Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Cryptowall 2.0 - Can't open any file.


  • This topic is locked This topic is locked
24 replies to this topic

#1 k2ron

k2ron

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:12 PM

Posted 16 October 2014 - 10:31 AM

Hi,

I have found out today morning that I can´t open any file on my PC, and I see I have a file created on almost every folder. The file is called "DECRYPT_INSTRUCTION.TXT" and the content is this:

 

************************************** File DECRYPT_INSTRUCTION.TXT **************************************

What happened to your files ?
All of your files were protected by a strong encryption with RSA-2048 using CryptoWall 2.0.
More information about the encryption keys using RSA-2048 can be found here: http://en.wikipedia.org/wiki/RSA_(cryptosystem)
 
 
What does this mean ?
This means that the structure and data within your files have been irrevocably changed, you will not be able to work with them, read them or see them,
it is the same thing as losing them forever, but with our help, you can restore them.
 
 
How did this happen ?
Especially for you, on our server was generated the secret key pair RSA-2048 - public and private.
All your files were encrypted with the public key, which has been transferred to your computer via the Internet.
Decrypting of your files is only possible with the help of the private key and decrypt program, which is on our secret server.
 
 
What do I do ?
Alas, if you do not take the necessary measures for the specified time then the conditions for obtaining the private key will be changed.
If you really value your data, then we suggest you do not waste valuable time searching for other solutions because they do not exist.
 
 
For more specific instructions, please visit your personal home page, there are a few different addresses pointing to your page below:
 
If for some reasons the addresses are not available, follow these steps:
2.After a successful installation, run the browser and wait for initialization.
3.Type in the address bar: paytordmbdekmizq.onion/185zsx8
4.Follow the instructions on the site.
 
 
IMPORTANT INFORMATION:
Your personal page (using TOR): paytordmbdekmizq.onion/185zsx8
Your personal identification number (if you open the site (or TOR 's) directly): 185zsx8
************************************** File DECRYPT_INSTRUCTION.TXT **************************************
 
My DDS file:
 
DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 10.0.9200.16576  BrowserJavaVersion: 11.5.2
Run by Dani at 11:16:52 on 2014-10-16
Microsoft Windows 7 Home Basic   6.1.7601.1.1252.52.3082.18.2766.878 [GMT -4:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe
C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
C:\windows\system32\conhost.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
C:\windows\system32\vmnat.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\VMware\VMware Player\vmware-authd.exe
C:\windows\system32\vmnetdhcp.exe
C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\System32\alg.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\TECO\Teco.exe
C:\Program Files\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe
C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\Citrix\ICA Client\concentr.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\Toshiba\HDMICtrlMan\HDMICtrlMan.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Program Files\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
C:\windows\system32\igfxext.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\Google\Drive\googledrivesync.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\windows\system32\wbem\unsecapp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosSkypeApl.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
C:\Program Files\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
C:\Program Files\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Verizon\IHA_MessageCenter\bin\VzDetectAgent.exe
C:\windows\system32\conhost.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Totalcmd\TOTALCMD.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\svchost.exe -k hpdevmgmt
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\System32\svchost.exe -k HPZ12
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\svchost.exe -k HPService
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://entertainment.verizon.com
uDefault_Page_URL = hxxp://www.toshibalatino.com
uProxyOverride = <local>
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.8.150\McAfeeMSS_IE.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre8\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Updater For Verizon Toolbar: {96673559-e653-4cdc-8923-f89347a952c0} - c:\program files\verizontb\auxi\verizonAu.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre8\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - c:\program files\toshiba\toshiba media controller plug-in\TOSHIBAMediaControllerIE.dll
BHO: Verizon Toolbar: {f8d96645-337c-419b-8792-b6c126145811} - c:\program files\verizontb\verizonDx.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Verizon Toolbar: {f8d96645-337c-419b-8792-b6c126145811} - c:\program files\verizontb\verizonDx.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "c:\users\dani\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [KiesPreload] c:\program files\samsung\kies\Kies.exe /preload
uRun: [] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe
uRun: [Facebook Update] "c:\users\dani\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [KiesAirMessage] c:\program files\samsung\kies\KiesAirMessage.exe -startup
uRun: [GoogleDriveSync] "c:\program files\google\drive\googledrivesync.exe" /autostart
uRun: [uTorrent] "c:\users\dani\appdata\roaming\utorrent\uTorrent.exe"  /MINIMIZED
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [TPwrMain] c:\program files\toshiba\power saver\TPwrMain.EXE
mRun: [HSON] c:\program files\toshiba\tbs\HSON.exe
mRun: [TCrdMain] c:\program files\toshiba\flashcards\TCrdMain.exe
mRun: [cAudioFilterAgent] c:\program files\conexant\caudiofilteragent\cAudioFilterAgent.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ITSecMng] c:\program files\toshiba\bluetooth toshiba stack\ItSecMng.exe /START
mRun: [TSleepSrv] c:\program files\toshiba\toshiba sleep utility\TSleepSrv.exe
mRun: [Teco] "c:\program files\toshiba\teco\Teco.exe" /r
mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe" /hide:60
mRun: [TosWaitSrv] c:\program files\toshiba\tphm\TosWaitSrv.exe
mRun: [TosVolRegulator] c:\program files\toshiba\tosvolregulator\TosVolRegulator.exe
mRun: [TosSENotify] c:\program files\toshiba\toshiba hdd ssd alert\TosWaitSrv.exe
mRun: [TosNC] c:\program files\toshiba\bulletinboard\TosNcCore.exe
mRun: [TosReelTimeMonitor] c:\program files\toshiba\reeltime\TosReelTimeMonitor.exe
mRun: [SmartAudio] c:\program files\conexant\saii\SAIICpl.exe /t
mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
mRun: [HDMICtrlMan] c:\program files\toshiba\hdmictrlman\HDMICtrlMan.exe
mRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [Adobe Creative Cloud] "c:\program files\adobe\adobe creative cloud\acc\Creative Cloud.exe" --showwindow=false --onOSstartup=true
dRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
StartupFolder: c:\users\dani\appdata\roaming\microsoft\windows\start menu\programs\startup\DECRYPT_INSTRUCTION.HTML
StartupFolder: c:\users\dani\appdata\roaming\microsoft\windows\start menu\programs\startup\DECRYPT_INSTRUCTION.TXT
StartupFolder: c:\users\dani\appdata\roaming\microsoft\windows\start menu\programs\startup\INSTALL_TOR.URL
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.8.150\SSScheduler.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xportar a Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
LSP: %windir%\system32\vsocklib.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{624AFB98-78EA-4488-8458-7D91A3CF765A} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{624AFB98-78EA-4488-8458-7D91A3CF765A}\0596A7A716370234C61627B6 : DHCPNameServer = 200.83.1.4 190.160.0.14 200.74.121.11
TCP: Interfaces\{624AFB98-78EA-4488-8458-7D91A3CF765A}\0596A7A7163736C61627B6 : DHCPNameServer = 200.83.1.4 190.160.0.14 200.74.121.11
TCP: Interfaces\{624AFB98-78EA-4488-8458-7D91A3CF765A}\3616475727275646 : DHCPNameServer = 192.168.0.1 190.160.0.15 200.74.121.12 200.83.1.5
TCP: Interfaces\{624AFB98-78EA-4488-8458-7D91A3CF765A}\361647572727564623 : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{624AFB98-78EA-4488-8458-7D91A3CF765A}\4424658424 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{624AFB98-78EA-4488-8458-7D91A3CF765A}\960586F6E65602052434 : DHCPNameServer = 190.110.154.67 190.110.154.70
TCP: Interfaces\{624AFB98-78EA-4488-8458-7D91A3CF765A}\D454E44514 : DHCPNameServer = 190.160.0.14 200.83.1.4 190.160.0.11
TCP: Interfaces\{C9E01618-D0A8-428A-A0CE-4CF1D03DBB09} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{E802A8E6-D19A-4AED-8218-024B6510BC38} : DHCPNameServer = 192.168.42.129
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\37.0.2062.124\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\dani\appdata\roaming\mozilla\firefox\profiles\qmridjk2.default\
FF - prefs.js: browser.search.selectedEngine - Verizon
FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\adobe\adobe creative cloud\utils\npAdobeAAMDetect32.dll
FF - plugin: c:\program files\adobe\adobe creative cloud\utils\npAdobeAAMDetect64.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre8\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre8\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: c:\program files\wildtangent games\app\browserintegration\registered\0\NP_wtapp.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\dani\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\users\dani\appdata\local\google\update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: c:\users\dani\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\dani\appdata\roaming\electronic arts\game face\npGameFacePlugin.dll
FF - plugin: c:\users\dani\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\dani\appdata\roaming\mozilla\plugins\npo1d.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_13_0_0_182.dll
.
============= SERVICES / DRIVERS ===============
.
R0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys [2013-4-15 61464]
R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2009-9-8 65584]
R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2012-1-4 822624]
R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\verizon\iha_messagecenter\bin\Verizon_IHAMessageCenter.exe [2014-8-13 363128]
R2 postgresql-8.4;postgresql-8.4 - PostgreSQL Server 8.4;C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "C:/Program Files/PostgreSQL/8.4/data" -w --> C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 [?]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2011-10-1 508776]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2012-8-28 92632]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\toshiba\teco\TecoService.exe [2011-5-24 210880]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\drivers\TVALZFL.sys [2009-6-19 12920]
R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\intel\intel® management engine components\uns\UNS.exe [2012-1-7 2656280]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\common files\vmware\usb\vmware-usbarbitrator.exe [2012-10-11 721048]
R3 Blackberry Device Manager;Blackberry Device Manager;c:\program files\common files\research in motion\usb drivers\BbDevMgr.exe [2013-1-18 577536]
R3 BtFilter;Bluetooth LowerFilter Class Filter Driver;c:\windows\system32\drivers\btfilter.sys [2012-1-7 33640]
R3 IntcDAud;Sonido Intel® para pantallas;c:\windows\system32\drivers\IntcDAud.sys [2010-10-15 269824]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C62x86.sys [2010-11-8 68208]
R3 MEI;Intel® Management Engine Interface;c:\windows\system32\drivers\HECI.sys [2010-10-19 41088]
R3 PGEffect;Pangu effect driver;c:\windows\system32\drivers\PGEffect.sys [2012-1-7 33616]
R3 QIOMem;Generic IO & Memory Access;c:\windows\system32\drivers\QIOMem.sys [2009-6-15 9216]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2011-10-1 579944]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2011-10-1 194408]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2011-10-1 21864]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2011-10-1 19304]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2011-10-1 219496]
R3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2012-1-7 57216]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\toshiba\toshiba hdd ssd alert\TosSmartSrv.exe [2011-6-10 112552]
R3 TPCHSrv;TPCH Service;c:\program files\toshiba\tphm\TPCHSrv.exe [2011-7-1 686008]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-9-5 171680]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2014-4-18 88576]
S3 GamesAppService;GamesAppService;c:\program files\wildtangent games\app\GamesAppService.exe [2010-10-12 206072]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.8.150\McCHSvc.exe [2014-4-9 235696]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUStor.sys [2012-1-7 197224]
S3 RSUSBVSTOR;RTSUVSTOR.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RtsUVStor.sys [2012-1-7 226408]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2013-8-31 136904]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2013-8-31 17864]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2013-8-31 153672]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2014-4-18 184192]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2010-11-20 52224]
S3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
S3 usbrndis6;Adaptador USB RNDIS6;c:\windows\system32\drivers\usb80236.sys [2013-3-26 15872]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2014-09-19 22:36:44 -------- d-----w- c:\users\dani\appdata\roaming\Verizon
.
==================== Find3M  ====================
.
2014-08-05 06:36:42 0 ----a-w- c:\windows\system32\sho8636.tmp
.
============= FINISH: 11:23:23.27 ===============
 
