Solved Sirefef Infection. Constantly restarts.

NeonBonez

Posts: 23   +0
Hi, I'm running Windows 7 Enterprise (64-bit version) and I've been infected with Sirefef.Y and Sirefef.B Microsoft Security Essentials detects them but is unable to remove it because it reboots after a minute. I've already used the frst64 program and it showed the following:


Scan result of Farbar Recovery Scan Tool Version: 25-06-2012
Ran by SYSTEM at 27-06-2012 18:59:38
Running from H:\
Windows 7 Enterprise (X64) OS Language: Spanish Modern Sort
The current controlset is ControlSet001
========================== Registry (Whitelisted) =============
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [8306208 2009-10-21] (Realtek Semiconductor)
HKLM\...\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe [x]
HKLM\...\Run: [VX3000] C:\Windows\vVX3000.exe [762736 2010-05-20] (Microsoft Corporation)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [167704 2011-09-01] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [392472 2011-09-01] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [416024 2011-09-01] (Intel Corporation)
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-27] (Microsoft Corporation)
HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-02] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2010-06-10] (Hewlett-Packard)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-02] (Apple Inc.)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [79192 2011-02-18] (Research In Motion Limited)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" [119152 2010-05-20] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)
HKLM-x32\...\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START [83336 2009-07-22] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot [296056 2012-06-14] (RealNetworks, Inc.)
HKU\Javier Payes\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1242448 2012-04-05] (Valve Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.1.2.254 10.1.2.214 10.1.2.253
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
Startup: C:\Users\All Users\Start Menu\Programs\Startup\Rainmeter.lnk
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()
==================== Services (Whitelisted) ======
2 Capture Device Service; "C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe" [200704 2006-08-11] (InterVideo Inc.)
3 LiveUpdate; "C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE" [3093880 2009-07-13] (Symantec Corporation)
2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-27] (Microsoft Corporation)
2 RapiMgr; C:\Windows\WindowsMobile\rapimgr.dll [225672 2007-05-31] (Microsoft Corporation)
2 UNS; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" [2320920 2009-12-09] (Intel Corporation)
2 WcesComm; C:\Windows\WindowsMobile\wcescomm.dll [443784 2007-05-31] (Microsoft Corporation)
========================== Drivers (Whitelisted) =============
1 ASPI32; C:\Windows\SysWow64\Drivers\ASPI32.sys [25244 1999-09-10] (Adaptec)
3 BthAvrcp; C:\Windows\System32\Drivers\BthAvrcp.sys [29184 2009-08-13] (CSR, plc)
3 e1kexpress; C:\Windows\System32\DRIVERS\e1k62x64.sys [301232 2010-04-06] (Intel Corporation)
1 eeCtrl; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [475696 2010-09-16] (Symantec Corporation)
3 epmntdrv; \??\C:\Windows\system32\epmntdrv.sys [16776 2011-07-29] ()
3 EuGdiDrv; \??\C:\Windows\system32\EuGdiDrv.sys [9096 2011-07-29] ()
3 nmwcdcx64; C:\Windows\System32\drivers\ccdcmbox64.sys [23552 2008-05-02] (Nokia)
3 nmwcdx64; C:\Windows\System32\Drivers\nmwcdx64.sys [173056 2007-06-28] (Nokia)
3 PPJoyBus; C:\Windows\System32\DRIVERS\PPJoyBus64.sys [20032 2009-11-04] (Deon van der Westhuysen)
3 PPortJoystick; C:\Windows\System32\DRIVERS\PPortJoy64.sys [39488 2009-11-04] (Deon van der Westhuysen)
2 SecDrv; C:\Windows\SysWow64\Drivers\SecDrv.sys [11376 2002-10-08] ()
3 tap0901; C:\Windows\System32\Drivers\tap0901.sys [30720 2010-11-23] (The OpenVPN Project)
3 tosporte; C:\Windows\System32\Drivers\tosporte.sys [54664 2009-06-17] (TOSHIBA Corporation)
3 tosrfbd; C:\Windows\System32\Drivers\tosrfbd.sys [291760 2010-12-12] (TOSHIBA CORPORATION)
3 tosrfbnp; C:\Windows\System32\Drivers\tosrfbnp.sys [50864 2010-11-11] (TOSHIBA Corporation)
1 Tosrfcom; C:\Windows\System32\Drivers\Tosrfcom.sys [82224 2010-11-29] (TOSHIBA Corporation)
3 Tosrfhid; C:\Windows\System32\Drivers\Tosrfhid.sys [94528 2010-08-30] (TOSHIBA Corporation.)
3 tosrfnds; C:\Windows\System32\Drivers\tosrfnds.sys [26472 2009-07-24] (TOSHIBA Corporation.)
3 TosRfSnd; C:\Windows\System32\Drivers\TosRfSnd.sys [63488 2010-04-26] (TOSHIBA Corporation)
3 upperdev; C:\Windows\System32\DRIVERS\usbser_lowerfltx64.sys [8704 2008-05-02] (Windows (R) Codename Longhorn DDK provider)
3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltx64j.sys [8704 2008-05-02] (Windows (R) Codename Longhorn DDK provider)
3 VX3000; C:\Windows\System32\Drivers\VX3000.sys [2060144 2010-05-20] (Microsoft Corporation)
3 WCG200NTamd64; C:\Windows\System32\DRIVERS\WCG200V2NTamd64.sys [18560 2006-01-12] (Cisco-Linksys, LLC.)
3 BlueletAudio; C:\Windows\System32\DRIVERS\blueletaudio.sys [x]
3 BlueletSCOAudio; C:\Windows\System32\DRIVERS\BlueletSCOAudio.sys [x]
3 BT; C:\Windows\System32\DRIVERS\btnetdrv.sys [x]
3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [x]
0 BTHidEnum; C:\Windows\System32\Drivers\vbtenum.sys [x]
0 BTHidMgr; C:\Windows\System32\Drivers\BTHidMgr.sys [x]
3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
3 VComm; C:\Windows\System32\DRIVERS\VComm.sys [x]
3 VcommMgr; C:\Windows\System32\Drivers\VcommMgr.sys [x]
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]
3 VHidMinidrv; C:\Windows\System32\drivers\VHIDMini.sys [x]
========================== NetSvcs (Whitelisted) ===========
 
