-05-31 01:37 - 2012-05-31 01:41 - 10897303 ___AC C:\Users\Javier Payes\Downloads\hawkthorne-win-x64(2).zip
    2012-05-29 02:41 - 2012-05-29 02:44 - 02110126 ___AC C:\Users\Javier Payes\Downloads\Wildheart - Beat Connection.mp3
    2012-05-29 02:41 - 2012-05-29 02:41 - 04515630 ___AC C:\Users\Javier Payes\Downloads\Think_Feel (feat. Chelsey Scheffe) - Beat Connection.mp3
    2012-05-29 02:40 - 2012-05-29 02:44 - 04000555 ___AC C:\Users\Javier Payes\Downloads\The Palace Garden, 4am - Beat Connection.mp3
    2012-05-29 02:39 - 2012-05-29 02:44 - 05058828 ___AC C:\Users\Javier Payes\Downloads\Silver Screen - Beat Connection.mp3
    2012-05-29 02:39 - 2012-05-29 02:44 - 03367347 ___AC C:\Users\Javier Payes\Downloads\Sunburn - Beat Connection.mp3
    2012-05-29 02:38 - 2012-05-29 02:44 - 05929019 ___AC C:\Users\Javier Payes\Downloads\Memories (Beat Connection Remix).mp3
    2012-05-29 02:38 - 2012-05-29 02:44 - 05056738 ___AC C:\Users\Javier Payes\Downloads\Same Damn Time - Beat Connection.mp3
    2012-05-29 02:38 - 2012-05-29 02:44 - 02058299 ___AC C:\Users\Javier Payes\Downloads\Motorway - Beat Connection.mp3
    2012-05-29 02:37 - 2012-05-29 02:44 - 05327994 ___AC C:\Users\Javier Payes\Downloads\In the Water - Beat Connection.mp3
    2012-05-29 02:37 - 2012-05-29 02:44 - 03094002 ___AC C:\Users\Javier Payes\Downloads\Fresh Touch - Beat Connection.mp3
    2012-05-29 02:26 - 2012-05-29 02:27 - 03566026 ___AC C:\Users\Javier Payes\Downloads\_Speed The Collapse_ - Metric.mp3
    2012-05-29 02:26 - 2012-05-29 02:26 - 02111529 ___AC C:\Users\Javier Payes\Downloads\Bobby Womack - Dayglo Reflection (feat. Lana Del Rey).mp3
    2012-05-29 02:26 - 2012-05-29 02:26 - 01844662 ___AC C:\Users\Javier Payes\Downloads\Lana Del Rey - Goodbye Kiss in the Radio 1 Live Lounge.mp3
    2012-05-29 02:20 - 2012-05-29 02:22 - 07219546 ___AC C:\Users\Javier Payes\Downloads\Florence + The Machine vs Calvin Harris - Spectrum (Say My Name).mp3
    2012-05-29 01:51 - 2012-05-29 02:16 - 262598247 ___AC C:\Users\Javier Payes\Downloads\M-1127.zip
    2012-05-29 01:00 - 2012-06-06 03:31 - 97698884 ___AC C:\Users\Javier Payes\Downloads\H422.wmv.part
    2012-05-28 04:47 - 2012-05-28 04:48 - 00000000 ___DC C:\Users\Javier Payes\Documents\CDPresentación3
    2012-05-28 04:14 - 2012-06-10 19:31 - 00000000 ___DC C:\Users\Javier Payes\Downloads\hawkthorne
    2012-05-28 04:14 - 2012-05-28 04:14 - 00000000 ___DC C:\Users\Javier Payes\Downloads\hawkthorne-win-x64(1)
    2012-05-28 04:13 - 2012-05-28 04:14 - 10824948 ___AC C:\Users\Javier Payes\Downloads\hawkthorne-win-x64(1).zip
    2012-05-28 01:54 - 2012-05-28 04:46 - 01788313 ___AC C:\Users\Javier Payes\Documents\EL SUELO.pptx
  3. NeonBonez