 
Thanks,
 
Rene
 
 

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:12 PM

Posted 21 October 2014 - 10:35 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/552200 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 k2ron

k2ron
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:12 PM

Posted 21 October 2014 - 11:57 AM

Hi,

Yes. I still have this issue. Before starting to try the shadow copies I want to make sure Cryptowall is out of my laptop. Appreciate your help.

 

Tks,

 

Rene



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:12 PM

Posted 23 October 2014 - 10:13 AM


Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===
Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Wait for further instructions.

Edited by nasdaq, 23 October 2014 - 10:14 AM.


#5 k2ron

k2ron
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:12 PM

Posted 23 October 2014 - 06:47 PM

Hi, 

Here are the logs:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-10-2014
Ran by Dani (administrator) on SHIBATITO on 23-10-2014 19:38:21
Running from C:\Users\Dani\Downloads
Loaded Profiles: Dani & postgres (Available profiles: Dani & postgres)
Platform: Microsoft Windows 7 Home Basic  Service Pack 1 (X86) OS Language: Español (España, internacional)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Verizon) C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(VMware, Inc.) C:\Windows\System32\vmnat.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TecoService.exe
(VMware, Inc.) C:\Program Files\VMware\VMware Player\vmware-authd.exe
(VMware, Inc.) C:\Windows\System32\vmnetdhcp.exe
(VMware, Inc.) C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\Teco.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
(Research In Motion Limited) C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(TOSHIBA Corporation.) C:\Program Files\Toshiba\HDMICtrlMan\HDMICtrlMan.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Google) C:\Program Files\Google\Drive\googledrivesync.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Research In Motion Limited) C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(TOSHIBA CORPORATION) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA Service Station\TMachInfo.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
() C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\LMS\LMS.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosOBEX.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosSkypeApl.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA CORPORATION.) C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [] => [X]
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [542640 2011-05-17] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [173432 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [839040 2011-04-27] (TOSHIBA Corporation)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent.exe [519296 2011-06-30] (Conexant Systems, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2184488 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [ITSecMng] => C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [80840 2011-04-01] (TOSHIBA CORPORATION)
HKLM\...\Run: [TSleepSrv] => C:\Program Files\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252792 2010-06-04] (TOSHIBA)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1370032 2011-05-24] (TOSHIBA Corporation)
HKLM\...\Run: [ToshibaServiceStation] => C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [612256 2011-07-01] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [22840 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [612256 2011-06-10] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [468912 2011-07-27] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [32168 2011-06-28] (TOSHIBA Corporation)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [310912 2011-03-24] (Conexant Systems, Inc.)
HKLM\...\Run: [ConnectionCenter] => C:\Program Files\Citrix\ICA Client\concentr.exe [103768 2009-09-12] (Citrix Systems, Inc.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM\...\Run: [hpqSRMon] => C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM\...\Run: [googletalk] => C:\Program Files\Google\Google Talk\googletalk.exe [3739648 2007-01-01] (Google)
HKLM\...\Run: [RIMBBLaunchAgent.exe] => C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)
HKLM\...\Run: [HDMICtrlMan] => C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe [832856 2009-10-23] (TOSHIBA Corporation.)
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [311616 2014-02-14] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [224128 2014-03-18] (Oracle Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe Creative Cloud] => C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2688920 2014-05-26] (Adobe Systems Incorporated)
HKU\S-1-5-21-1246240811-1488634996-1864846537-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-09-08] (Google Inc.)
HKU\S-1-5-21-1246240811-1488634996-1864846537-1000\...\Run: [Google Update] => C:\Users\Dani\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-08-15] (Google Inc.)
HKU\S-1-5-21-1246240811-1488634996-1864846537-1000\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [1564992 2014-02-14] (Samsung)
HKU\S-1-5-21-1246240811-1488634996-1864846537-1000\...\Run: [] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845120 2014-02-14] (Samsung)
HKU\S-1-5-21-1246240811-1488634996-1864846537-1000\...\Run: [Facebook Update] => C:\Users\Dani\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-02-03] (Facebook Inc.)
HKU\S-1-5-21-1246240811-1488634996-1864846537-1000\...\Run: [KiesAirMessage] => C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-1246240811-1488634996-1864846537-1000\...\Run: [GoogleDriveSync] => C:\Program Files\Google\Drive\googledrivesync.exe [22734160 2014-08-08] (Google)
HKU\S-1-5-18\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-09-08] (Google Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
InternetURL: C:\Users\Dani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\INSTALL_TOR.URL -> https://paytordmbdekmizq.tor4pay.com/185zsx8
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x86.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x86.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x86.dll ()
ShellIconOverlayIdentifiers: [GDriveBlacklistedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedEditOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSharedViewOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: [GDriveSyncingOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://entertainment.verizon.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibalatino.com
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{5D1B8C41-1F39-4858-8F88-17B76F700051}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
Tcpip\..\Interfaces\{EAEC42DA-EE49-4A6E-B5BB-2EFF33C1EE3F}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
 
