Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Random audio and ads music from Audiodg


  • This topic is locked This topic is locked
11 replies to this topic

#1 Xjr1979

Xjr1979

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:49 AM

Posted 19 February 2014 - 02:53 PM

Saludos from Madrid Spain, my computer recently started playing random ads and music suddenly. No browsers are open and no programs are running.  The only way to stop it is by stopping the audiodg.exe process in task manager.

Below I have attached  the log files as requested.

 

Hope you can help me out removing  the malware on my system, Thanks in advance for  your time and effort.

Regards.

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16533  BrowserJavaVersion: 10.45.2
Run by Xjr at 20:36:25 on 2014-02-19
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.34.3082.18.3326.889 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\astsrv.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
C:\Windows\system32\HerculesWiFiService.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\system32\nlssrv32.exe
C:\Program Files\Polar\Daemon\polard.exe
C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
C:\Program Files\Amazon Browser Bar\ToolbarUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\ehome\ehsched.exe
C:\Windows\ehome\ehRecvr.exe
C:\Program Files\Google\Update\1.3.22.5\GoogleCrashHandler.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Users\Xjr\AppData\Local\GCC\Controller.exe
C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
C:\WINDOWS\RtHDVCpl.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe
C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\LaCie\Network Assistant\LaCie Network Assistant.exe
C:\Program Files\LaCie\Genie Backup Manager Pro\GBMAgent.exe
C:\Program Files\Pantone\hueyPRO\hueyPROTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Polar\WebSync\WebSync.exe
C:\Program Files\Hercules\WiFiStationN\WiFiN.exe
C:\Users\Xjr\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Users\Xjr\AppData\Local\GCC\Controller.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Windows\System32\mobsync.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreamsDownloader.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k WindowsMobile
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://micoach.adidas.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=ES_ES&c=73&bd=Pavilion&pf=desktop
BHO: The Amazon 1Button App for IE: {26B19FA4-E8A1-4A1B-A163-1A1E46F830DD} - c:\program files\amazon\amazon1buttonapp\AmazonAppIE.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Aplicación auxiliar de inicio de sesión de Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - c:\program files\evernote\evernote\EvernoteIE.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [AdobeBridge] "c:\program files\adobe\adobe bridge cs5\Bridge.exe" -stealth
uRun: [iCloudServices] c:\program files\common files\apple\internet services\iCloudServices.exe
uRun: [ApplePhotoStreams] c:\program files\common files\apple\internet services\ApplePhotoStreams.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Spotify Web Helper] "c:\program files\spotify\data\SpotifyWebHelper.exe"
uRun: [Spotify] "c:\program files\spotify\Spotify.exe" /uri spotify:autostart
uRun: [LaCie Ethernet Agent Startup] "c:\program files\lacie\network assistant\LaCie Network Assistant.exe" silent
uRun: [GBMPro8AgentLaCie] c:\program files\lacie\genie backup manager pro\GBMAgent.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [ScreenHunter 6.0 Free] c:\program files\wisdom-soft screenhunter 6.0 free\ScreenHunter.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [RegistrarUsrDNIeCertStoreDLL] "c:\program files\dnie\udcs.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [GBMPro8AgentLaCie] c:\program files\lacie\genie backup manager pro\GBMAgent.exe
mRun: [AgentMonitor] c:\program files\vtech\downloadmanager\system\AgentMonitor.exe
StartupFolder: c:\users\xjr\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\xjr\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\xjr\appdata\roaming\micros~1\windows\startm~1\programs\startup\everno~1.lnk - c:\program files\evernote\evernote\EvernoteClipper.exe
StartupFolder: c:\users\xjr\appdata\roaming\micros~1\windows\startm~1\programs\startup\recort~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hueypr~1.lnk - c:\program files\pantone\hueypro\hueyPROTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\polarw~1.lnk - c:\program files\polar\websync\WebSync.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wifist~1.lnk - c:\program files\hercules\wifistationn\WiFiN.exe
uPolicies-Explorer: NoDrives = dword:0
uPolicies-System: DisableRegedit = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: DisableRegedit = dword:0
IE: Captura URL - c:\program files\evernote\evernote\\evernoteieres\Clip.html?clipAction=0
IE: Capturar esta página - c:\program files\evernote\evernote\\evernoteieres\Clip.html?clipAction=1
IE: Capturar imágen - c:\program files\evernote\evernote\\evernoteieres\Clip.html?clipAction=4
IE: Capturar selección - c:\program files\evernote\evernote\\evernoteieres\Clip.html?clipAction=3
IE: Nueva Nota - c:\program files\evernote\evernote\\evernoteieres\NewNote.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - c:\program files\evernote\evernote\\evernoteieres\AddNote.html
DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/3.0.1.0/GarminAxControl.CAB
DPF: {0FADB9AA-6955-4319-B538-BB1461E11A28} - hxxps://eu.ntrsupport.com/nv/inquiero/mod/setup/ntrplugin1242v_2.cab
DPF: {2DAB6EF1-66C3-427C-87CD-8DC448C47EAE} - hxxps://www5.aeat.es/es13/h/tgvicab.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {947B00D2-962D-4A35-9E48-98EE6A442B41} - hxxps://www1.agenciatributaria.gob.es/ADUA/internet/aded1503.cab
DPF: {B785FA3C-1DE9-4D20-8396-613C486FE95E} - hxxps://www1.agenciatributaria.gob.es/es13/h/cactivex.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: NameServer = 80.58.61.250 80.58.61.254
TCP: Interfaces\{A70DCD57-26E4-4E25-B6B5-EBEED9A983C2} : DHCPNameServer = 80.58.61.250 80.58.61.254
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\32.0.1700.107\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2013-9-27 214696]
R2 BBUpdate;BBUpdate;c:\program files\microsoft\bingbar\SeaPort.EXE [2011-10-13 249648]
R2 DQLWinService;DQLWinService;c:\program files\common files\intel\inteldh\nms\adpplugins\DQLWinService.exe [2006-9-3 208896]
R2 FontCache;Servicio de caché de fuentes de Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-31 21504]
R2 HerculesWiFi;HerculesWiFi;c:\windows\system32\HerculesWiFiService.exe [2011-4-1 53544]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 104768]
R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe [2011-3-29 66560]
R2 Polar Daemon;Polar Daemon;c:\program files\polar\daemon\polard.exe [2012-12-12 419536]
R2 TabletServiceWacom;TabletServiceWacom;c:\program files\tablet\wacom\Wacom_Tablet.exe [2012-2-5 6321016]
R2 TouchServiceWacom;Wacom Professional Touch Service;c:\program files\tablet\wacom\Wacom_TouchService.exe [2012-2-5 470904]
R2 Updater Service for AMZN;Updater Service for AMZN;c:\program files\amazon browser bar\ToolbarUpdaterService.exe [2013-3-21 222368]
R3 3xHybrid;ASUSTek SAA713x PCI Card;c:\windows\system32\drivers\3xHybrid.sys [2007-6-21 2831232]
R3 NisSrv;Inspección de red de Microsoft;c:\program files\microsoft security client\NisSrv.exe [2013-10-23 280288]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [2011-4-1 515584]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2012-1-29 10752]
S2 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-10-21 196176]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c98e3f36456860;Servicio Google Update (gupdate1c98e3f36456860);c:\program files\google\update\GoogleUpdate.exe [2009-2-14 133104]
S2 IntelDHSvcConf;Intel DH Service;c:\program files\intel\inteldh\intel media server\tools\IntelDHSvcConf.exe [2006-5-10 29696]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-11-28 54632]
S3 fsssvc;Servicio de Windows Live Protección infantil;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 MCLServiceATL;Intel® Application Tracker;c:\program files\intel\inteldh\intel media server\shells\MCLServiceATL.exe [2006-9-11 167936]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
.
=============== File Associations ===============
.
FileExt: .inf: inffile=c:\windows\system32\NOTEPAD.EXE %1 [UserChoice]
ShellExec: DigitalTheatre.exe: open="c:\program files\arcsoft\totalmedia extreme for sanyo\digital theatre\uDTStart.exe" "%1"
.
=============== Created Last 30 ================
.
2014-02-19 19:22:31 719224 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{a379efdd-df12-4f6c-a53b-630d9855ce32}\gapaengine.dll
2014-02-19 19:17:47 7947048 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{265e8f3b-f8f6-42d6-9148-887dc9e394c6}\mpengine.dll
2014-02-16 19:19:58 7760024 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2014-02-15 02:03:59 678912 ----a-w- c:\program files\internet explorer\iedvtool.dll
2014-02-15 02:03:59 387584 ----a-w- c:\program files\internet explorer\jsdbgui.dll
2014-02-15 02:03:57 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2014-02-14 11:06:33 1248768 ----a-w- c:\windows\system32\msxml3.dll
2014-02-09 10:34:49 -------- d-sh--w- C:\$RECYCLE.BIN
2014-02-09 10:10:11 98816 ----a-w- c:\windows\sed.exe
2014-02-09 10:10:11 256000 ----a-w- c:\windows\PEV.exe
2014-02-09 10:10:11 208896 ----a-w- c:\windows\MBR.exe
2014-02-07 12:04:04 -------- d-----w- c:\users\xjr\appdata\local\Amazon Browser Bar
2014-02-07 12:03:27 -------- d-----w- c:\program files\Amazon Browser Bar
2014-02-07 12:02:50 -------- d-----w- c:\program files\Amazon
2014-02-07 12:01:06 18776 ----a-w- c:\windows\system32\roboot.exe
2014-02-07 12:01:03 -------- d-----w- c:\users\xjr\appdata\roaming\systweak
2014-02-07 09:13:57 -------- d-----w- C:\AdwCleaner
2014-02-02 09:20:14 -------- d-----w- c:\users\xjr\appdata\local\GCC
2014-01-27 08:56:21 -------- d-----w- c:\users\xjr\appdata\local\Oxy
2014-01-27 08:56:21 -------- d-----w- c:\users\xjr\appdata\local\Chromium
2014-01-25 23:04:42 -------- d-----w- c:\users\xjr\appdata\roaming\Oxy
2014-01-23 11:10:06 719224 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{4eb4a1ec-1b02-4225-af11-81ed06ccf13d}\gapaengine.dll
.
==================== Find3M  ====================
.
2014-02-05 19:17:36 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-05 19:17:36 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-05 08:56:17 1806848 ----a-w- c:\windows\system32\jscript9.dll
2014-02-05 08:50:39 1129472 ----a-w- c:\windows\system32\wininet.dll
2014-02-05 08:48:40 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2014-02-05 08:48:27 421376 ----a-w- c:\windows\system32\vbscript.dll
2014-02-05 08:47:16 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2014-01-19 07:32:23 231584 ------w- c:\windows\system32\MpSigStub.exe
.
============= FINISH: 20:38:25,76 ===============

 

 

 

 

 

Attached Files



BC AdBot (Login to Remove)

 


m

#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,499 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:49 AM

Posted 19 February 2014 - 03:22 PM

Hello Xjr1979,

  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
      
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
      
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

      
  • Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.

 

 

 

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 Xjr1979

Xjr1979
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:49 AM

Posted 19 February 2014 - 05:51 PM

Hi fireman4it, thanks for your quick response, here you have the logs generated.