    NeonBonez Newcomer, in training Topic Starter Posts: 23

    ============ 3 Months Modified Files and Folders =============
    2012-06-28 00:37 - 2011-02-24 01:55 - 00001048 ___AC C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-06-28 00:37 - 2011-02-24 01:55 - 00001044 ___AC C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-06-28 00:37 - 2009-07-14 00:19 - 00328704 ___AC (Microsoft Corporation) C:\Windows\System32\services.exe
    2012-06-28 00:36 - 2012-04-05 20:37 - 00000000 ___DC C:\Program Files (x86)\Steam
    2012-06-28 00:36 - 2012-01-08 16:35 - 00000000 ___DC C:\Users\Javier Payes\AppData\Roaming\Dropbox
    2012-06-28 00:35 - 2012-03-21 17:45 - 00009195 ___AC C:\Windows\setupact.log
    2012-06-28 00:35 - 2009-07-14 06:08 - 00000006 __AHC C:\Windows\Tasks\SA.DAT
    2012-06-28 00:26 - 2009-07-14 05:45 - 00015152 __AHC C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-06-28 00:26 - 2009-07-14 05:45 - 00015152 __AHC C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-06-28 00:25 - 2012-06-28 00:25 - 00328704 ___AC (Microsoft Corporation) C:\Windows\System32\services.exe.443E440A2239DFD4
    2012-06-28 00:25 - 2012-06-28 00:21 - 10063000 ___AC (Malwarebytes Corporation ) C:\Users\Javier Payes\Downloads\mbam-setup-1.61.0.1400.exe
    2012-06-28 00:21 - 2012-06-28 00:17 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-28 00:21 - 2012-06-28 00:17 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-28 00:21 - 2012-06-28 00:17 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-28 00:21 - 2012-06-28 00:17 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-28 00:21 - 2012-06-28 00:17 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-28 00:21 - 2012-06-28 00:17 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-28 00:21 - 2012-06-28 00:17 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-28 00:21 - 2012-06-28 00:16 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-28 00:21 - 2012-06-28 00:16 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-28 00:21 - 2010-10-13 11:19 - 02077993 ___AC C:\Windows\WindowsUpdate.log
    2012-06-28 00:20 - 2012-06-28 00:20 - 00000068 ___AC C:\Users\Javier Payes\Desktop\Preliminary Virus and Malware Removal.URL
    2012-06-28 00:14 - 2012-01-08 16:45 - 00000000 __RDC C:\Users\Javier Payes\Dropbox
    2012-06-28 00:13 - 2012-04-20 01:07 - 00000830 ___AC C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-06-28 00:12 - 2010-10-12 10:21 - 00000000 ___DC C:\users\Javier Payes
    2012-06-27 19:00 - 2012-06-27 18:59 - 00000000 ___DC C:\FRST
    2012-06-27 18:11 - 2012-03-15 16:15 - 00000000 ___DC C:\Users\Javier Payes\AppData\Roaming\Rainmeter
    2012-06-27 18:11 - 2011-02-24 01:54 - 00000000 ___DC C:\Users\All Users\Real
    2012-06-27 18:11 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\registration
    2012-06-24 22:13 - 2012-01-11 18:06 - 00000000 _SHDC C:\Users\Javier Payes\AppData\Local\{938cf1c4-6115-446a-91cc-0ed5a15e6eac}
    2012-06-24 22:01 - 2012-06-24 22:01 - 00000000 ___DC C:\Users\Javier Payes\AppData\Local\Macromedia
    2012-06-24 21:51 - 2012-06-24 21:51 - 00000000 ___DC C:\Program Files (x86)\Microsoft Security Client
    2012-06-24 21:51 - 2012-06-24 21:50 - 00000000 ___DC C:\Program Files\Microsoft Security Client
    2012-06-24 21:51 - 2011-01-26 14:52 - 02611484 ___AC C:\Windows\SysWOW64\PerfStringBackup.INI
    2012-06-24 21:51 - 2011-01-26 14:52 - 00001945 ___AC C:\Windows\epplauncher.mif
    2012-06-24 21:51 - 2010-10-26 03:34 - 00741652 ___AC C:\Windows\System32\perfh00C.dat
    2012-06-24 21:51 - 2010-10-26 03:34 - 00151312 ___AC C:\Windows\System32\perfc00C.dat
    2012-06-24 21:51 - 2009-07-14 11:30 - 00751842 ___AC C:\Windows\System32\perfh00A.dat
    2012-06-24 21:51 - 2009-07-14 11:30 - 00161080 ___AC C:\Windows\System32\perfc00A.dat
    2012-06-24 21:45 - 2012-04-20 01:07 - 00426184 ___AC (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-06-24 21:45 - 2011-05-19 15:31 - 00070344 ___AC (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-06-24 21:25 - 2012-06-24 21:14 - 12621696 ___AC (Microsoft Corporation) C:\Users\Javier Payes\Downloads\mseinstall.exe
    2012-06-24 21:08 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\System32\NDF
    2012-06-22 02:09 - 2011-12-25 20:07 - 00000000 ___DC C:\Users\Javier Payes\AppData\Roaming\uTorrent
    2012-06-22 00:58 - 2012-06-22 00:55 - 28102070 ___AC C:\Users\Javier Payes\Downloads\NINTEMOD_Mario_64_completo.zip
    2012-06-22 00:29 - 2012-01-25 04:16 - 00000000 ___DC C:\Users\Javier Payes\Documents\WBFS Manager Covers
    2012-06-22 00:18 - 2012-06-22 00:18 - 00000000 ___DC C:\Users\Javier Payes\Downloads\DiscEX-v0.8b-cred(1)
    2012-06-22 00:13 - 2012-06-22 00:13 - 00000000 ___DC C:\Users\Javier Payes\AppData\Roaming\Hive Cluster
    2012-06-21 23:43 - 2012-06-21 23:43 - 00001069 ___AC C:\Users\Javier Payes\Desktop\Super Meat Boy.lnk
    2012-06-21 23:43 - 2012-06-21 23:43 - 00000000 ___DC C:\Program Files (x86)\Super Meat Boy
    2012-06-21 23:41 - 2012-06-21 23:41 - 00196921 ___AC (Team USB Loader GX) C:\Users\Javier Payes\Downloads\USBLoaderGX_Installer_v1.8(1).exe
    2012-06-21 23:35 - 2012-06-21 23:35 - 00196921 ___AC (Team USB Loader GX) C:\Users\Javier Payes\Downloads\USBLoaderGX_Installer_v1.8.exe
    2012-06-21 23:35 - 2012-06-21 23:35 - 00161942 ___AC C:\Users\Javier Payes\Downloads\DML Installer 1.1 WiiPower.zip
    2012-06-21 23:35 - 2012-06-21 23:34 - 00720170 ___AC C:\Users\Javier Payes\Downloads\DiscEX-v0.8b-cred(1).rar
    2012-06-21 21:44 - 2012-06-21 21:44 - 00000000 _SHDC C:\Windows\System32\%APPDATA%
    2012-06-21 01:26 - 2011-05-30 03:59 - 00000000 ___DC C:\Users\Javier Payes\AppData\Roaming\vlc
    2012-06-20 01:51 - 2012-06-20 01:34 - 15946217 ___AC C:\Users\Javier Payes\Downloads\hawkthorne-win-x64(6).zip
    2012-06-19 22:50 - 2012-06-15 00:11 - 188674912 ___AC C:\Users\Javier Payes\Downloads\FHper.mp4.part
    2012-06-19 22:44 - 2012-01-28 00:42 - 00000000 ___DC C:\Program Files (x86)\JDownloader
    2012-06-19 22:40 - 2012-06-06 00:05 - 02008337 ___AC C:\Users\Javier Payes\Downloads\ID-Clip-250.flv.part
    2012-06-19 03:32 - 2012-06-19 03:13 - 112012819 ___AC C:\Users\Javier Payes\Downloads\www.NewAlbumReleases.net_Glen Hansard - Rhythm and Repose (2012).rar
    2012-06-19 03:15 - 2012-06-19 03:14 - 03544292 ___AC C:\Users\Javier Payes\Downloads\Strangest Feeling - JessieWare.mp3
    2012-06-19 03:14 - 2012-06-19 03:13 - 05085726 ___AC C:\Users\Javier Payes\Downloads\Jessie Ware - Running (Disclosure Remix) - JessieWare.mp3
    2012-06-19 03:14 - 2012-06-19 03:13 - 04304142 ___AC C:\Users\Javier Payes\Downloads\Jessie Ware - Running - JessieWare.mp3
    2012-06-19 03:14 - 2012-06-19 03:13 - 03912514 ___AC C:\Users\Javier Payes\Downloads\Jessie Ware - What You Won't Do For Love - JessieWare.mp3
    2012-06-19 03:14 - 2012-06-19 03:13 - 03326118 ___AC C:\Users\Javier Payes\Downloads\Jessie Ware - 110% - JessieWare.mp3
    2012-06-19 01:51 - 2009-07-14 06:13 - 02584128 ___AC C:\Windows\System32\PerfStringBackup.INI
    2012-06-18 20:47 - 2012-06-19 03:32 - 00000000 ___DC C:\Users\Javier Payes\Downloads\Glen Hansard - Rhythm and Repose (2012)
    2012-06-17 16:19 - 2012-05-08 22:12 - 00000000 ___DC C:\Program Files (x86)\Mozilla Maintenance Service
    2012-06-17 03:20 - 2011-08-30 01:54 - 00000000 ___DC C:\Program Files (x86)\Mozilla Firefox
    2012-06-17 01:29 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
    2012-06-15 16:15 - 2012-06-15 16:15 - 00000000 ___DC C:\Users\Javier Payes\Downloads\www.NewAlbumReleases.net_Fiona Apple - The Idler Wheel (2012)
    2012-06-15 16:12 - 2012-06-15 15:58 - 87436733 ___AC C:\Users\Javier Payes\Downloads\www.NewAlbumReleases.net_Fiona Apple - The Idler Wheel (2012).rar
    2012-06-15 15:44 - 2012-06-15 15:44 - 00000000 ___DC C:\Users\Javier Payes\AppData\Local\{B0DA6E0E-25E6-4C6C-97A2-E21D25D8C269}
    2012-06-15 15:44 - 2010-10-13 15:14 - 00000000 ___DC C:\Users\Javier Payes\AppData\Local\Windows Live
    2012-06-15 14:58 - 2012-06-15 14:58 - 01961925 ___AC C:\Users\Javier Payes\Downloads\Scan.jpeg
    2012-06-15 01:45 - 2012-06-15 01:45 - 00000000 ___DC C:\Users\Javier Payes\Downloads\M-1161
    2012-06-15 01:17 - 2012-06-15 00:58 - 251265724 ___AC C:\Users\Javier Payes\Downloads\H428.wmv
    2012-06-15 00:59 - 2012-06-15 00:59 - 00000000 ___DC C:\Users\Javier Payes\Downloads\SP MANUAL
    2012-06-15 00:59 - 2012-06-15 00:58 - 03109005 ___AC C:\Users\Javier Payes\Downloads\SP MANUAL.rar
    2012-06-15 00:54 - 2012-06-15 00:24 - 00000000 ___DC C:\Users\Javier Payes\Documents\Hipertensión Arterial
    2012-06-15 00:52 - 2010-10-30 15:12 - 00655872 _ASHC C:\Users\Javier Payes\Documents\Thumbs.db
    2012-06-15 00:28 - 2012-06-14 23:24 - 285658457 ___AC C:\Users\Javier Payes\Downloads\M-1161.zip
    2012-06-15 00:24 - 2012-06-15 00:24 - 00190520 ___AC C:\Users\Javier Payes\Documents\Hipertensión Arterial.pptx
    2012-06-14 23:06 - 2012-06-14 22:36 - 12995712 ___AC C:\Users\Javier Payes\Downloads\ID-Clip-261.flv
    2012-06-14 22:05 - 2012-06-14 21:38 - 124186910 ___AC C:\Users\Javier Payes\Downloads\ID-Clip-255.flv
    2012-06-14 21:28 - 2011-02-24 01:54 - 00000000 ___DC C:\Users\Javier Payes\AppData\Roaming\Real
    2012-06-14 21:27 - 2012-06-14 21:27 - 00198832 ___AC (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
    2012-06-14 21:27 - 2012-06-14 21:27 - 00006656 ___AC (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll
    2012-06-14 21:27 - 2012-06-14 21:27 - 00005632 ___AC (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll
    2012-06-14 21:26 - 2012-06-14 21:26 - 00499712 ___AC (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
    2012-06-14 21:26 - 2012-06-14 21:26 - 00348160 ___AC (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
    2012-06-14 21:26 - 2012-06-14 21:26 - 00272896 ___AC (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
    2012-06-14 21:21 - 2009-07-14 05:45 - 00743480 ___AC C:\Windows\System32\FNTCACHE.DAT
    2012-06-14 21:18 - 2010-10-13 02:41 - 00000000 ___DC C:\Users\All Users\Microsoft Help
    2012-06-14 21:11 - 2012-06-13 19:31 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
    2012-06-14 21:11 - 2012-06-13 19:31 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
    2012-06-14 21:11 - 2012-06-13 19:31 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
    2012-06-14 21:11 - 2010-10-12 11:10 - 58957832 ___AC (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-06-14 21:06 - 2012-06-13 19:31 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
    2012-06-14 21:05 - 2012-06-13 19:31 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
    2012-06-14 21:05 - 2012-06-13 19:31 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2012-06-14 21:05 - 2012-06-13 19:31 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2012-06-14 21:05 - 2012-06-13 19:30 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
    2012-06-14 21:05 - 2012-06-13 19:30 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-06-14 21:05 - 2012-06-13 19:30 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2012-06-14 21:05 - 2012-06-13 19:30 - 01112064 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
    2012-06-14 21:05 - 2012-06-13 19:30 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
    2012-06-14 21:04 - 2012-06-14 21:02 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-06-14 21:04 - 2012-06-14 21:02 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-06-14 21:04 - 2012-06-14 21:02 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-06-14 21:04 - 2012-06-14 21:02 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-06-14 21:04 - 2012-06-14 21:02 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-06-14 21:04 - 2012-06-14 21:02 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-06-14 21:04 - 2012-06-14 21:02 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-06-14 21:04 - 2012-06-14 21:02 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-06-14 21:04 - 2012-06-14 21:02 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-06-14 21:04 - 2012-06-14 21:02 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-06-14 21:04 - 2012-06-14 21:02 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-06-14 21:04 - 2012-06-14 21:02 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-06-14 21:04 - 2012-06-14 21:02 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-06-14 21:04 - 2012-06-14 21:02 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-06-14 21:04 - 2012-06-14 21:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-06-14 21:04 - 2012-06-14 21:02 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-06-14 21:04 - 2012-06-14 21:02 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-06-14 21:04 - 2012-06-14 21:02 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-06-14 21:04 - 2012-06-14 21:02 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-06-14 21:04 - 2012-06-14 21:02 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-06-14 21:04 - 2012-06-14 21:02 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-06-14 21:04 - 2012-06-14 21:02 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-06-14 21:04 - 2012-06-14 21:02 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-06-14 21:04 - 2012-06-14 21:02 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-06-14 21:04 - 2012-06-14 21:02 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-06-14 21:04 - 2012-06-14 21:02 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-06-14 21:04 - 2012-06-14 21:02 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-06-14 21:04 - 2012-06-14 21:02 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-06-14 21:04 - 2012-06-13 19:30 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
    2012-06-14 21:04 - 2012-06-13 19:30 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2012-06-14 21:04 - 2012-06-13 19:30 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
    2012-06-14 21:04 - 2012-06-13 19:30 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2012-06-14 21:04 - 2012-06-13 19:30 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
    2012-06-14 21:04 - 2012-06-13 19:30 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2012-06-12 14:58 - 2012-06-12 14:51 - 56727340 ___AC C:\Users\Javier Payes\Downloads\Fiona_Apple_-_12.rar.part
    2012-06-10 23:11 - 2012-06-10 23:11 - 00000000 ___DC C:\Users\Javier Payes\Downloads\hawkthorne-win-x64(5)
    2012-06-10 23:08 - 2012-06-10 23:08 - 08458279 ___AC C:\Users\Javier Payes\Downloads\hawkthorne-win-x64(5).zip
    2012-06-10 21:43 - 2012-06-10 21:43 - 00000000 ___DC C:\Users\Javier Payes\Downloads\www.NewAlbumReleases.net_Florrie - Late (2012)
    2012-06-10 21:43 - 2012-06-10 21:11 - 32730391 ___AC C:\Users\Javier Payes\Downloads\www.NewAlbumReleases.net_Florrie - Late (2012).rar
    2012-06-10 21:16 - 2012-06-10 21:15 - 12511934 ___AC C:\Users\Javier Payes\Downloads\Fifteen.mp3
    2012-06-10 19:31 - 2012-05-28 04:14 - 00000000 ___DC C:\Users\Javier Payes\Downloads\hawkthorne
    2012-06-09 22:55 - 2012-03-04 01:37 - 00000000 ___DC C:\Users\Javier Payes\AppData\Roaming\LOVE
    2012-06-09 22:54 - 2012-06-09 22:54 - 00000000 ___DC C:\Users\Javier Payes\Downloads\hawkthorne-win-x64(4)
    2012-06-09 22:54 - 2012-06-09 22:53 - 07894861 ___AC C:\Users\Javier Payes\Downloads\hawkthorne-win-x64(4).zip
    2012-06-07 00:09 - 2012-05-27 21:30 - 01060856 ___AC C:\Users\Javier Payes\Documents\Wii U.pptx
    2012-06-06 03:31 - 2012-05-29 01:00 - 97698884 ___AC C:\Users\Javier Payes\Downloads\H422.wmv.part
    2012-06-06 00:03 - 2012-06-06 00:03 - 00000000 ___AC C:\Users\Javier Payes\Downloads\H426.wmv.part
    2012-06-05 15:51 - 2012-06-05 15:51 - 00000011 ___AC C:\Users\Javier Payes\Downloads\GetAttachment.aspx
    2012-06-04 22:41 - 2012-06-04 22:41 - 00000000 ___DC C:\Users\Javier Payes\AppData\Local\Toshiba
    2012-06-04 22:41 - 2012-06-04 22:41 - 00000000 ___DC C:\Users\All Users\TOSHIBA
    2012-06-04 22:41 - 2012-01-24 03:53 - 00000000 ___DC C:\Users\Javier Payes\Documents\Bluetooth
    2012-06-04 22:36 - 2012-06-04 22:36 - 00000000 _SHDC C:\Windows\SysWOW64\%APPDATA%
    2012-06-04 22:35 - 2012-06-04 22:35 - 00000000 ___DC C:\Program Files (x86)\Toshiba
    2012-06-04 18:15 - 2012-06-04 18:15 - 00451689 ___AC C:\Users\Javier Payes\Downloads\pacman_championship_c3.jar
  4. NeonBonez