============ One Month Created Files and Folders ==============
2012-06-28 00:25 - 2012-06-28 00:25 - 00328704 ___AC (Microsoft Corporation) C:\Windows\System32\services.exe.443E440A2239DFD4
2012-06-28 00:21 - 2012-06-28 00:25 - 10063000 ___AC (Malwarebytes Corporation ) C:\Users\Javier Payes\Downloads\mbam-setup-1.61.0.1400.exe
2012-06-28 00:20 - 2012-06-28 00:20 - 00000068 ___AC C:\Users\Javier Payes\Desktop\Preliminary Virus and Malware Removal.URL
2012-06-28 00:17 - 2012-06-28 00:21 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-28 00:17 - 2012-06-28 00:21 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-28 00:17 - 2012-06-28 00:21 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-28 00:17 - 2012-06-28 00:21 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-28 00:17 - 2012-06-28 00:21 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-28 00:17 - 2012-06-28 00:21 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-28 00:17 - 2012-06-28 00:21 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-28 00:16 - 2012-06-28 00:21 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-28 00:16 - 2012-06-28 00:21 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-27 18:59 - 2012-06-27 19:00 - 00000000 ___DC C:\FRST
2012-06-24 22:01 - 2012-06-24 22:01 - 00000000 ___DC C:\Users\Javier Payes\AppData\Local\Macromedia
2012-06-24 21:51 - 2012-06-24 21:51 - 00000000 ___DC C:\Program Files (x86)\Microsoft Security Client
2012-06-24 21:50 - 2012-06-24 21:51 - 00000000 ___DC C:\Program Files\Microsoft Security Client
2012-06-24 21:14 - 2012-06-24 21:25 - 12621696 ___AC (Microsoft Corporation) C:\Users\Javier Payes\Downloads\mseinstall.exe
2012-06-22 00:55 - 2012-06-22 00:58 - 28102070 ___AC C:\Users\Javier Payes\Downloads\NINTEMOD_Mario_64_completo.zip
2012-06-22 00:18 - 2012-06-22 00:18 - 00000000 ___DC C:\Users\Javier Payes\Downloads\DiscEX-v0.8b-cred(1)
2012-06-22 00:13 - 2012-06-22 00:13 - 00000000 ___DC C:\Users\Javier Payes\AppData\Roaming\Hive Cluster
2012-06-21 23:43 - 2012-06-21 23:43 - 00001069 ___AC C:\Users\Javier Payes\Desktop\Super Meat Boy.lnk
2012-06-21 23:43 - 2012-06-21 23:43 - 00000000 ___DC C:\Program Files (x86)\Super Meat Boy
2012-06-21 23:41 - 2012-06-21 23:41 - 00196921 ___AC (Team USB Loader GX) C:\Users\Javier Payes\Downloads\USBLoaderGX_Installer_v1.8(1).exe
2012-06-21 23:35 - 2012-06-21 23:35 - 00196921 ___AC (Team USB Loader GX) C:\Users\Javier Payes\Downloads\USBLoaderGX_Installer_v1.8.exe
2012-06-21 23:35 - 2012-06-21 23:35 - 00161942 ___AC C:\Users\Javier Payes\Downloads\DML Installer 1.1 WiiPower.zip
2012-06-21 23:34 - 2012-06-21 23:35 - 00720170 ___AC C:\Users\Javier Payes\Downloads\DiscEX-v0.8b-cred(1).rar
2012-06-21 21:44 - 2012-06-21 21:44 - 00000000 _SHDC C:\Windows\System32\%APPDATA%
2012-06-20 01:34 - 2012-06-20 01:51 - 15946217 ___AC C:\Users\Javier Payes\Downloads\hawkthorne-win-x64(6).zip
2012-06-19 03:32 - 2012-06-18 20:47 - 00000000 ___DC C:\Users\Javier Payes\Downloads\Glen Hansard - Rhythm and Repose (2012)
2012-06-19 03:14 - 2012-06-19 03:15 - 03544292 ___AC C:\Users\Javier Payes\Downloads\Strangest Feeling - JessieWare.mp3
2012-06-19 03:13 - 2012-06-19 03:32 - 112012819 ___AC C:\Users\Javier Payes\Downloads\www.NewAlbumReleases.net_Glen Hansard - Rhythm and Repose (2012).rar
2012-06-19 03:13 - 2012-06-19 03:14 - 05085726 ___AC C:\Users\Javier Payes\Downloads\Jessie Ware - Running (Disclosure Remix) - JessieWare.mp3
2012-06-19 03:13 - 2012-06-19 03:14 - 04304142 ___AC C:\Users\Javier Payes\Downloads\Jessie Ware - Running - JessieWare.mp3
2012-06-19 03:13 - 2012-06-19 03:14 - 03912514 ___AC C:\Users\Javier Payes\Downloads\Jessie Ware - What You Won't Do For Love - JessieWare.mp3
2012-06-19 03:13 - 2012-06-19 03:14 - 03326118 ___AC C:\Users\Javier Payes\Downloads\Jessie Ware - 110% - JessieWare.mp3
2012-06-15 16:15 - 2012-06-15 16:15 - 00000000 ___DC C:\Users\Javier Payes\Downloads\www.NewAlbumReleases.net_Fiona Apple - The Idler Wheel (2012)
2012-06-15 15:58 - 2012-06-15 16:12 - 87436733 ___AC C:\Users\Javier Payes\Downloads\www.NewAlbumReleases.net_Fiona Apple - The Idler Wheel (2012).rar
2012-06-15 15:44 - 2012-06-15 15:44 - 00000000 ___DC C:\Users\Javier Payes\AppData\Local\{B0DA6E0E-25E6-4C6C-97A2-E21D25D8C269}
2012-06-15 14:58 - 2012-06-15 14:58 - 01961925 ___AC C:\Users\Javier Payes\Downloads\Scan.jpeg
2012-06-15 01:45 - 2012-06-15 01:45 - 00000000 ___DC C:\Users\Javier Payes\Downloads\M-1161
2012-06-15 00:59 - 2012-06-15 00:59 - 00000000 ___DC C:\Users\Javier Payes\Downloads\SP MANUAL
2012-06-15 00:58 - 2012-06-15 01:17 - 251265724 ___AC C:\Users\Javier Payes\Downloads\H428.wmv
2012-06-15 00:58 - 2012-06-15 00:59 - 03109005 ___AC C:\Users\Javier Payes\Downloads\SP MANUAL.rar
2012-06-15 00:24 - 2012-06-15 00:54 - 00000000 ___DC C:\Users\Javier Payes\Documents\Hipertensión Arterial
2012-06-15 00:24 - 2012-06-15 00:24 - 00190520 ___AC C:\Users\Javier Payes\Documents\Hipertensión Arterial.pptx
2012-06-15 00:11 - 2012-06-19 22:50 - 188674912 ___AC C:\Users\Javier Payes\Downloads\FHarp.mp4.part
2012-06-14 23:24 - 2012-06-15 00:28 - 285658457 ___AC C:\Users\Javier Payes\Downloads\M-1161.zip
2012-06-14 22:36 - 2012-06-14 23:06 - 12995712 ___AC C:\Users\Javier Payes\Downloads\ID-Clip-261.flv
2012-06-14 21:38 - 2012-06-14 22:05 - 124186910 ___AC C:\Users\Javier Payes\Downloads\ID-Clip-255.flv
2012-06-14 21:27 - 2012-06-14 21:27 - 00198832 ___AC (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
2012-06-14 21:27 - 2012-06-14 21:27 - 00006656 ___AC (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll
2012-06-14 21:27 - 2012-06-14 21:27 - 00005632 ___AC (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll
2012-06-14 21:26 - 2012-06-14 21:26 - 00499712 ___AC (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2012-06-14 21:26 - 2012-06-14 21:26 - 00348160 ___AC (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2012-06-14 21:26 - 2012-06-14 21:26 - 00272896 ___AC (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
2012-06-14 21:02 - 2012-06-14 21:04 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-14 21:02 - 2012-06-14 21:04 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-14 21:02 - 2012-06-14 21:04 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-14 21:02 - 2012-06-14 21:04 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-14 21:02 - 2012-06-14 21:04 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-14 21:02 - 2012-06-14 21:04 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-14 21:02 - 2012-06-14 21:04 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-14 21:02 - 2012-06-14 21:04 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-14 21:02 - 2012-06-14 21:04 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-14 21:02 - 2012-06-14 21:04 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-14 21:02 - 2012-06-14 21:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-14 21:02 - 2012-06-14 21:04 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-14 21:02 - 2012-06-14 21:04 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-14 21:02 - 2012-06-14 21:04 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-14 21:02 - 2012-06-14 21:04 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-14 21:02 - 2012-06-14 21:04 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-14 21:02 - 2012-06-14 21:04 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-14 21:02 - 2012-06-14 21:04 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-14 21:02 - 2012-06-14 21:04 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-14 21:02 - 2012-06-14 21:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-14 21:02 - 2012-06-14 21:04 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-14 21:02 - 2012-06-14 21:04 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-14 21:02 - 2012-06-14 21:04 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-14 21:02 - 2012-06-14 21:04 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-14 21:02 - 2012-06-14 21:04 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-14 21:02 - 2012-06-14 21:04 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-14 21:02 - 2012-06-14 21:04 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-14 21:02 - 2012-06-14 21:04 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-13 19:31 - 2012-06-14 21:11 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-06-13 19:31 - 2012-06-14 21:11 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-06-13 19:31 - 2012-06-14 21:11 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-06-13 19:31 - 2012-06-14 21:06 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-06-13 19:31 - 2012-06-14 21:05 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-06-13 19:31 - 2012-06-14 21:05 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-06-13 19:31 - 2012-06-14 21:05 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-06-13 19:30 - 2012-06-14 21:05 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-06-13 19:30 - 2012-06-14 21:05 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-13 19:30 - 2012-06-14 21:05 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2012-06-13 19:30 - 2012-06-14 21:05 - 01112064 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2012-06-13 19:30 - 2012-06-14 21:05 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-13 19:30 - 2012-06-14 21:04 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-06-13 19:30 - 2012-06-14 21:04 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-06-13 19:30 - 2012-06-14 21:04 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-06-13 19:30 - 2012-06-14 21:04 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-06-13 19:30 - 2012-06-14 21:04 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-06-13 19:30 - 2012-06-14 21:04 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-06-12 14:51 - 2012-06-12 14:58 - 56727340 ___AC C:\Users\Javier Payes\Downloads\Fiona_Apple_-_12.rar.part
2012-06-10 23:11 - 2012-06-10 23:11 - 00000000 ___DC C:\Users\Javier Payes\Downloads\hawkthorne-win-x64(5)
2012-06-10 23:08 - 2012-06-10 23:08 - 08458279 ___AC C:\Users\Javier Payes\Downloads\hawkthorne-win-x64(5).zip
2012-06-10 21:43 - 2012-06-10 21:43 - 00000000 ___DC C:\Users\Javier Payes\Downloads\www.NewAlbumReleases.net_Florrie - Late (2012)
2012-06-10 21:15 - 2012-06-10 21:16 - 12511934 ___AC C:\Users\Javier Payes\Downloads\Fifteen.mp3
2012-06-10 21:11 - 2012-06-10 21:43 - 32730391 ___AC C:\Users\Javier Payes\Downloads\www.NewAlbumReleases.net_Florrie - Late (2012).rar
2012-06-09 22:54 - 2012-06-09 22:54 - 00000000 ___DC C:\Users\Javier Payes\Downloads\hawkthorne-win-x64(4)
2012-06-09 22:53 - 2012-06-09 22:54 - 07894861 ___AC C:\Users\Javier Payes\Downloads\hawkthorne-win-x64(4).zip
2012-06-06 02:35 - 2012-06-14 22:00 - 477821224 ___AC C:\Users\Javier Payes\Downloads\HN.mp4
2012-06-06 00:05 - 2012-06-19 22:40 - 02008337 ___AC C:\Users\Javier Payes\Downloads\ID.flv.part
2012-06-06 00:03 - 2012-06-06 00:03 - 00000000 ___AC C:\Users\Javier Payes\Downloads\H426.wmv.part
2012-06-05 15:51 - 2012-06-05 15:51 - 00000011 ___AC C:\Users\Javier Payes\Downloads\GetAttachment.aspx
2012-06-04 22:41 - 2012-06-04 22:41 - 00000000 ___DC C:\Users\Javier Payes\AppData\Local\Toshiba
2012-06-04 22:41 - 2012-06-04 22:41 - 00000000 ___DC C:\Users\All Users\TOSHIBA
2012-06-04 22:36 - 2012-06-04 22:36 - 00000000 _SHDC C:\Windows\SysWOW64\%APPDATA%
2012-06-04 22:35 - 2012-06-04 22:35 - 00000000 ___DC C:\Program Files (x86)\Toshiba
2012-06-04 22:35 - 2009-06-19 03:42 - 00040832 ___AC (TOSHIBA CORPORATION.) C:\Windows\System32\Drivers\TosBtCi.dll
2012-06-04 18:15 - 2012-06-04 18:15 - 00451689 ___AC C:\Users\Javier Payes\Downloads\pacman_championship_c3.jar
2012-06-04 17:31 - 2012-06-04 17:40 - 88149800 ___AC C:\Users\Javier Payes\Downloads\Nintendo Direct Pre E3 2012(360p_H.264-AAC).mp4
2012-06-04 04:03 - 2012-06-04 04:03 - 00000000 ___DC C:\Users\Javier Payes\Downloads\hawkthorne-win-x64(3)
2012-06-04 04:01 - 2012-06-04 04:03 - 08801128 ___AC C:\Users\Javier Payes\Downloads\hawkthorne-win-x64(3).zip
2012-05-31 03:55 - 2012-05-31 03:55 - 00000000 ___DC C:\Users\Javier Payes\Downloads\hawkthorne-win-x64(2)
2012-05-31 03:50 - 2012-05-31 03:58 - 00000000 ___DC C:\Users\Javier Payes\Documents\Onchocerca volvulus
2012-05-31 03:49 - 2012-05-31 03:49 - 01724222 ___AC C:\Users\Javier Payes\Documents\Onchocerca volvulus.pptx
2012-05-31 01:37 - 2012-05-31 01:41 - 10897303 ___AC C:\Users\Javier Payes\Downloads\hawkthorne-win-x64(2).zip
2012-05-29 02:41 - 2012-05-29 02:44 - 02110126 ___AC C:\Users\Javier Payes\Downloads\Wildheart - Beat Connection.mp3
2012-05-29 02:41 - 2012-05-29 02:41 - 04515630 ___AC C:\Users\Javier Payes\Downloads\Think_Feel (feat. Chelsey Scheffe) - Beat Connection.mp3
2012-05-29 02:40 - 2012-05-29 02:44 - 04000555 ___AC C:\Users\Javier Payes\Downloads\The Palace Garden, 4am - Beat Connection.mp3
2012-05-29 02:39 - 2012-05-29 02:44 - 05058828 ___AC C:\Users\Javier Payes\Downloads\Silver Screen - Beat Connection.mp3
2012-05-29 02:39 - 2012-05-29 02:44 - 03367347 ___AC C:\Users\Javier Payes\Downloads\Sunburn - Beat Connection.mp3
2012-05-29 02:38 - 2012-05-29 02:44 - 05929019 ___AC C:\Users\Javier Payes\Downloads\Memories (Beat Connection Remix).mp3
2012-05-29 02:38 - 2012-05-29 02:44 - 05056738 ___AC C:\Users\Javier Payes\Downloads\Same Damn Time - Beat Connection.mp3
2012-05-29 02:38 - 2012-05-29 02:44 - 02058299 ___AC C:\Users\Javier Payes\Downloads\Motorway - Beat Connection.mp3
2012-05-29 02:37 - 2012-05-29 02:44 - 05327994 ___AC C:\Users\Javier Payes\Downloads\In the Water - Beat Connection.mp3
2012-05-29 02:37 - 2012-05-29 02:44 - 03094002 ___AC C:\Users\Javier Payes\Downloads\Fresh Touch - Beat Connection.mp3
2012-05-29 02:26 - 2012-05-29 02:27 - 03566026 ___AC C:\Users\Javier Payes\Downloads\_Speed The Collapse_ - Metric.mp3
2012-05-29 02:26 - 2012-05-29 02:26 - 02111529 ___AC C:\Users\Javier Payes\Downloads\Bobby Womack - Dayglo Reflection (feat. Lana Del Rey).mp3
2012-05-29 02:26 - 2012-05-29 02:26 - 01844662 ___AC C:\Users\Javier Payes\Downloads\Lana Del Rey - Goodbye Kiss in the Radio 1 Live Lounge.mp3
2012-05-29 02:20 - 2012-05-29 02:22 - 07219546 ___AC C:\Users\Javier Payes\Downloads\Florence + The Machine vs Calvin Harris - Spectrum (Say My Name).mp3
2012-05-29 01:51 - 2012-05-29 02:16 - 262598247 ___AC C:\Users\Javier Payes\Downloads\M-1127.zip
2012-05-29 01:00 - 2012-06-06 03:31 - 97698884 ___AC C:\Users\Javier Payes\Downloads\H422.wmv.part
2012-05-28 04:47 - 2012-05-28 04:48 - 00000000 ___DC C:\Users\Javier Payes\Documents\CDPresentación3
2012-05-28 04:14 - 2012-06-10 19:31 - 00000000 ___DC C:\Users\Javier Payes\Downloads\hawkthorne
2012-05-28 04:14 - 2012-05-28 04:14 - 00000000 ___DC C:\Users\Javier Payes\Downloads\hawkthorne-win-x64(1)
2012-05-28 04:13 - 2012-05-28 04:14 - 10824948 ___AC C:\Users\Javier Payes\Downloads\hawkthorne-win-x64(1).zip
2012-05-28 01:54 - 2012-05-28 04:46 - 01788313 ___AC C:\Users\Javier Payes\Documents\EL SUELO.pptx
 