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-02-2014
Ran by Xjr (administrator) on XJRHOME on 19-02-2014 23:38:44
Running from C:\Users\Xjr\Downloads
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: Spanish Modern Sort
Internet Explorer Version 9
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Nalpeiron Ltd.) C:\Windows\system32\astsrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
(Guillemot Corporation) C:\Windows\system32\HerculesWiFiService.exe
(Hewlett-Packard Company) c:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
(Nalpeiron Ltd.) C:\Windows\system32\nlssrv32.exe
() C:\Program Files\Polar\Daemon\polard.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
() C:\Program Files\Amazon Browser Bar\ToolbarUpdaterService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Windows\ehome\ehsched.exe
(Microsoft Corporation) C:\Windows\ehome\ehRecvr.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.22.5\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
() C:\Users\Xjr\AppData\Local\GCC\Controller.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Realtek Semiconductor) C:\WINDOWS\RtHDVCpl.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
() C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe
(Adobe Systems, Inc.) C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Spotify Ltd) C:\Program Files\Spotify\Data\SpotifyWebHelper.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(LaCie SA) C:\Program Files\LaCie\Network Assistant\LaCie Network Assistant.exe
(Genie-soft) C:\Program Files\LaCie\Genie Backup Manager Pro\GBMAgent.exe
(Pantone & X-Rite) C:\Program Files\Pantone\hueyPRO\hueyPROTray.exe
(Logitech Inc.) C:\Program Files\Logitech\SetPoint\SetPoint.exe
() C:\Program Files\Polar\WebSync\WebSync.exe
() C:\Program Files\Hercules\WiFiStationN\WiFiN.exe
(Dropbox, Inc.) C:\Users\Xjr\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
() C:\Users\Xjr\AppData\Local\GCC\Controller.exe
(Logitech Inc.) C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreamsDownloader.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [4874240 2008-01-15] (Realtek Semiconductor)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] - C:\Windows\KHALMNPR.EXE [56080 2007-04-11] (Logitech Inc.)
HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [8530464 2008-01-10] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] - C:\Windows\system32\NvMcTray.dll [88608 2008-01-10] (NVIDIA Corporation)
HKLM\...\Run: [AppleSyncNotifier] - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-10-06] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS5ServiceManager] - C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.)
HKLM\...\Run: [ScreenHunter 6.0 Free] - C:\Program Files\Wisdom-soft ScreenHunter 6.0 Free\ScreenHunter.exe [8798720 2012-01-28] (Wisdom Software Inc. )
HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [151952 2012-11-29] (Apple Inc.)
HKLM\...\Run: [RegistrarUsrDNIeCertStoreDLL] - C:\Program Files\DNIe\udcs.exe [37888 2009-03-02] ()
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [GBMPro8AgentLaCie] - C:\Program Files\LaCie\Genie Backup Manager Pro\GBMAgent.exe [189056 2008-09-18] (Genie-soft)
HKLM\...\Run: [AgentMonitor] - C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe [391040 2013-06-20] ()
HKU\S-1-5-21-3818615886-1703607446-2549317394-1001\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-3818615886-1703607446-2549317394-1001\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-19] (Microsoft Corporation)
HKU\S-1-5-21-3818615886-1703607446-2549317394-1001\...\Run: [AdobeBridge] - C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe [12002664 2011-06-09] (Adobe Systems, Inc.)
HKU\S-1-5-21-3818615886-1703607446-2549317394-1001\...\Run: [iCloudServices] - C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59280 2012-11-28] (Apple Inc.)
HKU\S-1-5-21-3818615886-1703607446-2549317394-1001\...\Run: [ApplePhotoStreams] - C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59280 2012-11-28] (Apple Inc.)
HKU\S-1-5-21-3818615886-1703607446-2549317394-1001\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-03-07] (Google Inc.)
HKU\S-1-5-21-3818615886-1703607446-2549317394-1001\...\Run: [Spotify Web Helper] - C:\Program Files\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-01-15] (Spotify Ltd)
HKU\S-1-5-21-3818615886-1703607446-2549317394-1001\...\Run: [Spotify] - C:\Program Files\Spotify\Spotify.exe [6118400 2014-01-15] (Spotify Ltd)
HKU\S-1-5-21-3818615886-1703607446-2549317394-1001\...\Run: [LaCie Ethernet Agent Startup] - C:\Program Files\LaCie\Network Assistant\LaCie Network Assistant.exe [9805312 2011-11-03] (LaCie SA)
HKU\S-1-5-21-3818615886-1703607446-2549317394-1001\...\Run: [GBMPro8AgentLaCie] - C:\Program Files\LaCie\Genie Backup Manager Pro\GBMAgent.exe [189056 2008-09-18] (Genie-soft)
Startup: C:\Users\Vanesa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recorte de pantalla e Inicio rápido de OneNote 2007.lnk
ShortcutTarget: Recorte de pantalla e Inicio rápido de OneNote 2007.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Xjr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Xjr\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Xjr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Xjr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recorte de pantalla e Inicio rápido de OneNote 2007.lnk
ShortcutTarget: Recorte de pantalla e Inicio rápido de OneNote 2007.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://micoach.adidas.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=ES_ES&c=73&bd=Pavilion&pf=desktop
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {015E39A0-B5DC-4479-830D-8CB7528F09B1} URL = http://es.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06
SearchScopes: HKCU - {015E39A0-B5DC-4479-830D-8CB7528F09B1} URL = http://es.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06
BHO: The Amazon 1Button App for IE - {26B19FA4-E8A1-4A1B-A163-1A1E46F830DD} - C:\Program Files\Amazon\Amazon1ButtonApp\AmazonAppIE.dll (Amazon Inc.)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Aplicación auxiliar de inicio de sesión de Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: {0FADB9AA-6955-4319-B538-BB1461E11A28} https://eu.ntrsupport.com/nv/inquiero/mod/setup/ntrplugin1242v_2.cab
DPF: {2DAB6EF1-66C3-427C-87CD-8DC448C47EAE} https://www5.aeat.es/es13/h/tgvicab.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {947B00D2-962D-4A35-9E48-98EE6A442B41} https://www1.agenciatributaria.gob.es/ADUA/internet/aded1503.cab
DPF: {B785FA3C-1DE9-4D20-8396-613C486FE95E} https://www1.agenciatributaria.gob.es/es13/h/cactivex.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 80.58.61.250 80.58.61.254

Chrome:
=======
CHR HomePage: hxxp://www.google.es/ig?sourceid=navclient&hl=es&ie=UTF-8&rlz=1T4GGLR_esES243
CHR Extension: (Google Translate) - C:\Users\Xjr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2013-11-17]
CHR Extension: (Google Docs) - C:\Users\Xjr\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-17]
CHR Extension: (Google Drive) - C:\Users\Xjr\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-17]
CHR Extension: (YouTube) - C:\Users\Xjr\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-19]
CHR Extension: (Búsqueda de Google) - C:\Users\Xjr\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-19]
CHR Extension: (Words Chrome Extension) - C:\Users\Xjr\AppData\Local\Google\Chrome\User Data\Default\Extensions\hojibfnicdcnmgkflplmpfnoipkbajai [2013-11-17]
CHR Extension: (Yet Another Google Bookmarks Extension) - C:\Users\Xjr\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdnejaepfmacfdmhkplckpfdcjgbeode [2013-11-17]
CHR Extension: (Value apps) - C:\Users\Xjr\AppData\Local\Google\Chrome\User Data\Default\Extensions\lcnnhcneegeeojhgpfijnlnocjdmlaon [2014-01-27]
CHR Extension: (Google Dictionary (by Google)) - C:\Users\Xjr\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja [2013-11-17]
CHR Extension: (Google Wallet) - C:\Users\Xjr\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-31]
CHR Extension: (Google Calendar Checker (de Google)) - C:\Users\Xjr\AppData\Local\Google\Chrome\User Data\Default\Extensions\ookhcbgokankfmjafalglpofmolfopek [2013-11-17]
CHR Extension: (Amazon 1Button App for Chrome) - C:\Users\Xjr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam [2014-02-07]
CHR Extension: (Evernote Web Clipper) - C:\Users\Xjr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2013-11-17]
CHR Extension: (Gmail) - C:\Users\Xjr\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-19]
CHR HKCU\...\Chrome\Extension: [pbjikboenpfhbbejgkoklgkhjpfogcam] - C:\Program Files\Amazon\ABB\AmazonChrome-bds-amzn.crx [2014-01-31]

========================== Services (Whitelisted) =================

R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S3 AlertService; C:\Program Files\Intel\IntelDH\CCU\AlertService.exe [188416 2006-09-11] (Intel® Corporation)
R2 DQLWinService; C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe [208896 2006-09-03] ()
S2 gupdate1c98e3f36456860; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-02-14] (Google Inc.)
R2 HerculesWiFi; C:\Windows\system32\HerculesWiFiService.exe [53544 2009-05-07] (Guillemot Corporation)
S2 IntelDHSvcConf; C:\Program Files\Intel\IntelDH\Intel Media Server\Tools\IntelDHSvcConf.exe [29696 2006-05-10] (Intel® Corporation)
S3 ISSM; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe [75264 2006-09-11] (Intel® Corporation)
S3 M1 Server; C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe [26624 2006-08-31] ()
S3 MCLServiceATL; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe [167936 2006-09-11] (Intel® Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [280288 2013-10-23] (Microsoft Corporation)
R2 Polar Daemon; C:\Program Files\Polar\Daemon\polard.exe [419536 2012-12-12] ()
S3 Remote UI Service; C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe [544256 2006-09-11] (Intel® Corporation)
R2 TabletServiceWacom; C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe [6321016 2012-01-23] (Wacom Technology, Corp.)
R2 TouchServiceWacom; C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe [470904 2012-01-23] (Wacom Technology, Corp.)
R2 Updater Service for AMZN; C:\Program Files\Amazon Browser Bar\ToolbarUpdaterService.exe [222368 2013-03-21] ()