    NeonBonez Newcomer, in training Topic Starter Posts: 23

    2012-06-04 17:40 - 2012-06-04 17:31 - 88149800 ___AC C:\Users\Javier Payes\Downloads\Nintendo Direct Pre E3 2012(360p_H.264-AAC).mp4
    2012-06-04 04:03 - 2012-06-04 04:03 - 00000000 ___DC C:\Users\Javier Payes\Downloads\hawkthorne-win-x64(3)
    2012-06-04 04:03 - 2012-06-04 04:01 - 08801128 ___AC C:\Users\Javier Payes\Downloads\hawkthorne-win-x64(3).zip
    2012-05-31 03:58 - 2012-05-31 03:50 - 00000000 ___DC C:\Users\Javier Payes\Documents\Onchocerca volvulus
    2012-05-31 03:55 - 2012-05-31 03:55 - 00000000 ___DC C:\Users\Javier Payes\Downloads\hawkthorne-win-x64(2)
    2012-05-31 03:49 - 2012-05-31 03:49 - 01724222 ___AC C:\Users\Javier Payes\Documents\Onchocerca volvulus.pptx
    2012-05-31 01:41 - 2012-05-31 01:37 - 10897303 ___AC C:\Users\Javier Payes\Downloads\hawkthorne-win-x64(2).zip
    2012-05-29 02:44 - 2012-05-29 02:41 - 02110126 ___AC C:\Users\Javier Payes\Downloads\Wildheart - Beat Connection.mp3
    2012-05-29 02:44 - 2012-05-29 02:40 - 04000555 ___AC C:\Users\Javier Payes\Downloads\The Palace Garden, 4am - Beat Connection.mp3
    2012-05-29 02:44 - 2012-05-29 02:39 - 05058828 ___AC C:\Users\Javier Payes\Downloads\Silver Screen - Beat Connection.mp3
    2012-05-29 02:44 - 2012-05-29 02:39 - 03367347 ___AC C:\Users\Javier Payes\Downloads\Sunburn - Beat Connection.mp3
    2012-05-29 02:44 - 2012-05-29 02:38 - 05929019 ___AC C:\Users\Javier Payes\Downloads\Memories (Beat Connection Remix).mp3
    2012-05-29 02:44 - 2012-05-29 02:38 - 05056738 ___AC C:\Users\Javier Payes\Downloads\Same Damn Time - Beat Connection.mp3
    2012-05-29 02:44 - 2012-05-29 02:38 - 02058299 ___AC C:\Users\Javier Payes\Downloads\Motorway - Beat Connection.mp3
    2012-05-29 02:44 - 2012-05-29 02:37 - 05327994 ___AC C:\Users\Javier Payes\Downloads\In the Water - Beat Connection.mp3
    2012-05-29 02:44 - 2012-05-29 02:37 - 03094002 ___AC C:\Users\Javier Payes\Downloads\Fresh Touch - Beat Connection.mp3
    2012-05-29 02:41 - 2012-05-29 02:41 - 04515630 ___AC C:\Users\Javier Payes\Downloads\Think_Feel (feat. Chelsey Scheffe) - Beat Connection.mp3
    2012-05-29 02:27 - 2012-05-29 02:26 - 03566026 ___AC C:\Users\Javier Payes\Downloads\_Speed The Collapse_ - Metric.mp3
    2012-05-29 02:26 - 2012-05-29 02:26 - 02111529 ___AC C:\Users\Javier Payes\Downloads\Bobby Womack - Dayglo Reflection (feat. Lana Del Rey).mp3
    2012-05-29 02:26 - 2012-05-29 02:26 - 01844662 ___AC C:\Users\Javier Payes\Downloads\Lana Del Rey - Goodbye Kiss in the Radio 1 Live Lounge.mp3
    2012-05-29 02:22 - 2012-05-29 02:20 - 07219546 ___AC C:\Users\Javier Payes\Downloads\Florence + The Machine vs Calvin Harris - Spectrum (Say My Name).mp3
    2012-05-29 02:19 - 2012-05-22 02:31 - 03512680 ___AC C:\Users\Javier Payes\Downloads\Good As New - Vacationer.mp3
    2012-05-29 02:16 - 2012-05-29 01:51 - 262598247 ___AC C:\Users\Javier Payes\Downloads\M-1127.zip
    2012-05-28 04:48 - 2012-05-28 04:47 - 00000000 ___DC C:\Users\Javier Payes\Documents\CDPresentación3
    2012-05-28 04:46 - 2012-05-28 01:54 - 01788313 ___AC C:\Users\Javier Payes\Documents\EL SUELO.pptx
    2012-05-28 04:14 - 2012-05-28 04:14 - 00000000 ___DC C:\Users\Javier Payes\Downloads\hawkthorne-win-x64(1)
    2012-05-28 04:14 - 2012-05-28 04:13 - 10824948 ___AC C:\Users\Javier Payes\Downloads\hawkthorne-win-x64(1).zip
    2012-05-26 02:36 - 2012-05-15 01:30 - 03045497 ___AC C:\Users\Javier Payes\Downloads\Shame by Crybaby - OhCrybaby.mp3
    2012-05-26 02:14 - 2012-05-15 01:30 - 03278317 ___AC C:\Users\Javier Payes\Downloads\When The Lights Go Out by Crybaby - OhCrybaby.mp3
    2012-05-26 02:09 - 2012-05-26 02:08 - 04193801 ___AC C:\Users\Javier Payes\Downloads\DANGEROUS GIRL - Lana Del Rey_ DaftDog.mp3
    2012-05-26 01:22 - 2012-05-26 01:22 - 05775588 ___AC C:\Users\Javier Payes\Downloads\tumblr_m4icq5n7sy1qmtv72o1.mp3
    2012-05-25 21:47 - 2012-05-25 21:46 - 10932479 ___AC C:\Users\Javier Payes\Downloads\hawkthorne-win-x64.zip
    2012-05-23 03:48 - 2012-05-23 03:48 - 01280630 ___AC C:\Users\Javier Payes\Downloads\Sons Of Jim - Don't Throw Your Love Away.mp3
    2012-05-23 03:47 - 2012-05-23 03:47 - 01977690 ___AC C:\Users\Javier Payes\Downloads\Sons Of Jim - Old Faces (Lyrics).mp3
    2012-05-23 03:32 - 2012-05-22 02:19 - 03237772 ___AC C:\Users\Javier Payes\Downloads\Carousel - Where Have You Gone - carousel_official.mp3
    2012-05-23 02:46 - 2012-05-23 02:43 - 01231350 ___AC C:\Users\Javier Payes\Downloads\Milla - Electric Sky (AUDIO) iTunes - Amazon.mp3
    2012-05-23 02:37 - 2012-05-23 02:37 - 01221067 ___AC C:\Users\Javier Payes\Downloads\Milla Jovovich - Electric Sky.mp3
    2012-05-22 02:40 - 2012-05-22 02:29 - 05459648 ___AC C:\Users\Javier Payes\Downloads\Hurricane.mp3
    2012-05-22 02:32 - 2012-05-22 02:31 - 03433533 ___AC C:\Users\Javier Payes\Downloads\The Paper Kites - Bloom - paperbacks7.mp3
    2012-05-22 02:09 - 2012-05-22 02:00 - 04387848 ___AC C:\Users\Javier Payes\Downloads\Irma_-_I_Know.mp3
    2012-05-21 02:42 - 2012-05-21 02:41 - 03148903 ___AC C:\Users\Javier Payes\Downloads\Still Don't Know - Icona Pop.mp3
    2012-05-21 02:42 - 2012-05-21 02:41 - 03096240 ___AC C:\Users\Javier Payes\Downloads\Sun Goes Down feat The Knocks - Icona Pop.mp3
    2012-05-21 02:42 - 2012-05-21 02:41 - 02880991 ___AC C:\Users\Javier Payes\Downloads\Icona Pop - I Love It - frenchysymphony.mp3
    2012-05-21 02:42 - 2012-05-21 02:40 - 08695882 ___AC C:\Users\Javier Payes\Downloads\Nights Like Bonita - Icona Pop.mp3
    2012-05-21 02:41 - 2012-05-21 02:40 - 03275545 ___AC C:\Users\Javier Payes\Downloads\Nights Like This - Icona Pop.mp3
    2012-05-21 02:41 - 2012-05-21 02:40 - 02972524 ___AC C:\Users\Javier Payes\Downloads\Manners - Icona Pop.mp3
    2012-05-21 02:41 - 2012-05-21 02:40 - 02837941 ___AC C:\Users\Javier Payes\Downloads\Lovers To Friends - Icona Pop.mp3
    2012-05-21 00:47 - 2012-01-28 03:59 - 00000000 ___DC C:\Users\Javier Payes\Documents\Mii
    2012-05-21 00:09 - 2012-05-21 00:09 - 00000000 ___DC C:\Program Files (x86)\MediaHuman
    2012-05-21 00:09 - 2012-01-08 02:20 - 00000000 ___DC C:\Users\Javier Payes\AppData\Local\MediaHuman
    2012-05-21 00:08 - 2012-05-21 00:05 - 12774082 ___AC (MediaHuman ) C:\Users\Javier Payes\Downloads\MHAudioConverter.exe
    2012-05-20 22:35 - 2012-03-31 00:30 - 00002432 ___AC C:\Windows\PFRO.log
    2012-05-20 02:52 - 2012-05-20 02:52 - 00720170 ___AC C:\Users\Javier Payes\Downloads\DiscEX-v0.8b-cred.rar
    2012-05-20 02:41 - 2012-05-20 02:40 - 00387904 ___AC C:\Users\Javier Payes\Downloads\GameCubeISOcompress-v0.2-win32.zip
    2012-05-20 02:37 - 2012-05-20 02:35 - 01600384 ___AC C:\Users\Javier Payes\Downloads\diosmioslitesv1.4b.wad
    2012-05-20 01:59 - 2012-05-20 01:59 - 00000000 ___DC C:\Users\Javier Payes\AppData\Local\CRE
    2012-05-20 01:59 - 2012-05-20 01:59 - 00000000 ___DC C:\Users\Javier Payes\AppData\Local\Conduit
    2012-05-20 01:59 - 2012-05-20 01:59 - 00000000 ___DC C:\Program Files (x86)\uTorrentControl2
    2012-05-20 01:58 - 2011-12-25 20:08 - 00000000 ___DC C:\Program Files (x86)\uTorrent
    2012-05-17 15:28 - 2012-05-17 15:25 - 23576884 ___AC C:\Users\Javier Payes\Downloads\Secret of the Wild Child part 6(240p_H.264-AAC).mp4
    2012-05-17 15:28 - 2012-05-17 15:25 - 22074274 ___AC C:\Users\Javier Payes\Downloads\Secret of the Wild Child part 5(240p_H.264-AAC).mp4
    2012-05-17 15:25 - 2012-05-17 15:14 - 21275907 ___AC C:\Users\Javier Payes\Downloads\Secret of the Wild Child part 3(240p_H.264-AAC).mp4
    2012-05-17 15:24 - 2012-05-17 15:14 - 23709108 ___AC C:\Users\Javier Payes\Downloads\Secret of the Wild child part 4(240p_H.264-AAC).mp4
    2012-05-17 15:24 - 2012-05-17 15:14 - 21331031 ___AC C:\Users\Javier Payes\Downloads\Secret of the Wild Child part 2(240p_H.264-AAC).mp4
    2012-05-17 15:24 - 2012-05-17 15:14 - 20262357 ___AC C:\Users\Javier Payes\Downloads\Secret of the Wild Child part 1(240p_H.264-AAC).mp4
    2012-05-17 14:56 - 2012-05-17 04:50 - 00224575 ___AC C:\Users\Javier Payes\Documents\PERIODIOS CRÍTICOS.pptx
    2012-05-17 14:08 - 2012-05-17 14:07 - 03534650 ___AC C:\Users\Javier Payes\Downloads\Trasplantes.pptx
    2012-05-17 04:59 - 2012-05-17 04:59 - 00000000 ___DC C:\Users\Javier Payes\Documents\CDPresentación
    2012-05-17 04:58 - 2012-05-16 18:07 - 02130862 ___AC C:\Users\Javier Payes\Documents\Pruebas de histocompatibilidad.pptx
    2012-05-16 03:52 - 2010-10-13 15:14 - 00234944 ___AC C:\Users\Javier Payes\AppData\Local\GDIPFONTCACHEV1.DAT
    2012-05-16 03:24 - 2012-05-16 03:24 - 00025504 ___AC C:\Users\Javier Payes\Downloads\FuturaStd-Medium.otf
    2012-05-16 02:42 - 2012-05-15 02:31 - 31721284 ___AC C:\Users\Javier Payes\Downloads\www.NewAlbumReleases.net_Metric - Synthetica Reflections (2012).rar
    2012-05-15 02:29 - 2012-05-15 01:55 - 04129277 ___AC C:\Users\Javier Payes\Downloads\_Youth Without Youth_ - Metric.mp3
    2012-05-15 02:19 - 2012-05-15 01:20 - 04388403 ___AC C:\Users\Javier Payes\Downloads\emma louise - Boy - MuchoBravado.mp3
    2012-05-15 02:18 - 2012-05-15 02:17 - 05110386 ___AC C:\Users\Javier Payes\Downloads\Things We Lost In The Fire (Deux Freq remix) - BASTILLE.mp3
    2012-05-15 02:07 - 2012-05-15 01:36 - 87483822 ___AC C:\Users\Javier Payes\Downloads\Goldroom - Aviva Mix 2012.mp3
    2012-05-15 02:05 - 2012-05-15 01:36 - 85060069 ___AC C:\Users\Javier Payes\Downloads\Goldroom - Dec 2011 Mix for Therapy Life.mp3
    2012-05-15 02:03 - 2012-05-15 01:37 - 55017958 ___AC C:\Users\Javier Payes\Downloads\Goldroom - July 2011 Mix for KXSC Los Angeles.mp3
    2012-05-15 01:55 - 2012-05-15 01:53 - 04213863 ___AC C:\Users\Javier Payes\Downloads\Take a Walk - passionpit.mp3
    2012-05-15 01:53 - 2012-05-15 01:52 - 03768319 ___AC C:\Users\Javier Payes\Downloads\Climax - diplo.mp3
    2012-05-15 01:52 - 2012-05-15 01:50 - 04582503 ___AC C:\Users\Javier Payes\Downloads\Goldroom - Morgan's Bay.mp3
    2012-05-15 01:50 - 2012-05-15 01:38 - 28993979 ___AC C:\Users\Javier Payes\Downloads\Goldroom - Kissed Minimix (Feb 2012).mp3
    2012-05-15 01:38 - 2012-05-15 01:36 - 04801932 ___AC C:\Users\Javier Payes\Downloads\Goldroom - Fifteen (ft Chela).mp3
    2012-05-15 01:37 - 2012-05-15 01:36 - 04725863 ___AC C:\Users\Javier Payes\Downloads\Goldroom - City Girls.mp3
    2012-05-15 01:36 - 2012-05-15 01:34 - 05599398 ___AC C:\Users\Javier Payes\Downloads\Alpine - Hands (Goldroom Remix).mp3
    2012-05-15 01:36 - 2012-05-15 01:34 - 05216129 ___AC C:\Users\Javier Payes\Downloads\Goldroom - Angeles.mp3
    2012-05-15 01:36 - 2012-05-15 01:34 - 04707055 ___AC C:\Users\Javier Payes\Downloads\Citizens! - Reptile (Goldroom Remix).mp3
    2012-05-15 01:36 - 2012-05-15 01:34 - 04669439 ___AC C:\Users\Javier Payes\Downloads\Gigamesh - Red Light (Goldroom Remix).mp3
    2012-05-15 01:22 - 2012-05-15 01:22 - 03222046 ___AC C:\Users\Javier Payes\Downloads\SHIELDS - White Knuckle Tight Grip.mp3