============ 3 Months Modified Files and Folders =============
2012-06-28 00:37 - 2011-02-24 01:55 - 00001048 ___AC C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-06-28 00:37 - 2011-02-24 01:55 - 00001044 ___AC C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-06-28 00:37 - 2009-07-14 00:19 - 00328704 ___AC (Microsoft Corporation) C:\Windows\System32\services.exe
2012-06-28 00:36 - 2012-04-05 20:37 - 00000000 ___DC C:\Program Files (x86)\Steam
2012-06-28 00:36 - 2012-01-08 16:35 - 00000000 ___DC C:\Users\Javier Payes\AppData\Roaming\Dropbox
2012-06-28 00:35 - 2012-03-21 17:45 - 00009195 ___AC C:\Windows\setupact.log
2012-06-28 00:35 - 2009-07-14 06:08 - 00000006 __AHC C:\Windows\Tasks\SA.DAT
2012-06-28 00:26 - 2009-07-14 05:45 - 00015152 __AHC C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-06-28 00:26 - 2009-07-14 05:45 - 00015152 __AHC C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-06-28 00:25 - 2012-06-28 00:25 - 00328704 ___AC (Microsoft Corporation) C:\Windows\System32\services.exe.443E440A2239DFD4
2012-06-28 00:25 - 2012-06-28 00:21 - 10063000 ___AC (Malwarebytes Corporation ) C:\Users\Javier Payes\Downloads\mbam-setup-1.61.0.1400.exe
2012-06-28 00:21 - 2012-06-28 00:17 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-28 00:21 - 2012-06-28 00:17 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-28 00:21 - 2012-06-28 00:17 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-28 00:21 - 2012-06-28 00:17 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-28 00:21 - 2012-06-28 00:17 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-28 00:21 - 2012-06-28 00:17 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-28 00:21 - 2012-06-28 00:17 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-28 00:21 - 2012-06-28 00:16 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-28 00:21 - 2012-06-28 00:16 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-28 00:21 - 2010-10-13 11:19 - 02077993 ___AC C:\Windows\WindowsUpdate.log
2012-06-28 00:20 - 2012-06-28 00:20 - 00000068 ___AC C:\Users\Javier Payes\Desktop\Preliminary Virus and Malware Removal.URL
2012-06-28 00:14 - 2012-01-08 16:45 - 00000000 __RDC C:\Users\Javier Payes\Dropbox
2012-06-28 00:13 - 2012-04-20 01:07 - 00000830 ___AC C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-06-28 00:12 - 2010-10-12 10:21 - 00000000 ___DC C:\users\Javier Payes
2012-06-27 19:00 - 2012-06-27 18:59 - 00000000 ___DC C:\FRST
2012-06-27 18:11 - 2012-03-15 16:15 - 00000000 ___DC C:\Users\Javier Payes\AppData\Roaming\Rainmeter
2012-06-27 18:11 - 2011-02-24 01:54 - 00000000 ___DC C:\Users\All Users\Real
2012-06-27 18:11 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\registration
2012-06-24 22:13 - 2012-01-11 18:06 - 00000000 _SHDC C:\Users\Javier Payes\AppData\Local\{938cf1c4-6115-446a-91cc-0ed5a15e6eac}
2012-06-24 22:01 - 2012-06-24 22:01 - 00000000 ___DC C:\Users\Javier Payes\AppData\Local\Macromedia
2012-06-24 21:51 - 2012-06-24 21:51 - 00000000 ___DC C:\Program Files (x86)\Microsoft Security Client
2012-06-24 21:51 - 2012-06-24 21:50 - 00000000 ___DC C:\Program Files\Microsoft Security Client
2012-06-24 21:51 - 2011-01-26 14:52 - 02611484 ___AC C:\Windows\SysWOW64\PerfStringBackup.INI
2012-06-24 21:51 - 2011-01-26 14:52 - 00001945 ___AC C:\Windows\epplauncher.mif
2012-06-24 21:51 - 2010-10-26 03:34 - 00741652 ___AC C:\Windows\System32\perfh00C.dat
2012-06-24 21:51 - 2010-10-26 03:34 - 00151312 ___AC C:\Windows\System32\perfc00C.dat
2012-06-24 21:51 - 2009-07-14 11:30 - 00751842 ___AC C:\Windows\System32\perfh00A.dat
2012-06-24 21:51 - 2009-07-14 11:30 - 00161080 ___AC C:\Windows\System32\perfc00A.dat
2012-06-24 21:45 - 2012-04-20 01:07 - 00426184 ___AC (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-06-24 21:45 - 2011-05-19 15:31 - 00070344 ___AC (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-06-24 21:25 - 2012-06-24 21:14 - 12621696 ___AC (Microsoft Corporation) C:\Users\Javier Payes\Downloads\mseinstall.exe
2012-06-24 21:08 - 2009-07-14 04:20 - 00000000 ___DC C:\Windows\System32\NDF
2012-06-22 02:09 - 2011-12-25 20:07 - 00000000 ___DC C:\Users\Javier Payes\AppData\Roaming\uTorrent
2012-06-22 00:58 - 2012-06-22 00:55 - 28102070 ___AC C:\Users\Javier Payes\Downloads\NINTEMOD_Mario_64_completo.zip
2012-06-22 00:29 - 2012-01-25 04:16 - 00000000 ___DC C:\Users\Javier Payes\Documents\WBFS Manager Covers
2012-06-22 00:18 - 2012-06-22 00:18 - 00000000 ___DC C:\Users\Javier Payes\Downloads\DiscEX-v0.8b-cred(1)
2012-06-22 00:13 - 2012-06-22 00:13 - 00000000 ___DC C:\Users\Javier Payes\AppData\Roaming\Hive Cluster
2012-06-21 23:43 - 2012-06-21 23:43 - 00001069 ___AC C:\Users\Javier Payes\Desktop\Super Meat Boy.lnk
2012-06-21 23:43 - 2012-06-21 23:43 - 00000000 ___DC C:\Program Files (x86)\Super Meat Boy
2012-06-21 23:41 - 2012-06-21 23:41 - 00196921 ___AC (Team USB Loader GX) C:\Users\Javier Payes\Downloads\USBLoaderGX_Installer_v1.8(1).exe
2012-06-21 23:35 - 2012-06-21 23:35 - 00196921 ___AC (Team USB Loader GX) C:\Users\Javier Payes\Downloads\USBLoaderGX_Installer_v1.8.exe
2012-06-21 23:35 - 2012-06-21 23:35 - 00161942 ___AC C:\Users\Javier Payes\Downloads\DML Installer 1.1 WiiPower.zip
2012-06-21 23:35 - 2012-06-21 23:34 - 00720170 ___AC C:\Users\Javier Payes\Downloads\DiscEX-v0.8b-cred(1).rar
2012-06-21 21:44 - 2012-06-21 21:44 - 00000000 _SHDC C:\Windows\System32\%APPDATA%
2012-06-21 01:26 - 2011-05-30 03:59 - 00000000 ___DC C:\Users\Javier Payes\AppData\Roaming\vlc
2012-06-20 01:51 - 2012-06-20 01:34 - 15946217 ___AC C:\Users\Javier Payes\Downloads\hawkthorne-win-x64(6).zip
2012-06-19 22:50 - 2012-06-15 00:11 - 188674912 ___AC C:\Users\Javier Payes\Downloads\FHper.mp4.part
2012-06-19 22:44 - 2012-01-28 00:42 - 00000000 ___DC C:\Program Files (x86)\JDownloader
2012-06-19 22:40 - 2012-06-06 00:05 - 02008337 ___AC C:\Users\Javier Payes\Downloads\ID-Clip-250.flv.part
2012-06-19 03:32 - 2012-06-19 03:13 - 112012819 ___AC C:\Users\Javier Payes\Downloads\www.NewAlbumReleases.net_Glen Hansard - Rhythm and Repose (2012).rar
2012-06-19 03:15 - 2012-06-19 03:14 - 03544292 ___AC C:\Users\Javier Payes\Downloads\Strangest Feeling - JessieWare.mp3
2012-06-19 03:14 - 2012-06-19 03:13 - 05085726 ___AC C:\Users\Javier Payes\Downloads\Jessie Ware - Running (Disclosure Remix) - JessieWare.mp3
2012-06-19 03:14 - 2012-06-19 03:13 - 04304142 ___AC C:\Users\Javier Payes\Downloads\Jessie Ware - Running - JessieWare.mp3
2012-06-19 03:14 - 2012-06-19 03:13 - 03912514 ___AC C:\Users\Javier Payes\Downloads\Jessie Ware - What You Won't Do For Love - JessieWare.mp3
2012-06-19 03:14 - 2012-06-19 03:13 - 03326118 ___AC C:\Users\Javier Payes\Downloads\Jessie Ware - 110% - JessieWare.mp3
2012-06-19 01:51 - 2009-07-14 06:13 - 02584128 ___AC C:\Windows\System32\PerfStringBackup.INI
2012-06-18 20:47 - 2012-06-19 03:32 - 00000000 ___DC C:\Users\Javier Payes\Downloads\Glen Hansard - Rhythm and Repose (2012)
2012-06-17 16:19 - 2012-05-08 22:12 - 00000000 ___DC C:\Program Files (x86)\Mozilla Maintenance Service
2012-06-17 03:20 - 2011-08-30 01:54 - 00000000 ___DC C:\Program Files (x86)\Mozilla Firefox
2012-06-17 01:29 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2012-06-15 16:15 - 2012-06-15 16:15 - 00000000 ___DC C:\Users\Javier Payes\Downloads\www.NewAlbumReleases.net_Fiona Apple - The Idler Wheel (2012)
2012-06-15 16:12 - 2012-06-15 15:58 - 87436733 ___AC C:\Users\Javier Payes\Downloads\www.NewAlbumReleases.net_Fiona Apple - The Idler Wheel (2012).rar
2012-06-15 15:44 - 2012-06-15 15:44 - 00000000 ___DC C:\Users\Javier Payes\AppData\Local\{B0DA6E0E-25E6-4C6C-97A2-E21D25D8C269}
2012-06-15 15:44 - 2010-10-13 15:14 - 00000000 ___DC C:\Users\Javier Payes\AppData\Local\Windows Live
2012-06-15 14:58 - 2012-06-15 14:58 - 01961925 ___AC C:\Users\Javier Payes\Downloads\Scan.jpeg
2012-06-15 01:45 - 2012-06-15 01:45 - 00000000 ___DC C:\Users\Javier Payes\Downloads\M-1161
2012-06-15 01:17 - 2012-06-15 00:58 - 251265724 ___AC C:\Users\Javier Payes\Downloads\H428.wmv
2012-06-15 00:59 - 2012-06-15 00:59 - 00000000 ___DC C:\Users\Javier Payes\Downloads\SP MANUAL
2012-06-15 00:59 - 2012-06-15 00:58 - 03109005 ___AC C:\Users\Javier Payes\Downloads\SP MANUAL.rar
2012-06-15 00:54 - 2012-06-15 00:24 - 00000000 ___DC C:\Users\Javier Payes\Documents\Hipertensión Arterial
2012-06-15 00:52 - 2010-10-30 15:12 - 00655872 _ASHC C:\Users\Javier Payes\Documents\Thumbs.db
2012-06-15 00:28 - 2012-06-14 23:24 - 285658457 ___AC C:\Users\Javier Payes\Downloads\M-1161.zip
2012-06-15 00:24 - 2012-06-15 00:24 - 00190520 ___AC C:\Users\Javier Payes\Documents\Hipertensión Arterial.pptx
2012-06-14 23:06 - 2012-06-14 22:36 - 12995712 ___AC C:\Users\Javier Payes\Downloads\ID-Clip-261.flv
2012-06-14 22:05 - 2012-06-14 21:38 - 124186910 ___AC C:\Users\Javier Payes\Downloads\ID-Clip-255.flv
2012-06-14 21:28 - 2011-02-24 01:54 - 00000000 ___DC C:\Users\Javier Payes\AppData\Roaming\Real
2012-06-14 21:27 - 2012-06-14 21:27 - 00198832 ___AC (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
2012-06-14 21:27 - 2012-06-14 21:27 - 00006656 ___AC (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll
2012-06-14 21:27 - 2012-06-14 21:27 - 00005632 ___AC (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll
2012-06-14 21:26 - 2012-06-14 21:26 - 00499712 ___AC (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2012-06-14 21:26 - 2012-06-14 21:26 - 00348160 ___AC (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2012-06-14 21:26 - 2012-06-14 21:26 - 00272896 ___AC (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
2012-06-14 21:21 - 2009-07-14 05:45 - 00743480 ___AC C:\Windows\System32\FNTCACHE.DAT
2012-06-14 21:18 - 2010-10-13 02:41 - 00000000 ___DC C:\Users\All Users\Microsoft Help
2012-06-14 21:11 - 2012-06-13 19:31 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-06-14 21:11 - 2012-06-13 19:31 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-06-14 21:11 - 2012-06-13 19:31 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-06-14 21:11 - 2010-10-12 11:10 - 58957832 ___AC (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-14 21:06 - 2012-06-13 19:31 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-06-14 21:05 - 2012-06-13 19:31 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-06-14 21:05 - 2012-06-13 19:31 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-06-14 21:05 - 2012-06-13 19:31 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-06-14 21:05 - 2012-06-13 19:30 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-06-14 21:05 - 2012-06-13 19:30 - 03146752 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-14 21:05 - 2012-06-13 19:30 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2012-06-14 21:05 - 2012-06-13 19:30 - 01112064 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2012-06-14 21:05 - 2012-06-13 19:30 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-14 21:04 - 2012-06-14 21:02 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-14 21:04 - 2012-06-14 21:02 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-14 21:04 - 2012-06-14 21:02 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-14 21:04 - 2012-06-14 21:02 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-14 21:04 - 2012-06-14 21:02 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-14 21:04 - 2012-06-14 21:02 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-14 21:04 - 2012-06-14 21:02 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-14 21:04 - 2012-06-14 21:02 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-14 21:04 - 2012-06-14 21:02 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-14 21:04 - 2012-06-14 21:02 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-14 21:04 - 2012-06-14 21:02 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-14 21:04 - 2012-06-14 21:02 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-14 21:04 - 2012-06-14 21:02 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-14 21:04 - 2012-06-14 21:02 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-14 21:04 - 2012-06-14 21:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-14 21:04 - 2012-06-14 21:02 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-14 21:04 - 2012-06-14 21:02 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-14 21:04 - 2012-06-14 21:02 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-14 21:04 - 2012-06-14 21:02 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-14 21:04 - 2012-06-14 21:02 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-14 21:04 - 2012-06-14 21:02 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-14 21:04 - 2012-06-14 21:02 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-14 21:04 - 2012-06-14 21:02 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-14 21:04 - 2012-06-14 21:02 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-14 21:04 - 2012-06-14 21:02 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-14 21:04 - 2012-06-14 21:02 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-14 21:04 - 2012-06-14 21:02 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-14 21:04 - 2012-06-14 21:02 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-14 21:04 - 2012-06-13 19:30 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-06-14 21:04 - 2012-06-13 19:30 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-06-14 21:04 - 2012-06-13 19:30 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-06-14 21:04 - 2012-06-13 19:30 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-06-14 21:04 - 2012-06-13 19:30 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-06-14 21:04 - 2012-06-13 19:30 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-06-12 14:58 - 2012-06-12 14:51 - 56727340 ___AC C:\Users\Javier Payes\Downloads\Fiona_Apple_-_12.rar.part
2012-06-10 23:11 - 2012-06-10 23:11 - 00000000 ___DC C:\Users\Javier Payes\Downloads\hawkthorne-win-x64(5)
2012-06-10 23:08 - 2012-06-10 23:08 - 08458279 ___AC C:\Users\Javier Payes\Downloads\hawkthorne-win-x64(5).zip
2012-06-10 21:43 - 2012-06-10 21:43 - 00000000 ___DC C:\Users\Javier Payes\Downloads\www.NewAlbumReleases.net_Florrie - Late (2012)
2012-06-10 21:43 - 2012-06-10 21:11 - 32730391 ___AC C:\Users\Javier Payes\Downloads\www.NewAlbumReleases.net_Florrie - Late (2012).rar
2012-06-10 21:16 - 2012-06-10 21:15 - 12511934 ___AC C:\Users\Javier Payes\Downloads\Fifteen.mp3
2012-06-10 19:31 - 2012-05-28 04:14 - 00000000 ___DC C:\Users\Javier Payes\Downloads\hawkthorne
2012-06-09 22:55 - 2012-03-04 01:37 - 00000000 ___DC C:\Users\Javier Payes\AppData\Roaming\LOVE
2012-06-09 22:54 - 2012-06-09 22:54 - 00000000 ___DC C:\Users\Javier Payes\Downloads\hawkthorne-win-x64(4)
2012-06-09 22:54 - 2012-06-09 22:53 - 07894861 ___AC C:\Users\Javier Payes\Downloads\hawkthorne-win-x64(4).zip
2012-06-07 00:09 - 2012-05-27 21:30 - 01060856 ___AC C:\Users\Javier Payes\Documents\Wii U.pptx
2012-06-06 03:31 - 2012-05-29 01:00 - 97698884 ___AC C:\Users\Javier Payes\Downloads\H422.wmv.part
2012-06-06 00:03 - 2012-06-06 00:03 - 00000000 ___AC C:\Users\Javier Payes\Downloads\H426.wmv.part
2012-06-05 15:51 - 2012-06-05 15:51 - 00000011 ___AC C:\Users\Javier Payes\Downloads\GetAttachment.aspx
2012-06-04 22:41 - 2012-06-04 22:41 - 00000000 ___DC C:\Users\Javier Payes\AppData\Local\Toshiba
2012-06-04 22:41 - 2012-06-04 22:41 - 00000000 ___DC C:\Users\All Users\TOSHIBA
2012-06-04 22:41 - 2012-01-24 03:53 - 00000000 ___DC C:\Users\Javier Payes\Documents\Bluetooth
2012-06-04 22:36 - 2012-06-04 22:36 - 00000000 _SHDC C:\Windows\SysWOW64\%APPDATA%
2012-06-04 22:35 - 2012-06-04 22:35 - 00000000 ___DC C:\Program Files (x86)\Toshiba
2012-06-04 18:15 - 2012-06-04 18:15 - 00451689 ___AC C:\Users\Javier Payes\Downloads\pacman_championship_c3.jar
 