==================== Drivers (Whitelisted) ====================

R3 3xHybrid; C:\Windows\System32\DRIVERS\3xHybrid.sys [2831232 2007-01-26] (ASUSTeK Computer Inc.)
R3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
S3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [28688 2007-04-11] (Logitech, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
R1 MpKsl993a5a13; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{265E8F3B-F8F6-42D6-9148-887DC9E394C6}\MpKsl993a5a13.sys [39464 2014-02-19] (Microsoft Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-19] (Microsoft Corporation)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
U3 mbr; \??\C:\Users\Xjr\AppData\Local\Temp\mbr.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-02-19 23:38 - 2014-02-19 23:39 - 00021325 _____ () C:\Users\Xjr\Downloads\FRST.txt
2014-02-19 23:38 - 2014-02-19 23:38 - 00000000 ____D () C:\FRST
2014-02-19 23:37 - 2014-02-19 23:37 - 01141248 _____ (Farbar) C:\Users\Xjr\Downloads\FRST.exe
2014-02-19 23:37 - 2014-02-19 23:37 - 00000000 ____D () C:\Users\Xjr\Desktop\Virus
2014-02-19 20:42 - 2014-02-19 20:42 - 00013500 _____ () C:\Users\Xjr\Desktop\attach.txt
2014-02-17 13:22 - 2014-02-17 13:22 - 00169519 _____ () C:\Users\Xjr\Downloads\descartesjavi.zip
2014-02-15 03:04 - 2014-02-05 09:56 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-15 03:04 - 2014-02-05 09:50 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-15 03:04 - 2014-02-05 09:49 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-15 03:04 - 2014-02-05 09:48 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-15 03:04 - 2014-02-05 09:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-15 03:04 - 2014-02-05 09:48 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-15 03:04 - 2014-02-05 09:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-15 03:04 - 2014-02-05 09:48 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-15 03:04 - 2014-02-05 09:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-15 03:04 - 2014-02-05 09:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-15 03:04 - 2014-02-05 09:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-15 03:04 - 2014-02-05 09:46 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-15 03:03 - 2014-02-05 09:58 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-15 03:03 - 2014-02-05 09:53 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-15 03:03 - 2014-02-05 09:51 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-15 03:03 - 2014-02-05 09:49 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-14 12:06 - 2013-12-05 03:12 - 01248768 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-12 11:58 - 2014-02-12 11:58 - 01531904 _____ () C:\Users\Xjr\Downloads\6-la-ciudad-industrial.ppt
2014-02-12 11:43 - 2014-02-12 11:43 - 10294272 _____ () C:\Users\Xjr\Downloads\8-el-arte-del-siglo-xix.ppt
2014-02-12 11:41 - 2014-02-12 11:42 - 04375040 _____ () C:\Users\Xjr\Downloads\1-la-c3a9poca-del-absolutismo.ppt
2014-02-12 11:40 - 2014-02-12 11:41 - 01646080 _____ () C:\Users\Xjr\Downloads\introduccic3b3n18.ppt
2014-02-09 12:01 - 2014-02-09 12:01 - 00199996 _____ () C:\ComboFix.txt
2014-02-09 11:10 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-02-09 11:10 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-02-09 11:10 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-02-09 11:10 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-02-09 11:10 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-02-09 11:10 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-02-09 11:10 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-02-09 11:10 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-02-09 11:09 - 2014-02-09 12:01 - 00000000 ____D () C:\Qoobox
2014-02-09 11:08 - 2014-02-09 11:45 - 00000000 ____D () C:\Windows\erdnt
2014-02-09 11:05 - 2014-02-09 11:06 - 05180173 ____R (Swearware) C:\Users\Xjr\Downloads\ComboFix.exe
2014-02-07 14:05 - 2014-02-07 14:06 - 05179684 _____ (Swearware) C:\Users\Xjr\Downloads\ComboFix-2-.exe
2014-02-07 13:07 - 2014-02-07 13:07 - 04122976 _____ (Kaspersky Lab ZAO) C:\Users\Xjr\Downloads\tdsskiller.exe
2014-02-07 13:04 - 2014-02-07 13:04 - 00000000 ____D () C:\Users\Xjr\AppData\Local\Amazon Browser Bar
2014-02-07 13:03 - 2014-02-07 13:03 - 00000000 ____D () C:\Program Files\Amazon Browser Bar
2014-02-07 13:02 - 2014-02-07 13:03 - 00000000 ____D () C:\Program Files\Amazon
2014-02-07 13:01 - 2014-02-07 13:05 - 00000000 ____D () C:\Users\Xjr\AppData\Roaming\systweak
2014-02-07 13:01 - 2014-01-21 17:28 - 00018776 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\system32\roboot.exe
2014-02-07 12:59 - 2014-02-07 13:00 - 05095760 _____ (Systweak Inc ) C:\Users\Xjr\Downloads\rcp_dcomnew_sec_728.exe
2014-02-07 10:13 - 2014-02-07 12:37 - 00000000 ____D () C:\AdwCleaner
2014-02-07 10:13 - 2014-02-07 10:13 - 01166132 _____ () C:\Users\Xjr\Downloads\AdwCleaner.exe
2014-02-05 13:12 - 2014-02-05 13:12 - 00062658 _____ () C:\Users\Xjr\Downloads\passives.odp
2014-02-05 12:50 - 2014-02-05 12:51 - 00388889 _____ () C:\Users\Xjr\Downloads\Passive voice 1º.ppsx
2014-02-04 09:52 - 2014-02-04 09:52 - 00892125 _____ () C:\Users\Xjr\Downloads\Análisis de actividad Son Espases junio 2013.xlsx
2014-02-02 10:20 - 2014-02-02 10:20 - 00000000 ____D () C:\Users\Xjr\AppData\Local\GCC
2014-01-29 10:31 - 2014-01-29 10:56 - 00000000 ____D () C:\Users\Xjr\Desktop\ingles Adri
2014-01-28 10:25 - 2014-01-28 10:34 - 172859143 _____ () C:\Users\Xjr\Downloads\FindOut4_Digital_Course_Offline.zip
2014-01-27 09:56 - 2014-01-27 09:59 - 00000000 ____D () C:\Users\Xjr\AppData\Local\Oxy
2014-01-27 09:56 - 2014-01-27 09:56 - 00000000 ____D () C:\Users\Xjr\AppData\Local\Chromium
2014-01-26 00:04 - 2014-01-27 22:15 - 00000000 ____D () C:\Users\Xjr\AppData\Roaming\Oxy
2014-01-26 00:01 - 2014-01-26 00:01 - 06177736 _____ () C:\Users\Xjr\Downloads\The_Borrowers_The_Borrowers,_1.pdf_Downloader.exe
2014-01-25 23:54 - 2014-01-25 23:56 - 32535755 _____ () C:\Users\Xjr\Downloads\Borrowers_ACT_2156.exe

==================== One Month Modified Files and Folders =======

2014-02-19 23:39 - 2014-02-19 23:38 - 00021325 _____ () C:\Users\Xjr\Downloads\FRST.txt
2014-02-19 23:38 - 2014-02-19 23:38 - 00000000 ____D () C:\FRST
2014-02-19 23:37 - 2014-02-19 23:37 - 01141248 _____ (Farbar) C:\Users\Xjr\Downloads\FRST.exe
2014-02-19 23:37 - 2014-02-19 23:37 - 00000000 ____D () C:\Users\Xjr\Desktop\Virus
2014-02-19 23:22 - 2009-06-30 03:32 - 00001088 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-19 23:17 - 2013-11-15 11:02 - 00000838 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-19 22:39 - 2007-10-03 23:25 - 01170270 _____ () C:\Windows\WindowsUpdate.log
2014-02-19 21:48 - 2006-11-02 13:47 - 00003696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-19 21:48 - 2006-11-02 13:47 - 00003696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-19 20:42 - 2014-02-19 20:42 - 00013500 _____ () C:\Users\Xjr\Desktop\attach.txt
2014-02-19 20:13 - 2010-05-25 16:16 - 00000000 ____D () C:\Users\Xjr\AppData\Roaming\Spotify
2014-02-19 19:55 - 2013-03-28 11:03 - 00000000 ____D () C:\Users\Xjr\Desktop\Shared
2014-02-19 19:55 - 2012-12-14 16:49 - 00000000 ____D () C:\Users\Xjr\Desktop\My Photo Stream
2014-02-19 19:54 - 2012-12-14 16:49 - 00000000 ____D () C:\Users\Xjr\Desktop\Uploads