    2012-05-15 01:22 - 2012-05-15 01:21 - 03086627 ___AC C:\Users\Javier Payes\Downloads\SHIELDS - Momentum (2012 Demo).mp3
    2012-05-15 01:22 - 2012-05-15 01:21 - 02950372 ___AC C:\Users\Javier Payes\Downloads\SHIELDS - Spires (Adrian Bushby Mix).mp3
    2012-05-15 01:21 - 2012-05-15 01:21 - 00000000 ___DC C:\Users\Javier Payes\Downloads\The Neighbourhood-I_m Sorry_
    2012-05-15 01:21 - 2012-05-15 01:20 - 03647110 ___AC C:\Users\Javier Payes\Downloads\SHIELDS - Brakes.mp3
    2012-05-15 01:21 - 2012-05-15 01:20 - 03617853 ___AC C:\Users\Javier Payes\Downloads\SHIELDS - Mezzanine (Live At La Fleche d'Or, Paris 2012).mp3
    2012-05-15 01:21 - 2012-05-15 01:20 - 02585076 ___AC C:\Users\Javier Payes\Downloads\SHIELDS - All I Know.mp3
    2012-05-15 01:21 - 2012-05-15 01:16 - 47164060 ___AC C:\Users\Javier Payes\Downloads\The Neighbourhood-I_m Sorry_.zip
    2012-05-15 00:35 - 2012-05-15 00:34 - 08613281 ___AC C:\Users\Javier Payes\Downloads\Sons Of Jim - My Burning Sun.mp3
    2012-05-15 00:34 - 2012-05-15 00:33 - 03630239 ___AC C:\Users\Javier Payes\Downloads\Sons of Jim - Fairytale.mp3
    2012-05-14 22:54 - 2012-05-14 22:49 - 62947359 ___AC C:\Users\Javier Payes\Downloads\BASTILLE_-_OTHER_PEOPLE'S_HEARTACHE.zip
    2012-05-12 16:33 - 2009-07-14 11:39 - 00000000 ___DC C:\Program Files\Windows Journal
    2012-05-12 01:14 - 2012-05-12 01:04 - 01544704 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
    2012-05-12 01:14 - 2012-05-12 01:04 - 01077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
    2012-05-12 01:13 - 2012-05-12 00:50 - 00075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
    2012-05-12 01:13 - 2010-10-13 15:20 - 00000000 ___DC C:\Program Files (x86)\Microsoft Silverlight
    2012-05-12 01:12 - 2012-05-12 00:27 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
    2012-05-10 17:41 - 2012-05-10 03:56 - 04286616 ___AC C:\Users\Javier Payes\Documents\Especies.pptx
    2012-05-10 17:22 - 2011-11-09 03:15 - 00000000 ___DC C:\Users\Javier Payes\Documents\BlackBerry
    2012-05-10 17:10 - 2012-05-10 17:03 - 00000000 ___DC C:\Users\Javier Payes\Documents\PROMETHEUS
    2012-05-10 16:55 - 2012-05-10 16:52 - 00000000 ___DC C:\Users\Javier Payes\Documents\Cromo
    2012-05-08 22:12 - 2012-05-08 22:12 - 00000000 ___DC C:\Users\All Users\Mozilla
    2012-05-05 02:07 - 2012-05-05 02:06 - 00872705 ___AC C:\Users\Javier Payes\Downloads\www.NewAlbumReleases.net_Garbage_-_Not_Your_Kind_of_People_(2012).rar.part
    2012-05-04 15:56 - 2012-05-04 15:56 - 00324179 ___AC C:\Users\Javier Payes\Documents\repaso bacter 2011.pptx
    2012-05-02 17:59 - 2012-05-16 02:42 - 00000000 ___DC C:\Users\Javier Payes\Downloads\Metric - Synthetica Reflections (2012)
    2012-04-30 18:01 - 2012-04-30 18:01 - 00234367 ___AC C:\Users\Javier Payes\Downloads\xiph-qt-win32-0.1.5.exe
    2012-04-30 17:15 - 2012-04-30 17:15 - 01630876 ___AC C:\Users\Javier Payes\Downloads\Bastille - Overjoyed.mp3
    2012-04-30 16:55 - 2012-04-30 16:55 - 01769430 ___AC C:\Users\Javier Payes\Downloads\BASTILLE _ Sleepsong.mp3
    2012-04-30 16:55 - 2012-04-30 16:55 - 01375868 ___AC C:\Users\Javier Payes\Downloads\BASTILLE _ What Would You Do_ [City High Cover] - ( Official Video ).mp3
    2012-04-30 16:54 - 2012-04-30 16:54 - 01635426 ___AC C:\Users\Javier Payes\Downloads\BASTILLE _ Overjoyed ( Official Video ).mp3
    2012-04-30 16:54 - 2012-04-30 16:54 - 01323712 ___AC C:\Users\Javier Payes\Downloads\BASTILLE _ Laura Palmer ( Image Video ).mp3
    2012-04-30 16:53 - 2012-04-30 16:53 - 00719934 ___AC C:\Users\Javier Payes\Downloads\BASTILLE _ Other People's Heartache (Trailer).mp3
    2012-04-30 16:52 - 2012-04-30 16:52 - 01770057 ___AC C:\Users\Javier Payes\Downloads\BASTILLE _ Of the Night.mp3
    2012-04-30 16:44 - 2012-04-30 16:44 - 01392456 ___AC C:\Users\Javier Payes\Downloads\BASTILLE _ Get Home ( Official Video - Tour 2011 ).mp3
    2012-04-30 16:43 - 2012-04-30 16:43 - 01594658 ___AC C:\Users\Javier Payes\Downloads\BASTILLE _ Flaws ( Video ).mp3
    2012-04-30 16:42 - 2012-04-30 16:42 - 01429142 ___AC C:\Users\Javier Payes\Downloads\Bastille - Icarus.mp3
    2012-04-28 03:17 - 2011-12-23 01:02 - 00000000 ___DC C:\Users\Javier Payes\Documents\ConvertXToDVD
    2012-04-28 02:46 - 2011-12-23 00:52 - 00001189 ___AC C:\Users\Javier Payes\AppData\Roaming\vso_ts_preview.xml
    2012-04-28 02:46 - 2011-12-23 00:52 - 00000000 ___DC C:\Users\Javier Payes\AppData\Roaming\Vso
    2012-04-28 01:38 - 2012-04-28 01:38 - 00000000 ___DC C:\Program Files (x86)\MixMeister BPM Analyzer
    2012-04-27 02:16 - 2012-04-27 02:16 - 02100035 ___AC C:\Users\Javier Payes\Downloads\Cassie - King of Hearts Richard X Remix.mp3
    2012-04-27 02:16 - 2012-04-27 02:16 - 02009965 ___AC C:\Users\Javier Payes\Downloads\Florence and the Machine - Breath Of Life.mp3
    2012-04-26 17:21 - 2012-04-26 17:21 - 03333872 ___AC C:\Users\Javier Payes\Downloads\brown-shoe-late-nights_2011-08-31-165055-4137-0-0-0.128.mp3
    2012-04-26 17:03 - 2012-04-26 17:03 - 08753206 ___AC C:\Users\Javier Payes\Downloads\Every Night I Say A Prayer.mp3
    2012-04-26 16:47 - 2012-04-26 15:49 - 87044874 ___AC C:\Users\Javier Payes\Downloads\Cassie - King Of Hearts - Richard X Remix Edit.mp4
    2012-04-24 03:16 - 2012-04-24 03:16 - 01424865 ___AC C:\Users\Javier Payes\Documents\Imagen1.png
    2012-04-24 03:15 - 2012-04-24 02:31 - 04042782 ___AC C:\Users\Javier Payes\Documents\Community2.pptx
    2012-04-24 02:25 - 2012-04-16 03:34 - 05404540 ___AC C:\Users\Javier Payes\Documents\chest.pptx
    2012-04-22 23:28 - 2012-04-22 23:00 - 00000000 ___DC C:\Users\Javier Payes\Documents\UnCodeX
    2012-04-22 23:00 - 2012-04-22 23:00 - 00000000 ___DC C:\Program Files (x86)\UnCodeX
    2012-04-22 21:45 - 2012-03-31 01:44 - 00085186 ___AC C:\Windows\DirectX.log
    2012-04-20 16:58 - 2009-07-14 06:08 - 00032630 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-04-19 01:44 - 2012-04-19 01:44 - 00135247 ___AC C:\Users\Javier Payes\Downloads\Cita SAT.pptx
    2012-04-16 23:11 - 2012-04-16 23:05 - 00000000 ___DC C:\Users\Javier Payes\Downloads\Impresion
    2012-04-16 02:17 - 2010-10-31 19:34 - 00030208 _ASHC C:\Users\Javier Payes\Thumbs.db
    2012-04-16 02:02 - 2012-04-16 02:02 - 00000000 ___DC C:\Users\Javier Payes\Downloads\zetro_vs_1_3_by_pisadeviant-d3jn7gf(1)
    2012-04-16 02:01 - 2012-04-16 02:01 - 00000000 ___DC C:\Users\Javier Payes\Downloads\omnimo_4_1_for_rainmeter_by_fediafedia-d2mhn7l
    2012-04-16 01:48 - 2012-04-16 01:48 - 00000000 ___DC C:\Users\Javier Payes\Downloads\placebo_for_windows_7_by_solmiler-d346dad
    2012-04-16 01:38 - 2012-04-16 01:38 - 00000000 ___DC C:\Program Files\CodeGazer
    2012-04-16 01:37 - 2012-04-16 01:37 - 00000000 ___DC C:\Users\Javier Payes\Downloads\simplesentencethree_by_white_baron-d2ws62q
    2012-04-16 01:35 - 2012-04-16 01:35 - 00000000 ___DC C:\Users\Javier Payes\Downloads\appows2010_by_neiio-d2lhrrb
    2012-04-16 01:25 - 2012-04-16 01:25 - 00000000 ___DC C:\Users\Javier Payes\Downloads\SimplyNova V2
    2012-04-16 01:03 - 2012-04-16 01:02 - 03839245 ___AC C:\Users\Javier Payes\Downloads\Santigold_-_Disparate_Youth_Official_Music_Video_mIMMZQJ1H6E_hi.mp3
    2012-04-15 06:58 - 2012-05-08 01:28 - 00000000 ___DC C:\Users\Javier Payes\Downloads\Summer Heart - About A Feeling (2012)
    2012-04-15 04:14 - 2012-03-29 18:38 - 00000000 ___DC C:\Users\Javier Payes\dwhelper
    2012-04-15 03:44 - 2012-04-15 02:37 - 371783742 ___AC C:\Users\Javier Payes\Downloads\Magic.City.S01E02.HDTV.x264-ASAP.mp4
    2012-04-15 02:50 - 2012-04-13 01:19 - 00000000 ___DC C:\Users\Javier Payes\Downloads\F-Zero_GX_USA_NGC-STARCUBE
    2012-04-13 02:58 - 2012-04-13 02:58 - 00220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
    2012-04-13 02:58 - 2012-04-13 02:58 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
    2012-04-13 02:58 - 2012-04-13 02:58 - 00159232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
    2012-04-13 02:58 - 2012-04-13 02:58 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
    2012-04-13 02:58 - 2012-04-13 02:58 - 00023408 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
    2012-04-13 02:58 - 2012-04-13 02:58 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
    2012-04-13 02:58 - 2012-04-13 02:58 - 00005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
    2012-04-13 01:57 - 2012-04-13 01:57 - 00000000 ___DC C:\Users\Javier Payes\Downloads\Santogold
    2012-04-05 22:41 - 2012-04-05 22:30 - 00000000 ___DC C:\Users\Javier Payes\AppData\Local\Darksiders
    2012-04-05 22:30 - 2012-03-31 01:46 - 00000000 ___DC C:\Users\Javier Payes\Documents\My Games
    2012-04-05 22:28 - 2011-07-08 19:52 - 00000000 ___DC C:\Windows\SysWOW64\directx
    2012-04-05 20:36 - 2012-04-05 20:36 - 01606656 ___AC C:\Users\Javier Payes\Downloads\SteamInstall.msi
    2012-04-05 20:18 - 2012-04-05 20:18 - 00000000 ___DC C:\Program Files\iTunes
    2012-04-05 20:18 - 2012-04-05 20:18 - 00000000 ___DC C:\Program Files\iPod
    2012-04-05 20:18 - 2012-04-05 20:18 - 00000000 ___DC C:\Program Files (x86)\iTunes
    2012-04-05 17:28 - 2012-04-05 17:28 - 00000000 ___DC C:\Program Files (x86)\THQ
    2012-04-02 02:18 - 2012-04-02 02:18 - 00001773 ___AC C:\Users\Javier Payes\Downloads\wiiflow.ini
    2012-04-02 01:42 - 2012-04-02 01:42 - 00000000 ___DC C:\Program Files (x86)\NVIDIA Corporation
    2012-04-01 19:21 - 2012-03-19 03:14 - 00002273 __AHC C:\Windows\EPMBatch.ept
    2012-03-31 01:46 - 2012-03-31 01:46 - 00000000 ___DC C:\Users\All Users\Age of Empires 3
    2012-03-31 01:45 - 2010-10-12 10:29 - 00000000 __HDC C:\Program Files (x86)\InstallShield Installation Information
    2012-03-31 01:40 - 2011-06-25 22:29 - 00000000 ___DC C:\Program Files (x86)\Microsoft Games
    2012-03-31 01:27 - 2012-03-31 01:27 - 00000000 ___DC C:\Users\Javier Payes\AppData\Local\SKIDROW
    2012-03-31 01:05 - 2012-03-31 01:05 - 00000000 ___DC C:\Program Files (x86)\Elaborate Bytes
    2012-03-31 00:38 - 2012-03-29 18:54 - 00000000 ___DC C:\Users\Javier Payes\AppData\Roaming\Orbit
    ZeroAccess:
    C:\Windows\Installer\{938cf1c4-6115-446a-91cc-0ed5a15e6eac}
    C:\Windows\Installer\{938cf1c4-6115-446a-91cc-0ed5a15e6eac}\@
    C:\Windows\Installer\{938cf1c4-6115-446a-91cc-0ed5a15e6eac}\L
    C:\Windows\Installer\{938cf1c4-6115-446a-91cc-0ed5a15e6eac}\n
    C:\Windows\Installer\{938cf1c4-6115-446a-91cc-0ed5a15e6eac}\U
    C:\Windows\Installer\{938cf1c4-6115-446a-91cc-0ed5a15e6eac}\U\800000cb.@
    ZeroAccess:
    C:\Users\Javier Payes\AppData\Local\{938cf1c4-6115-446a-91cc-0ed5a15e6eac}
    C:\Users\Javier Payes\AppData\Local\{938cf1c4-6115-446a-91cc-0ed5a15e6eac}\@
    C:\Users\Javier Payes\AppData\Local\{938cf1c4-6115-446a-91cc-0ed5a15e6eac}\L
    C:\Users\Javier Payes\AppData\Local\{938cf1c4-6115-446a-91cc-0ed5a15e6eac}\U
    ========================= Known DLLs (Whitelisted) ============