2012-06-04 17:40 - 2012-06-04 17:31 - 88149800 ___AC C:\Users\Javier Payes\Downloads\Nintendo Direct Pre E3 2012(360p_H.264-AAC).mp4
2012-06-04 04:03 - 2012-06-04 04:03 - 00000000 ___DC C:\Users\Javier Payes\Downloads\hawkthorne-win-x64(3)
2012-06-04 04:03 - 2012-06-04 04:01 - 08801128 ___AC C:\Users\Javier Payes\Downloads\hawkthorne-win-x64(3).zip
2012-05-31 03:58 - 2012-05-31 03:50 - 00000000 ___DC C:\Users\Javier Payes\Documents\Onchocerca volvulus
2012-05-31 03:55 - 2012-05-31 03:55 - 00000000 ___DC C:\Users\Javier Payes\Downloads\hawkthorne-win-x64(2)
2012-05-31 03:49 - 2012-05-31 03:49 - 01724222 ___AC C:\Users\Javier Payes\Documents\Onchocerca volvulus.pptx
2012-05-31 01:41 - 2012-05-31 01:37 - 10897303 ___AC C:\Users\Javier Payes\Downloads\hawkthorne-win-x64(2).zip
2012-05-29 02:44 - 2012-05-29 02:41 - 02110126 ___AC C:\Users\Javier Payes\Downloads\Wildheart - Beat Connection.mp3
2012-05-29 02:44 - 2012-05-29 02:40 - 04000555 ___AC C:\Users\Javier Payes\Downloads\The Palace Garden, 4am - Beat Connection.mp3
2012-05-29 02:44 - 2012-05-29 02:39 - 05058828 ___AC C:\Users\Javier Payes\Downloads\Silver Screen - Beat Connection.mp3
2012-05-29 02:44 - 2012-05-29 02:39 - 03367347 ___AC C:\Users\Javier Payes\Downloads\Sunburn - Beat Connection.mp3
2012-05-29 02:44 - 2012-05-29 02:38 - 05929019 ___AC C:\Users\Javier Payes\Downloads\Memories (Beat Connection Remix).mp3
2012-05-29 02:44 - 2012-05-29 02:38 - 05056738 ___AC C:\Users\Javier Payes\Downloads\Same Damn Time - Beat Connection.mp3
2012-05-29 02:44 - 2012-05-29 02:38 - 02058299 ___AC C:\Users\Javier Payes\Downloads\Motorway - Beat Connection.mp3
2012-05-29 02:44 - 2012-05-29 02:37 - 05327994 ___AC C:\Users\Javier Payes\Downloads\In the Water - Beat Connection.mp3
2012-05-29 02:44 - 2012-05-29 02:37 - 03094002 ___AC C:\Users\Javier Payes\Downloads\Fresh Touch - Beat Connection.mp3
2012-05-29 02:41 - 2012-05-29 02:41 - 04515630 ___AC C:\Users\Javier Payes\Downloads\Think_Feel (feat. Chelsey Scheffe) - Beat Connection.mp3
2012-05-29 02:27 - 2012-05-29 02:26 - 03566026 ___AC C:\Users\Javier Payes\Downloads\_Speed The Collapse_ - Metric.mp3
2012-05-29 02:26 - 2012-05-29 02:26 - 02111529 ___AC C:\Users\Javier Payes\Downloads\Bobby Womack - Dayglo Reflection (feat. Lana Del Rey).mp3
2012-05-29 02:26 - 2012-05-29 02:26 - 01844662 ___AC C:\Users\Javier Payes\Downloads\Lana Del Rey - Goodbye Kiss in the Radio 1 Live Lounge.mp3
2012-05-29 02:22 - 2012-05-29 02:20 - 07219546 ___AC C:\Users\Javier Payes\Downloads\Florence + The Machine vs Calvin Harris - Spectrum (Say My Name).mp3
2012-05-29 02:19 - 2012-05-22 02:31 - 03512680 ___AC C:\Users\Javier Payes\Downloads\Good As New - Vacationer.mp3
2012-05-29 02:16 - 2012-05-29 01:51 - 262598247 ___AC C:\Users\Javier Payes\Downloads\M-1127.zip
2012-05-28 04:48 - 2012-05-28 04:47 - 00000000 ___DC C:\Users\Javier Payes\Documents\CDPresentación3
2012-05-28 04:46 - 2012-05-28 01:54 - 01788313 ___AC C:\Users\Javier Payes\Documents\EL SUELO.pptx
2012-05-28 04:14 - 2012-05-28 04:14 - 00000000 ___DC C:\Users\Javier Payes\Downloads\hawkthorne-win-x64(1)
2012-05-28 04:14 - 2012-05-28 04:13 - 10824948 ___AC C:\Users\Javier Payes\Downloads\hawkthorne-win-x64(1).zip
2012-05-26 02:36 - 2012-05-15 01:30 - 03045497 ___AC C:\Users\Javier Payes\Downloads\Shame by Crybaby - OhCrybaby.mp3
2012-05-26 02:14 - 2012-05-15 01:30 - 03278317 ___AC C:\Users\Javier Payes\Downloads\When The Lights Go Out by Crybaby - OhCrybaby.mp3
2012-05-26 02:09 - 2012-05-26 02:08 - 04193801 ___AC C:\Users\Javier Payes\Downloads\DANGEROUS GIRL - Lana Del Rey_ DaftDog.mp3
2012-05-26 01:22 - 2012-05-26 01:22 - 05775588 ___AC C:\Users\Javier Payes\Downloads\tumblr_m4icq5n7sy1qmtv72o1.mp3
2012-05-25 21:47 - 2012-05-25 21:46 - 10932479 ___AC C:\Users\Javier Payes\Downloads\hawkthorne-win-x64.zip
2012-05-23 03:48 - 2012-05-23 03:48 - 01280630 ___AC C:\Users\Javier Payes\Downloads\Sons Of Jim - Don't Throw Your Love Away.mp3
2012-05-23 03:47 - 2012-05-23 03:47 - 01977690 ___AC C:\Users\Javier Payes\Downloads\Sons Of Jim - Old Faces (Lyrics).mp3
2012-05-23 03:32 - 2012-05-22 02:19 - 03237772 ___AC C:\Users\Javier Payes\Downloads\Carousel - Where Have You Gone - carousel_official.mp3
2012-05-23 02:46 - 2012-05-23 02:43 - 01231350 ___AC C:\Users\Javier Payes\Downloads\Milla - Electric Sky (AUDIO) iTunes - Amazon.mp3
2012-05-23 02:37 - 2012-05-23 02:37 - 01221067 ___AC C:\Users\Javier Payes\Downloads\Milla Jovovich - Electric Sky.mp3
2012-05-22 02:40 - 2012-05-22 02:29 - 05459648 ___AC C:\Users\Javier Payes\Downloads\Hurricane.mp3
2012-05-22 02:32 - 2012-05-22 02:31 - 03433533 ___AC C:\Users\Javier Payes\Downloads\The Paper Kites - Bloom - paperbacks7.mp3
2012-05-22 02:09 - 2012-05-22 02:00 - 04387848 ___AC C:\Users\Javier Payes\Downloads\Irma_-_I_Know.mp3
2012-05-21 02:42 - 2012-05-21 02:41 - 03148903 ___AC C:\Users\Javier Payes\Downloads\Still Don't Know - Icona Pop.mp3
2012-05-21 02:42 - 2012-05-21 02:41 - 03096240 ___AC C:\Users\Javier Payes\Downloads\Sun Goes Down feat The Knocks - Icona Pop.mp3
2012-05-21 02:42 - 2012-05-21 02:41 - 02880991 ___AC C:\Users\Javier Payes\Downloads\Icona Pop - I Love It - frenchysymphony.mp3
2012-05-21 02:42 - 2012-05-21 02:40 - 08695882 ___AC C:\Users\Javier Payes\Downloads\Nights Like Bonita - Icona Pop.mp3
2012-05-21 02:41 - 2012-05-21 02:40 - 03275545 ___AC C:\Users\Javier Payes\Downloads\Nights Like This - Icona Pop.mp3
2012-05-21 02:41 - 2012-05-21 02:40 - 02972524 ___AC C:\Users\Javier Payes\Downloads\Manners - Icona Pop.mp3
2012-05-21 02:41 - 2012-05-21 02:40 - 02837941 ___AC C:\Users\Javier Payes\Downloads\Lovers To Friends - Icona Pop.mp3
2012-05-21 00:47 - 2012-01-28 03:59 - 00000000 ___DC C:\Users\Javier Payes\Documents\Mii
2012-05-21 00:09 - 2012-05-21 00:09 - 00000000 ___DC C:\Program Files (x86)\MediaHuman
2012-05-21 00:09 - 2012-01-08 02:20 - 00000000 ___DC C:\Users\Javier Payes\AppData\Local\MediaHuman
2012-05-21 00:08 - 2012-05-21 00:05 - 12774082 ___AC (MediaHuman ) C:\Users\Javier Payes\Downloads\MHAudioConverter.exe
2012-05-20 22:35 - 2012-03-31 00:30 - 00002432 ___AC C:\Windows\PFRO.log
2012-05-20 02:52 - 2012-05-20 02:52 - 00720170 ___AC C:\Users\Javier Payes\Downloads\DiscEX-v0.8b-cred.rar
2012-05-20 02:41 - 2012-05-20 02:40 - 00387904 ___AC C:\Users\Javier Payes\Downloads\GameCubeISOcompress-v0.2-win32.zip
2012-05-20 02:37 - 2012-05-20 02:35 - 01600384 ___AC C:\Users\Javier Payes\Downloads\diosmioslitesv1.4b.wad
2012-05-20 01:59 - 2012-05-20 01:59 - 00000000 ___DC C:\Users\Javier Payes\AppData\Local\CRE
2012-05-20 01:59 - 2012-05-20 01:59 - 00000000 ___DC C:\Users\Javier Payes\AppData\Local\Conduit
2012-05-20 01:59 - 2012-05-20 01:59 - 00000000 ___DC C:\Program Files (x86)\uTorrentControl2
2012-05-20 01:58 - 2011-12-25 20:08 - 00000000 ___DC C:\Program Files (x86)\uTorrent
2012-05-17 15:28 - 2012-05-17 15:25 - 23576884 ___AC C:\Users\Javier Payes\Downloads\Secret of the Wild Child part 6(240p_H.264-AAC).mp4
2012-05-17 15:28 - 2012-05-17 15:25 - 22074274 ___AC C:\Users\Javier Payes\Downloads\Secret of the Wild Child part 5(240p_H.264-AAC).mp4
2012-05-17 15:25 - 2012-05-17 15:14 - 21275907 ___AC C:\Users\Javier Payes\Downloads\Secret of the Wild Child part 3(240p_H.264-AAC).mp4
2012-05-17 15:24 - 2012-05-17 15:14 - 23709108 ___AC C:\Users\Javier Payes\Downloads\Secret of the Wild child part 4(240p_H.264-AAC).mp4
2012-05-17 15:24 - 2012-05-17 15:14 - 21331031 ___AC C:\Users\Javier Payes\Downloads\Secret of the Wild Child part 2(240p_H.264-AAC).mp4
2012-05-17 15:24 - 2012-05-17 15:14 - 20262357 ___AC C:\Users\Javier Payes\Downloads\Secret of the Wild Child part 1(240p_H.264-AAC).mp4
2012-05-17 14:56 - 2012-05-17 04:50 - 00224575 ___AC C:\Users\Javier Payes\Documents\PERIODIOS CRÍTICOS.pptx
2012-05-17 14:08 - 2012-05-17 14:07 - 03534650 ___AC C:\Users\Javier Payes\Downloads\Trasplantes.pptx
2012-05-17 04:59 - 2012-05-17 04:59 - 00000000 ___DC C:\Users\Javier Payes\Documents\CDPresentación
2012-05-17 04:58 - 2012-05-16 18:07 - 02130862 ___AC C:\Users\Javier Payes\Documents\Pruebas de histocompatibilidad.pptx
2012-05-16 03:52 - 2010-10-13 15:14 - 00234944 ___AC C:\Users\Javier Payes\AppData\Local\GDIPFONTCACHEV1.DAT
2012-05-16 03:24 - 2012-05-16 03:24 - 00025504 ___AC C:\Users\Javier Payes\Downloads\FuturaStd-Medium.otf
2012-05-16 02:42 - 2012-05-15 02:31 - 31721284 ___AC C:\Users\Javier Payes\Downloads\www.NewAlbumReleases.net_Metric - Synthetica Reflections (2012).rar
2012-05-15 02:29 - 2012-05-15 01:55 - 04129277 ___AC C:\Users\Javier Payes\Downloads\_Youth Without Youth_ - Metric.mp3
2012-05-15 02:19 - 2012-05-15 01:20 - 04388403 ___AC C:\Users\Javier Payes\Downloads\emma louise - Boy - MuchoBravado.mp3
2012-05-15 02:18 - 2012-05-15 02:17 - 05110386 ___AC C:\Users\Javier Payes\Downloads\Things We Lost In The Fire (Deux Freq remix) - BASTILLE.mp3
2012-05-15 02:07 - 2012-05-15 01:36 - 87483822 ___AC C:\Users\Javier Payes\Downloads\Goldroom - Aviva Mix 2012.mp3
2012-05-15 02:05 - 2012-05-15 01:36 - 85060069 ___AC C:\Users\Javier Payes\Downloads\Goldroom - Dec 2011 Mix for Therapy Life.mp3
2012-05-15 02:03 - 2012-05-15 01:37 - 55017958 ___AC C:\Users\Javier Payes\Downloads\Goldroom - July 2011 Mix for KXSC Los Angeles.mp3
2012-05-15 01:55 - 2012-05-15 01:53 - 04213863 ___AC C:\Users\Javier Payes\Downloads\Take a Walk - passionpit.mp3
2012-05-15 01:53 - 2012-05-15 01:52 - 03768319 ___AC C:\Users\Javier Payes\Downloads\Climax - diplo.mp3
2012-05-15 01:52 - 2012-05-15 01:50 - 04582503 ___AC C:\Users\Javier Payes\Downloads\Goldroom - Morgan's Bay.mp3
2012-05-15 01:50 - 2012-05-15 01:38 - 28993979 ___AC C:\Users\Javier Payes\Downloads\Goldroom - Kissed Minimix (Feb 2012).mp3
2012-05-15 01:38 - 2012-05-15 01:36 - 04801932 ___AC C:\Users\Javier Payes\Downloads\Goldroom - Fifteen (ft Chela).mp3
2012-05-15 01:37 - 2012-05-15 01:36 - 04725863 ___AC C:\Users\Javier Payes\Downloads\Goldroom - City Girls.mp3
2012-05-15 01:36 - 2012-05-15 01:34 - 05599398 ___AC C:\Users\Javier Payes\Downloads\Alpine - Hands (Goldroom Remix).mp3
2012-05-15 01:36 - 2012-05-15 01:34 - 05216129 ___AC C:\Users\Javier Payes\Downloads\Goldroom - Angeles.mp3
2012-05-15 01:36 - 2012-05-15 01:34 - 04707055 ___AC C:\Users\Javier Payes\Downloads\Citizens! - Reptile (Goldroom Remix).mp3
2012-05-15 01:36 - 2012-05-15 01:34 - 04669439 ___AC C:\Users\Javier Payes\Downloads\Gigamesh - Red Light (Goldroom Remix).mp3
2012-05-15 01:22 - 2012-05-15 01:22 - 03222046 ___AC C:\Users\Javier Payes\Downloads\SHIELDS - White Knuckle Tight Grip.mp3
2012-05-15 01:22 - 2012-05-15 01:21 - 03086627 ___AC C:\Users\Javier Payes\Downloads\SHIELDS - Momentum (2012 Demo).mp3
2012-05-15 01:22 - 2012-05-15 01:21 - 02950372 ___AC C:\Users\Javier Payes\Downloads\SHIELDS - Spires (Adrian Bushby Mix).mp3
2012-05-15 01:21 - 2012-05-15 01:21 - 00000000 ___DC C:\Users\Javier Payes\Downloads\The Neighbourhood-I_m Sorry_
2012-05-15 01:21 - 2012-05-15 01:20 - 03647110 ___AC C:\Users\Javier Payes\Downloads\SHIELDS - Brakes.mp3