FireFox:
========
FF ProfilePath: C:\Users\Dani\AppData\Roaming\Mozilla\Firefox\Profiles\qmridjk2.default
FF SelectedSearchEngine: Verizon
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.5.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Dani\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin -> C:\Users\Dani\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin -> C:\Users\Dani\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Dani\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Dani\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Dani\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: electronicarts.com/GameFacePlugin -> C:\Users\Dani\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts)
FF Plugin ProgramFiles/Appdata: C:\Users\Dani\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Dani\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\verizontb.xml
FF Extension: Verizon Toolbar - C:\Users\Dani\AppData\Roaming\Mozilla\Firefox\Profiles\qmridjk2.default\Extensions\{96ce3418-8ef3-45b5-8808-de5dbe03fb13} [2014-09-15]
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-11-17]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.toshibalatino.com/
CHR StartupUrls: Default -> "hxxp://www.toshibalatino.com/"
CHR Profile: C:\Users\Dani\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Dani\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-12]
CHR Extension: (Radio Player Live) - C:\Users\Dani\AppData\Local\Google\Chrome\User Data\Default\Extensions\boidnimkebefpfgbeekbjoponilnomle [2013-11-06]
CHR Extension: (Google Calendar) - C:\Users\Dani\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2013-10-20]
CHR Extension: (Video Downloader professional) - C:\Users\Dani\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2014-06-21]
CHR Extension: (TV y Radios de Chile) - C:\Users\Dani\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijdncbaekoleeeddhkbnoihmmlfalmkb [2012-08-23]
CHR Extension: (Cuevana Stream) - C:\Users\Dani\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfdckejfnkaemompfjhecfmhjgnchmjg [2012-08-26]
CHR Extension: (Google Wallet) - C:\Users\Dani\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02]
CHR Extension: (TV y Radios de Chile) - C:\Users\Dani\AppData\Local\Google\Chrome\User Data\Default\Extensions\phimhnckkaofkllcoledjilakgbeohli [2014-10-05]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Dani\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2014-08-11]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 Blackberry Device Manager; C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited) [File not signed]
R3 hpqcxs08; C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL [694784 2009-09-20] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 IHA_MessageCenter; C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [363128 2014-08-13] (Verizon)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 Net Driver HPZ12; C:\windows\system32\HPZinw12.dll [44544 2008-12-03] (Hewlett-Packard) [File not signed]
S3 OpenVPNService; C:\Program Files\HMA! Pro VPN\bin\openvpnserv.exe [36352 2012-11-19] () [File not signed]
R2 Pml Driver HPZ12; C:\windows\system32\HPZipm12.dll [53760 2008-12-03] (Hewlett-Packard) [File not signed]
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [770432 2014-01-09] (Enigma Software Group USA, LLC.)
R3 TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [57216 2011-07-11] (TOSHIBA Corporation)
R2 TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [210880 2011-05-24] (TOSHIBA Corporation)
R3 TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [112552 2011-06-10] (TOSHIBA Corporation)
R3 TPCHSrv; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [686008 2011-07-01] (TOSHIBA Corporation)
R2 VMAuthdService; C:\Program Files\VMware\VMware Player\vmware-authd.exe [87120 2013-02-26] (VMware, Inc.)
R2 VMnetDHCP; C:\windows\system32\vmnetdhcp.exe [357456 2013-02-26] (VMware, Inc.)
R2 VMUSBArbService; C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe [721048 2012-10-11] (VMware, Inc.)
R2 VMware NAT Service; C:\windows\system32\vmnat.exe [436304 2013-02-26] (VMware, Inc.)
R2 postgresql-8.4; C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "C:/Program Files/PostgreSQL/8.4/data" -w [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 BtFilter; C:\windows\System32\DRIVERS\btfilter.sys [33640 2010-10-18] (Atheros)
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15384 2014-01-07] ()
S3 EsgScanner; C:\windows\System32\DRIVERS\EsgScanner.sys [19984 2012-06-22] ()
R2 hcmon; C:\windows\system32\drivers\hcmon.sys [41496 2012-10-11] (VMware, Inc.)
R3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [23256 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [114904 2014-10-23] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [51928 2014-10-01] (Malwarebytes Corporation)
R3 MEI; C:\windows\System32\DRIVERS\HECI.sys [41088 2010-10-19] (Intel Corporation)
R3 PGEffect; C:\windows\System32\DRIVERS\pgeffect.sys [33616 2011-02-08] (TOSHIBA Corporation)
R3 QIOMem; C:\windows\System32\DRIVERS\QIOMem.sys [9216 2009-06-15] (TOSHIBA)
S3 RSUSBVSTOR; C:\windows\System32\Drivers\RTSUVSTOR.sys [226408 2010-11-30] (Realtek Semiconductor Corp.)
R3 tap0901; C:\windows\System32\DRIVERS\tap0901.sys [26112 2012-11-19] (The OpenVPN Project)
R2 TVALZFL; C:\windows\System32\DRIVERS\TVALZFL.sys [12920 2009-06-19] (TOSHIBA Corporation)
S3 usbrndis6; C:\windows\System32\DRIVERS\usb80236.sys [15872 2013-02-11] (Microsoft Corporation)
R3 vmkbd; C:\windows\system32\drivers\VMkbd.sys [26064 2013-02-26] (VMware, Inc.)