    ========================= Bamital & volsnap Check ============
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
    ==================== EXE ASSOCIATION =====================
    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK
    ========================= Memory info ======================
    Percentage of memory in use: 16%
    Total physical RAM: 3893.32 MB
    Available physical RAM: 3239.23 MB
    Total Pagefile: 3891.47 MB
    Available Pagefile: 3246.32 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB
    ======================= Partitions =========================
    1 Drive c: () (Fixed) (Total:75.05 GB) (Free:3.44 GB) NTFS
    2 Drive d: (Windows 8) (Fixed) (Total:20.51 GB) (Free:7.01 GB) NTFS
    3 Drive f: (Datos) (Fixed) (Total:368.1 GB) (Free:11.73 GB) NTFS
    5 Drive h: (USB) (Removable) (Total:0.93 GB) (Free:0.93 GB) FAT32
    6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    7 Drive y: (Reservado para el sistema) (Fixed) (Total:0.1 GB) (Free:0.04 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    N£m Disco Estado Tama¤o Disp Din Gpt
    ---------- ---------- ------- ------- --- ---
    Disco 0 En l¡nea 465 GB 0 B
    Disco 1 En l¡nea 954 MB 0 B
    Saliendo de DiskPart...

    ==========================================================
    Last Boot: 2012-06-21 03:39
    ======================= End Of Log ==========================
  5. Broni

    Broni Malware Annihilator Posts: 46,143   +251

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===================================================

    In Vista or Windows 7: Boot to System Recovery Options and run FRST.
    In Windows XP: Please boot to UBCD and run FRST.
    Type the following in the edit box after "Search:".

    services.exe

    Click Search button and post the log (Search.txt) it makes to your reply.
  6. NeonBonez

    NeonBonez Newcomer, in training Topic Starter Posts: 23

    This is what I got:

    Farbar Recovery Scan Tool Version: 25-06-2012
    Ran by SYSTEM at 2012-06-27 19:48:23
    Running from H:\
    ================== Search: "services.exe" ===================
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-14 00:19] - [2009-07-14 02:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
    C:\Windows\System32\services.exe
    [2009-07-14 00:19] - [2012-06-28 00:37] - 0328704 ___AC (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06
    ====== End Of Search ======
  7. Broni

    Broni Malware Annihilator Posts: 46,143   +251

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Next...

    See if you can boot normally.

    If so...

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

    Attached Files:

  8. NeonBonez

    NeonBonez Newcomer, in training Topic Starter Posts: 23

    Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 25-06-2012
    Ran by SYSTEM at 2012-06-27 20:15:39 Run:1
    Running from H:\
    ==============================================
    HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored successfully .
    C:\Windows\System32\consrv.dll not found.
    C:\Windows\System32\services.exe.443E440A2239DFD4 moved successfully.
    C:\Windows\Installer\{938cf1c4-6115-446a-91cc-0ed5a15e6eac} moved successfully.
    C:\Users\Javier Payes\AppData\Local\{938cf1c4-6115-446a-91cc-0ed5a15e6eac} moved successfully.
    C:\Windows\System32\services.exe moved successfully.
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe
    ==== End of Fixlog ====
  9. NeonBonez

    NeonBonez Newcomer, in training Topic Starter Posts: 23

    Windows runs normally.
    This is the ComboFix log:

    ComboFix 12-06-27.01 - Javier Payes 06/27/2012 20:30:15.1.4 - x64
    Microsoft Windows 7 Enterprise 6.1.7601.1.1252.52.3082.18.3893.1822 [GMT -5:00]
    Running from: c:\users\Javier Payes\Downloads\ComboFix.exe
    AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
    SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\ClickPotatoLiteSA
    c:\programdata\ClickPotatoLiteSA\ClickPotatoLiteSA.dat
    c:\programdata\ClickPotatoLiteSA\ClickPotatoLiteSA_hpk.dat
    c:\programdata\ClickPotatoLiteSA\ClickPotatoLiteSA_kyf_update.dat
    c:\programdata\ClickPotatoLiteSA\ClickPotatoLiteSAAbout.mht
    c:\programdata\ClickPotatoLiteSA\ClickPotatoLiteSAau.dat
    c:\programdata\ClickPotatoLiteSA\ClickPotatoLiteSAEULA.mht
    c:\users\Javier Payes\AppData\Local\TempDIR
    c:\users\Javier Payes\AppData\Local\TempDIR\BetterInstaller.exe
    c:\users\Javier Payes\AppData\Roaming\ClickPotatoLite
    c:\users\Javier Payes\AppData\Roaming\Love
    c:\users\Javier Payes\AppData\Roaming\Love\mari0\options.txt
    c:\users\Javier Payes\AppData\Roaming\vso_ts_preview.xml
    c:\windows\UA000071.DLL
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-05-28 to 2012-06-28 )))))))))))))))))))))))))))))))
    .
    .
    2012-06-28 01:38 . 2012-06-28 01:38 -------- dc----w- c:\users\Default\AppData\Local\temp
    2012-06-27 23:20 . 2012-06-27 23:19 927800 -c--a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{60302ED5-CBBA-4C98-A7BA-F49D304634D8}\gapaengine.dll
    2012-06-27 23:20 . 2012-05-31 02:04 9013136 -c--a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{113DA8EF-245F-4A20-8046-A46957D295DB}\mpengine.dll
    2012-06-27 23:17 . 2012-06-27 23:21 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-27 23:17 . 2012-06-27 23:21 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-27 23:17 . 2012-06-27 23:21 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-27 23:17 . 2012-06-27 23:21 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-27 23:17 . 2012-06-27 23:21 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-27 23:17 . 2012-06-27 23:21 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-27 23:17 . 2012-06-27 23:21 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-27 23:16 . 2012-06-27 23:21 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-27 23:16 . 2012-06-27 23:21 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-27 17:59 . 2012-06-27 18:00 -------- dc----w- C:\FRST
    2012-06-24 21:01 . 2012-06-24 21:01 -------- dc----w- c:\users\Javier Payes\AppData\Local\Macromedia
    2012-06-24 20:51 . 2012-06-24 20:51 -------- dc----w- c:\program files (x86)\Microsoft Security Client
    2012-06-24 20:50 . 2012-06-24 20:51 -------- dc----w- c:\program files\Microsoft Security Client
    2012-06-21 23:13 . 2012-06-21 23:13 -------- dc----w- c:\users\Javier Payes\AppData\Roaming\Hive Cluster
    2012-06-21 22:43 . 2012-06-21 22:43 -------- dc----w- c:\program files (x86)\Super Meat Boy
    2012-06-21 20:44 . 2012-06-21 20:44 -------- dcsh--w- c:\windows\system32\%APPDATA%
    2012-06-14 20:28 . 2012-06-14 20:28 11776 -c--a-w- c:\program files (x86)\Mozilla Firefox\plugins\nprjplug.dll
    2012-06-14 20:27 . 2012-06-14 20:27 -------- dc----w- c:\program files (x86)\Common Files\xing shared
    2012-06-14 20:27 . 2012-06-14 20:27 150696 -c--a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppl3260.dll
    2012-06-14 20:27 . 2012-06-14 20:27 129144 -c--a-w- c:\program files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
    2012-06-14 20:26 . 2012-06-14 20:26 499712 -c--a-w- c:\windows\SysWow64\msvcp71.dll
    2012-06-14 20:26 . 2012-06-14 20:26 348160 -c--a-w- c:\windows\SysWow64\msvcr71.dll
    2012-06-13 18:31 . 2012-06-14 20:11 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
    2012-06-13 18:31 . 2012-06-14 20:11 77312 ----a-w- c:\windows\system32\rdpwsx.dll
    2012-06-13 18:31 . 2012-06-14 20:11 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
    2012-06-13 18:31 . 2012-06-14 20:06 209920 ----a-w- c:\windows\system32\profsvc.dll
    2012-06-13 18:31 . 2012-06-14 20:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-06-13 18:31 . 2012-06-14 20:05 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2012-06-13 18:31 . 2012-06-14 20:05 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2012-06-13 18:30 . 2012-06-14 20:05 3146752 ----a-w- c:\windows\system32\win32k.sys
    2012-06-13 18:30 . 2012-06-14 20:05 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
    2012-06-13 18:30 . 2012-06-14 20:05 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
    2012-06-13 18:30 . 2012-06-14 20:05 3216384 ----a-w- c:\windows\system32\msi.dll
    2012-06-13 18:30 . 2012-06-14 20:05 2342400 ----a-w- c:\windows\SysWow64\msi.dll
    2012-06-13 18:30 . 2012-06-14 20:04 1462272 ----a-w- c:\windows\system32\crypt32.dll
    2012-06-13 18:30 . 2012-06-14 20:04 184320 ----a-w- c:\windows\system32\cryptsvc.dll
    2012-06-13 18:30 . 2012-06-14 20:04 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
    2012-06-13 18:30 . 2012-06-14 20:04 140288 ----a-w- c:\windows\system32\cryptnet.dll
    2012-06-13 18:30 . 2012-06-14 20:04 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
    2012-06-13 18:30 . 2012-06-14 20:04 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
    2012-06-08 01:42 . 2012-06-08 01:42 770384 -c--a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
    2012-06-08 01:42 . 2012-06-08 01:42 421200 -c--a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
    2012-06-04 21:41 . 2012-06-04 21:41 -------- dc----w- c:\users\Javier Payes\AppData\Local\Toshiba
    2012-06-04 21:41 . 2012-06-04 21:41 -------- dc----w- c:\programdata\TOSHIBA
    2012-06-04 21:36 . 2012-06-04 21:36 -------- dcsh--w- c:\windows\SysWow64\%APPDATA%
    2012-06-04 21:35 . 2009-06-19 02:42 40832 -c--a-w- c:\windows\system32\drivers\TosBtCi.dll
    2012-06-04 21:35 . 2012-06-04 21:35 -------- dc----w- c:\program files (x86)\Toshiba
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-06-24 20:45 . 2012-04-20 00:07 426184 -c--a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-06-24 20:45 . 2011-05-19 14:31 70344 -c--a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-05-12 00:14 . 2012-05-12 00:04 1544704 ----a-w- c:\windows\system32\DWrite.dll
    2012-05-12 00:14 . 2012-05-12 00:04 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
    2012-05-12 00:13 . 2012-05-11 23:50 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
    2012-05-12 00:12 . 2012-05-11 23:27 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2012-04-13 01:58 . 2012-04-13 01:58 220672 ----a-w- c:\windows\system32\wintrust.dll
    2012-04-13 01:58 . 2012-04-13 01:58 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
    2012-04-13 01:58 . 2012-04-13 01:58 81408 ----a-w- c:\windows\system32\imagehlp.dll
    2012-04-13 01:58 . 2012-04-13 01:58 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
    2012-04-13 01:58 . 2012-04-13 01:58 5120 ----a-w- c:\windows\SysWow64\wmi.dll
    2012-04-13 01:58 . 2012-04-13 01:58 5120 ----a-w- c:\windows\system32\wmi.dll
    2012-04-13 01:58 . 2012-04-13 01:58 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
    2011-11-10 02:32 . 2011-11-10 02:32 1163348 -c--a-w- c:\program files (x86)\THE_LEGEND_OF_ZELDA_25th_ANNIVERSARYUninst.exe
    2011-11-10 02:32 . 2011-11-10 02:32 16590692 -c--a-w- c:\program files (x86)\THE_LEGEND_OF_ZELDA_25th_ANNIVERSARY.scr
    .
  10. NeonBonez