2012-05-15 01:21 - 2012-05-15 01:20 - 03617853 ___AC C:\Users\Javier Payes\Downloads\SHIELDS - Mezzanine (Live At La Fleche d'Or, Paris 2012).mp3
2012-05-15 01:21 - 2012-05-15 01:20 - 02585076 ___AC C:\Users\Javier Payes\Downloads\SHIELDS - All I Know.mp3
2012-05-15 01:21 - 2012-05-15 01:16 - 47164060 ___AC C:\Users\Javier Payes\Downloads\The Neighbourhood-I_m Sorry_.zip
2012-05-15 00:35 - 2012-05-15 00:34 - 08613281 ___AC C:\Users\Javier Payes\Downloads\Sons Of Jim - My Burning Sun.mp3
2012-05-15 00:34 - 2012-05-15 00:33 - 03630239 ___AC C:\Users\Javier Payes\Downloads\Sons of Jim - Fairytale.mp3
2012-05-14 22:54 - 2012-05-14 22:49 - 62947359 ___AC C:\Users\Javier Payes\Downloads\BASTILLE_-_OTHER_PEOPLE'S_HEARTACHE.zip
2012-05-12 16:33 - 2009-07-14 11:39 - 00000000 ___DC C:\Program Files\Windows Journal
2012-05-12 01:14 - 2012-05-12 01:04 - 01544704 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-05-12 01:14 - 2012-05-12 01:04 - 01077248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2012-05-12 01:13 - 2012-05-12 00:50 - 00075120 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-05-12 01:13 - 2010-10-13 15:20 - 00000000 ___DC C:\Program Files (x86)\Microsoft Silverlight
2012-05-12 01:12 - 2012-05-12 00:27 - 01918320 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-05-10 17:41 - 2012-05-10 03:56 - 04286616 ___AC C:\Users\Javier Payes\Documents\Especies.pptx
2012-05-10 17:22 - 2011-11-09 03:15 - 00000000 ___DC C:\Users\Javier Payes\Documents\BlackBerry
2012-05-10 17:10 - 2012-05-10 17:03 - 00000000 ___DC C:\Users\Javier Payes\Documents\PROMETHEUS
2012-05-10 16:55 - 2012-05-10 16:52 - 00000000 ___DC C:\Users\Javier Payes\Documents\Cromo
2012-05-08 22:12 - 2012-05-08 22:12 - 00000000 ___DC C:\Users\All Users\Mozilla
2012-05-05 02:07 - 2012-05-05 02:06 - 00872705 ___AC C:\Users\Javier Payes\Downloads\www.NewAlbumReleases.net_Garbage_-_Not_Your_Kind_of_People_(2012).rar.part
2012-05-04 15:56 - 2012-05-04 15:56 - 00324179 ___AC C:\Users\Javier Payes\Documents\repaso bacter 2011.pptx
2012-05-02 17:59 - 2012-05-16 02:42 - 00000000 ___DC C:\Users\Javier Payes\Downloads\Metric - Synthetica Reflections (2012)
2012-04-30 18:01 - 2012-04-30 18:01 - 00234367 ___AC C:\Users\Javier Payes\Downloads\xiph-qt-win32-0.1.5.exe
2012-04-30 17:15 - 2012-04-30 17:15 - 01630876 ___AC C:\Users\Javier Payes\Downloads\Bastille - Overjoyed.mp3
2012-04-30 16:55 - 2012-04-30 16:55 - 01769430 ___AC C:\Users\Javier Payes\Downloads\BASTILLE _ Sleepsong.mp3
2012-04-30 16:55 - 2012-04-30 16:55 - 01375868 ___AC C:\Users\Javier Payes\Downloads\BASTILLE _ What Would You Do_ [City High Cover] - ( Official Video ).mp3
2012-04-30 16:54 - 2012-04-30 16:54 - 01635426 ___AC C:\Users\Javier Payes\Downloads\BASTILLE _ Overjoyed ( Official Video ).mp3
2012-04-30 16:54 - 2012-04-30 16:54 - 01323712 ___AC C:\Users\Javier Payes\Downloads\BASTILLE _ Laura Palmer ( Image Video ).mp3
2012-04-30 16:53 - 2012-04-30 16:53 - 00719934 ___AC C:\Users\Javier Payes\Downloads\BASTILLE _ Other People's Heartache (Trailer).mp3
2012-04-30 16:52 - 2012-04-30 16:52 - 01770057 ___AC C:\Users\Javier Payes\Downloads\BASTILLE _ Of the Night.mp3
2012-04-30 16:44 - 2012-04-30 16:44 - 01392456 ___AC C:\Users\Javier Payes\Downloads\BASTILLE _ Get Home ( Official Video - Tour 2011 ).mp3
2012-04-30 16:43 - 2012-04-30 16:43 - 01594658 ___AC C:\Users\Javier Payes\Downloads\BASTILLE _ Flaws ( Video ).mp3
2012-04-30 16:42 - 2012-04-30 16:42 - 01429142 ___AC C:\Users\Javier Payes\Downloads\Bastille - Icarus.mp3
2012-04-28 03:17 - 2011-12-23 01:02 - 00000000 ___DC C:\Users\Javier Payes\Documents\ConvertXToDVD
2012-04-28 02:46 - 2011-12-23 00:52 - 00001189 ___AC C:\Users\Javier Payes\AppData\Roaming\vso_ts_preview.xml
2012-04-28 02:46 - 2011-12-23 00:52 - 00000000 ___DC C:\Users\Javier Payes\AppData\Roaming\Vso
2012-04-28 01:38 - 2012-04-28 01:38 - 00000000 ___DC C:\Program Files (x86)\MixMeister BPM Analyzer
2012-04-27 02:16 - 2012-04-27 02:16 - 02100035 ___AC C:\Users\Javier Payes\Downloads\Cassie - King of Hearts Richard X Remix.mp3
2012-04-27 02:16 - 2012-04-27 02:16 - 02009965 ___AC C:\Users\Javier Payes\Downloads\Florence and the Machine - Breath Of Life.mp3
2012-04-26 17:21 - 2012-04-26 17:21 - 03333872 ___AC C:\Users\Javier Payes\Downloads\brown-shoe-late-nights_2011-08-31-165055-4137-0-0-0.128.mp3
2012-04-26 17:03 - 2012-04-26 17:03 - 08753206 ___AC C:\Users\Javier Payes\Downloads\Every Night I Say A Prayer.mp3
2012-04-26 16:47 - 2012-04-26 15:49 - 87044874 ___AC C:\Users\Javier Payes\Downloads\Cassie - King Of Hearts - Richard X Remix Edit.mp4
2012-04-24 03:16 - 2012-04-24 03:16 - 01424865 ___AC C:\Users\Javier Payes\Documents\Imagen1.png
2012-04-24 03:15 - 2012-04-24 02:31 - 04042782 ___AC C:\Users\Javier Payes\Documents\Community2.pptx
2012-04-24 02:25 - 2012-04-16 03:34 - 05404540 ___AC C:\Users\Javier Payes\Documents\chest.pptx
2012-04-22 23:28 - 2012-04-22 23:00 - 00000000 ___DC C:\Users\Javier Payes\Documents\UnCodeX
2012-04-22 23:00 - 2012-04-22 23:00 - 00000000 ___DC C:\Program Files (x86)\UnCodeX
2012-04-22 21:45 - 2012-03-31 01:44 - 00085186 ___AC C:\Windows\DirectX.log
2012-04-20 16:58 - 2009-07-14 06:08 - 00032630 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-04-19 01:44 - 2012-04-19 01:44 - 00135247 ___AC C:\Users\Javier Payes\Downloads\Cita SAT.pptx
2012-04-16 23:11 - 2012-04-16 23:05 - 00000000 ___DC C:\Users\Javier Payes\Downloads\Impresion
2012-04-16 02:17 - 2010-10-31 19:34 - 00030208 _ASHC C:\Users\Javier Payes\Thumbs.db
2012-04-16 02:02 - 2012-04-16 02:02 - 00000000 ___DC C:\Users\Javier Payes\Downloads\zetro_vs_1_3_by_pisadeviant-d3jn7gf(1)
2012-04-16 02:01 - 2012-04-16 02:01 - 00000000 ___DC C:\Users\Javier Payes\Downloads\omnimo_4_1_for_rainmeter_by_fediafedia-d2mhn7l
2012-04-16 01:48 - 2012-04-16 01:48 - 00000000 ___DC C:\Users\Javier Payes\Downloads\placebo_for_windows_7_by_solmiler-d346dad
2012-04-16 01:38 - 2012-04-16 01:38 - 00000000 ___DC C:\Program Files\CodeGazer
2012-04-16 01:37 - 2012-04-16 01:37 - 00000000 ___DC C:\Users\Javier Payes\Downloads\simplesentencethree_by_white_baron-d2ws62q
2012-04-16 01:35 - 2012-04-16 01:35 - 00000000 ___DC C:\Users\Javier Payes\Downloads\appows2010_by_neiio-d2lhrrb
2012-04-16 01:25 - 2012-04-16 01:25 - 00000000 ___DC C:\Users\Javier Payes\Downloads\SimplyNova V2
2012-04-16 01:03 - 2012-04-16 01:02 - 03839245 ___AC C:\Users\Javier Payes\Downloads\Santigold_-_Disparate_Youth_Official_Music_Video_mIMMZQJ1H6E_hi.mp3
2012-04-15 06:58 - 2012-05-08 01:28 - 00000000 ___DC C:\Users\Javier Payes\Downloads\Summer Heart - About A Feeling (2012)
2012-04-15 04:14 - 2012-03-29 18:38 - 00000000 ___DC C:\Users\Javier Payes\dwhelper
2012-04-15 03:44 - 2012-04-15 02:37 - 371783742 ___AC C:\Users\Javier Payes\Downloads\Magic.City.S01E02.HDTV.x264-ASAP.mp4
2012-04-15 02:50 - 2012-04-13 01:19 - 00000000 ___DC C:\Users\Javier Payes\Downloads\F-Zero_GX_USA_NGC-STARCUBE
2012-04-13 02:58 - 2012-04-13 02:58 - 00220672 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-04-13 02:58 - 2012-04-13 02:58 - 00172544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2012-04-13 02:58 - 2012-04-13 02:58 - 00159232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2012-04-13 02:58 - 2012-04-13 02:58 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-04-13 02:58 - 2012-04-13 02:58 - 00023408 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-04-13 02:58 - 2012-04-13 02:58 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2012-04-13 02:58 - 2012-04-13 02:58 - 00005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-04-13 01:57 - 2012-04-13 01:57 - 00000000 ___DC C:\Users\Javier Payes\Downloads\Santogold
2012-04-05 22:41 - 2012-04-05 22:30 - 00000000 ___DC C:\Users\Javier Payes\AppData\Local\Darksiders
2012-04-05 22:30 - 2012-03-31 01:46 - 00000000 ___DC C:\Users\Javier Payes\Documents\My Games
2012-04-05 22:28 - 2011-07-08 19:52 - 00000000 ___DC C:\Windows\SysWOW64\directx
2012-04-05 20:36 - 2012-04-05 20:36 - 01606656 ___AC C:\Users\Javier Payes\Downloads\SteamInstall.msi
2012-04-05 20:18 - 2012-04-05 20:18 - 00000000 ___DC C:\Program Files\iTunes
2012-04-05 20:18 - 2012-04-05 20:18 - 00000000 ___DC C:\Program Files\iPod
2012-04-05 20:18 - 2012-04-05 20:18 - 00000000 ___DC C:\Program Files (x86)\iTunes
2012-04-05 17:28 - 2012-04-05 17:28 - 00000000 ___DC C:\Program Files (x86)\THQ
2012-04-02 02:18 - 2012-04-02 02:18 - 00001773 ___AC C:\Users\Javier Payes\Downloads\wiiflow.ini
2012-04-02 01:42 - 2012-04-02 01:42 - 00000000 ___DC C:\Program Files (x86)\NVIDIA Corporation
2012-04-01 19:21 - 2012-03-19 03:14 - 00002273 __AHC C:\Windows\EPMBatch.ept
2012-03-31 01:46 - 2012-03-31 01:46 - 00000000 ___DC C:\Users\All Users\Age of Empires 3
2012-03-31 01:45 - 2010-10-12 10:29 - 00000000 __HDC C:\Program Files (x86)\InstallShield Installation Information
2012-03-31 01:40 - 2011-06-25 22:29 - 00000000 ___DC C:\Program Files (x86)\Microsoft Games
2012-03-31 01:27 - 2012-03-31 01:27 - 00000000 ___DC C:\Users\Javier Payes\AppData\Local\SKIDROW
2012-03-31 01:05 - 2012-03-31 01:05 - 00000000 ___DC C:\Program Files (x86)\Elaborate Bytes
2012-03-31 00:38 - 2012-03-29 18:54 - 00000000 ___DC C:\Users\Javier Payes\AppData\Roaming\Orbit
ZeroAccess:
C:\Windows\Installer\{938cf1c4-6115-446a-91cc-0ed5a15e6eac}
C:\Windows\Installer\{938cf1c4-6115-446a-91cc-0ed5a15e6eac}\@
C:\Windows\Installer\{938cf1c4-6115-446a-91cc-0ed5a15e6eac}\L
C:\Windows\Installer\{938cf1c4-6115-446a-91cc-0ed5a15e6eac}\n
C:\Windows\Installer\{938cf1c4-6115-446a-91cc-0ed5a15e6eac}\U
C:\Windows\Installer\{938cf1c4-6115-446a-91cc-0ed5a15e6eac}\U\800000cb.@
ZeroAccess:
C:\Users\Javier Payes\AppData\Local\{938cf1c4-6115-446a-91cc-0ed5a15e6eac}
C:\Users\Javier Payes\AppData\Local\{938cf1c4-6115-446a-91cc-0ed5a15e6eac}\@
C:\Users\Javier Payes\AppData\Local\{938cf1c4-6115-446a-91cc-0ed5a15e6eac}\L
C:\Users\Javier Payes\AppData\Local\{938cf1c4-6115-446a-91cc-0ed5a15e6eac}\U
========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
========================= Memory info ======================
Percentage of memory in use: 16%
Total physical RAM: 3893.32 MB
Available physical RAM: 3239.23 MB
Total Pagefile: 3891.47 MB
Available Pagefile: 3246.32 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
======================= Partitions =========================
1 Drive c: () (Fixed) (Total:75.05 GB) (Free:3.44 GB) NTFS
2 Drive d: (Windows 8) (Fixed) (Total:20.51 GB) (Free:7.01 GB) NTFS
3 Drive f: (Datos) (Fixed) (Total:368.1 GB) (Free:11.73 GB) NTFS
5 Drive h: (USB) (Removable) (Total:0.93 GB) (Free:0.93 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
7 Drive y: (Reservado para el sistema) (Fixed) (Total:0.1 GB) (Free:0.04 GB) NTFS ==>[System with boot components (obtained from reading drive)]
N£m Disco Estado Tama¤o Disp Din Gpt
---------- ---------- ------- ------- --- ---
Disco 0 En l¡nea 465 GB 0 B
Disco 1 En l¡nea 954 MB 0 B
Saliendo de DiskPart...