R3 VMnetAdapter; C:\windows\System32\DRIVERS\vmnetadapter.sys [16664 2013-02-26] (VMware, Inc.)
R2 VMnetBridge; C:\windows\System32\DRIVERS\vmnetbridge.sys [37016 2013-02-26] (VMware, Inc.)
R2 VMnetuserif; C:\windows\system32\drivers\vmnetuserif.sys [26192 2013-02-26] (VMware, Inc.)
R2 vmx86; C:\windows\system32\Drivers\vmx86.sys [62416 2013-02-26] (VMware, Inc.)
R0 vsock; C:\windows\System32\drivers\vsock.sys [61464 2012-10-24] (VMware, Inc.)
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-23 19:38 - 2014-10-23 19:38 - 00029708 _____ () C:\Users\Dani\Downloads\FRST.txt
2014-10-23 19:38 - 2014-10-23 19:38 - 00000000 ____D () C:\FRST
2014-10-23 19:37 - 2014-10-23 19:37 - 01103360 _____ (Farbar) C:\Users\Dani\Downloads\FRST.exe
2014-10-19 23:36 - 2014-10-19 23:36 - 00000000 ____D () C:\Program Files\ESET
2014-10-19 23:35 - 2014-10-19 23:35 - 02347384 _____ (ESET) C:\Users\Dani\Downloads\esetsmartinstaller_enu.exe
2014-10-19 22:04 - 2014-10-19 22:04 - 00002255 _____ () C:\Users\Dani\Desktop\SpyHunter.lnk
2014-10-19 22:04 - 2014-10-19 22:04 - 00000000 ____D () C:\Users\Dani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2014-10-19 22:04 - 2014-10-19 22:04 - 00000000 ____D () C:\sh4ldr
2014-10-19 22:04 - 2014-10-19 22:04 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-10-19 22:03 - 2014-10-19 22:04 - 00000000 ____D () C:\windows\455F074C814E4520B69B5584BD90400C.TMP
2014-10-19 22:03 - 2014-10-19 22:03 - 00000000 ____D () C:\Program Files\Common Files\Wise Installation Wizard
2014-10-19 21:51 - 2014-10-19 21:51 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Dani\Downloads\SpyHunter-Installer.exe
2014-10-19 21:16 - 2014-10-23 19:33 - 00114904 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-19 21:16 - 2014-10-19 21:16 - 00001075 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-19 21:16 - 2014-10-19 21:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-19 21:15 - 2014-10-19 21:16 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-10-19 21:15 - 2014-10-19 21:15 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Dani\Downloads\mbam-setup-2.0.3.1025.exe
2014-10-19 21:15 - 2014-10-19 21:15 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-19 21:15 - 2014-10-01 11:11 - 00075480 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-10-19 21:15 - 2014-10-01 11:11 - 00051928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-10-19 21:15 - 2014-10-01 11:11 - 00023256 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-10-19 21:09 - 2014-10-19 21:11 - 00000000 ____D () C:\AdwCleaner
2014-10-19 21:07 - 2014-10-19 21:08 - 01976320 _____ () C:\Users\Dani\Downloads\adwcleaner_4.000.exe
2014-10-19 21:04 - 2014-10-19 21:04 - 00003195 _____ () C:\Users\Dani\Desktop\JRT.txt
2014-10-19 21:02 - 2014-10-19 21:02 - 00000000 ____D () C:\windows\ERUNT
2014-10-19 21:01 - 2014-10-19 21:01 - 01705698 _____ (Thisisu) C:\Users\Dani\Downloads\JRT.exe
2014-10-16 11:30 - 2014-10-16 11:30 - 00003982 _____ () C:\Users\Dani\Desktop\attach.zip
2014-10-16 11:23 - 2014-10-16 11:23 - 00023192 _____ () C:\Users\Dani\Desktop\dds.txt
2014-10-16 11:23 - 2014-10-16 11:23 - 00016467 _____ () C:\Users\Dani\Desktop\attach.txt
2014-10-16 11:12 - 2014-10-16 11:12 - 00688992 ____R (Swearware) C:\Users\Dani\Downloads\dds.com
2014-10-16 10:27 - 2014-10-16 10:27 - 00008544 _____ () C:\DECRYPT_INSTRUCTION.HTML
2014-10-16 10:27 - 2014-10-16 10:27 - 00004216 _____ () C:\DECRYPT_INSTRUCTION.TXT
2014-10-16 10:27 - 2014-10-16 10:27 - 00000278 _____ () C:\Users\Dani\Desktop\INSTALL_TOR.URL
2014-10-16 10:27 - 2014-10-16 10:27 - 00000278 _____ () C:\INSTALL_TOR.URL
2014-10-16 10:01 - 2014-10-16 10:01 - 00008544 _____ () C:\Users\DECRYPT_INSTRUCTION.HTML
2014-10-16 10:01 - 2014-10-16 10:01 - 00008544 _____ () C:\Users\Dani\DECRYPT_INSTRUCTION.HTML
2014-10-16 10:01 - 2014-10-16 10:01 - 00004216 _____ () C:\Users\DECRYPT_INSTRUCTION.TXT
2014-10-16 10:01 - 2014-10-16 10:01 - 00004216 _____ () C:\Users\Dani\DECRYPT_INSTRUCTION.TXT
2014-10-16 10:01 - 2014-10-16 10:01 - 00000278 _____ () C:\Users\INSTALL_TOR.URL
2014-10-16 10:01 - 2014-10-16 10:01 - 00000278 _____ () C:\Users\Dani\INSTALL_TOR.URL
2014-10-16 09:17 - 2014-10-16 09:17 - 00008544 _____ () C:\Users\Dani\Downloads\DECRYPT_INSTRUCTION.HTML
2014-10-16 09:17 - 2014-10-16 09:17 - 00004216 _____ () C:\Users\Dani\Downloads\DECRYPT_INSTRUCTION.TXT
2014-10-16 09:17 - 2014-10-16 09:17 - 00000278 _____ () C:\Users\Dani\Downloads\INSTALL_TOR.URL
2014-10-15 13:30 - 2014-10-15 13:30 - 00008544 _____ () C:\Users\Dani\Documents\DECRYPT_INSTRUCTION.HTML
2014-10-15 13:30 - 2014-10-15 13:30 - 00004216 _____ () C:\Users\Dani\Documents\DECRYPT_INSTRUCTION.TXT
2014-10-15 13:30 - 2014-10-15 13:30 - 00000278 _____ () C:\Users\Dani\Documents\INSTALL_TOR.URL
2014-10-15 13:10 - 2014-10-15 13:10 - 00008544 _____ () C:\Users\Dani\AppData\Roaming\DECRYPT_INSTRUCTION.HTML
2014-10-15 13:10 - 2014-10-15 13:10 - 00008544 _____ () C:\Users\Dani\AppData\DECRYPT_INSTRUCTION.HTML
2014-10-15 13:10 - 2014-10-15 13:10 - 00004216 _____ () C:\Users\Dani\AppData\Roaming\DECRYPT_INSTRUCTION.TXT
2014-10-15 13:10 - 2014-10-15 13:10 - 00004216 _____ () C:\Users\Dani\AppData\DECRYPT_INSTRUCTION.TXT
2014-10-15 13:10 - 2014-10-15 13:10 - 00000278 _____ () C:\Users\Dani\AppData\Roaming\INSTALL_TOR.URL
2014-10-15 13:10 - 2014-10-15 13:10 - 00000278 _____ () C:\Users\Dani\AppData\INSTALL_TOR.URL
2014-10-15 13:09 - 2014-10-15 13:09 - 00008544 _____ () C:\Users\Dani\AppData\Local\DECRYPT_INSTRUCTION.HTML
2014-10-15 13:09 - 2014-10-15 13:09 - 00004216 _____ () C:\Users\Dani\AppData\Local\DECRYPT_INSTRUCTION.TXT