    NeonBonez Newcomer, in training Topic Starter Posts: 23

    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files (x86)\MyAshampoo\tbMyAs.dll" [2010-11-29 3908192]
    "{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
    .
    [HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
    2010-11-29 21:26 3908192 -c--a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}]
    2011-05-09 08:49 176936 -c--a-w- c:\program files (x86)\uTorrentControl2\prxtbuTor.dll
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
    2010-11-29 21:26 3908192 -c--a-w- c:\program files (x86)\MyAshampoo\tbMyAs.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files (x86)\MyAshampoo\tbMyAs.dll" [2010-11-29 3908192]
    "{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-11-29 3908192]
    "{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
    .
    [HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
    .
    [HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 94208 -c--a-w- c:\users\Javier Payes\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 94208 -c--a-w- c:\users\Javier Payes\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 94208 -c--a-w- c:\users\Javier Payes\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-04-05 1242448]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
    "RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
    "LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
    "VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
    "ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
    "TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2012-06-14 296056]
    .
    c:\users\Javier Payes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    Dropbox.lnk - c:\users\Javier Payes\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
    EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2012-5-9 1014112]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth Manager.lnk - c:\program files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2010-12-14 2749856]
    Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2012-1-8 107720]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    3;2 NAUpdate;Nero Update [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Servicio de actualización de Google (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-24 136176]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-24 250056]
    R3 BthAvrcp;Perfil AVRCP Bluetooth;c:\windows\system32\DRIVERS\BthAvrcp.sys [2009-08-13 29184]
    R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 16776]
    R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 9096]
    R3 gupdatem;Google Update Servicio (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-24 136176]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-17 113120]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
    R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [2008-05-02 23552]
    R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [2008-05-02 18432]
    R3 PPJoyBus;Parallel Port Joystick Bus Enumerator;c:\windows\system32\DRIVERS\PPJoyBus64.sys [2009-11-04 20032]
    R3 PPortJoystick;Parallel Port Joystick Device Driver;c:\windows\system32\DRIVERS\PPortJoy64.sys [2009-11-04 39488]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
    R3 RTL8192su;Airlink101 AWLL6077v2 Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2009-07-17 660992]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 tsusbhub;tsusbhub;tsusbhub [x]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
    S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [2010-04-06 301232]
    S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
    S3 IntcDAud;Sonido Intel(R) para pantallas;c:\windows\system32\DRIVERS\IntcDAud.sys [2009-11-27 244736]
    .
  11. NeonBonez

    NeonBonez Newcomer, in training Topic Starter Posts: 23

    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-06-28 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-20 20:45]
    .
    2012-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-24 00:54]
    .
    2012-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-24 00:54]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 97792 -c--a-w- c:\users\Javier Payes\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 97792 -c--a-w- c:\users\Javier Payes\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 97792 -c--a-w- c:\users\Javier Payes\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2011-12-05 19:17 97792 -c--a-w- c:\users\Javier Payes\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-21 8306208]
    "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
    "VX3000"="c:\windows\vVX3000.exe" [2010-05-20 762736]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-09-01 167704]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-09-01 392472]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-09-01 416024]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3072253
    mStart Page = about:blank
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
    TCP: DhcpNameServer = 10.1.2.254 10.1.2.214 10.1.2.253
    FF - ProfilePath - c:\users\Javier Payes\AppData\Roaming\Mozilla\Firefox\Profiles\l6dw6y8z.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.search.selectedEngine - uTorrentControl2 Customized Web Search
    FF - prefs.js: browser.startup.homepage - google.com
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
    FF - user.js: general.useragent.extra.brc -
    .
    - - - - ORPHANS REMOVED - - - -
    .
    BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    c:\program files (x86)\Nero\Update\NASvc.exe
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    .
    **************************************************************************
    .
    Completion time: 2012-06-27 20:51:27 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-06-28 01:51
    .
    Pre-Run: 3,357,929,472 bytes free
    Post-Run: 3,367,297,024 bytes free
    .
    - - End Of File - - 06AE0A771C63DE8263548084C9E1F1F4
     
  12. Broni

    Broni Malware Annihilator Posts: 46,143   +251

    Looks good :)

    Any current issues?

    =======================================

    Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/products/malwarebytes_free to your desktop.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    Be sure to restart the computer.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    ======================================

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\tasks\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /I " " /c
    dir /b "%systemroot%\*.exe" | find /I " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  13. NeonBonez

    NeonBonez Newcomer, in training Topic Starter Posts: 23

    Everything seems fine. Thank you so much!!!!!
    Up next is the Malwarebytes log:

    Malwarebytes Anti-Malware (Trial) 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.06.28.02

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Javier Payes :: FI [administrator]

    Protection: Enabled

    6/27/2012 9:32:52 PM
    mbam-log-2012-06-27 (21-38-51).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 213022
    Time elapsed: 5 minute(s), 12 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 1
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> No action taken.

    Registry Values Detected: 1
    HKLM\SOFTWARE\Mozilla\Firefox\extensions|ClickPotatoLite@ClickPotatoLite.com (Adware.ClickPotato) -> Data: C:\Program Files (x86)\ClickPotatoLite\bin\10.0.659.0\firefox\extensions -> No action taken.

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
  14. Broni

    Broni Malware Annihilator Posts: 46,143   +251

    Your log says "No action taken".
    Re-run MBAM, fix all issues and post new log.
  15. NeonBonez

    NeonBonez Newcomer, in training Topic Starter Posts: 23

    Sorry about that. I made that log before removing the detected malicious items. Here is a new log:

    Malwarebytes Anti-Malware (Trial) 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.06.28.02

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Javier Payes :: FI [administrator]

    Protection: Enabled

    6/27/2012 10:05:15 PM
    mbam-log-2012-06-27 (22-05-15).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 212778
    Time elapsed: 2 minute(s), 58 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
  16. NeonBonez

    NeonBonez Newcomer, in training Topic Starter Posts: 23

    This is the OTL Log:

    OTL logfile created on: 6/27/2012 9:50:53 PM - Run 1
    OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Javier Payes\Desktop
    64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.80 Gb Total Physical Memory | 2.14 Gb Available Physical Memory | 56.34% Memory free
    7.60 Gb Paging File | 5.65 Gb Available in Paging File | 74.38% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 75.05 Gb Total Space | 2.83 Gb Free Space | 3.77% Space Free | Partition Type: NTFS
    Drive E: | 368.10 Gb Total Space | 13.14 Gb Free Space | 3.57% Space Free | Partition Type: NTFS
    Drive F: | 20.51 Gb Total Space | 7.01 Gb Free Space | 34.20% Space Free | Partition Type: NTFS

    Computer Name: FI | User Name: Javier Payes | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/06/27 21:30:51 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Javier Payes\Desktop\OTL.exe
    PRC - [2012/06/24 15:45:09 | 001,535,176 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
    PRC - [2012/06/16 21:20:48 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    PRC - [2012/06/14 15:26:56 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    PRC - [2012/05/24 13:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Javier Payes\AppData\Roaming\Dropbox\bin\Dropbox.exe
    PRC - [2012/05/09 09:47:54 | 001,014,112 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
    PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    PRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2011/03/29 15:33:08 | 000,598,312 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
    PRC - [2011/02/18 12:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    PRC - [2010/12/14 15:13:06 | 002,749,856 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    PRC - [2010/09/06 16:18:00 | 000,746,384 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
    PRC - [2010/08/23 16:12:00 | 000,677,264 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    PRC - [2010/08/23 16:12:00 | 000,087,440 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    PRC - [2010/05/20 16:26:30 | 000,762,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX3000.exe
    PRC - [2009/12/09 03:50:00 | 002,320,920 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2009/12/09 03:49:58 | 000,268,824 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2006/08/11 11:15:36 | 000,200,704 | ---- | M] (InterVideo Inc.) -- C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/06/24 15:45:09 | 009,459,912 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
    MOD - [2012/06/16 21:20:48 | 002,042,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
    MOD - [2012/03/16 15:42:58 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
    MOD - [2012/03/16 15:42:56 | 000,433,664 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
    MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
    SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2010/05/20 16:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
    SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV - [2012/06/24 15:45:10 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/06/19 14:45:37 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2012/06/16 21:20:48 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2011/03/29 15:33:08 | 000,598,312 | ---- | M] (Nero AG) [Auto | Stop_Pending] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) @C:\Program Files (x86)
    SRV - [2010/04/12 10:45:00 | 000,196,976 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Running] -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/12/09 03:50:00 | 002,320,920 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
    SRV - [2009/12/09 03:49:58 | 000,268,824 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
    SRV - [2009/07/13 12:06:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
    SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2007/05/31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
    SRV - [2007/05/31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
    SRV - [2006/08/11 11:15:36 | 000,200,704 | ---- | M] (InterVideo Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/04/12 20:58:39 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
    DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
    DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2011/08/31 20:53:22 | 012,306,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2011/07/29 14:54:56 | 000,016,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv)
    DRV:64bit: - [2011/07/29 14:54:56 | 000,009,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv)
    DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/02/16 19:23:46 | 000,074,240 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
    DRV:64bit: - [2011/01/15 11:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
    DRV:64bit: - [2010/12/16 17:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
    DRV:64bit: - [2010/12/12 00:09:08 | 000,291,760 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfbd.sys -- (tosrfbd)
    DRV:64bit: - [2010/12/02 19:30:00 | 000,067,384 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfusb.sys -- (Tosrfusb)
    DRV:64bit: - [2010/11/29 11:47:00 | 000,082,224 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tosrfcom.sys -- (Tosrfcom)
    DRV:64bit: - [2010/11/23 02:34:00 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
    DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 06:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2010/11/11 10:27:00 | 000,050,864 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfbnp.sys -- (tosrfbnp)
    DRV:64bit: - [2010/09/22 14:19:02 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
    DRV:64bit: - [2010/08/30 10:48:00 | 000,094,528 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Tosrfhid.sys -- (Tosrfhid)
    DRV:64bit: - [2010/05/20 16:26:30 | 002,060,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VX3000.sys -- (VX3000)
    DRV:64bit: - [2010/04/26 11:48:00 | 000,063,488 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TosRfSnd.sys -- (TosRfSnd)
    DRV:64bit: - [2010/04/06 00:37:42 | 000,301,232 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress) Intel(R)
    DRV:64bit: - [2009/11/27 08:15:14 | 000,244,736 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Sonido Intel(R)
    DRV:64bit: - [2009/11/03 22:03:56 | 000,039,488 | ---- | M] (Deon van der Westhuysen) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PPortJoy64.sys -- (PPortJoystick)
    DRV:64bit: - [2009/11/03 22:03:56 | 000,020,032 | ---- | M] (Deon van der Westhuysen) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PPJoyBus64.sys -- (PPJoyBus)
    DRV:64bit: - [2009/10/27 12:10:18 | 000,030,208 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motmodem.sys -- (motmodem)
    DRV:64bit: - [2009/09/16 23:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
    DRV:64bit: - [2009/09/03 17:30:20 | 000,128,512 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tiehdusb.sys -- (TIEHDUSB)
    DRV:64bit: - [2009/08/13 09:38:24 | 000,029,184 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcp.sys -- (BthAvrcp)
    DRV:64bit: - [2009/07/24 11:33:00 | 000,026,472 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfnds.sys -- (tosrfnds)
    DRV:64bit: - [2009/07/17 11:09:04 | 000,660,992 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtl8192su.sys -- (RTL8192su)
    DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 19:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
    DRV:64bit: - [2009/07/13 19:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
    DRV:64bit: - [2009/07/13 19:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
    DRV:64bit: - [2009/06/17 12:01:00 | 000,054,664 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosporte.sys -- (tosporte)
    DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2009/01/09 16:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
    DRV:64bit: - [2008/05/02 11:59:08 | 000,008,704 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64j.sys -- (UsbserFilt)
    DRV:64bit: - [2008/05/02 11:58:50 | 000,008,704 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
    DRV:64bit: - [2008/05/02 11:58:48 | 000,023,552 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdcx64)
    DRV:64bit: - [2008/05/02 11:58:48 | 000,018,432 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcdx64)
    DRV:64bit: - [2006/01/12 11:49:18 | 000,018,560 | ---- | M] (Cisco-Linksys, LLC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WCG200V2NTamd64.sys -- (WCG200NTamd64)
    DRV - [2011/07/29 14:54:56 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv)
    DRV - [2011/07/29 14:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv)
    DRV - [2010/09/16 13:48:02 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
    DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
    DRV - [2002/10/07 19:07:38 | 000,011,376 | R--- | M] () [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\SECDRV.SYS -- (SecDrv)
    DRV - [1999/09/10 13:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Stopped] -- C:\Windows\SysWow64\drivers\ASPI32.SYS -- (ASPI32)