2014-02-19 19:53 - 2012-02-26 19:21 - 00000000 ____D () C:\Users\Xjr\Desktop\screenhunter
2014-02-19 19:53 - 2011-07-11 12:11 - 00000000 ___RD () C:\Users\Xjr\Dropbox
2014-02-19 19:53 - 2011-07-11 12:06 - 00000000 ____D () C:\Users\Xjr\AppData\Roaming\Dropbox
2014-02-19 19:51 - 2009-06-30 03:32 - 00001084 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-19 19:48 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-17 13:43 - 2009-10-28 18:24 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-02-17 13:43 - 2006-11-02 14:01 - 00032518 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-17 13:22 - 2014-02-17 13:22 - 00169519 _____ () C:\Users\Xjr\Downloads\descartesjavi.zip
2014-02-16 20:11 - 2011-01-03 09:47 - 00023364 _____ () C:\Users\Xjr\Documents\PhotoFrameConduit.log
2014-02-16 20:11 - 2011-01-03 09:47 - 00022184 _____ () C:\Users\Xjr\Documents\PhotoTuneConduit.log
2014-02-16 20:11 - 2011-01-03 09:47 - 00021476 _____ () C:\Users\Xjr\Documents\PhotoToolsConduit.log
2014-02-16 20:11 - 2011-01-03 09:47 - 00021476 _____ () C:\Users\Xjr\Documents\GenuineFractalsConduit.log
2014-02-16 20:11 - 2011-01-03 09:47 - 00021476 _____ () C:\Users\Xjr\Documents\FocalPointConduit.log
2014-02-15 11:44 - 2009-06-10 10:17 - 00000000 ____D () C:\Users\Vanesa\Tracing
2014-02-15 03:38 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-02-14 12:52 - 2006-11-02 11:33 - 01532132 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-14 12:13 - 2013-08-15 09:38 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-14 12:08 - 2006-11-02 11:24 - 85946576 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-02-13 13:47 - 2012-11-09 12:19 - 00014178 _____ () C:\Windows\setupact.log
2014-02-12 11:58 - 2014-02-12 11:58 - 01531904 _____ () C:\Users\Xjr\Downloads\6-la-ciudad-industrial.ppt
2014-02-12 11:43 - 2014-02-12 11:43 - 10294272 _____ () C:\Users\Xjr\Downloads\8-el-arte-del-siglo-xix.ppt
2014-02-12 11:42 - 2014-02-12 11:41 - 04375040 _____ () C:\Users\Xjr\Downloads\1-la-c3a9poca-del-absolutismo.ppt
2014-02-12 11:41 - 2014-02-12 11:40 - 01646080 _____ () C:\Users\Xjr\Downloads\introduccic3b3n18.ppt
2014-02-09 12:01 - 2014-02-09 12:01 - 00199996 _____ () C:\ComboFix.txt
2014-02-09 12:01 - 2014-02-09 11:09 - 00000000 ____D () C:\Qoobox
2014-02-09 12:01 - 2006-11-02 12:18 - 00000000 __RHD () C:\Users\Default
2014-02-09 12:01 - 2006-11-02 12:18 - 00000000 ___RD () C:\Users\Public
2014-02-09 11:45 - 2014-02-09 11:08 - 00000000 ____D () C:\Windows\erdnt
2014-02-09 11:34 - 2006-11-02 11:23 - 00000215 _____ () C:\Windows\system.ini
2014-02-09 11:33 - 2012-08-16 02:32 - 00008572 _____ () C:\Windows\PFRO.log
2014-02-09 11:06 - 2014-02-09 11:05 - 05180173 ____R (Swearware) C:\Users\Xjr\Downloads\ComboFix.exe
2014-02-07 14:06 - 2014-02-07 14:05 - 05179684 _____ (Swearware) C:\Users\Xjr\Downloads\ComboFix-2-.exe
2014-02-07 13:07 - 2014-02-07 13:07 - 04122976 _____ (Kaspersky Lab ZAO) C:\Users\Xjr\Downloads\tdsskiller.exe
2014-02-07 13:05 - 2014-02-07 13:01 - 00000000 ____D () C:\Users\Xjr\AppData\Roaming\systweak
2014-02-07 13:04 - 2014-02-07 13:04 - 00000000 ____D () C:\Users\Xjr\AppData\Local\Amazon Browser Bar
2014-02-07 13:03 - 2014-02-07 13:03 - 00000000 ____D () C:\Program Files\Amazon Browser Bar
2014-02-07 13:03 - 2014-02-07 13:02 - 00000000 ____D () C:\Program Files\Amazon
2014-02-07 13:00 - 2014-02-07 12:59 - 05095760 _____ (Systweak Inc ) C:\Users\Xjr\Downloads\rcp_dcomnew_sec_728.exe
2014-02-07 12:37 - 2014-02-07 10:13 - 00000000 ____D () C:\AdwCleaner
2014-02-07 10:13 - 2014-02-07 10:13 - 01166132 _____ () C:\Users\Xjr\Downloads\AdwCleaner.exe
2014-02-07 10:05 - 2010-05-25 16:16 - 00000000 ____D () C:\Users\Xjr\AppData\Local\Spotify
2014-02-05 20:17 - 2013-11-15 11:01 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-05 20:17 - 2011-06-23 10:33 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-05 13:12 - 2014-02-05 13:12 - 00062658 _____ () C:\Users\Xjr\Downloads\passives.odp
2014-02-05 12:51 - 2014-02-05 12:50 - 00388889 _____ () C:\Users\Xjr\Downloads\Passive voice 1º.ppsx
2014-02-05 09:58 - 2014-02-15 03:03 - 12345344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-05 09:56 - 2014-02-15 03:04 - 01806848 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-05 09:53 - 2014-02-15 03:03 - 09739264 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-05 09:51 - 2014-02-15 03:03 - 01105408 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-05 09:50 - 2014-02-15 03:04 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-05 09:49 - 2014-02-15 03:04 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-02-05 09:49 - 2014-02-15 03:03 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-05 09:48 - 2014-02-15 03:04 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-05 09:48 - 2014-02-15 03:04 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-02-05 09:48 - 2014-02-15 03:04 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-05 09:48 - 2014-02-15 03:04 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-05 09:48 - 2014-02-15 03:04 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-05 09:47 - 2014-02-15 03:04 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-05 09:47 - 2014-02-15 03:04 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-05 09:47 - 2014-02-15 03:04 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-02-05 09:46 - 2014-02-15 03:04 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-04 13:27 - 2013-12-26 20:43 - 00000691 _____ () C:\Users\Xjr\AppData\Local\cookies.ini
2014-02-04 11:59 - 2007-10-10 18:32 - 00000000 ____D () C:\Users\Vanesa\AppData\Local\Google
2014-02-04 09:52 - 2014-02-04 09:52 - 00892125 _____ () C:\Users\Xjr\Downloads\Análisis de actividad Son Espases junio 2013.xlsx
2014-02-04 09:03 - 2013-11-17 10:29 - 00001969 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-02-02 10:20 - 2014-02-02 10:20 - 00000000 ____D () C:\Users\Xjr\AppData\Local\GCC
2014-02-02 01:10 - 2013-11-17 22:35 - 00000448 _____ () C:\Windows\Tasks\GBM - Copia de seguridad incremental-Completa.job
2014-01-29 10:56 - 2014-01-29 10:31 - 00000000 ____D () C:\Users\Xjr\Desktop\ingles Adri
2014-01-28 10:34 - 2014-01-28 10:25 - 172859143 _____ () C:\Users\Xjr\Downloads\FindOut4_Digital_Course_Offline.zip
2014-01-27 22:44 - 2011-01-03 12:43 - 00000000 ____D () C:\Users\Xjr\Desktop\Photos para importar en Lightroom
2014-01-27 22:15 - 2014-01-26 00:04 - 00000000 ____D () C:\Users\Xjr\AppData\Roaming\Oxy
2014-01-27 09:59 - 2014-01-27 09:56 - 00000000 ____D () C:\Users\Xjr\AppData\Local\Oxy
2014-01-27 09:59 - 2007-10-03 23:37 - 00000000 ____D () C:\Users\Xjr
2014-01-27 09:56 - 2014-01-27 09:56 - 00000000 ____D () C:\Users\Xjr\AppData\Local\Chromium
2014-01-26 00:01 - 2014-01-26 00:01 - 06177736 _____ () C:\Users\Xjr\Downloads\The_Borrowers_The_Borrowers,_1.pdf_Downloader.exe
2014-01-25 23:56 - 2014-01-25 23:54 - 32535755 _____ () C:\Users\Xjr\Downloads\Borrowers_ACT_2156.exe
2014-01-21 17:28 - 2014-02-07 13:01 - 00018776 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\system32\roboot.exe
2014-01-20 15:40 - 2011-07-11 12:11 - 00000913 _____ () C:\Users\Xjr\Desktop\Dropbox.lnk
2014-01-20 15:40 - 2011-07-11 12:07 - 00000000 ____D () C:\Users\Xjr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