2014-10-15 13:09 - 2014-10-15 13:09 - 00000278 _____ () C:\Users\Dani\AppData\Local\INSTALL_TOR.URL
2014-10-15 13:08 - 2014-10-15 13:08 - 00008544 _____ () C:\Users\Cumple Elizabeth\DECRYPT_INSTRUCTION.HTML
2014-10-15 13:08 - 2014-10-15 13:08 - 00008544 _____ () C:\Users\AULA VIRTUAL PSP401\DECRYPT_INSTRUCTION.HTML
2014-10-15 13:08 - 2014-10-15 13:08 - 00004216 _____ () C:\Users\Cumple Elizabeth\DECRYPT_INSTRUCTION.TXT
2014-10-15 13:08 - 2014-10-15 13:08 - 00004216 _____ () C:\Users\AULA VIRTUAL PSP401\DECRYPT_INSTRUCTION.TXT
2014-10-15 13:08 - 2014-10-15 13:08 - 00000278 _____ () C:\Users\Cumple Elizabeth\INSTALL_TOR.URL
2014-10-15 13:08 - 2014-10-15 13:08 - 00000278 _____ () C:\Users\AULA VIRTUAL PSP401\INSTALL_TOR.URL
2014-10-15 13:06 - 2014-10-15 13:06 - 00008544 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.HTML
2014-10-15 13:06 - 2014-10-15 13:06 - 00004216 _____ () C:\ProgramData\DECRYPT_INSTRUCTION.TXT
2014-10-15 13:06 - 2014-10-15 13:06 - 00000278 _____ () C:\ProgramData\INSTALL_TOR.URL
2014-10-14 22:22 - 2014-10-14 22:22 - 00017589 _____ () C:\Users\Dani\Downloads\[kickass.to]22.jump.street.2014.1080p.brrip.x264.yify.torrent
2014-09-24 21:11 - 2014-09-24 21:11 - 00019671 _____ () C:\Users\Dani\Downloads\[kickass.to]godzilla.2014.1080p.brrip.x264.yify.torrent
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-23 19:33 - 2009-07-14 00:39 - 00211264 _____ () C:\windows\setupact.log
2014-10-23 19:32 - 2014-08-11 22:56 - 00000000 ___RD () C:\Users\Dani\Google Drive
2014-10-23 19:31 - 2013-04-15 23:00 - 00000000 ____D () C:\ProgramData\VMware
2014-10-23 19:31 - 2012-12-28 21:40 - 00000436 _____ () C:\windows\system32\Drivers\etc\hosts.ics
2014-10-23 19:31 - 2011-09-08 21:02 - 00001020 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-23 19:31 - 2009-07-14 00:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-10-23 00:12 - 2012-08-18 15:02 - 00001042 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1246240811-1488634996-1864846537-1000UA.job
2014-10-22 23:59 - 2011-09-08 21:02 - 00001024 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-22 23:14 - 2014-02-03 13:09 - 00000924 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1246240811-1488634996-1864846537-1000UA.job
2014-10-22 23:04 - 2009-07-14 00:34 - 00022624 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-22 23:04 - 2009-07-14 00:34 - 00022624 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-22 22:57 - 2012-08-17 17:41 - 00000000 ____D () C:\Users\Dani\AppData\Local\Adobe
2014-10-22 22:55 - 2012-11-17 23:32 - 00000000 ____D () C:\Users\postgres.Shibatito
2014-10-22 22:55 - 2010-11-20 17:48 - 00550514 _____ () C:\windows\PFRO.log
2014-10-19 21:48 - 2010-11-20 20:29 - 00000000 ____D () C:\windows\DigitalLocker
2014-10-19 21:14 - 2013-09-29 22:56 - 00000000 ____D () C:\Users\Dani\AppData\Roaming\uTorrent
2014-10-16 11:27 - 2013-03-19 11:00 - 00000000 ____D () C:\Users\Dani\Documents\UDLA Medición y Evaluación Psicopedagógica
2014-10-16 10:27 - 2012-08-15 22:40 - 00000000 ____D () C:\Users\Dani\AppData\Local\Google
2014-10-16 10:01 - 2012-10-05 11:09 - 00000000 ____D () C:\Users\Dani\tae
2014-10-16 10:01 - 2012-08-15 22:38 - 00000000 ____D () C:\Users\Dani
2014-10-16 10:00 - 2014-02-23 13:19 - 00000000 ____D () C:\Users\Dani\Respaldo Memoria antigua 2GB
2014-10-16 09:58 - 2014-03-30 12:35 - 00000000 ____D () C:\Users\Dani\repocs 3
2014-10-16 09:58 - 2012-10-28 06:36 - 00000000 ____D () C:\Users\Dani\René
2014-10-16 09:55 - 2013-05-14 23:21 - 00126464 ___SH () C:\Users\Thumbs.db
2014-10-16 09:14 - 2013-10-02 23:16 - 00000000 ____D () C:\Users\Dani\Downloads\Torrent
2014-10-15 19:12 - 2012-08-18 15:02 - 00000990 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1246240811-1488634996-1864846537-1000Core.job
2014-10-15 15:41 - 2014-07-18 14:35 - 01500208 _____ () C:\Users\Dani\Downloads\noname.eml
2014-10-15 14:14 - 2014-02-03 13:09 - 00000902 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1246240811-1488634996-1864846537-1000Core.job
2014-10-15 14:01 - 2014-07-05 01:04 - 00000000 ____D () C:\Users\Dani\Downloads\Three Fugitives
2014-10-15 14:00 - 2014-04-22 21:24 - 00000000 ____D () C:\Users\Dani\Downloads\The Sound of Music (1965)
2014-10-15 13:58 - 2014-04-22 22:22 - 00000000 ____D () C:\Users\Dani\Downloads\The Secret Life of Walter Mitty (2013) [1080p]
2014-10-15 13:55 - 2014-07-01 20:49 - 00000000 ____D () C:\Users\Dani\Downloads\The Lion King (1994)
2014-10-15 13:54 - 2014-07-01 20:48 - 00000000 ____D () C:\Users\Dani\Downloads\See No Evil Hear No Evil 1989 720p BRRip x264 AAC-26K
2014-10-15 13:54 - 2014-04-26 13:51 - 00000000 ____D () C:\Users\Dani\Downloads\Subs
2014-10-15 13:49 - 2014-06-24 21:46 - 00000000 ____D () C:\Users\Dani\Downloads\Resurrection
2014-10-15 13:41 - 2014-06-15 16:30 - 00000000 ____D () C:\Users\Dani\Downloads\Mundial Brasil 2014
2014-10-15 13:38 - 2013-04-15 23:22 - 00000000 ____D () C:\Users\Dani\Downloads\Linux
2014-10-15 13:37 - 2014-06-04 21:32 - 00000000 ____D () C:\Users\Dani\Downloads\Libros
2014-10-15 13:36 - 2014-07-28 20:50 - 00000000 ____D () C:\Users\Dani\Downloads\FIFA.World.Cup.2014.Group.C.Japan.vs.Colombia.720p.HDTV.x264-BALLS[rarbg]
2014-10-15 13:36 - 2014-07-05 19:11 - 00000000 ____D () C:\Users\Dani\Downloads\Festen 1998 (NLsubs)(TinkerBell) TBS
2014-10-15 13:36 - 2014-07-01 20:49 - 00000000 ____D () C:\Users\Dani\Downloads\FIFA.World.Cup.2014.Round.Of.16.Brazil.Vs.Chile.720p.HDTV.x264-W4F[rarbg]
2014-10-15 13:36 - 2013-10-31 16:32 - 00000000 ____D () C:\Users\Dani\Downloads\H264LevelEditorCli