    ========== Standard Registry (SafeList) ==========
  17. NeonBonez

    NeonBonez Newcomer, in training Topic Starter Posts: 23

    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKLM\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
    IE - HKLM\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
    IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



    IE - HKU\S-1-5-21-585829491-2030783581-114987629-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT3072253
    IE - HKU\S-1-5-21-585829491-2030783581-114987629-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = es-MX
    IE - HKU\S-1-5-21-585829491-2030783581-114987629-1000\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-585829491-2030783581-114987629-1000\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-585829491-2030783581-114987629-1000\..\SearchScopes,DefaultScope = {92E2242F-0B40-4B18-80F5-10F4AD20D9EE}
    IE - HKU\S-1-5-21-585829491-2030783581-114987629-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKU\S-1-5-21-585829491-2030783581-114987629-1000\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
    IE - HKU\S-1-5-21-585829491-2030783581-114987629-1000\..\SearchScopes\{63D37799-AFD2-4EE1-977A-5AFD117379CA}: "URL" = http://mx.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=386496&p={searchTerms}
    IE - HKU\S-1-5-21-585829491-2030783581-114987629-1000\..\SearchScopes\{6C55CA6E-125E-47D5-897D-D5F466E418D5}: "URL" = http://en.wikipedia.org/w/index.php?title=Special:Search&search={searchTerms}
    IE - HKU\S-1-5-21-585829491-2030783581-114987629-1000\..\SearchScopes\{75E01832-A5BB-4EEA-B457-E53526AF1894}: "URL" = http://es.wikipedia.org/w/index.php?title=Special:Search&search={searchTerms}
    IE - HKU\S-1-5-21-585829491-2030783581-114987629-1000\..\SearchScopes\{78198319-70F5-4FBE-BE30-0CEEA25D277B}: "URL" = http://www.google.com/search?hl=en&q={searchTerms}
    IE - HKU\S-1-5-21-585829491-2030783581-114987629-1000\..\SearchScopes\{92E2242F-0B40-4B18-80F5-10F4AD20D9EE}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=ie8
    IE - HKU\S-1-5-21-585829491-2030783581-114987629-1000\..\SearchScopes\{939F10F2-C7BC-4167-93CA-A1822838AD20}: "URL" = http://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
    IE - HKU\S-1-5-21-585829491-2030783581-114987629-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-585829491-2030783581-114987629-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Google"
    FF - prefs.js..browser.search.defaultthis.engineName: "uTorrentControl2 Customized Web Search"
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms}"
    FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=386496&ilc=12"
    FF - prefs.js..browser.search.selectedEngine: "uTorrentControl2 Customized Web Search"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "google.com"
    FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q="


    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
    FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011/04/16 18:12:35 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011/04/16 18:12:35 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/06/27 12:11:31 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/16 21:20:49 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/14 15:28:14 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/16 21:20:49 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/14 15:28:14 | 000,000,000 | ---D | M]

    [2011/08/29 19:56:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Javier Payes\AppData\Roaming\mozilla\Extensions
    [2012/06/27 18:18:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Javier Payes\AppData\Roaming\mozilla\Firefox\Profiles\l6dw6y8z.default\extensions
    [2012/05/30 18:59:31 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\Javier Payes\AppData\Roaming\mozilla\Firefox\Profiles\l6dw6y8z.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
    [2012/06/05 15:22:15 | 000,000,000 | ---D | M] (MyAshampoo Community Toolbar) -- C:\Users\Javier Payes\AppData\Roaming\mozilla\Firefox\Profiles\l6dw6y8z.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}
    [2012/03/29 12:37:33 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Javier Payes\AppData\Roaming\mozilla\Firefox\Profiles\l6dw6y8z.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    [2012/06/27 18:18:43 | 000,000,000 | ---D | M] ("pearltrees") -- C:\Users\Javier Payes\AppData\Roaming\mozilla\Firefox\Profiles\l6dw6y8z.default\extensions\collector@broceliand.fr
    [2011/12/25 14:48:34 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Javier Payes\AppData\Roaming\mozilla\Firefox\Profiles\l6dw6y8z.default\extensions\engine@conduit.com
    [2012/03/18 19:30:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2012/06/16 21:20:49 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2010/10/06 19:18:35 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
    [2012/03/15 10:17:49 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
    [2010/10/06 19:18:37 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
    [2012/06/14 15:27:06 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
    [2012/03/12 23:38:32 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2012/01/27 18:42:51 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
    [2012/03/12 23:38:32 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
  18. NeonBonez

    NeonBonez Newcomer, in training Topic Starter Posts: 23

    ========== Chrome ==========

    CHR - default_search_provider: ()
    CHR - default_search_provider: search_url =
    CHR - default_search_provider: suggest_url =

    O1 HOSTS File: ([2012/06/27 20:40:27 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll File not found
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
    O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    O2 - BHO: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [VX3000] C:\Windows\vVX3000.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
    O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
    O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
    O4 - HKU\S-1-5-21-585829491-2030783581-114987629-1000..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
    O4 - Startup: C:\Users\Javier Payes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Javier Payes\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
    O4 - Startup: C:\Users\Javier Payes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-585829491-2030783581-114987629-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-585829491-2030783581-114987629-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
    O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
    O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
    O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
    O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
    O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.26.0.cab (SysInfo Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.2.254 10.1.2.214 10.1.2.253
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{017E5300-E963-4258-A87D-F590371E3DA4}: DhcpNameServer = 8.8.8.8
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1DBD90B3-0079-4584-81C7-0746A134E261}: DhcpNameServer = 10.1.2.254 10.1.2.214 10.1.2.253
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DDA3FDAF-FEBB-463B-982B-A9605A42C9BA}: DhcpNameServer = 192.168.1.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F2C3C95A-C2CF-45A5-A7CD-D0AC4A8AF571}: DhcpNameServer = 10.1.2.254 10.1.2.124 10.1.2.123
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
    Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point
     
  19. NeonBonez

    NeonBonez Newcomer, in training Topic Starter Posts: 23

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/06/27 21:30:47 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Javier Payes\Desktop\OTL.exe
    [2012/06/27 21:28:46 | 000,000,000 | ---D | C] -- C:\Users\Javier Payes\AppData\Roaming\Malwarebytes
    [2012/06/27 21:28:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/06/27 21:28:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/06/27 21:28:36 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/06/27 21:28:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/06/27 20:55:32 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/06/27 20:28:31 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/06/27 20:28:31 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/06/27 20:28:31 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/06/27 20:28:16 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/06/27 20:27:03 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/06/27 20:24:58 | 004,570,514 | R--- | C] (Swearware) -- C:\Users\Javier Payes\Desktop\ComboFix.exe
    [2012/06/27 12:59:32 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/06/24 16:01:58 | 000,000,000 | ---D | C] -- C:\Users\Javier Payes\AppData\Local\Macromedia
    [2012/06/24 15:51:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
    [2012/06/24 15:50:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
    [2012/06/21 18:13:12 | 000,000,000 | ---D | C] -- C:\Users\Javier Payes\AppData\Roaming\Hive Cluster
    [2012/06/21 17:43:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Super Meat Boy
    [2012/06/21 17:43:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Super Meat Boy
    [2012/06/21 17:43:01 | 000,000,000 | ---D | C] -- C:\Users\Javier Payes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Super Meat Boy
    [2012/06/21 15:44:05 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
    [2012/06/15 09:44:16 | 000,000,000 | ---D | C] -- C:\Users\Javier Payes\AppData\Local\{B0DA6E0E-25E6-4C6C-97A2-E21D25D8C269}
    [2012/06/14 18:24:19 | 000,000,000 | ---D | C] -- C:\Users\Javier Payes\Documents\Hipertensión Arterial
    [2012/06/14 15:27:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
    [2012/06/14 15:26:59 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
    [2012/06/14 15:26:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
    [2012/06/04 16:41:05 | 000,000,000 | ---D | C] -- C:\Users\Javier Payes\AppData\Local\Toshiba
    [2012/06/04 16:41:05 | 000,000,000 | ---D | C] -- C:\ProgramData\TOSHIBA
    [2012/06/04 16:36:28 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
    [2012/06/04 16:35:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA
    [2012/06/04 16:35:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toshiba
    [2012/05/30 21:50:01 | 000,000,000 | ---D | C] -- C:\Users\Javier Payes\Documents\Onchocerca volvulus
    [2012/05/30 20:28:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
    [2011/11/09 21:32:43 | 001,163,348 | ---- | C] (SERIALGAMES Inc.) -- C:\Program Files (x86)\THE_LEGEND_OF_ZELDA_25th_ANNIVERSARYUninst.exe

    ========== Files - Modified Within 30 Days ==========

    [2012/06/27 21:50:31 | 000,015,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/06/27 21:50:31 | 000,015,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/06/27 21:42:44 | 000,001,044 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/06/27 21:42:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/06/27 21:41:28 | 3061,829,632 | -HS- | M] () -- C:\hiberfil.sys
    [2012/06/27 21:36:02 | 000,001,048 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/06/27 21:30:51 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Javier Payes\Desktop\OTL.exe
    [2012/06/27 20:43:09 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/06/27 20:40:27 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/06/27 20:26:14 | 002,584,128 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/06/27 20:26:14 | 000,751,842 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
    [2012/06/27 20:26:14 | 000,741,652 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
    [2012/06/27 20:26:14 | 000,658,544 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/06/27 20:26:14 | 000,161,080 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
    [2012/06/27 20:26:14 | 000,151,312 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
    [2012/06/27 20:26:14 | 000,124,214 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/06/27 20:25:45 | 004,570,514 | R--- | M] (Swearware) -- C:\Users\Javier Payes\Desktop\ComboFix.exe
    [2012/06/24 15:51:18 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2012/06/24 15:51:04 | 002,611,484 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2012/06/14 18:51:31 | 000,990,070 | ---- | M] () -- C:\Users\Javier Payes\Documents\hipertensiónarterial151.jpg
    [2012/06/14 15:26:59 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
    [2012/06/14 15:21:25 | 000,743,480 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2012/06/09 09:37:18 | 000,001,050 | ---- | M] () -- C:\Users\Javier Payes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
    [2012/06/04 16:41:12 | 000,000,956 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk

    ========== Files Created - No Company Name ==========

    [2012/06/27 20:28:31 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/06/27 20:28:31 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/06/27 20:28:31 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/06/27 20:28:31 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/06/27 20:28:31 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/06/24 15:51:11 | 000,001,915 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
    [2012/06/14 18:51:30 | 000,990,070 | ---- | C] () -- C:\Users\Javier Payes\Documents\hipertensiónarterial151.jpg
    [2012/06/04 16:37:38 | 000,000,956 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
    [2012/01/31 10:10:39 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
    [2012/01/31 10:07:51 | 002,392,064 | ---- | C] () -- C:\Windows\SysWow64\videotrans.dll
    [2012/01/31 10:07:51 | 000,215,040 | ---- | C] () -- C:\Windows\SysWow64\videoformat.dll
    [2012/01/31 10:07:51 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\imgscaler.dll
    [2012/01/31 10:07:51 | 000,022,016 | ---- | C] () -- C:\Windows\SysWow64\img_utils.dll
    [2012/01/31 10:07:51 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\videocore.dll
    [2012/01/31 10:07:48 | 000,217,088 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
    [2012/01/31 10:07:48 | 000,128,512 | ---- | C] () -- C:\Windows\SysWow64\xvid.dll
    [2012/01/25 22:42:54 | 002,469,760 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe
    [2012/01/25 22:42:54 | 000,019,840 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll
    [2012/01/25 22:42:53 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe
    [2012/01/25 22:42:53 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys
    [2012/01/25 22:42:53 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys
    [2011/11/09 21:32:41 | 016,590,692 | ---- | C] () -- C:\Program Files (x86)\THE_LEGEND_OF_ZELDA_25th_ANNIVERSARY.scr
    [2011/11/08 12:54:19 | 000,004,096 | -H-- | C] () -- C:\Users\Javier Payes\AppData\Local\keyfile3.drm
    [2011/10/30 23:32:53 | 000,010,752 | ---- | C] () -- C:\Users\Javier Payes\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/10/25 09:42:10 | 000,000,180 | ---- | C] () -- C:\Windows\youtube2mp3.ini
    [2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
    [2011/09/19 20:42:11 | 000,001,492 | ---- | C] () -- C:\ProgramData\ss.ini
    [2011/08/31 20:51:16 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
    [2011/08/31 20:51:16 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
    [2011/08/31 20:51:16 | 000,105,608 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
    [2011/08/31 20:26:20 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
    [2011/06/01 13:28:14 | 000,000,034 | ---- | C] () -- C:\Windows\ARPR.INI
    [2011/05/27 01:16:02 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\eautil.dll
    [2011/03/01 01:36:38 | 000,389,914 | ---- | C] () -- C:\ProgramData\bdinstall.bin
    [2011/01/28 12:50:48 | 000,042,664 | ---- | C] () -- C:\Windows\SysWow64\drivers\fsbts.sys
    [2011/01/28 12:43:40 | 000,002,648 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
    [2011/01/27 11:17:37 | 000,007,597 | ---- | C] () -- C:\Users\Javier Payes\AppData\Local\resmon.resmoncfg
    [2011/01/26 08:52:05 | 002,611,484 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2010/10/19 10:51:02 | 000,000,360 | ---- | C] () -- C:\Windows\MP3trt.ini
    [2010/10/12 21:03:25 | 000,000,000 | ---- | C] () -- C:\Windows\winfile.ini