Files to move or delete:
====================
C:\Users\Xjr\AppData\Roaming\desktop.ini
C:\ProgramData\PKP_DLbz.DAT
C:\Users\Xjr\ice2001.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-02-19 20:00

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 16-02-2014
Ran by Xjr at 2014-02-19 23:40:02
Running from C:\Users\Xjr\Downloads
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958) (Version:  - Microsoft)
AAC Decoder (Version: 7.1.0 - DivX, Inc.)
Actualización del controlador del Centro de dispositivos de Windows Mobile (Version: 6.1.6965.0 - Microsoft Corporation)
Adobe AIR (Version: 3.6.0.6090 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.6.0.6090 - Adobe Systems Incorporated) Hidden
Adobe Anchor Service CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Asset Services CS3 (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe Bridge 1.0 (Version: 001.000.004 - Adobe Systems)
Adobe Bridge CS3 (Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Bridge Start Meeting (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Camera Raw 4.0 (Version: 4.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color - Photoshop Specific (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color Common Settings (Version: 1.0.1 - Adobe Systems Incorporated)
Adobe Color Common Settings (Version: 1.0.1 - Adobe Systems Incorporated) Hidden
Adobe Color EU Recommended Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color JA Extra Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color NA Extra Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Common File Installer (Version: 1.00.003 - Adobe System Incorporated) Hidden
Adobe Community Help (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Community Help (Version: 3.5.23 - Adobe Systems Incorporated.) Hidden
Adobe Creative Suite 2 (Version:  - )
Adobe Default Language CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Device Central CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit 2 (Version: 2.0.2 - Adobe Systems Incorporated)
Adobe ExtendScript Toolkit 2 (Version: 2.0.2 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 ActiveX (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Fonts All (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Help Center 1.0 (Version: 001.000.0002 - Adobe Systems) Hidden
Adobe Help Viewer CS3 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS3 (Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Media Player (Version: 1.8 - Adobe Systems Incorporated)
Adobe Media Player (Version: 1.8 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files (Version: 8.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS2 (Version: 9.0 - Adobe Systems, Inc.) Hidden
Adobe Photoshop CS3 (Version: 10 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS3 (Version: 10.0 - Adobe Systems Incorporated)
Adobe Photoshop CS5 (Version: 12.0 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 3.6 (Version: 3.6.1 - Adobe)
Adobe Photoshop Lightroom 4.3  (Version: 4.3.1 - Adobe)
Adobe Reader X (10.1.8) - Español (Version: 10.1.8 - Adobe Systems Incorporated)
Adobe Setup (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Stock Photos 1.0 (Version: 1.0.8 - Adobe Systems) Hidden
Adobe Stock Photos CS3 (Version: 1.5 - Adobe Systems Incorporated) Hidden
Adobe Type Support (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS3 (Version: 5.1.0 - Adobe Systems Incorporated) Hidden
Adobe Version Cue CS3 Client (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Amazon 1Button App (Version: 1.0.4 - Amazon) Hidden
Amazon 1Button App (Version: 3.0 - Amazon)
Apple Mobile Device Support (Version: 6.0.1.3 - Apple Inc.)
Apple Software Update (Version: 2.1.3.127 - Apple Inc.)
ArcSoft TotalMedia Extreme (Version: 2.0.16.7 - ArcSoft)
AutoUpdate (Version: 1.1 - )
Ayudante para el inicio de sesión de Windows Live ID (Version: 6.500.3165.0 - Microsoft Corporation)
Bing Bar (Version: 7.0.850.0 - Microsoft Corporation)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Burlington Digital (Version: 2.1.1.14375 - Burlington Books)
Canon CanoScan Toolbox 5.0 (Version:  - )
Canon RAW Codec (Version: 1.11.0.75 - Canon Inc.)
CanoScan 4400F (Version:  - )
Capture NX (Version: 1.2.0 - NIKON CORPORATION)
CCleaner (Version: 3.20 - Piriform)
CDDRV_Installer (Version: 1.00.0000 - Logitech) Hidden
Centro de dispositivos de Windows Mobile (Version: 6.1.6965.0 - Microsoft Corporation)
Compatibilidad con Aplicaciones de Apple (Version: 2.3.2 - Apple Inc.)
Compresor WinRAR (Version:  - )
Configurador AEAT 1.9 (Version: 1.9 - AEAT)
DivX Codec (Version: 6.8.5 - DivX, Inc.)
DivX Converter (Version: 7.1.0 - DivX, Inc.)
DivX Player (Version: 7.2.0 - DivX, Inc.)
DivX Plus DirectShow Filters (Version:  - DivX, Inc.)
DivX Version Checker (Version: 7.1.0.2 - DivX, Inc.)
DivX Web Player (Version: 1.5.0 - DivX,Inc.)
dj_sf_software_req (Version: 90.0.235.000 - Hewlett-Packard) Hidden
Dropbox (HKCU Version: 2.4.11 - Dropbox, Inc.)
Evernote v. 4.6.7 (Version: 4.6.7.8409 - Evernote Corp.)
Explor@ Park (Version:  - VTech)
Expstudio Audio Editor FREE (Version: 4.31 - Expstudio.com)
FileZilla Client 3.5.0 (Version: 3.5.0 - )
Flickr Uploadr 3.2.1 (Version:  - )
fotoalbum 3.5 (Version: 3.5 - fotoalbum)
Galería fotográfica de Windows Live (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
GanttProject 2.0.10 (HKCU Version:  - GanttProject Team)
Garmin BaseCamp (Version: 3.2.2 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin (Version: 2.9.2 - Garmin Ltd or its subsidiaries)
Garmin POI Loader (Version: 2.5.4.0 - Garmin Ltd or its subsidiaries)
Garmin USB Drivers (Version: 2.3.0.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (Version: 2.5.4 - Garmin Ltd or its subsidiaries)
Genie Backup Manager Pro 8.0(LaCie) (Version: 8.0.364.534 - LaCie)
GigaClicks Crawler (Version: 3.0.31.0 - GigaClicks Inc.)
Google Chrome (Version: 32.0.1700.107 - Google Inc.)
Google Earth (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Toolbar for Internet Explorer (Version: 7.5.4805.320 - Google Inc.)
Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden
H.264 Decoder (Version: 1.1.0 - DivX, Inc.)
HDR Efex Pro (Version: 1.2.0.0 - Nik Software, Inc.)
Hercules WiFi Station N (Version: 4.0.0.6 - Hercules)
Herramienta de carga de Windows Live (Version: 14.0.8014.1029 - Microsoft Corporation)
HiJackThis (Version: 1.0.0 - Trend Micro)
HP Customer Feedback (Version: 1.0.0 - Hewlett-Packard) Hidden
HP Deskjet Printer Driver Software 9.0 (Version: 9.0 - HP)
HP On-Screen Cap/Num/Scroll Lock Indicator (Version:  - Hewlett-Packard)
HP Update (Version: 4.000.012.001 - Hewlett-Packard)
hueyPRO 1.5.0 (Version:  - Pantone & X-Rite)
iCloud (Version: 2.1.0.39 - Apple Inc.)
iFunbox (v2.6.2375.747), iFunbox DevTeam (Version: v2.6.2375.747 - )
inSSIDer (Version: 2.1.6 - MetaGeek)
Instalable módulo criptográfico DNIe (Version: 6.0.2 - Cuerpo Nacional de Policía)
Instalable módulo criptográfico DNIe (Version: 6.0.2 - Cuerpo Nacional de Policía) Hidden
Intel® PRO Network Connections Drivers (Version:  - )
iTunes (Version: 11.0.0.163 - Apple Inc.)
Java 7 Update 45 (Version: 7.0.450 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java™ 6 Update 24 (Version: 6.0.240 - Sun Microsystems, Inc.)
Java™ 6 Update 7 (Version: 1.6.0.70 - Sun Microsystems, Inc.)
JavaFX 2.1.0 (Version: 2.1.0 - Oracle Corporation)
JDownloader 0.9 (Version: 0.9 - AppWork GmbH)
Junk Mail filter update (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
KhalInstallWrapper (Version: 4.00.121 - Logitech) Hidden
Kodak DIGITAL ROC Professional Plug-In (Version: 2.1.0 - Kodak's Austin Development Center)
LaCie Network Assistant 1.5.4.60 (Version: 1.5.4.60 - LaCie)
LightScribe  1.4.142.1 (Version: 1.4.142.1 - Nombre de su organización) Hidden
Logitech SetPoint (Version: 4.00 - Logitech)
MainConcept for Software Encoder (Version: 1.1.0.26 - MainConcept)
MainConcept for Software Encoder (Version: 1.1.0.26 - MainConcept) Hidden
Microsoft .NET Framework 1.1 (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (Version:  - )
Microsoft .NET Framework 3.5 Language Pack SP1 - esn (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile ESN Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Antimalware Service ES-ES Language Pack (Version: 3.0.8402.2 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel 2007 Help Actualización (KB963678) (Version:  - Microsoft)
Microsoft Office Excel MUI (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office OneNote MUI (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook 2007 Help Actualización (KB963677) (Version:  - Microsoft)
Microsoft Office Outlook Connector (Version: 12.0.6423.1000 - Microsoft Corporation)
Microsoft Office Outlook MUI (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Powerpoint 2007 Help Actualización (KB963669) (Version:  - Microsoft)
Microsoft Office PowerPoint MUI (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Basque) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Catalan) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Galician) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Portuguese (Brazil)) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Spanish) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word 2007 Help Actualización (KB963665) (Version:  - Microsoft)
Microsoft Office Word MUI (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Client ES-ES Language Pack (Version: 2.1.1116.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Virtual PC 2007 (Version: 6.0.156.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (Version: 08.05.0822 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (Version: 1.00.0000 - Adobe) Hidden
MKV Splitter (Version: 1.0.1 - DivX, Inc.)
MobileMe Control Panel (Version: 3.1.8.0 - Apple Inc.)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)
Network Stumbler 0.4.0 (remove only) (Version:  - )
Nikon Message Center (Version: 0.91.000 - )
Nikon RAW Codec (Version: 1.00.0000 - Nikon)
NVIDIA Drivers (Version:  - )
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
OJOsoft Total Video Converter (Version: 2.7.1.1008 - OJOsoft)
OpenOffice.org 3.2 (Version: 3.2.9502 - OpenOffice.org)
Paquete de idioma de Microsoft .NET Framework 3.5 SP1 - esn (Version:  - Microsoft Corporation)
Paquete de idioma de Microsoft .NET Framework 4 Client Profile ESN (Version: 4.0.30319 - Microsoft Corporation)
PDF Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
PDF Settings CS5 (Version: 10.0 - Adobe Systems Incorporated) Hidden
Plug-in Suite 5 (Version: 5.0 - onOne Software)
Polar Daemon (Version: 2.2.20000 - Polar Electro Oy)
Polar WebLink 2.4.11 (Version: 02.49.0002 - Polar Electro Oy)
Polar WebSync (Version: 2.8.10006 - Polar Electro Oy)
Python 2.4.3 (Version: 2.4.3150 - Martin v. Löwis)
QuickTime (Version: 7.70.80.34 - Apple Inc.)
RealPlayer (Version:  - RealNetworks)
Realtek High Definition Audio Driver (Version: 6.0.1.5548 - Realtek Semiconductor Corp.)
Renta 2011 1.20 (Version: 1.20 - AEAT)
Roxio Activation Module (Version: 1.0 - Roxio) Hidden
Roxio Creator Audio (Version: 3.4.0 - Roxio)
Roxio Creator Basic v9 (Version: 3.4.0 - Roxio)
Roxio Creator Copy (Version: 3.4.0 - Roxio)
Roxio Creator Data (Version: 3.4.0 - Roxio)
Roxio Creator EasyArchive (Version: 3.4.0 - Roxio)
Roxio Creator Tools (Version: 3.4.0 - Roxio)
Roxio Express Labeler 3 (Version: 3.2.1 - Roxio)
Roxio MyDVD Basic v9 (Version: 9.0.559 - Roxio)
Safari (Version: 5.34.51.22 - Apple Inc.)
SigmaTel USB-IR Adapter (Version:  - )
Software Intel® Viiv™ (Version: 1.6.361.6 - Intel Corporation)
Software Intel® Viiv™ (Version: 1.6.361.6 - Intel Corporation) Hidden
Spelling Dictionaries Support For Adobe Reader 8 (Version: 8.0.0 - Adobe Systems)
Spotify (HKCU Version: 0.8.3.222.g317ab79d - Spotify AB)
Spotify (Version: 0.4.3 - )
Stellarium 0.10.5 (Version:  - )
Suite Specific (Version: 2.0.0 - Adobe Systems, Incorporated) Hidden
Tableta Wacom (Version: 6.2.0w5 - Wacom Technology Corp.)
Toolbox (Version: 90.0.146.000 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (Version:  - Microsoft)
VC80CRTRedist - 8.0.50727.762 (Version: 1.0.0 - DivX, Inc) Hidden
Vegas Pro 10.0 (Version: 10.0.669 - Sony)
Verificador Firma Digital 2.0 (Version: 2.00.0000 - Telefónica Móviles España)
VLC media player 1.1.8 (Version: 1.1.8 - VideoLAN)
VTech Download Agent Library (Version: 1.00.0000 - VTech) Hidden
WebTablet FB Plugin (Version: 2.0.0.4 - Wacom Technology Corp.)
WebTablet IE Plugin (Version: 1.1.0.12 - Wacom Technology Corp.)
WebTablet Netscape Plugin (Version: 1.1.0.10 - Wacom Technology Corp.)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (06/03/2009 2.3.0.0) (Version: 06/03/2009 2.3.0.0 - Garmin)
Windows Installer Clean Up (Version: 3.00.00.0000 - Microsoft Corporation)
Windows Live Call (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Protección Infantil (Version: 14.0.8118.427 - Microsoft Corporation) Hidden
Windows Live Sync (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Writer (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Media Player Firefox Plugin (Version: 1.0.0.8 - Microsoft Corp)
Wisdom-soft ScreenHunter 6.0 Free (Version:  - Wisdom Software Inc.)
Xacti Screen Capture 1.1 (Version: 1.1.1002 - SANYO Electric Co., Ltd.)

==================== Restore Points  =========================

24-01-2014 16:55:15 Windows Update
26-01-2014 18:52:22 Punto de control programado
27-01-2014 12:12:26 Punto de control programado
28-01-2014 09:14:16 Punto de control programado
28-01-2014 17:59:35 Windows Update
01-02-2014 11:32:30 Windows Update
05-02-2014 11:58:37 Windows Update
07-02-2014 10:49:34 Punto de control programado
09-02-2014 09:32:53 Windows Update
12-02-2014 10:13:04 Windows Update
14-02-2014 10:49:33 Windows Update
15-02-2014 02:01:21 Instalador de Módulos de Windows
15-02-2014 02:05:16 Instalador de Módulos de Windows
19-02-2014 19:02:32 Windows Update