2014-10-15 13:30 - 2012-10-15 15:29 - 00000000 ____D () C:\Users\Dani\Documents\TomTom
2014-10-15 13:29 - 2013-04-03 10:45 - 00000000 ____D () C:\Users\Dani\Documents\Mis escaneos
2014-10-15 13:29 - 2013-04-02 13:05 - 00000000 ____D () C:\Users\Dani\Documents\Pagos fundo
2014-10-15 13:29 - 2012-11-29 23:17 - 00000000 ____D () C:\Users\Dani\Documents\Rene
2014-10-15 13:29 - 2012-11-19 11:46 - 00000000 ____D () C:\Users\Dani\Documents\Papá
2014-10-15 13:29 - 2012-11-12 13:48 - 00000000 ____D () C:\Users\Dani\Documents\MAGÍSTER PSICOLOGIA INFANTO JUVENIL EN CONTEXTOS ESCOLARES
2014-10-15 13:29 - 2012-11-04 23:51 - 00000000 ____D () C:\Users\Dani\Documents\samsung
2014-10-15 13:29 - 2012-09-13 22:21 - 00000000 ____D () C:\Users\Dani\Documents\Tarifas peajes_files
2014-10-15 13:24 - 2012-10-24 11:59 - 00000000 ____D () C:\Users\Dani\Documents\LGT
2014-10-15 13:23 - 2013-10-26 23:12 - 00000000 ____D () C:\Users\Dani\Documents\Audio y fotos celu
2014-10-15 13:23 - 2013-04-02 12:47 - 00000000 ____D () C:\Users\Dani\Documents\Exámenes salud
2014-10-15 13:23 - 2013-01-24 20:02 - 00000000 ____D () C:\Users\Dani\Documents\Como Hacer Un Ensayo_files
2014-10-15 13:21 - 2014-03-21 11:57 - 00000000 ____D () C:\Users\Dani\Desktop\VIAJE SAN ANDRÉS
2014-10-15 13:21 - 2013-04-10 11:38 - 00000000 ____D () C:\Users\Dani\Desktop\Rene
2014-10-15 13:10 - 2014-09-19 18:36 - 00000000 ____D () C:\Users\Dani\AppData\Roaming\Verizon
2014-10-15 13:10 - 2014-04-22 18:48 - 00000000 ____D () C:\Users\Dani\AppData\Roaming\BitTorrent
2014-10-15 13:10 - 2014-04-16 14:18 - 00000000 ____D () C:\Users\Dani\Bibliografía Tercera Versión DIPLOMADO 2014
2014-10-15 13:10 - 2014-03-21 17:35 - 00000000 ____D () C:\Users\Dani\AppData\Roaming\Electronic Arts
2014-10-15 13:10 - 2013-11-12 22:02 - 00000000 ____D () C:\Users\Dani\AppData\Roaming\Research In Motion
2014-10-15 13:10 - 2013-10-15 02:12 - 00000000 ____D () C:\Users\Dani\AppData\Roaming\BSplayer
2014-10-15 13:10 - 2013-05-01 18:36 - 00000000 ____D () C:\Users\Dani\AppData\Roaming\Notepad++
2014-10-15 13:10 - 2012-11-17 21:41 - 00000000 ____D () C:\Users\Dani\AppData\Roaming\HoldemManager
2014-10-15 13:10 - 2012-11-17 12:21 - 00000000 ____D () C:\Users\Dani\AppData\Roaming\HP
2014-10-15 13:10 - 2012-11-04 23:51 - 00000000 ____D () C:\Users\Dani\AppData\Roaming\Samsung
2014-10-15 13:10 - 2012-10-15 15:29 - 00000000 ____D () C:\Users\Dani\AppData\Roaming\TomTom
2014-10-15 13:10 - 2012-10-12 08:12 - 00000000 ____D () C:\Users\Dani\AppData\Roaming\Mozilla
2014-10-15 13:10 - 2012-08-17 18:35 - 00000000 ____D () C:\Users\Dani\AppData\Roaming\Book Place
2014-10-15 13:10 - 2012-08-15 23:15 - 00000000 ____D () C:\Users\Dani\AppData\Roaming\Skype
2014-10-15 13:10 - 2012-08-15 22:42 - 00000000 ____D () C:\Users\Dani\AppData\Roaming\Toshiba
2014-10-15 13:10 - 2012-08-15 22:42 - 00000000 ____D () C:\Users\Dani\AppData\Roaming\Adobe
2014-10-15 13:09 - 2014-08-31 18:31 - 00000000 ____D () C:\Users\Dani\AppData\Local\Skype
2014-10-15 13:09 - 2014-02-03 13:09 - 00000000 ____D () C:\Users\Dani\AppData\Local\Facebook
2014-10-15 13:09 - 2013-11-12 22:02 - 00000000 ____D () C:\Users\Dani\AppData\Local\Research In Motion
2014-10-15 13:09 - 2013-09-29 23:10 - 00000000 ____D () C:\Users\Dani\AppData\Local\WinZip
2014-10-15 13:09 - 2012-12-17 22:45 - 00000000 ____D () C:\Users\Dani\AppData\Local\PokerStrategy.com
2014-10-15 13:09 - 2012-11-17 19:46 - 00000000 ____D () C:\Users\Dani\AppData\Local\In The Money
2014-10-15 13:09 - 2012-11-17 12:38 - 00000000 ____D () C:\Users\Dani\AppData\Local\HP
2014-10-15 13:09 - 2012-11-06 23:05 - 00000000 ____D () C:\Users\Dani\AppData\Local\PokerStars
2014-10-15 13:09 - 2012-10-07 19:18 - 00000000 ____D () C:\Users\Dani\AppData\Local\Microsoft Games
2014-10-15 13:09 - 2012-08-15 22:40 - 00000000 ____D () C:\Users\Dani\AppData\Local\TOSHIBA
2014-10-15 13:08 - 2013-09-05 23:03 - 00000000 ____D () C:\Users\Cumple Elizabeth
2014-10-15 13:08 - 2013-07-30 02:00 - 00000000 ____D () C:\Users\AULA VIRTUAL PSP401\PARA ENVIAR
2014-10-15 13:08 - 2013-07-30 02:00 - 00000000 ____D () C:\Users\AULA VIRTUAL PSP401
2014-10-15 13:07 - 2013-12-29 13:33 - 00000000 ____D () C:\Training
2014-10-15 13:07 - 2013-07-30 02:00 - 00000000 ____D () C:\Users\AULA VIRTUAL PSP401\Enviados a Solange
2014-10-15 13:07 - 2013-07-21 22:38 - 00000000 ____D () C:\Respaldo Tab
2014-10-15 13:06 - 2014-05-22 01:54 - 00000000 ____D () C:\MyGame
2014-10-15 13:06 - 2013-01-22 00:02 - 00000000 ____D () C:\Mp3
2014-10-15 13:06 - 2012-11-17 12:14 - 00000000 ____D () C:\ProgramData\HP
2014-10-15 13:06 - 2012-11-01 12:22 - 00000000 ____D () C:\ProgramData\Citrix
2014-10-15 13:06 - 2012-09-28 02:37 - 00000000 ____D () C:\ProgramData\Toshiba Book Place
2014-10-15 13:06 - 2011-09-08 21:02 - 00000000 ____D () C:\ProgramData\Toshiba
2014-10-15 12:58 - 2012-11-17 19:46 - 00000000 ____D () C:\HMArchive
2014-10-15 12:57 - 2014-01-26 22:56 - 00000000 ____D () C:\HM2Archive
2014-10-15 12:57 - 2013-07-21 22:31 - 00000000 ____D () C:\Fotos
2014-10-14 22:28 - 2014-06-17 19:46 - 00000000 ____D () C:\Familia
2014-10-14 22:28 - 2014-05-22 01:52 - 00000000 ____D () C:\eclipse
2014-10-14 22:27 - 2013-01-02 23:56 - 00000000 ____D () C:\5408cf052550449ad84eef7314
2014-10-14 22:27 - 2012-12-22 15:28 - 00000000 ____D () C:\cf87af5f070edbcd413911fa41d93721
2014-10-14 22:24 - 2012-01-07 05:45 - 01760061 _____ () C:\windows\WindowsUpdate.log
2014-10-11 12:57 - 2014-09-12 17:08 - 00025712 _____ () C:\Users\Dani\Desktop\Finances2014.xlsx
2014-09-30 22:51 - 2010-11-20 17:01 - 00982376 _____ () C:\windows\system32\PerfStringBackup.INI
 