    ========== LOP Check ==========

    [2010/10/26 15:57:25 | 000,000,000 | ---D | M] -- C:\Users\Javier Payes\AppData\Roaming\AnvSoft
    [2011/12/21 18:11:06 | 000,000,000 | ---D | M] -- C:\Users\Javier Payes\AppData\Roaming\Ashampoo
    [2011/07/04 20:20:01 | 000,000,000 | ---D | M] -- C:\Users\Javier Payes\AppData\Roaming\Bioshock
    [2011/11/15 18:56:17 | 000,000,000 | ---D | M] -- C:\Users\Javier Payes\AppData\Roaming\Canneverbe Limited
    [2011/06/25 11:01:31 | 000,000,000 | ---D | M] -- C:\Users\Javier Payes\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
    [2011/06/18 10:26:55 | 000,000,000 | ---D | M] -- C:\Users\Javier Payes\AppData\Roaming\com.adobe.px.Uploader.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1
    [2011/05/19 12:11:37 | 000,000,000 | ---D | M] -- C:\Users\Javier Payes\AppData\Roaming\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1
    [2011/10/03 18:04:05 | 000,000,000 | ---D | M] -- C:\Users\Javier Payes\AppData\Roaming\CurriculumFacil
    [2011/10/12 22:29:56 | 000,000,000 | ---D | M] -- C:\Users\Javier Payes\AppData\Roaming\Downloaded Installations
    [2012/06/27 21:43:07 | 000,000,000 | ---D | M] -- C:\Users\Javier Payes\AppData\Roaming\Dropbox
    [2011/10/25 09:49:12 | 000,000,000 | ---D | M] -- C:\Users\Javier Payes\AppData\Roaming\DVDVideoSoft
    [2011/02/26 19:52:58 | 000,000,000 | ---D | M] -- C:\Users\Javier Payes\AppData\Roaming\DVDVideoSoftIEHelpers
    [2011/01/27 17:44:18 | 000,000,000 | ---D | M] -- C:\Users\Javier Payes\AppData\Roaming\f-secure
    [2011/02/24 23:08:26 | 000,000,000 | ---D | M] -- C:\Users\Javier Payes\AppData\Roaming\FreeAudioPack
    [2011/12/22 21:42:19 | 000,000,000 | ---D | M] -- C:\Users\Javier Payes\AppData\Roaming\GetRightToGo
    [2012/03/29 12:54:58 | 000,000,000 | ---D | M] -- C:\Users\Javier Payes\AppData\Roaming\GrabPro
    [2012/06/21 18:13:12 | 000,000,000 | ---D | M] -- C:\Users\Javier Payes\AppData\Roaming\Hive Cluster
    [2011/04/26 11:07:00 | 000,000,000 | ---D | M] -- C:\Users\Javier Payes\AppData\Roaming\IObit
    [2011/09/11 10:00:22 | 000,000,000 | ---D | M] -- C:\Users\Javier Payes\AppData\Roaming\IVideoWare
    [2011/07/23 19:43:34 | 000,000,000 | ---D | M] -- C:\Users\Javier Payes\AppData\Roaming\Leadertech
    [2011/01/27 11:16:29 | 000,000,000 | ---D | M] -- C:\Users\Javier Payes\AppData\Roaming\NCH Swift Sound
    [2011/06/02 09:58:17 | 000,000,000 | ---D | M] -- C:\Users\Javier Payes\AppData\Roaming\Opera
    [2012/03/30 18:38:31 | 000,000,000 | ---D | M] -- C:\Users\Javier Payes\AppData\Roaming\Orbit
    [2011/06/01 13:27:47 | 000,000,000 | ---D | M] -- C:\Users\Javier Payes\AppData\Roaming\Philipp Winterberg
    [2012/03/29 12:55:01 | 000,000,000 | ---D | M] -- C:\Users\Javier Payes\AppData\Roaming\ProgSense
    [2011/03/01 01:37:15 | 000,000,000 | ---D | M] -- C:\Users\Javier Payes\AppData\Roaming\QuickScan
    [2012/06/27 12:11:32 | 000,000,000 | ---D | M] -- C:\Users\Javier Payes\AppData\Roaming\Rainmeter
    [2011/11/08 21:14:56 | 000,000,000 | ---D | M] -- C:\Users\Javier Payes\AppData\Roaming\Research In Motion
    [2012/03/10 21:14:36 | 000,000,000 | ---D | M] -- C:\Users\Javier Payes\AppData\Roaming\Rovio
    [2011/11/08 17:28:53 | 000,000,000 | ---D | M] -- C:\Users\Javier Payes\AppData\Roaming\Spotify
    [2012/03/15 10:42:44 | 000,000,000 | ---D | M] -- C:\Users\Javier Payes\AppData\Roaming\Stardock
    [2012/06/21 20:09:08 | 000,000,000 | ---D | M] -- C:\Users\Javier Payes\AppData\Roaming\uTorrent
    [2012/04/27 20:46:32 | 000,000,000 | ---D | M] -- C:\Users\Javier Payes\AppData\Roaming\Vso
    [2012/06/27 20:40:01 | 000,032,636 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========
  20. NeonBonez

    NeonBonez Newcomer, in training Topic Starter Posts: 23

    ========== Custom Scans ==========

    < >

    < %SYSTEMDRIVE%\*.* >
    [2011/03/29 09:13:23 | 000,001,011 | ---- | M] () -- C:\bdlog.txt
    [2012/06/27 20:51:28 | 000,026,651 | ---- | M] () -- C:\ComboFix.txt
    [2012/06/27 21:41:28 | 3061,829,632 | -HS- | M] () -- C:\hiberfil.sys
    [2012/03/21 16:56:08 | 000,921,624 | ---- | M] () -- C:\img2-001.raw
    [2012/06/27 21:42:35 | 4082,442,240 | -HS- | M] () -- C:\pagefile.sys
    [2010/10/12 04:54:39 | 000,000,206 | ---- | M] () -- C:\realtek.log
    [2010/10/12 04:54:39 | 000,002,246 | ---- | M] () -- C:\RHDSetup.log
    [2010/11/16 01:54:34 | 000,000,000 | ---- | M] () -- C:\t13k.1
    [2010/11/15 09:04:44 | 000,000,000 | ---- | M] () -- C:\t148.1
    [2010/11/15 09:04:44 | 000,000,000 | ---- | M] () -- C:\t148.2

    < %systemroot%\Fonts\*.com >
    [2009/07/14 00:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/14 00:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/14 00:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/14 00:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 15:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2011/11/09 20:53:15 | 016,590,692 | ---- | M] () -- C:\Windows\THE_LEGEND_OF_ZELDA_25th_ANNIVERSARY.scr
    [2010/11/10 03:28:46 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/13 23:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
    [2011/11/09 21:32:42 | 016,590,692 | ---- | M] () -- C:\Program Files (x86)\THE_LEGEND_OF_ZELDA_25th_ANNIVERSARY.scr
    [2011/11/09 21:32:48 | 001,163,348 | ---- | M] (SERIALGAMES Inc.) -- C:\Program Files (x86)\THE_LEGEND_OF_ZELDA_25th_ANNIVERSARYUninst.exe

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2011/05/20 12:19:58 | 000,000,221 | -HS- | M] () -- C:\Users\Javier Payes\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2012/06/27 20:25:45 | 004,570,514 | R--- | M] (Swearware) -- C:\Users\Javier Payes\Desktop\ComboFix.exe
    [2012/06/27 21:30:51 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Javier Payes\Desktop\OTL.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >
    [2009/06/26 17:24:18 | 000,013,023 | ---- | M] () -- C:\Windows\VX3000.src

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\tasks\*.* >
    [2012/06/27 20:43:09 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/06/27 21:42:44 | 000,001,044 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/06/27 21:36:02 | 000,001,048 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/06/27 21:42:41 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2012/06/27 20:40:01 | 000,032,636 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 16:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >
    [2012/03/21 11:45:07 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
    [2012/03/21 11:45:07 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
    [2011/03/01 04:23:13 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
    [2011/03/01 04:23:13 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
    [2012/03/21 11:45:08 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2012/02/17 11:32:59 | 000,000,402 | -HS- | M] () -- C:\Users\Javier Payes\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2011/03/29 09:14:51 | 000,389,914 | ---- | M] () -- C:\ProgramData\bdinstall.bin
    [2011/01/28 12:43:40 | 000,002,648 | ---- | M] () -- C:\ProgramData\LUUnInstall.LiveUpdate
    [2011/11/10 20:01:18 | 000,001,492 | ---- | M] () -- C:\ProgramData\ss.ini

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /I " " /c >

    < dir /b "%systemroot%\*.exe" | find /I " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >
    [1999/09/10 13:06:00 | 000,004,672 | ---- | M] (Adaptec) -- C:\Windows\system\WOWPOST.EXE

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs >

    ========== Files - Unicode (All) ==========
    [2011/03/29 09:14:52 | 000,000,000 | ---- | M] ()(C:\Windows\SysNative\?????) -- C:\Windows\SysNative\獷楬汢捯污
    [2011/03/29 09:13:24 | 000,000,000 | ---- | C] ()(C:\Windows\SysNative\?????) -- C:\Windows\SysNative\獷楬汢捯污

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:C1F4198F

    < End of report >
  21. Broni

    Broni Malware Annihilator Posts: 46,143   +251

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll File not found
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      @Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:C1F4198F
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ========================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  22. NeonBonez

    NeonBonez Newcomer, in training Topic Starter Posts: 23

    All right, OTL gave me the following log:


    All processes killed
    ========== OTL ==========
    64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ deleted successfully.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\Windows\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    ADS C:\ProgramData\TEMP:C1F4198F deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 56468 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Javier Payes
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 220184911 bytes
    ->Java cache emptied: 1375913 bytes
    ->FireFox cache emptied: 51212052 bytes
    ->Google Chrome cache emptied: 374215517 bytes
    ->Flash cache emptied: 130084 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 536464 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 29351626 bytes
    RecycleBin emptied: 1029145872 bytes

    Total Files Cleaned = 1,627.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: Javier Payes
    ->Java cache emptied: 0 bytes

    User: Public

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Javier Payes
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.53.0 log created on 06282012_093322

    Files\Folders moved on Reboot...

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
  23. NeonBonez

    NeonBonez Newcomer, in training Topic Starter Posts: 23

    The Security Check log:

    Results of screen317's Security Check version 0.99.24
    Windows 7 x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Spybot - Search & Destroy
    Java(TM) 6 Update 31
    Out of date Java installed!
    Adobe Flash Player 11.3.300.262
    Adobe Reader X (10.1.3)
    Mozilla Firefox (x86 en-US..)
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Windows Defender MSMpEng.exe
    Malwarebytes' Anti-Malware mbamservice.exe
    Malwarebytes' Anti-Malware mbamgui.exe
    Microsoft Security Essentials msseces.exe
    ``````````End of Log````````````
  24. NeonBonez

    NeonBonez Newcomer, in training Topic Starter Posts: 23

    Farbar Service Scanner Log:

    Farbar Service Scanner Version: 25-06-2012 01
    Ran by Javier Payes (administrator) on 28-06-2012 at 09:46:05
    Running from "C:\Users\Javier Payes\Downloads"
    Microsoft Windows 7 Enterprise Service Pack 1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============

    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend service is OK.
    The ServiceDll of WinDefend service is OK.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll => MD5 is legit
    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****
  25. NeonBonez

    NeonBonez Newcomer, in training Topic Starter Posts: 23

    Ran Temp File Cleaner and ESET. This is the ESET Log:

    C:\Qoobox\Quarantine\C\Users\Javier Payes\AppData\Local\TempDIR\BetterInstaller.exe.vir a variant of Win32/Somoto.A application cleaned by deleting - quarantined
    C:\Users\Javier Payes\Downloads\cnet2_OrbitDownloaderSetup_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.