==================== Hosts content: ==========================

2006-11-02 11:23 - 2014-02-09 11:34 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {2933FC87-6E4E-4E8C-8AF3-2C7B6ED738A8} - System32\Tasks\AdobeAAMUpdater-1.0-XjrHome-Xjr => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {2EFC8C36-F8E6-4530-85BB-CB0066B404BA} - System32\Tasks\Oxy => C:\Users\Xjr\AppData\Roaming\Oxy\Updater.exe [2014-01-27] () <==== ATTENTION
Task: {363358AB-59F7-4EB1-B1D2-C9B2AFA25F8F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-14] (Google Inc.)
Task: {3774BD97-E8A9-4E08-B1D8-CB44AFB1C61B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-06-22] (Piriform Ltd)
Task: {3859068B-70D3-4F2A-AFA2-FF53B4FD129B} - System32\Tasks\RunAsStdUser Task => C:\Users\Xjr\AppData\Local\Oxy\Application\oxy.exe <==== ATTENTION
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-19] (Microsoft Corporation)
Task: {47118084-2553-4471-9AFD-9A11C341722E} - System32\Tasks\Apple Diagnostics => C:\Program Files\Common Files\Apple\Internet Services\EReporter.exe [2012-11-28] (Apple Inc.)
Task: {5292507E-04FC-41DA-8C81-35BA0A7A1CAF} - System32\Tasks\Microsoft\Windows\Maintenance\UP_Scheduler => %LOCALAPPDATA%\GCC\Controller.exe
Task: {5672D744-605D-4047-9746-D527B188FC7D} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {5DED44A7-415C-4DDC-927C-85F6BEFFCCF4} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {5F718683-6947-4DC0-9D7B-E82F2C944E19} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2008-01-19] (Microsoft Corporation)
Task: {65AD514E-B498-47CE-A5DA-78393B937FDD} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {7A5A52FB-CB67-4DFC-BF3C-CBC7E9BB16B3} - System32\Tasks\GC_Scheduler => %LOCALAPPDATA%\GCC\Controller.exe
Task: {84224FD6-E336-4D17-BCF1-76D4BABA52F0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-05] (Adobe Systems Incorporated)
Task: {8AF3365C-93A2-4640-8B2C-3BF7E99B250F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-14] (Google Inc.)
Task: {C67AB2E7-35B3-434D-B8BB-9E079CC83EE7} - System32\Tasks\GBM - Copia de seguridad incremental-Completa => C:\Program Files\LaCie\Genie Backup Manager Pro\GBM8.exe [2009-10-14] (Genie-soft)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-05] ()
Task: {E8AB5762-D8FF-4D42-A47C-A657CA84E99A} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {F8E31B24-6DA3-4FA7-80FE-1B59C600D8CF} - System32\Tasks\GC_Informer => %LOCALAPPDATA%\GCC\Controller.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GBM - Copia de seguridad incremental-Completa.job => C:\Program Files\LaCie\Genie Backup Manager Pro\GBM8.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-02-05 18:43 - 2012-01-23 08:38 - 00963448 ____N () C:\Program Files\Tablet\Wacom\libxml2.dll
2011-05-22 18:21 - 2011-05-22 18:21 - 00093696 ____N () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2008-09-30 17:38 - 2007-09-20 17:34 - 00129024 ____N () C:\Program Files\WinRAR\rarext.dll
2013-12-04 19:16 - 2013-12-04 19:16 - 00556544 _____ () C:\Users\Xjr\AppData\Local\GCC\Controller.exe
2011-06-24 21:56 - 2011-06-24 21:56 - 00087328 ____N () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-06-24 21:56 - 2011-06-24 21:56 - 01241888 ____N () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-06-25 02:40 - 2013-06-20 08:58 - 00391040 ____N () C:\Program Files\VTech\DownloadManager\System\AgentMonitor.exe
2013-06-25 02:40 - 2010-06-24 02:16 - 02150400 ____N () C:\Program Files\VTech\DownloadManager\System\QtCore4.dll
2013-06-25 02:40 - 2010-07-13 14:07 - 07826432 ____N () C:\Program Files\VTech\DownloadManager\System\QtGui4.dll
2013-06-25 02:40 - 2010-06-02 03:29 - 00934912 ____N () C:\Program Files\VTech\DownloadManager\System\QtNetwork4.dll
2013-06-25 02:40 - 2010-06-02 03:28 - 00335360 ____N () C:\Program Files\VTech\DownloadManager\System\QtXml4.dll
2013-06-25 02:40 - 2012-08-06 10:54 - 09843640 ____N () C:\Program Files\VTech\DownloadManager\System\QtWebKit4.dll
2013-06-25 02:40 - 2010-06-02 03:56 - 00232960 ____N () C:\Program Files\VTech\DownloadManager\System\phonon4.dll
2013-06-25 02:40 - 2010-06-02 03:54 - 02530816 ____N () C:\Program Files\VTech\DownloadManager\System\QtXmlPatterns4.dll
2013-06-25 02:40 - 2010-07-05 10:19 - 00116736 ____N () C:\Program Files\VTech\DownloadManager\System\QtSolutions_SOAP-2.7.dll
2013-06-25 02:40 - 2010-11-11 10:24 - 00028160 ____N () C:\Program Files\VTech\DownloadManager\System\DACommCenter.dll
2013-06-25 02:40 - 2010-06-02 06:05 - 00025600 ____N () C:\Program Files\VTech\DownloadManager\System\imageformats\qgif4.dll
2013-06-25 02:40 - 2010-06-02 06:05 - 00119808 ____N () C:\Program Files\VTech\DownloadManager\System\imageformats\qjpeg4.dll
2010-03-09 03:28 - 2011-06-09 22:52 - 00073728 ____N () C:\Program Files\Adobe\Adobe Bridge CS5\Symlib.dll
2010-03-09 03:28 - 2011-06-09 22:52 - 02748416 ____N () C:\Program Files\Adobe\Adobe Bridge CS5\LIBMYSQLD.dll
2014-02-04 09:03 - 2014-02-02 00:42 - 04055368 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.107\pdf.dll
2014-02-04 09:03 - 2014-02-02 00:42 - 00399688 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll
2014-02-04 09:03 - 2014-02-02 00:41 - 01634632 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.107\ffmpegsumo.dll
2013-11-15 17:52 - 2009-02-17 11:19 - 00194048 ____N () C:\Program Files\LaCie\Network Assistant\curllib.dll
2013-11-15 17:52 - 2003-10-24 00:27 - 00110592 ____N () C:\Program Files\LaCie\Network Assistant\OpenLDAP.dll
2013-11-16 11:02 - 2008-04-06 09:45 - 00196608 ____N () C:\Program Files\LaCie\Genie Backup Manager Pro\GSLogging.dll
2013-11-16 11:02 - 2008-04-06 09:52 - 00196608 ____N () C:\Program Files\LaCie\Genie Backup Manager Pro\gs_encryption.dll
2013-02-26 15:59 - 2013-02-26 15:59 - 06227512 ____N () C:\Program Files\Polar\WebSync\WebSync.exe
2013-02-26 15:59 - 2013-02-26 15:59 - 00110648 ____N () C:\Program Files\Polar\WebSync\PTransform.dll
2010-02-10 15:06 - 2010-02-10 15:06 - 00334848 ____N () C:\Program Files\Polar\WebSync\QtXml4.dll
2011-01-14 15:01 - 2011-01-14 15:01 - 02142720 ____N () C:\Program Files\Polar\WebSync\QtCore4.dll
2013-02-26 15:59 - 2013-02-26 15:59 - 03722296 ____N () C:\Program Files\Polar\WebSync\libpolar.dll
2010-02-10 15:22 - 2010-02-10 15:22 - 07971840 ____N () C:\Program Files\Polar\WebSync\QtGui4.dll
2010-02-10 15:07 - 2010-02-10 15:07 - 00929280 ____N () C:\Program Files\Polar\WebSync\QtNetwork4.dll
2010-02-10 17:45 - 2010-02-10 17:45 - 00025600 ____N () C:\Program Files\Polar\WebSync\imageformats\qgif4.dll
2010-02-10 17:45 - 2010-02-10 17:45 - 00119808 ____N () C:\Program Files\Polar\WebSync\imageformats\qjpeg4.dll
2011-04-01 18:22 - 2009-05-07 14:34 - 00124200 ____N () C:\Program Files\Hercules\WiFiStationN\WiFiN.exe
2011-04-01 18:22 - 2009-05-07 14:13 - 00864256 ____N () C:\Program Files\Hercules\WiFiStationN\en\WiFiN.resources.dll
2011-04-01 18:22 - 2009-05-07 14:11 - 00057344 ____N () C:\Program Files\Hercules\WiFiStationN\WiFiCore.dll
2013-10-19 00:55 - 2013-10-19 00:55 - 25100288 _____ () C:\Users\Xjr\AppData\Roaming\Dropbox\bin\libcef.dll
2012-09-08 12:16 - 2012-09-08 12:16 - 00433664 ____N () C:\Program Files\Evernote\Evernote\libxml2.dll
2012-09-08 12:16 - 2012-09-08 12:16 - 00315392 ____N () C:\Program Files\Evernote\Evernote\libtidy.dll
2014-01-16 09:50 - 2014-01-16 09:50 - 04591616 _____ () C:\Users\Xjr\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.5.0\libglesv2.dll
2014-01-16 09:50 - 2014-01-16 09:50 - 00112128 _____ () C:\Users\Xjr\AppData\Local\Google\Chrome\User Data\SwiftShader\1.0.5.0\libegl.dll
2014-02-04 09:03 - 2014-02-02 00:42 - 13616456 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll
2014-02-19 23:38 - 2014-02-19 23:38 - 00070144 _____ () C:\Users\Xjr\AppData\Local\Temp\GC\Profiles\{6B6CB76A-05EB-47BF-91C1-4684C448E323}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\mutechrome.dll
2013-08-13 13:15 - 2013-08-13 13:15 - 00206336 _____ () C:\Users\Xjr\AppData\Local\Temp\GC\Profiles\{6B6CB76A-05EB-47BF-91C1-4684C448E323}\Default\Extensions\jmiibbdogibcphdfkkmlimfffneaecbc\2.4_0\plugin\convenience.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\WINDOWS:AstInfo
AlternateDataStreams: C:\WINDOWS:nlsPreferences

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk => C:\Windows\pss\Adobe Gamma.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Xjr^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^0.566349836300242467f76.exe.lnk => C:\Windows\pss\0.566349836300242467f76.exe.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Xjr^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Xacti Screen Capture 1.1.lnk => C:\Windows\pss\Xacti Screen Capture 1.1.lnk.Startup
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: ArcSoft Connection Service => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
MSCONFIG\startupreg: CCUTRAYICON => FactoryMode
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HP Software Update => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: hpsysdrv => c:\hp\support\hpsysdrv.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: MsnMsgr => "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: NvSvc => RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
MSCONFIG\startupreg: OsdMaestro => "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: Windows Mobile Device Center => %windir%\WindowsMobile\wmdc.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (02/17/2014 10:32:29 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2028

Error: (02/17/2014 10:32:29 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2028

Error: (02/17/2014 10:32:29 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/17/2014 10:32:28 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1030

Error: (02/17/2014 10:32:28 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1030

Error: (02/17/2014 10:32:28 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/17/2014 10:32:23 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 55739

Error: (02/17/2014 10:32:23 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 55739

Error: (02/17/2014 10:32:23 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (02/17/2014 10:32:22 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 54741

System errors:
=============
Error: (02/15/2014 03:19:46 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 ha encontrado un error al intentar actualizar las firmas.

 Nueva versión de firma:

 Versión de firma anterior: 1.165.3989.0

 Origen de actualización: %NT AUTHORITY59

 Etapa de actualización: 4.4.0304.00

 Ruta de origen: 4.4.0304.01

 Tipo de firma: %NT AUTHORITY602

 Tipo de actualización: %NT AUTHORITY604

 Usuario: NT AUTHORITY\SYSTEM

 Versión de motor actual: %NT AUTHORITY605

 Versión de motor anterior: %NT AUTHORITY606

 Código del error: %NT AUTHORITY607

 Descripción del error: %NT AUTHORITY608

Error: (02/14/2014 00:13:24 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 ha encontrado un error al intentar actualizar las firmas.

 Nueva versión de firma:

 Versión de firma anterior: 1.165.3989.0

 Origen de actualización: %NT AUTHORITY59

 Etapa de actualización: 4.4.0304.00

 Ruta de origen: 4.4.0304.01

 Tipo de firma: %NT AUTHORITY602

 Tipo de actualización: %NT AUTHORITY604

 Usuario: NT AUTHORITY\SYSTEM

 Versión de motor actual: %NT AUTHORITY605

 Versión de motor anterior: %NT AUTHORITY606

 Código del error: %NT AUTHORITY607

 Descripción del error: %NT AUTHORITY608

Error: (02/14/2014 00:13:24 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 ha encontrado un error al intentar actualizar las firmas.

 Nueva versión de firma:

 Versión de firma anterior: 1.165.3989.0

 Origen de actualización: %NT AUTHORITY59

 Etapa de actualización: 4.4.0304.00

 Ruta de origen: 4.4.0304.01

 Tipo de firma: %NT AUTHORITY602

 Tipo de actualización: %NT AUTHORITY604

 Usuario: NT AUTHORITY\SYSTEM

 Versión de motor actual: %NT AUTHORITY605

 Versión de motor anterior: %NT AUTHORITY606

 Código del error: %NT AUTHORITY607

 Descripción del error: %NT AUTHORITY608

Error: (02/14/2014 00:13:24 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 ha encontrado un error al intentar actualizar las firmas.