==========================================================
Last Boot: 2012-06-21 03:39
======================= End Of Log ==========================
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===================================================

In Vista or Windows 7: Boot to System Recovery Options and run FRST.
In Windows XP: Please boot to UBCD and run FRST.
Type the following in the edit box after "Search:".

services.exe

Click Search button and post the log (Search.txt) it makes to your reply.
 
This is what I got:

Farbar Recovery Scan Tool Version: 25-06-2012
Ran by SYSTEM at 2012-06-27 19:48:23
Running from H:\
================== Search: "services.exe" ===================
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-14 00:19] - [2009-07-14 02:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\Windows\System32\services.exe
[2009-07-14 00:19] - [2012-06-28 00:37] - 0328704 ___AC (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06
====== End Of Search ======
 
Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Next...

See if you can boot normally.

If so...

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe
  • Double-click on the Rkill icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.
Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 

Attachments

  • fixlist.txt
    508 bytes · Views: 1
Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 25-06-2012
Ran by SYSTEM at 2012-06-27 20:15:39 Run:1
Running from H:\
==============================================
HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows Value was restored successfully .
C:\Windows\System32\consrv.dll not found.
C:\Windows\System32\services.exe.443E440A2239DFD4 moved successfully.
C:\Windows\Installer\{938cf1c4-6115-446a-91cc-0ed5a15e6eac} moved successfully.
C:\Users\Javier Payes\AppData\Local\{938cf1c4-6115-446a-91cc-0ed5a15e6eac} moved successfully.
C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe
==== End of Fixlog ====
 
Windows runs normally.
This is the ComboFix log:

ComboFix 12-06-27.01 - Javier Payes 06/27/2012 20:30:15.1.4 - x64
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.52.3082.18.3893.1822 [GMT -5:00]
Running from: c:\users\Javier Payes\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ClickPotatoLiteSA
c:\programdata\ClickPotatoLiteSA\ClickPotatoLiteSA.dat
c:\programdata\ClickPotatoLiteSA\ClickPotatoLiteSA_hpk.dat
c:\programdata\ClickPotatoLiteSA\ClickPotatoLiteSA_kyf_update.dat
c:\programdata\ClickPotatoLiteSA\ClickPotatoLiteSAAbout.mht
c:\programdata\ClickPotatoLiteSA\ClickPotatoLiteSAau.dat
c:\programdata\ClickPotatoLiteSA\ClickPotatoLiteSAEULA.mht
c:\users\Javier Payes\AppData\Local\TempDIR
c:\users\Javier Payes\AppData\Local\TempDIR\BetterInstaller.exe
c:\users\Javier Payes\AppData\Roaming\ClickPotatoLite
c:\users\Javier Payes\AppData\Roaming\Love
c:\users\Javier Payes\AppData\Roaming\Love\mari0\options.txt
c:\users\Javier Payes\AppData\Roaming\vso_ts_preview.xml
c:\windows\UA000071.DLL
.
.
((((((((((((((((((((((((( Files Created from 2012-05-28 to 2012-06-28 )))))))))))))))))))))))))))))))
.
.
2012-06-28 01:38 . 2012-06-28 01:38 -------- dc----w- c:\users\Default\AppData\Local\temp
2012-06-27 23:20 . 2012-06-27 23:19 927800 -c--a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{60302ED5-CBBA-4C98-A7BA-F49D304634D8}\gapaengine.dll
2012-06-27 23:20 . 2012-05-31 02:04 9013136 -c--a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{113DA8EF-245F-4A20-8046-A46957D295DB}\mpengine.dll
2012-06-27 23:17 . 2012-06-27 23:21 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-27 23:17 . 2012-06-27 23:21 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-27 23:17 . 2012-06-27 23:21 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-27 23:17 . 2012-06-27 23:21 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-27 23:17 . 2012-06-27 23:21 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-27 23:17 . 2012-06-27 23:21 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-27 23:17 . 2012-06-27 23:21 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-27 23:16 . 2012-06-27 23:21 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-27 23:16 . 2012-06-27 23:21 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-27 17:59 . 2012-06-27 18:00 -------- dc----w- C:\FRST
2012-06-24 21:01 . 2012-06-24 21:01 -------- dc----w- c:\users\Javier Payes\AppData\Local\Macromedia
2012-06-24 20:51 . 2012-06-24 20:51 -------- dc----w- c:\program files (x86)\Microsoft Security Client
2012-06-24 20:50 . 2012-06-24 20:51 -------- dc----w- c:\program files\Microsoft Security Client
2012-06-21 23:13 . 2012-06-21 23:13 -------- dc----w- c:\users\Javier Payes\AppData\Roaming\Hive Cluster
2012-06-21 22:43 . 2012-06-21 22:43 -------- dc----w- c:\program files (x86)\Super Meat Boy
2012-06-21 20:44 . 2012-06-21 20:44 -------- dcsh--w- c:\windows\system32\%APPDATA%
2012-06-14 20:28 . 2012-06-14 20:28 11776 -c--a-w- c:\program files (x86)\Mozilla Firefox\plugins\nprjplug.dll
2012-06-14 20:27 . 2012-06-14 20:27 -------- dc----w- c:\program files (x86)\Common Files\xing shared
2012-06-14 20:27 . 2012-06-14 20:27 150696 -c--a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppl3260.dll
2012-06-14 20:27 . 2012-06-14 20:27 129144 -c--a-w- c:\program files (x86)\Mozilla Firefox\plugins\nprpplugin.dll
2012-06-14 20:26 . 2012-06-14 20:26 499712 -c--a-w- c:\windows\SysWow64\msvcp71.dll
2012-06-14 20:26 . 2012-06-14 20:26 348160 -c--a-w- c:\windows\SysWow64\msvcr71.dll
2012-06-13 18:31 . 2012-06-14 20:11 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-13 18:31 . 2012-06-14 20:11 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 18:31 . 2012-06-14 20:11 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 18:31 . 2012-06-14 20:06 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-06-13 18:31 . 2012-06-14 20:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-13 18:31 . 2012-06-14 20:05 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-13 18:31 . 2012-06-14 20:05 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-13 18:30 . 2012-06-14 20:05 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 18:30 . 2012-06-14 20:05 1112064 ----a-w- c:\windows\system32\rdpcorets.dll
2012-06-13 18:30 . 2012-06-14 20:05 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 18:30 . 2012-06-14 20:05 3216384 ----a-w- c:\windows\system32\msi.dll
2012-06-13 18:30 . 2012-06-14 20:05 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-13 18:30 . 2012-06-14 20:04 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 18:30 . 2012-06-14 20:04 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 18:30 . 2012-06-14 20:04 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-13 18:30 . 2012-06-14 20:04 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 18:30 . 2012-06-14 20:04 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-13 18:30 . 2012-06-14 20:04 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-08 01:42 . 2012-06-08 01:42 770384 -c--a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-08 01:42 . 2012-06-08 01:42 421200 -c--a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-04 21:41 . 2012-06-04 21:41 -------- dc----w- c:\users\Javier Payes\AppData\Local\Toshiba
2012-06-04 21:41 . 2012-06-04 21:41 -------- dc----w- c:\programdata\TOSHIBA
2012-06-04 21:36 . 2012-06-04 21:36 -------- dcsh--w- c:\windows\SysWow64\%APPDATA%
2012-06-04 21:35 . 2009-06-19 02:42 40832 -c--a-w- c:\windows\system32\drivers\TosBtCi.dll
2012-06-04 21:35 . 2012-06-04 21:35 -------- dc----w- c:\program files (x86)\Toshiba
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-24 20:45 . 2012-04-20 00:07 426184 -c--a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-24 20:45 . 2011-05-19 14:31 70344 -c--a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-12 00:14 . 2012-05-12 00:04 1544704 ----a-w- c:\windows\system32\DWrite.dll
2012-05-12 00:14 . 2012-05-12 00:04 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-05-12 00:13 . 2012-05-11 23:50 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-12 00:12 . 2012-05-11 23:27 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-04-13 01:58 . 2012-04-13 01:58 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-13 01:58 . 2012-04-13 01:58 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-13 01:58 . 2012-04-13 01:58 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-13 01:58 . 2012-04-13 01:58 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-13 01:58 . 2012-04-13 01:58 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-13 01:58 . 2012-04-13 01:58 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-13 01:58 . 2012-04-13 01:58 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2011-11-10 02:32 . 2011-11-10 02:32 1163348 -c--a-w- c:\program files (x86)\THE_LEGEND_OF_ZELDA_25th_ANNIVERSARYUninst.exe
2011-11-10 02:32 . 2011-11-10 02:32 16590692 -c--a-w- c:\program files (x86)\THE_LEGEND_OF_ZELDA_25th_ANNIVERSARY.scr
.
 
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files (x86)\MyAshampoo\tbMyAs.dll" [2010-11-29 3908192]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-11-29 21:26 3908192 -c--a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}]
2011-05-09 08:49 176936 -c--a-w- c:\program files (x86)\uTorrentControl2\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
2010-11-29 21:26 3908192 -c--a-w- c:\program files (x86)\MyAshampoo\tbMyAs.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files (x86)\MyAshampoo\tbMyAs.dll" [2010-11-29 3908192]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-11-29 3908192]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 -c--a-w- c:\users\Javier Payes\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 -c--a-w- c:\users\Javier Payes\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 94208 -c--a-w- c:\users\Javier Payes\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-04-05 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"ITSecMng"="c:\program files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [2009-07-22 83336]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2012-06-14 296056]
.
c:\users\Javier Payes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Javier Payes\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
EvernoteClipper.lnk - c:\program files (x86)\Evernote\Evernote\EvernoteClipper.exe [2012-5-9 1014112]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - c:\program files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2010-12-14 2749856]
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2012-1-8 107720]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
3;2 NAUpdate;Nero Update [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Servicio de actualización de Google (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-24 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-24 250056]
R3 BthAvrcp;Perfil AVRCP Bluetooth;c:\windows\system32\DRIVERS\BthAvrcp.sys [2009-08-13 29184]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 16776]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 9096]
R3 gupdatem;Google Update Servicio (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-24 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-17 113120]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [2008-05-02 23552]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [2008-05-02 18432]
R3 PPJoyBus;Parallel Port Joystick Bus Enumerator;c:\windows\system32\DRIVERS\PPJoyBus64.sys [2009-11-04 20032]
R3 PPortJoystick;Parallel Port Joystick Device Driver;c:\windows\system32\DRIVERS\PPortJoy64.sys [2009-11-04 39488]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 RTL8192su;Airlink101 AWLL6077v2 Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2009-07-17 660992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;tsusbhub [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [2010-04-06 301232]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 IntcDAud;Sonido Intel(R) para pantallas;c:\windows\system32\DRIVERS\IntcDAud.sys [2009-11-27 244736]
.
 
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-20 20:45]
.
2012-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-24 00:54]
.
2012-06-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-24 00:54]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 -c--a-w- c:\users\Javier Payes\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 -c--a-w- c:\users\Javier Payes\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 -c--a-w- c:\users\Javier Payes\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-12-05 19:17 97792 -c--a-w- c:\users\Javier Payes\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-21 8306208]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"VX3000"="c:\windows\vVX3000.exe" [2010-05-20 762736]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-09-01 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-09-01 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-09-01 416024]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3072253
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
TCP: DhcpNameServer = 10.1.2.254 10.1.2.214 10.1.2.253
FF - ProfilePath - c:\users\Javier Payes\AppData\Roaming\Mozilla\Firefox\Profiles\l6dw6y8z.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - uTorrentControl2 Customized Web Search
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
FF - user.js: general.useragent.extra.brc -
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files (x86)\Nero\Update\NASvc.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
.
**************************************************************************
.
Completion time: 2012-06-27 20:51:27 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-28 01:51
.
Pre-Run: 3,357,929,472 bytes free
Post-Run: 3,367,297,024 bytes free
.
- - End Of File - - 06AE0A771C63DE8263548084C9E1F1F4
 
Looks good :)

Any current issues?

=======================================

Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/products/malwarebytes_free to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

======================================

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\tasks\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /I " " /c
dir /b "%systemroot%\*.exe" | find /I " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Everything seems fine. Thank you so much!!!!!
Up next is the Malwarebytes log:

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.28.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Javier Payes :: FI [administrator]

Protection: Enabled

6/27/2012 9:32:52 PM
mbam-log-2012-06-27 (21-38-51).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 213022
Time elapsed: 5 minute(s), 12 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> No action taken.