 Nueva versión de firma:

 Versión de firma anterior: 1.165.3989.0

 Origen de actualización: %NT AUTHORITY59

 Etapa de actualización: 4.4.0304.00

 Ruta de origen: 4.4.0304.01

 Tipo de firma: %NT AUTHORITY602

 Tipo de actualización: %NT AUTHORITY604

 Usuario: NT AUTHORITY\SYSTEM

 Versión de motor actual: %NT AUTHORITY605

 Versión de motor anterior: %NT AUTHORITY606

 Código del error: %NT AUTHORITY607

 Descripción del error: %NT AUTHORITY608

Error: (02/10/2014 08:28:28 PM) (Source: Service Control Manager) (User: )
Description: Servicio de caché de fuentes de Windows%%1053

Error: (02/10/2014 08:28:28 PM) (Source: Service Control Manager) (User: )
Description: 30000Servicio de caché de fuentes de Windows

Error: (02/10/2014 08:27:58 PM) (Source: Service Control Manager) (User: )
Description: Servicio del iPod%%1053

Error: (02/10/2014 08:27:58 PM) (Source: Service Control Manager) (User: )
Description: 30000Servicio del iPod

Error: (02/10/2014 08:27:58 PM) (Source: DCOM) (User: )
Description: 1053iPod Service{063D34A4-BF84-4B8D-B699-E8CA06504DDE}

Error: (02/10/2014 08:27:28 PM) (Source: Service Control Manager) (User: )
Description: 30000Microsoft .NET Framework NGEN v4.0.30319_X86

Microsoft Office Sessions:
=========================
Error: (08/28/2011 08:10:14 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6557.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 12 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (03/02/2010 00:26:54 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 25 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (05/17/2009 10:02:29 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 49 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (04/23/2009 11:09:14 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6300.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 19 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (02/08/2009 06:56:34 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 21502 seconds with 8760 seconds of active time.  This session ended with a crash.

Error: (06/22/2008 07:00:11 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6300.5000, Microsoft Office Version: 12.0.4518.1014. This session lasted 31 seconds with 0 seconds of active time.  This session ended with a crash.

Error: (03/23/2008 09:22:31 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 136 seconds with 120 seconds of active time.  This session ended with a crash.

CodeIntegrity Errors:
===================================
  Date: 2014-02-09 11:51:56.628
  Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume1\WINDOWS\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22167_none_b36dd19b7fae39c7\tcpip.sys porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

  Date: 2014-02-09 11:51:56.356
  Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume1\WINDOWS\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22167_none_b36dd19b7fae39c7\tcpip.sys porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

  Date: 2014-02-09 11:51:56.097
  Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume1\WINDOWS\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22167_none_b36dd19b7fae39c7\tcpip.sys porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

  Date: 2014-02-09 11:51:55.829
  Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume1\WINDOWS\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22167_none_b36dd19b7fae39c7\tcpip.sys porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

  Date: 2014-02-09 11:51:55.437
  Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume1\WINDOWS\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

  Date: 2014-02-09 11:51:55.177
  Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume1\WINDOWS\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

  Date: 2014-02-09 11:51:54.920
  Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume1\WINDOWS\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

  Date: 2014-02-09 11:51:54.658
  Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume1\WINDOWS\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.18063_none_b2e033a8669434a1\tcpip.sys porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

  Date: 2014-02-09 11:51:53.358
  Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume1\WINDOWS\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

  Date: 2014-02-09 11:51:53.100
  Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume1\WINDOWS\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22497_none_b34d67897fc6850f\tcpip.sys porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

==================== Memory info ===========================

Percentage of memory in use: 69%
Total physical RAM: 3326.39 MB
Available physical RAM: 1020.98 MB
Total Pagefile: 6851.75 MB
Available Pagefile: 3601.36 MB
Total Virtual: 2047.88 MB
Available Virtual: 1892.34 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:182.54 GB) (Free:35.81 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Disco D) (Fixed) (Total:107.63 GB) (Free:67.75 GB) NTFS
Drive l: (HP Personal Media Drive) (Fixed) (Total:1863.01 GB) (Free:815.88 GB) NTFS
Drive m: (HP Drive 300) (Fixed) (Total:298.08 GB) (Free:82.75 GB) NTFS
Drive y: (Public) (Network) (Total:1855 GB) (Free:1855 GB) NTFS
Drive z: (Recovery) (Fixed) (Total:7.92 GB) (Free:0.81 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 1549F232)
Partition 1: (Active) - (Size=183 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=108 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 298 GB) (Disk ID: 7CFC6901)
Partition 1: (Not Active) - (Size=298 GB) - (Type=OF Extended)

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 1863 GB) (Disk ID: D0C7E108)
Partition 1: (Not Active) - (Size=-198635159552) - (Type=OF Extended)

==================== End Of Log ============================



#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,499 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:49 AM

Posted 19 February 2014 - 06:28 PM

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


Attached File  fixlist.txt   296bytes   4 downloads

How is the machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 Xjr1979

Xjr1979
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:49 AM

Posted 20 February 2014 - 04:45 AM

fireman4it, Here you have the log. After I ran the script fix, the system  did not restart.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 16-02-2014
Ran by Xjr at 2014-02-20 08:17:29 Run:1
Running from C:\Users\Xjr\Downloads
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Task: {2EFC8C36-F8E6-4530-85BB-CB0066B404BA} - System32\Tasks\Oxy => C:\Users\Xjr\AppData\Roaming\Oxy\Updater.exe [2014-01-27] () <==== ATTENTION
Task: {3859068B-70D3-4F2A-AFA2-FF53B4FD129B} - System32\Tasks\RunAsStdUser Task => C:\Users\Xjr\AppData\Local\Oxy\Application\oxy.exe <==== ATTENTION
*****************

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2EFC8C36-F8E6-4530-85BB-CB0066B404BA} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2EFC8C36-F8E6-4530-85BB-CB0066B404BA} => Key deleted successfully.
C:\Windows\System32\Tasks\Oxy => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Oxy => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3859068B-70D3-4F2A-AFA2-FF53B4FD129B} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3859068B-70D3-4F2A-AFA2-FF53B4FD129B} => Key deleted successfully.
C:\Windows\System32\Tasks\RunAsStdUser Task => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RunAsStdUser Task => Key deleted successfully.

==== End of Fixlog ====



#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,499 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:49 AM

Posted 20 February 2014 - 10:17 AM

Is it still playing random add and music?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 Xjr1979

Xjr1979
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:49 AM

Posted 20 February 2014 - 11:42 AM

Hi fireman4it, the system has been restarted  and up for an hour and no ads played.



#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,499 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:49 AM

Posted 20 February 2014 - 06:05 PM

Lets check for any leftovers.

 

1.

Download 51a5f31352b88-icon_MBAR.pngMalwarebytes Anti-Rootkit to your desktop.

  • Extract the ZIP archive and double-click "mbar.exe" to start the tool.
  • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
  • Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
  • When the scan is finished and no malware has been found select "Exit".
  • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
  • Open the MBAR folder and paste the content of the following files in your next reply:
  • "mbar-log-{date} (xx-xx-xx).txt"
  • "system-log.txt"

[/*]

 

 

2.

 ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go >>HERE<< then click on: ESET1st.jpg

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the ESETexe.jpg icon to install.

    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: ESETsave.jpg
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on: EOLS3.gif
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic.
  • Now click on: EOLS4.gif
    (Selecting Uninstall application on close if you so wish)


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#9 Xjr1979

Xjr1979
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:49 AM

Posted 24 February 2014 - 03:36 AM

good morning fireman4it, here you have the logs. the system took nearly 48 hours to complete. 

 

Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org

Database version: v2014.02.21.07

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Xjr :: XJRHOME [administrator]

21/02/2014 16:30:23
mbar-log-2014-02-21 (16-30-23).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 303065
Time elapsed: 42 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 2
HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|DisableRegedit (Hijack.Regedit) -> Data: 0 -> Delete on reboot.
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|DisableRegedit (Hijack.Regedit) -> Data: 0 -> Delete on reboot.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\WINDOWS\Mstecf.dat (Malware.Trace) -> Delete on reboot.

Physical Sectors Detected: 0
(No malicious items detected)

(end)

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

© Malwarebytes Corporation 2011-2012

OS version: 6.0.6002 Windows Vista Service Pack 2 x86

Account is Administrative

Internet Explorer version: 9.0.8112.16421

Java version: 1.6.0_24

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, L:\ DRIVE_FIXED, M:\ DRIVE_FIXED, Z:\ DRIVE_FIXED
CPU speed: 2.393000 GHz
Memory total: 3487969280, free: 1090596864

Downloaded database version: v2014.02.21.07
Downloaded database version: v2014.02.20.01
=======================================
Initializing...
------------ Kernel report ------------
     02/21/2014 16:30:15
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\DRIVERS\MpFilter.sys
\SystemRoot\System32\Drivers\PxHelp20.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\tunmp.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\e1e6032.sys
\SystemRoot\system32\DRIVERS\usbuhci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\3xHybrid.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\BdaSup.SYS
\SystemRoot\system32\DRIVERS\ohci1394.sys
\SystemRoot\system32\DRIVERS\1394BUS.SYS
\SystemRoot\system32\drivers\Afc.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\System32\Drivers\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\VMNetSrv.sys
\SystemRoot\system32\DRIVERS\wacomvhid.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\circlass.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\RTKVHDA.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\??\C:\Windows\system32\Drivers\vmm.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\RTL8192su.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\LHidFilt.Sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\LMouFilt.Sys
\SystemRoot\system32\DRIVERS\usbcir.sys
\SystemRoot\system32\DRIVERS\wacmoumonitor.sys
\SystemRoot\system32\DRIVERS\hidir.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\NisDrvWFP.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\drivers\tdtcp.sys
\SystemRoot\System32\DRIVERS\tssecsrv.sys
\SystemRoot\System32\Drivers\RDPWD.SYS
\SystemRoot\system32\drivers\MSPQM.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\WINDOWS\System32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk8\DR8
Upper Device Object: 0xffffffff88ac9ac8
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000098\
Lower Device Object: 0xffffffff88ac5cb8
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk7\DR7
Upper Device Object: 0xffffffff88ac8ac8
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000097\
Lower Device Object: 0xffffffff88ac09a0
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk6\DR6
Upper Device Object: 0xffffffff88a33ac8
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000091\
Lower Device Object: 0xffffffff88a2e9a0
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk5\DR5
Upper Device Object: 0xffffffff88a31ac8
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000090\
Lower Device Object: 0xffffffff88a2bcb8
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xffffffff88a2dac8
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\0000008f\
Lower Device Object: 0xffffffff88a29cb8
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xffffffff88a2fac8
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\0000008e\
Lower Device Object: 0xffffffff88a27cb8
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xffffffff88a26ac8
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\0000008d\
Lower Device Object: 0xffffffff89922cb8
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xffffffff880fdac8
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\00000077\
Lower Device Object: 0xffffffff880ed9a0
Lower Device Driver Name: \Driver\USBSTOR\
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff86ee7ac8
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xffffffff85d51528
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff86ee7ac8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff86ee77b0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff86ee7ac8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff86787240, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff85d51528, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 1549F232

Partition information:

    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 63  Numsec = 382805752
    Partition file system is NTFS
    Partition is bootable

    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 382806016  Numsec = 225718272

    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 608526135  Numsec = 16611210

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 320072933376 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-62-625122448-625142448)...
Done!
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xffffffff880fdac8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff880ed020, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff880fdac8, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff880ed9a0, DeviceName: \Device\00000077\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 7CFC6901

Partition information:

    Partition 0 type is Extended with LBA (0xf)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 16065  Numsec = 625121280