Registry Values Detected: 1
HKLM\SOFTWARE\Mozilla\Firefox\extensions|ClickPotatoLite@ClickPotatoLite.com (Adware.ClickPotato) -> Data: C:\Program Files (x86)\ClickPotatoLite\bin\10.0.659.0\firefox\extensions -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 
Sorry about that. I made that log before removing the detected malicious items. Here is a new log:

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.06.28.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Javier Payes :: FI [administrator]

Protection: Enabled

6/27/2012 10:05:15 PM
mbam-log-2012-06-27 (22-05-15).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 212778
Time elapsed: 2 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 
This is the OTL Log:

OTL logfile created on: 6/27/2012 9:50:53 PM - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Javier Payes\Desktop
64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.80 Gb Total Physical Memory | 2.14 Gb Available Physical Memory | 56.34% Memory free
7.60 Gb Paging File | 5.65 Gb Available in Paging File | 74.38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 75.05 Gb Total Space | 2.83 Gb Free Space | 3.77% Space Free | Partition Type: NTFS
Drive E: | 368.10 Gb Total Space | 13.14 Gb Free Space | 3.57% Space Free | Partition Type: NTFS
Drive F: | 20.51 Gb Total Space | 7.01 Gb Free Space | 34.20% Space Free | Partition Type: NTFS

Computer Name: FI | User Name: Javier Payes | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/27 21:30:51 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Javier Payes\Desktop\OTL.exe
PRC - [2012/06/24 15:45:09 | 001,535,176 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
PRC - [2012/06/16 21:20:48 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/06/14 15:26:56 | 000,296,056 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2012/05/24 13:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Javier Payes\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/05/09 09:47:54 | 001,014,112 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/03/29 15:33:08 | 000,598,312 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2011/02/18 12:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2010/12/14 15:13:06 | 002,749,856 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2010/09/06 16:18:00 | 000,746,384 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
PRC - [2010/08/23 16:12:00 | 000,677,264 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2010/08/23 16:12:00 | 000,087,440 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
PRC - [2010/05/20 16:26:30 | 000,762,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX3000.exe
PRC - [2009/12/09 03:50:00 | 002,320,920 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009/12/09 03:49:58 | 000,268,824 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2006/08/11 11:15:36 | 000,200,704 | ---- | M] (InterVideo Inc.) -- C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/24 15:45:09 | 009,459,912 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
MOD - [2012/06/16 21:20:48 | 002,042,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012/03/16 15:42:58 | 000,315,392 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
MOD - [2012/03/16 15:42:56 | 000,433,664 | ---- | M] () -- C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/05/20 16:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/06/24 15:45:10 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/06/19 14:45:37 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/06/16 21:20:48 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/03/29 15:33:08 | 000,598,312 | ---- | M] (Nero AG) [Auto | Stop_Pending] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) @C:\Program Files (x86)
SRV - [2010/04/12 10:45:00 | 000,196,976 | ---- | M] (TOSHIBA CORPORATION) [On_Demand | Running] -- C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/09 03:50:00 | 002,320,920 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009/12/09 03:49:58 | 000,268,824 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009/07/13 12:06:15 | 003,093,880 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/05/31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2006/08/11 11:15:36 | 000,200,704 | ---- | M] (InterVideo Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/12 20:58:39 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/08/31 20:53:22 | 012,306,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/07/29 14:54:56 | 000,016,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv)
DRV:64bit: - [2011/07/29 14:54:56 | 000,009,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/16 19:23:46 | 000,074,240 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2011/01/15 11:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010/12/16 17:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/12/12 00:09:08 | 000,291,760 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfbd.sys -- (tosrfbd)
DRV:64bit: - [2010/12/02 19:30:00 | 000,067,384 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfusb.sys -- (Tosrfusb)
DRV:64bit: - [2010/11/29 11:47:00 | 000,082,224 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tosrfcom.sys -- (Tosrfcom)
DRV:64bit: - [2010/11/23 02:34:00 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 06:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/11 10:27:00 | 000,050,864 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV:64bit: - [2010/09/22 14:19:02 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2010/08/30 10:48:00 | 000,094,528 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV:64bit: - [2010/05/20 16:26:30 | 002,060,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VX3000.sys -- (VX3000)
DRV:64bit: - [2010/04/26 11:48:00 | 000,063,488 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV:64bit: - [2010/04/06 00:37:42 | 000,301,232 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress) Intel(R)
DRV:64bit: - [2009/11/27 08:15:14 | 000,244,736 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Sonido Intel(R)
DRV:64bit: - [2009/11/03 22:03:56 | 000,039,488 | ---- | M] (Deon van der Westhuysen) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PPortJoy64.sys -- (PPortJoystick)
DRV:64bit: - [2009/11/03 22:03:56 | 000,020,032 | ---- | M] (Deon van der Westhuysen) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PPJoyBus64.sys -- (PPJoyBus)
DRV:64bit: - [2009/10/27 12:10:18 | 000,030,208 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motmodem.sys -- (motmodem)
DRV:64bit: - [2009/09/16 23:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009/09/03 17:30:20 | 000,128,512 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tiehdusb.sys -- (TIEHDUSB)
DRV:64bit: - [2009/08/13 09:38:24 | 000,029,184 | ---- | M] (CSR, plc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BthAvrcp.sys -- (BthAvrcp)
DRV:64bit: - [2009/07/24 11:33:00 | 000,026,472 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tosrfnds.sys -- (tosrfnds)
DRV:64bit: - [2009/07/17 11:09:04 | 000,660,992 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtl8192su.sys -- (RTL8192su)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/13 19:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/07/13 19:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2009/06/17 12:01:00 | 000,054,664 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tosporte.sys -- (tosporte)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/01/09 16:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2008/05/02 11:59:08 | 000,008,704 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64j.sys -- (UsbserFilt)
DRV:64bit: - [2008/05/02 11:58:50 | 000,008,704 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2008/05/02 11:58:48 | 000,023,552 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdcx64)
DRV:64bit: - [2008/05/02 11:58:48 | 000,018,432 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcdx64)
DRV:64bit: - [2006/01/12 11:49:18 | 000,018,560 | ---- | M] (Cisco-Linksys, LLC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WCG200V2NTamd64.sys -- (WCG200NTamd64)
DRV - [2011/07/29 14:54:56 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv)
DRV - [2011/07/29 14:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2010/09/16 13:48:02 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2002/10/07 19:07:38 | 000,011,376 | R--- | M] () [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\SECDRV.SYS -- (SecDrv)
DRV - [1999/09/10 13:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Stopped] -- C:\Windows\SysWow64\drivers\ASPI32.SYS -- (ASPI32)


========== Standard Registry (SafeList) ==========
 
========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



IE - HKU\S-1-5-21-585829491-2030783581-114987629-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT3072253
IE - HKU\S-1-5-21-585829491-2030783581-114987629-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = es-MX
IE - HKU\S-1-5-21-585829491-2030783581-114987629-1000\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-585829491-2030783581-114987629-1000\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-585829491-2030783581-114987629-1000\..\SearchScopes,DefaultScope = {92E2242F-0B40-4B18-80F5-10F4AD20D9EE}
IE - HKU\S-1-5-21-585829491-2030783581-114987629-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-585829491-2030783581-114987629-1000\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKU\S-1-5-21-585829491-2030783581-114987629-1000\..\SearchScopes\{63D37799-AFD2-4EE1-977A-5AFD117379CA}: "URL" = http://mx.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=386496&p={searchTerms}
IE - HKU\S-1-5-21-585829491-2030783581-114987629-1000\..\SearchScopes\{6C55CA6E-125E-47D5-897D-D5F466E418D5}: "URL" = http://en.wikipedia.org/w/index.php?title=Special:Search&search={searchTerms}
IE - HKU\S-1-5-21-585829491-2030783581-114987629-1000\..\SearchScopes\{75E01832-A5BB-4EEA-B457-E53526AF1894}: "URL" = http://es.wikipedia.org/w/index.php?title=Special:Search&search={searchTerms}
IE - HKU\S-1-5-21-585829491-2030783581-114987629-1000\..\SearchScopes\{78198319-70F5-4FBE-BE30-0CEEA25D277B}: "URL" = http://www.google.com/search?hl=en&q={searchTerms}
IE - HKU\S-1-5-21-585829491-2030783581-114987629-1000\..\SearchScopes\{92E2242F-0B40-4B18-80F5-10F4AD20D9EE}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=ie8
IE - HKU\S-1-5-21-585829491-2030783581-114987629-1000\..\SearchScopes\{939F10F2-C7BC-4167-93CA-A1822838AD20}: "URL" = http://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
IE - HKU\S-1-5-21-585829491-2030783581-114987629-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-585829491-2030783581-114987629-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaultthis.engineName: "uTorrentControl2 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=386496&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "uTorrentControl2 Customized Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.4.53: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.4.53: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011/04/16 18:12:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011/04/16 18:12:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/06/27 12:11:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/16 21:20:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/14 15:28:14 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/16 21:20:49 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/14 15:28:14 | 000,000,000 | ---D | M]

[2011/08/29 19:56:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Javier Payes\AppData\Roaming\mozilla\Extensions
[2012/06/27 18:18:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Javier Payes\AppData\Roaming\mozilla\Firefox\Profiles\l6dw6y8z.default\extensions
[2012/05/30 18:59:31 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Users\Javier Payes\AppData\Roaming\mozilla\Firefox\Profiles\l6dw6y8z.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
[2012/06/05 15:22:15 | 000,000,000 | ---D | M] (MyAshampoo Community Toolbar) -- C:\Users\Javier Payes\AppData\Roaming\mozilla\Firefox\Profiles\l6dw6y8z.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}
[2012/03/29 12:37:33 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Javier Payes\AppData\Roaming\mozilla\Firefox\Profiles\l6dw6y8z.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/06/27 18:18:43 | 000,000,000 | ---D | M] ("pearltrees") -- C:\Users\Javier Payes\AppData\Roaming\mozilla\Firefox\Profiles\l6dw6y8z.default\extensions\collector@broceliand.fr
[2011/12/25 14:48:34 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Javier Payes\AppData\Roaming\mozilla\Firefox\Profiles\l6dw6y8z.default\extensions\engine@conduit.com
[2012/03/18 19:30:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/06/16 21:20:49 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/10/06 19:18:35 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2012/03/15 10:17:49 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010/10/06 19:18:37 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/06/14 15:27:06 | 000,129,144 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
[2012/03/12 23:38:32 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/01/27 18:42:51 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
[2012/03/12 23:38:32 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
 
========== Chrome ==========

CHR - default_search_provider: ()
CHR - default_search_provider: search_url =
CHR - default_search_provider: suggest_url =

O1 HOSTS File: ([2012/06/27 20:40:27 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll File not found
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (MyAshampoo Toolbar) - {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - C:\Program Files (x86)\MyAshampoo\tbMyAs.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [VX3000] C:\Windows\vVX3000.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [TkBellExe] c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-585829491-2030783581-114987629-1000..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Javier Payes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Javier Payes\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Javier Payes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-585829491-2030783581-114987629-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-585829491-2030783581-114987629-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.26.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.2.254 10.1.2.214 10.1.2.253
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{017E5300-E963-4258-A87D-F590371E3DA4}: DhcpNameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1DBD90B3-0079-4584-81C7-0746A134E261}: DhcpNameServer = 10.1.2.254 10.1.2.214 10.1.2.253
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DDA3FDAF-FEBB-463B-982B-A9605A42C9BA}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F2C3C95A-C2CF-45A5-A7CD-D0AC4A8AF571}: DhcpNameServer = 10.1.2.254 10.1.2.124 10.1.2.123
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========

[2012/06/27 21:30:47 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Javier Payes\Desktop\OTL.exe
[2012/06/27 21:28:46 | 000,000,000 | ---D | C] -- C:\Users\Javier Payes\AppData\Roaming\Malwarebytes
[2012/06/27 21:28:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/27 21:28:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/06/27 21:28:36 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/06/27 21:28:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/06/27 20:55:32 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/06/27 20:28:31 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/06/27 20:28:31 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/06/27 20:28:31 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/06/27 20:28:16 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/27 20:27:03 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/06/27 20:24:58 | 004,570,514 | R--- | C] (Swearware) -- C:\Users\Javier Payes\Desktop\ComboFix.exe
[2012/06/27 12:59:32 | 000,000,000 | ---D | C] -- C:\FRST
[2012/06/24 16:01:58 | 000,000,000 | ---D | C] -- C:\Users\Javier Payes\AppData\Local\Macromedia
[2012/06/24 15:51:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2012/06/24 15:50:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/06/21 18:13:12 | 000,000,000 | ---D | C] -- C:\Users\Javier Payes\AppData\Roaming\Hive Cluster
[2012/06/21 17:43:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Super Meat Boy
[2012/06/21 17:43:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Super Meat Boy
[2012/06/21 17:43:01 | 000,000,000 | ---D | C] -- C:\Users\Javier Payes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Super Meat Boy
[2012/06/21 15:44:05 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2012/06/15 09:44:16 | 000,000,000 | ---D | C] -- C:\Users\Javier Payes\AppData\Local\{B0DA6E0E-25E6-4C6C-97A2-E21D25D8C269}
[2012/06/14 18:24:19 | 000,000,000 | ---D | C] -- C:\Users\Javier Payes\Documents\Hipertensión Arterial
[2012/06/14 15:27:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2012/06/14 15:26:59 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2012/06/14 15:26:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
[2012/06/04 16:41:05 | 000,000,000 | ---D | C] -- C:\Users\Javier Payes\AppData\Local\Toshiba
[2012/06/04 16:41:05 | 000,000,000 | ---D | C] -- C:\ProgramData\TOSHIBA
[2012/06/04 16:36:28 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/06/04 16:35:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA
[2012/06/04 16:35:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toshiba
[2012/05/30 21:50:01 | 000,000,000 | ---D | C] -- C:\Users\Javier Payes\Documents\Onchocerca volvulus
[2012/05/30 20:28:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
[2011/11/09 21:32:43 | 001,163,348 | ---- | C] (SERIALGAMES Inc.) -- C:\Program Files (x86)\THE_LEGEND_OF_ZELDA_25th_ANNIVERSARYUninst.exe

========== Files - Modified Within 30 Days ==========

[2012/06/27 21:50:31 | 000,015,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/27 21:50:31 | 000,015,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/27 21:42:44 | 000,001,044 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/27 21:42:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/27 21:41:28 | 3061,829,632 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/27 21:36:02 | 000,001,048 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/27 21:30:51 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Javier Payes\Desktop\OTL.exe
[2012/06/27 20:43:09 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/27 20:40:27 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/06/27 20:26:14 | 002,584,128 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/06/27 20:26:14 | 000,751,842 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
[2012/06/27 20:26:14 | 000,741,652 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2012/06/27 20:26:14 | 000,658,544 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/06/27 20:26:14 | 000,161,080 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
[2012/06/27 20:26:14 | 000,151,312 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2012/06/27 20:26:14 | 000,124,214 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/06/27 20:25:45 | 004,570,514 | R--- | M] (Swearware) -- C:\Users\Javier Payes\Desktop\ComboFix.exe
[2012/06/24 15:51:18 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/06/24 15:51:04 | 002,611,484 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/06/14 18:51:31 | 000,990,070 | ---- | M] () -- C:\Users\Javier Payes\Documents\hipertensiónarterial151.jpg
[2012/06/14 15:26:59 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2012/06/14 15:21:25 | 000,743,480 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/06/09 09:37:18 | 000,001,050 | ---- | M] () -- C:\Users\Javier Payes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/06/04 16:41:12 | 000,000,956 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk

========== Files Created - No Company Name ==========

[2012/06/27 20:28:31 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/06/27 20:28:31 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/06/27 20:28:31 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/06/27 20:28:31 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/06/27 20:28:31 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/06/24 15:51:11 | 000,001,915 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012/06/14 18:51:30 | 000,990,070 | ---- | C] () -- C:\Users\Javier Payes\Documents\hipertensiónarterial151.jpg
[2012/06/04 16:37:38 | 000,000,956 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
[2012/01/31 10:10:39 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/01/31 10:07:51 | 002,392,064 | ---- | C] () -- C:\Windows\SysWow64\videotrans.dll
[2012/01/31 10:07:51 | 000,215,040 | ---- | C] () -- C:\Windows\SysWow64\videoformat.dll
[2012/01/31 10:07:51 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\imgscaler.dll
[2012/01/31 10:07:51 | 000,022,016 | ---- | C] () -- C:\Windows\SysWow64\img_utils.dll
[2012/01/31 10:07:51 | 000,017,920 | ---- | C] () -- C:\Windows\SysWow64\videocore.dll
[2012/01/31 10:07:48 | 000,217,088 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012/01/31 10:07:48 | 000,128,512 | ---- | C] () -- C:\Windows\SysWow64\xvid.dll
[2012/01/25 22:42:54 | 002,469,760 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe
[2012/01/25 22:42:54 | 000,019,840 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll
[2012/01/25 22:42:53 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe
[2012/01/25 22:42:53 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys
[2012/01/25 22:42:53 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys
[2011/11/09 21:32:41 | 016,590,692 | ---- | C] () -- C:\Program Files (x86)\THE_LEGEND_OF_ZELDA_25th_ANNIVERSARY.scr
[2011/11/08 12:54:19 | 000,004,096 | -H-- | C] () -- C:\Users\Javier Payes\AppData\Local\keyfile3.drm
[2011/10/30 23:32:53 | 000,010,752 | ---- | C] () -- C:\Users\Javier Payes\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/25 09:42:10 | 000,000,180 | ---- | C] () -- C:\Windows\youtube2mp3.ini
[2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/09/19 20:42:11 | 000,001,492 | ---- | C] () -- C:\ProgramData\ss.ini
[2011/08/31 20:51:16 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2011/08/31 20:51:16 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2011/08/31 20:51:16 | 000,105,608 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2011/08/31 20:26:20 | 013,903,872 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011/06/01 13:28:14 | 000,000,034 | ---- | C] () -- C:\Windows\ARPR.INI
[2011/05/27 01:16:02 | 000,077,824 | ---- | C] () -- C:\Windows\SysWow64\eautil.dll
[2011/03/01 01:36:38 | 000,389,914 | ---- | C] () -- C:\ProgramData\bdinstall.bin
[2011/01/28 12:50:48 | 000,042,664 | ---- | C] () -- C:\Windows\SysWow64\drivers\fsbts.sys
[2011/01/28 12:43:40 | 000,002,648 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2011/01/27 11:17:37 | 000,007,597 | ---- | C] () -- C:\Users\Javier Payes\AppData\Local\resmon.resmoncfg
[2011/01/26 08:52:05 | 002,611,484 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/10/19 10:51:02 | 000,000,360 | ---- | C] () -- C:\Windows\MP3trt.ini
[2010/10/12 21:03:25 | 000,000,000 | ---- | C] () -- C:\Windows\winfile.ini

========== LOP Check ==========

[2010/10/26 15:57:25 | 000,000,000 | ---D | M] -- C:\Users\Javier Payes\AppData\Roaming\AnvSoft
[2011/12/21 18:11:06 | 000,000,000 | ---D | M] -- C:\Users\Javier Payes\AppData\Roaming\Ashampoo
[2011/07/04 20:20:01 | 000,000,000 | ---D | M] -- C:\Users\Javier Payes\AppData\Roaming\Bioshock
[2011/11/15 18:56:17 | 000,000,000 | ---D | M] -- C:\Users\Javier Payes\AppData\Roaming\Canneverbe Limited
[2011/06/25 11:01:31 | 000,000,000 | ---D | M] -- C:\Users\Javier Payes\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011/06/18 10:26:55 | 000,000,000 | ---D | M] -- C:\Users\Javier Payes\AppData\Roaming\com.adobe.px.Uploader.4C35C4D325D350FE0114230CBADCA2DDD0AC8D25.1
[2011/05/19 12:11:37 | 000,000,000 | ---D | M] -- C:\Users\Javier Payes\AppData\Roaming\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1
[2011/10/03 18:04:05 | 000,000,000 | ---D | M] -- C:\Users\Javier Payes\AppData\Roaming\CurriculumFacil
[2011/10/12 22:29:56 | 000,000,000 | ---D | M] -- C:\Users\Javier Payes\AppData\Roaming\Downloaded Installations
[2012/06/27 21:43:07 | 000,000,000 | ---D | M] -- C:\Users\Javier Payes\AppData\Roaming\Dropbox
[2011/10/25 09:49:12 | 000,000,000 | ---D | M] -- C:\Users\Javier Payes\AppData\Roaming\DVDVideoSoft
[2011/02/26 19:52:58 | 000,000,000 | ---D | M] -- C:\Users\Javier Payes\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/01/27 17:44:18 | 000,000,000 | ---D | M] -- C:\Users\Javier Payes\AppData\Roaming\f-secure
[2011/02/24 23:08:26 | 000,000,000 | ---D | M] -- C:\Users\Javier Payes\AppData\Roaming\FreeAudioPack
[2011/12/22 21:42:19 | 000,000,000 | ---D | M] -- C:\Users\Javier Payes\AppData\Roaming\GetRightToGo
[2012/03/29 12:54:58 | 000,000,000 | ---D | M] -- C:\Users\Javier Payes\AppData\Roaming\GrabPro
[2012/06/21 18:13:12 | 000,000,000 | ---D | M] -- C:\Users\Javier Payes\AppData\Roaming\Hive Cluster
[2011/04/26 11:07:00 | 000,000,000 | ---D | M] -- C:\Users\Javier Payes\AppData\Roaming\IObit
[2011/09/11 10:00:22 | 000,000,000 | ---D | M] -- C:\Users\Javier Payes\AppData\Roaming\IVideoWare
[2011/07/23 19:43:34 | 000,000,000 | ---D | M] -- C:\Users\Javier Payes\AppData\Roaming\Leadertech
[2011/01/27 11:16:29 | 000,000,000 | ---D | M] -- C:\Users\Javier Payes\AppData\Roaming\NCH Swift Sound
[2011/06/02 09:58:17 | 000,000,000 | ---D | M] -- C:\Users\Javier Payes\AppData\Roaming\Opera
[2012/03/30 18:38:31 | 000,000,000 | ---D | M] -- C:\Users\Javier Payes\AppData\Roaming\Orbit
[2011/06/01 13:27:47 | 000,000,000 | ---D | M] -- C:\Users\Javier Payes\AppData\Roaming\Philipp Winterberg
[2012/03/29 12:55:01 | 000,000,000 | ---D | M] -- C:\Users\Javier Payes\AppData\Roaming\ProgSense
[2011/03/01 01:37:15 | 000,000,000 | ---D | M] -- C:\Users\Javier Payes\AppData\Roaming\QuickScan
[2012/06/27 12:11:32 | 000,000,000 | ---D | M] -- C:\Users\Javier Payes\AppData\Roaming\Rainmeter
[2011/11/08 21:14:56 | 000,000,000 | ---D | M] -- C:\Users\Javier Payes\AppData\Roaming\Research In Motion
[2012/03/10 21:14:36 | 000,000,000 | ---D | M] -- C:\Users\Javier Payes\AppData\Roaming\Rovio
[2011/11/08 17:28:53 | 000,000,000 | ---D | M] -- C:\Users\Javier Payes\AppData\Roaming\Spotify
[2012/03/15 10:42:44 | 000,000,000 | ---D | M] -- C:\Users\Javier Payes\AppData\Roaming\Stardock
[2012/06/21 20:09:08 | 000,000,000 | ---D | M] -- C:\Users\Javier Payes\AppData\Roaming\uTorrent
[2012/04/27 20:46:32 | 000,000,000 | ---D | M] -- C:\Users\Javier Payes\AppData\Roaming\Vso
[2012/06/27 20:40:01 | 000,032,636 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========
 
========== Custom Scans ==========

< >

< %SYSTEMDRIVE%\*.* >
[2011/03/29 09:13:23 | 000,001,011 | ---- | M] () -- C:\bdlog.txt
[2012/06/27 20:51:28 | 000,026,651 | ---- | M] () -- C:\ComboFix.txt
[2012/06/27 21:41:28 | 3061,829,632 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/21 16:56:08 | 000,921,624 | ---- | M] () -- C:\img2-001.raw
[2012/06/27 21:42:35 | 4082,442,240 | -HS- | M] () -- C:\pagefile.sys
[2010/10/12 04:54:39 | 000,000,206 | ---- | M] () -- C:\realtek.log
[2010/10/12 04:54:39 | 000,002,246 | ---- | M] () -- C:\RHDSetup.log
[2010/11/16 01:54:34 | 000,000,000 | ---- | M] () -- C:\t13k.1
[2010/11/15 09:04:44 | 000,000,000 | ---- | M] () -- C:\t148.1
[2010/11/15 09:04:44 | 000,000,000 | ---- | M] () -- C:\t148.2

< %systemroot%\Fonts\*.com >
[2009/07/14 00:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 00:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 00:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 00:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 15:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2011/11/09 20:53:15 | 016,590,692 | ---- | M] () -- C:\Windows\THE_LEGEND_OF_ZELDA_25th_ANNIVERSARY.scr
[2010/11/10 03:28:46 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/13 23:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini
[2011/11/09 21:32:42 | 016,590,692 | ---- | M] () -- C:\Program Files (x86)\THE_LEGEND_OF_ZELDA_25th_ANNIVERSARY.scr
[2011/11/09 21:32:48 | 001,163,348 | ---- | M] (SERIALGAMES Inc.) -- C:\Program Files (x86)\THE_LEGEND_OF_ZELDA_25th_ANNIVERSARYUninst.exe

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/05/20 12:19:58 | 000,000,221 | -HS- | M] () -- C:\Users\Javier Payes\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2012/06/27 20:25:45 | 004,570,514 | R--- | M] (Swearware) -- C:\Users\Javier Payes\Desktop\ComboFix.exe
[2012/06/27 21:30:51 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Javier Payes\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >
[2009/06/26 17:24:18 | 000,013,023 | ---- | M] () -- C:\Windows\VX3000.src

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\tasks\*.* >
[2012/06/27 20:43:09 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/27 21:42:44 | 000,001,044 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/27 21:36:02 | 000,001,048 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/27 21:42:41 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2012/06/27 20:40:01 | 000,032,636 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 16:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2012/03/21 11:45:07 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
[2012/03/21 11:45:07 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
[2011/03/01 04:23:13 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
[2011/03/01 04:23:13 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
[2012/03/21 11:45:08 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2012/02/17 11:32:59 | 000,000,402 | -HS- | M] () -- C:\Users\Javier Payes\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2011/03/29 09:14:51 | 000,389,914 | ---- | M] () -- C:\ProgramData\bdinstall.bin
[2011/01/28 12:43:40 | 000,002,648 | ---- | M] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2011/11/10 20:01:18 | 000,001,492 | ---- | M] () -- C:\ProgramData\ss.ini

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /I " " /c >

< dir /b "%systemroot%\*.exe" | find /I " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >
[1999/09/10 13:06:00 | 000,004,672 | ---- | M] (Adaptec) -- C:\Windows\system\WOWPOST.EXE

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\LastSuccessTime /rs >

========== Files - Unicode (All) ==========
[2011/03/29 09:14:52 | 000,000,000 | ---- | M] ()(C:\Windows\SysNative\?????) -- C:\Windows\SysNative\獷楬汢捯污
[2011/03/29 09:13:24 | 000,000,000 | ---- | C] ()(C:\Windows\SysNative\?????) -- C:\Windows\SysNative\獷楬汢捯污

========== Alternate Data Streams ==========

@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:C1F4198F

< End of report >
 
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code:
    :OTL
    O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll File not found
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    @Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:C1F4198F
    
    :Commands
    [purity]
    [emptytemp]
    [emptyjava]
    [emptyflash]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

========================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


3. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


4. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
All right, OTL gave me the following log:


All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}\ deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
ADS C:\ProgramData\TEMP:C1F4198F deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56468 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Javier Payes
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 220184911 bytes
->Java cache emptied: 1375913 bytes
->FireFox cache emptied: 51212052 bytes
->Google Chrome cache emptied: 374215517 bytes
->Flash cache emptied: 130084 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 536464 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 29351626 bytes
RecycleBin emptied: 1029145872 bytes

Total Files Cleaned = 1,627.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Javier Payes
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Javier Payes
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.53.0 log created on 06282012_093322

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 
The Security Check log:

Results of screen317's Security Check version 0.99.24
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:

Spybot - Search & Destroy
Java(TM) 6 Update 31
Out of date Java installed!
Adobe Flash Player 11.3.300.262
Adobe Reader X (10.1.3)
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
Microsoft Security Essentials msseces.exe
``````````End of Log````````````
 
Farbar Service Scanner Log:

Farbar Service Scanner Version: 25-06-2012 01
Ran by Javier Payes (administrator) on 28-06-2012 at 09:46:05
Running from "C:\Users\Javier Payes\Downloads"
Microsoft Windows 7 Enterprise Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
 
Ran Temp File Cleaner and ESET. This is the ESET Log:

C:\Qoobox\Quarantine\C\Users\Javier Payes\AppData\Local\TempDIR\BetterInstaller.exe.vir a variant of Win32/Somoto.A application cleaned by deleting - quarantined
C:\Users\Javier Payes\Downloads\cnet2_OrbitDownloaderSetup_exe.exe a variant of Win32/InstallCore.D application cleaned by deleting - quarantined
 
Back