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 320072933376 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 512
Drive: 2, DevicePointer: 0xffffffff88a26ac8, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff88a19b38, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff88a26ac8, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff89922cb8, DeviceName: \Device\0000008d\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Drive 2
Scanning MBR on drive 2...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: D0C7E108

Partition information:

    Partition 0 type is Extended with LBA (0xf)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 16065  Numsec = 3907008000

    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 2000398934016 bytes
Sector size: 512 bytes

Done!
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xffffffff88a2fac8, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff88a30a00, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff88a2fac8, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff88a27cb8, DeviceName: \Device\0000008e\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xffffffff88a2dac8, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff88a2cb38, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff88a2dac8, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff88a29cb8, DeviceName: \Device\0000008f\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 5, DevicePointer: 0xffffffff88a31ac8, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff88a30d18, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff88a31ac8, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff88a2bcb8, DeviceName: \Device\00000090\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 6, DevicePointer: 0xffffffff88a33ac8, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff88a32b38, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff88a33ac8, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff88a2e9a0, DeviceName: \Device\00000091\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 7, DevicePointer: 0xffffffff88ac8ac8, DeviceName: \Device\Harddisk7\DR7\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff89426d18, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff88ac8ac8, DeviceName: \Device\Harddisk7\DR7\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff88ac09a0, DeviceName: \Device\00000097\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 8, DevicePointer: 0xffffffff88ac9ac8, DeviceName: \Device\Harddisk8\DR8\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff88ac6b10, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff88ac9ac8, DeviceName: \Device\Harddisk8\DR8\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff88ac5cb8, DeviceName: \Device\00000098\, DriverName: \Driver\USBSTOR\
------------ End ----------
Infected: C:\WINDOWS\Mstecf.dat --> [Malware.Trace]
Infected: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|DisableRegedit --> [Hijack.Regedit]
Infected: HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM|DisableRegedit --> [Hijack.Regedit]
Scan finished
Creating System Restore point...
Cleaning up...
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================

 

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=8
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=8e28521a5af83d48a91da0a9ac0de7d9
# engine=17174
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-02-23 08:27:47
# local_time=2014-02-23 09:27:47 (+0100, Hora estándar romance)
# country="Spain"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=5892 16776574 100 100 115949441 230719995 0 0
# scanned=414915
# found=28
# cleaned=0
# scan_time=83988
sh=F4687F26FB5F90F12B444867597F3C32F765B35F ft=1 fh=512b5a55375d865d vn="Win32/Toolbar.Conduit.T potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Conduit\ValueApps\IE\ValueAppsLoader.dll.vir"
sh=538A2AA698B3F41A1F0D0BCD195021946B4786A5 ft=1 fh=0e1d5fdc5a372710 vn="a variant of Win32/Toolbar.Montiera.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\facemoods.com\facemoods\1.4.17.11\facemoodsApp.dll.vir"
sh=B46C493E729674C1F02AE94D32C476E5B5077625 ft=1 fh=2f87e0577837b7dd vn="a variant of Win32/Toolbar.Montiera.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe.vir"
sh=C9F5B0DCF1B772F566855BDA156283D5F30180AB ft=1 fh=8ad118ddb55f9e8c vn="a variant of Win32/Amonetize.AC potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Xjr\AppData\Local\SwvUpdater\Updater.exe.vir"
sh=E32ECB71CAA5BA1F62D7E28F6E7D76D226677B01 ft=1 fh=fc7b40d4e32d8af5 vn="Win32/Distromatic.B potentially unwanted application" ac=I fn="C:\Program Files\Amazon Browser Bar\search_protect.exe"
sh=7A95606B2B7A2ED48CCF7DC011717EB166336F60 ft=1 fh=01c9a3cbb5f9555a vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\Program Files\Wisdom-soft ScreenHunter 6.0 Free\Toolbar.exe"
sh=E6B9A9561CD23D06BBD497FA85DBB31AF679A269 ft=1 fh=c71c001105168cd2 vn="a variant of Win32/GigaClicks.AC potentially unwanted application" ac=I fn="C:\Users\Xjr\AppData\Local\GCC\Controller.exe"
sh=B90AAD8F0749B445B882D650D1C0B66A4122DA92 ft=1 fh=0cdc7fc4b065da36 vn="Win32/Distromatic.B potentially unwanted application" ac=I fn="C:\Users\Xjr\AppData\Local\Temp\nsa766.tmp\zplugins.dll"
sh=91AD48DC25C3FC300CDBC8C40AEF8AC66AF7DC0E ft=1 fh=0a8c640a8eaa7d82 vn="Win32/Systweak.B potentially unwanted application" ac=I fn="C:\Users\Xjr\Downloads\rcp_dcomnew_sec_728.exe"
sh=BF67F2EF049BB810F16DE1ABC5BAA83F0DF16B60 ft=1 fh=74b21da2ec8e953b vn="a variant of Win32/SoftonicDownloader.E potentially unwanted application" ac=I fn="C:\Users\Xjr\Downloads\SoftonicDownloader_para_cobian-backup.exe"
sh=D0E64CE5F816CEC7F9C24C965D2693A37E78A121 ft=1 fh=1c1d23f9a76e96a3 vn="a variant of Win32/BundleInstaller.D potentially unwanted application" ac=I fn="C:\Users\Xjr\Downloads\The_Borrowers_The_Borrowers,_1.pdf_Downloader.exe"
sh=C43BB5A65E22E210BAA1CB97C19FD8B0DFDF5DC4 ft=0 fh=0000000000000000 vn="a variant of Win32/HackTool.Patcher.P potentially unsafe application" ac=I fn="L:\XJRHOME\Backup Set 2010-08-19 190922\Backup Files 2011-07-10 070103\Backup files 11.zip"
sh=FCF15F2A010654DC594095D9F439A9962A210CDA ft=0 fh=0000000000000000 vn="Win32/SoftonicDownloader.A potentially unwanted application" ac=I fn="L:\XJRHOME\Backup Set 2010-08-19 190922\Backup Files 2011-08-13 181519\Backup files 2.zip"
sh=FD81002E78B6F89EE9C15D24271EDB14D83CCE77 ft=0 fh=0000000000000000 vn="a variant of Win32/SweetIM.B potentially unwanted application" ac=I fn="L:\XJRHOME\Backup Set 2010-08-19 190922\Backup Files 2011-09-18 020607\Backup files 26.zip"
sh=3040A38D26F1D542B20363177FD97171CCC63712 ft=0 fh=0000000000000000 vn="a variant of Win32/Keygen.HA potentially unsafe application" ac=I fn="L:\XJRHOME\Backup Set 2011-10-31 103654\Backup Files 2011-10-31 103654\Backup files 5.zip"
sh=AB6CECA4BEC6A977E788377951AE00D4215F7E8F ft=0 fh=0000000000000000 vn="a variant of Win32/HackTool.Patcher.P potentially unsafe application" ac=I fn="L:\XJRHOME\Backup Set 2011-10-31 103654\Backup Files 2011-11-13 074309\Backup files 53.zip"
sh=4F6AB6FA1117201274E7D7D7E1683B0440735EA1 ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen virus" ac=I fn="L:\XJRHOME\Backup Set 2011-10-31 103654\Backup Files 2011-11-20 070037\Backup files 3.zip"
sh=3FB82BF32E5B0D1666612479553BA70AC9ACA3AB ft=0 fh=0000000000000000 vn="HTML/ScrInject.B.Gen virus" ac=I fn="L:\XJRHOME\Backup Set 2011-10-31 103654\Backup Files 2011-12-13 194848\Backup files 24.zip"
sh=3A29FC874CFF1E0F5EA7DB71AEC7FFBFD9396335 ft=0 fh=0000000000000000 vn="Java/Exploit.Agent.NCK trojan" ac=I fn="L:\XJRHOME\Backup Set 2011-10-31 103654\Backup Files 2012-06-17 070029\Backup files 2.zip"
sh=33262AFF5AB9A086EC37BFED05C2D4EF55973C3E ft=0 fh=0000000000000000 vn="Java/Exploit.CVE-2012-0507.BT trojan" ac=I fn="L:\XJRHOME\Backup Set 2011-10-31 103654\Backup Files 2012-07-01 000004\Backup files 5.zip"
sh=E8D054CA28F3B7423AC708872C3CD11FE31FBDB5 ft=0 fh=0000000000000000 vn="a variant of Win32/GigaClicks.AC potentially unwanted application" ac=I fn="L:\XJRHOME\Nueva Copia Seguridad\Copia de seguridad incremental.5.gbp"
sh=F3E0344F41A6F0B9BECFDCB59D84BB93AEEC55C3 ft=0 fh=0000000000000000 vn="a variant of Win32/Keygen.HA potentially unsafe application" ac=I fn="M:\Mis documentos\Adobe\NIK\nik_software_photoshop_plugins_suite\nik_software_photoshop_plugins_suite\Nik Software\MAC versions\Silver Efex Pro 2.001\Keygen.zip"
sh=20B667BDADB964D3E48204AAB7A5510BDB186A00 ft=1 fh=f0b4fc71efc20b88 vn="a variant of Win32/Keygen.HA potentially unsafe application" ac=I fn="M:\Mis documentos\Adobe\NIK\nik_software_photoshop_plugins_suite\nik_software_photoshop_plugins_suite\Nik Software\WIN versions\HDR Efex Pro 1.200\Medicine\KeyGen.exe"
sh=EC26EB94ADF2EC5B5E9E6FB9B5BB37FEB9C09B48 ft=1 fh=75a000e3845f93ac vn="a variant of Win32/Keygen.HA potentially unsafe application" ac=I fn="M:\Mis documentos\Adobe\NIK\nik_software_photoshop_plugins_suite\nik_software_photoshop_plugins_suite\Nik Software\WIN versions\Silver Efex Pro 2.002\Medicine\KeyGen.exe"
sh=77A4EFA54013F635C4690B76F003E10719228936 ft=1 fh=caf66c8aa059a125 vn="a variant of Win32/Keygen.HA potentially unsafe application" ac=I fn="M:\Mis documentos\Adobe\NIK\nik_software_photoshop_plugins_suite\nik_software_photoshop_plugins_suite\Nik Software\WIN versions\Viveza 2.004.10710\Medicine\01\KeyGen.exe"
sh=582D4007BB37C1A25A0DACCC2EB501F5BFF2EF03 ft=0 fh=0000000000000000 vn="a variant of Win32/HackTool.Patcher.P potentially unsafe application" ac=I fn="M:\Mis documentos\Adobe\Photoshop\Adobe CS5\A.P.CS5.Ext.Full.by.Ro_dri.part1.rar"
sh=42A893ED11B9823C302F5AF1AE7659C7DA795F60 ft=1 fh=22eddfba3ef44490 vn="Win32/PrcView potentially unsafe application" ac=I fn="M:\Mis documentos\Fotografia\fotoalbum-Setup.exe"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="a variant of Win32/GigaClicks.AC potentially unwanted application" ac=I fn="${Memory}"
.

 

 

 



#10 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,499 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:49 AM

Posted 25 February 2014 - 04:30 PM

How is your machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#11 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,499 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:49 AM

Posted 28 February 2014 - 03:59 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. If you don't reply within 3-5 days the topic will need to be closed.

Thanks for understanding :)

With Regards,
fireman4it


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#12 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,499 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:02:49 AM

Posted 02 March 2014 - 04:35 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users