Files to move or delete:
====================
C:\Users\Dani\MetricCollection.dll
 
 
Some content of TEMP:
====================
C:\Users\Dani\AppData\Local\Temp\2ic2s2wh.dll
C:\Users\Dani\AppData\Local\Temp\Execute2App.exe
C:\Users\Dani\AppData\Local\Temp\gtalkwmp1.dll
C:\Users\Dani\AppData\Local\Temp\Kies2RemoveAll.exe
C:\Users\Dani\AppData\Local\Temp\msvcp90.dll
C:\Users\Dani\AppData\Local\Temp\msvcr90.dll
C:\Users\Dani\AppData\Local\Temp\Quarantine.exe
C:\Users\Dani\AppData\Local\Temp\SHSetup.exe
C:\Users\Dani\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\windows\explorer.exe => File is digitally signed
C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-16 12:39
 
==================== End Of Log ============================
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 23-10-2014
Ran by Dani at 2014-10-23 19:39:24
Running from C:\Users\Dani\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKCU\...\uTorrent) (Version: 3.4.2.34309 - BitTorrent Inc.)
1400 (Version: 130.0.365.000 - Hewlett-Packard) Hidden
1400_Help (Version: 82.0.242.000 - Hewlett-Packard) Hidden
1400Trb (Version: 82.0.242.000 - Hewlett-Packard) Hidden
32 Bit HP CIO Components Installer (Version: 6.1.1 - Hewlett-Packard) Hidden
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
Adobe AIR (Version: 2.6.0.19140 - Adobe Systems Incorporated) Hidden
Adobe Creative Cloud (HKLM\...\Adobe Creative Cloud) (Version: 2.6.0.393 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.9.900.117 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.182 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
AIO_CDB_ProductContext (Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_CDB_Software (Version: 130.0.365.000 - Hewlett-Packard) Hidden
AIO_Scan (Version: 130.0.421.000 - Hewlett-Packard) Hidden
Atheros Bluetooth Filter Driver Package (HKLM\...\{5494B59E-6E82-499E-91AC-C53199955EC5}) (Version: 1.00.007 - Atheros Communications)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
Atheros Driver Installation Program (HKLM\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 9.2 - Atheros)
Bejeweled 3 (Version: 2.2.0.97 - WildTangent) Hidden
BitTorrent (HKCU\...\BitTorrent) (Version: 7.9.1.30889 - BitTorrent Inc.)
BlackBerry Desktop Software 7.1 (HKLM\...\BlackBerry_Desktop) (Version: 7.1.0.41 - Research In Motion Ltd.)
BlackBerry Desktop Software 7.1 (Version: 7.1.0.41 - Research In Motion Ltd.) Hidden
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v8.00.07(T) - TOSHIBA CORPORATION)
BS.Player FREE (HKLM\...\BSPlayerf) (Version: 2.66.1075 - AB Team, d.o.o.)
BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
Build-a-lot 2 (Version: 2.2.0.97 - WildTangent) Hidden
Bullzip PDF Printer 9.7.0.1592 (HKLM\...\Bullzip PDF Printer_is1) (Version: 9.7.0.1592 - Bullzip)
Casino at bet365 (HKLM\...\bet365casino) (Version:  - )
Chuzzle Deluxe (Version: 2.2.0.95 - WildTangent) Hidden
Citrix online plug-in - web (HKLM\...\CitrixOnlinePluginPackWeb) (Version: 11.2.0.31560 - Citrix Systems, Inc.)
Citrix online plug-in (DV) (Version: 11.2.0.31560 - Citrix Systems, Inc.) Hidden
Citrix online plug-in (HDX) (Version: 11.2.0.31560 - Citrix Systems, Inc.) Hidden
Citrix online plug-in (USB) (Version: 11.2.0.31560 - Citrix Systems, Inc.) Hidden
Citrix online plug-in (Web) (Version: 11.2.0.31560 - Citrix Systems, Inc.) Hidden
Complemento Guardar como PDF o XPS de Microsoft para programas de Microsoft Office 2007 (HKLM\...\{90120000-00B2-0C0A-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.51.2.51 - Conexant)
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Copy (Version: 130.0.428.000 - Hewlett-Packard) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 130.0.465.000 - Hewlett-Packard) Hidden
DocProc (Version: 13.0.0.0 - Hewlett-Packard) Hidden
EA SPORTS Game Face Browser Plugin 1.8.0.0 (HKCU\...\EA SPORTS Game Face Browser Plugin) (Version: 1.8.0.0 - Electronic Arts)
Easy CAD Viewer 2.6 (HKLM\...\Easy CAD Viewer_is1) (Version:  - Benzsoft Corporation)
ESET Online Scanner v3 (HKLM\...\ESET Online Scanner) (Version:  - )
Facebook Video Calling 3.1.0.521 (HKLM\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Farm Frenzy (Version: 2.2.0.95 - WildTangent) Hidden
FATE (Version: 2.2.0.97 - WildTangent) Hidden
Fax (Version: 130.0.418.000 - Hewlett-Packard) Hidden
Fishdom ™ 2 (Version: 2.2.0.98 - WildTangent) Hidden
Full Tilt Poker (HKLM\...\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}) (Version: 4.46.0.WIN.FullTilt.COM - )
Galería fotográfica de Windows Live (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Drive (HKLM\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)
Google Earth Plug-in (HKLM\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Talk (remove only) (HKLM\...\{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk) (Version:  - )
Google Talk Plugin (HKLM\...\{C1E3DFE7-4EAD-3E9E-A826-E06055BA5921}) (Version: 5.4.2.18903 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.5 - Google Inc.) Hidden
GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
Hacer clic y ejecutar de Microsoft Office 2010 (HKLM\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Hacer clic y ejecutar de Microsoft Office 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
HDMI Control Manager (HKLM\...\{F81AB80B-5BB7-4E36-8BA5-E07541CE1BFC}) (Version: 2.0 - TOSHIBA CORPORATION)
HMA! Pro VPN 2.7.1.7 (HKLM\...\HMA! Pro VPN) (Version: 2.7.1.7 - )
Holdem Manager (HKLM\...\HoldemManager) (Version:  - )
Holdem Manager 2 (HKLM\...\HoldemManager2) (Version:  - )
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B (HKLM\...\{B61ED343-0B14-4241-999C-490CB1A20DA4}) (Version: 13.0 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HPPhotoGadget (Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 130.0.371.000 - Hewlett-Packard) Hidden
IHA_MessageCenter (HKLM\...\{C3300989-DAF5-4F3A-81FF-404729267C0B}) (Version: 2.0.63 - Verizon)
Intel® Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2353 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Java 7 Update 17 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.170 - Oracle)
Java 8 Update 5 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218005FF}) (Version: 8.0.50 - Oracle Corporation)
Java Auto Updater (Version: 2.8.05.13 - Oracle, Inc.) Hidden
Java SE Development Kit 8 Update 5 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0180050}) (Version: 8.0.50 - Oracle Corporation)
Java™ 6 Update 25 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216025FF}) (Version: 6.0.250 - Oracle)
JDownloader 0.9 (HKLM\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Juegos WildTangent (HKLM\...\WildTangent toshiba Master Uninstall) (Version: 1.0.2.5 - WildTangent)
Junk Mail filter update (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
K-Lite Codec Pack 10.0.5 Basic (HKLM\...\KLiteCodecPack_is1) (Version: 10.0.5 - )
Label@Once 1.0 (HKLM\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)
Malwarebytes Anti-Malware versión 2.0.3.1025 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Mesh Runtime (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2010 (HKLM\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Excel 2007 Help Actualización (KB963678) (HKLM\...\{90120000-0016-0C0A-0000-0000000FF1CE}_STANDARD_{59E09C3D-4878-47D9-87DB-6D0018026889}) (Version:  - Microsoft)
Microsoft Office Outlook 2007 Help Actualización (KB963677) (HKLM\...\{90120000-001A-0C0A-0000-0000000FF1CE}_STANDARD_{59C244C2-0C37-4E85-8F7E-DBDD3958B694}) (Version:  - Microsoft)
Microsoft Office Powerpoint 2007 Help Actualización (KB963669) (HKLM\...\{90120000-0018-0C0A-0000-0000000FF1CE}_STANDARD_{F318245D-05AE-4681-A749-A036CE44AF29}) (Version:  - Microsoft)
Microsoft Office Standard 2007 (HKLM\...\STANDARD) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Español (HKLM\...\{90140011-0066-0C0A-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Word 2007 Help Actualización (KB963665) (HKLM\...\{90120000-001B-0C0A-0000-0000000FF1CE}_STANDARD_{377BA42A-1C84-45D6-94B8-6D00887D172D}) (Version:  - Microsoft)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 en-US) (HKLM\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyFreeCodec (HKCU\...\MyFreeCodec) (Version:  - )
Network (Version: 130.0.572.000 - Hewlett-Packard) Hidden
Notepad++ (HKLM\...\Notepad++) (Version: 6.3.2 - Notepad++ Team)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
Paquete de idioma de Microsoft .NET Framework 4 Client Profile ESN (HKLM\...\Microsoft .NET Framework 4 Client Profile ESN Language Pack) (Version: 4.0.30320 - Microsoft Corporation)
Paquete de idioma de Microsoft .NET Framework 4 Extended ESN (HKLM\...\Microsoft .NET Framework 4 Extended ESN Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Plants vs. Zombies - Game of the Year (Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime x86 (HKLM\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
PokerStars (HKLM\...\PokerStars) (Version:  - PokerStars)
PokerStrategy.com Equilab (HKLM\...\{86D09F48-CDAB-4B4C-8806-F6C16F17935A}) (Version: 1.2.8.0 - PokerStrategy.com)
PokerStrategy.com SideKick (HKCU\...\c63345b3e3010593) (Version: 1.0.51218.2 - PokerStrategy.com)
Polar Bowler (Version: 2.2.0.97 - WildTangent) Hidden
PostgreSQL 8.4 (HKLM\...\PostgreSQL 8.4) (Version: 8.4 - PostgreSQL Global Development Group)
Ranch Rush 2 - Premium Edition (Version: 2.2.0.98 - WildTangent) Hidden
Realtek USB 2.0 Reader Driver (HKLM\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 1.0.0.12 - Realtek Semiconductor Corp.)
repocs 3 (HKCU\...\repocs 3) (Version:  - )
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.2.14014_7 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.6.2.14014_7 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.34.0 - SAMSUNG Electronics Co., Ltd.)
Scan (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SmartWebPrinting (Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
SpyHunter (HKLM\...\{455F074C-814E-4520-B69B-5584BD90400C}) (Version: 4.17.6.4336 - Enigma Software Group USA, LLC)
Status (Version: 130.0.469.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.11.1 - Synaptics Incorporated)
TomTom HOME (HKLM\...\{9017CEAF-BE5A-4F73-8A0E-C87E26971E55}) (Version: 2.9.2 - Nombre de su organización)
TomTom HOME Visual Studio Merge Modules (HKLM\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden
tools-linux (Version: 9.2.3.1031769 - VMware, Inc.) Hidden
TOSHIBA Application and Driver Installer (HKLM\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.4 - TOSHIBA)
TOSHIBA Assist (HKLM\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.2.3.0 - TOSHIBA CORPORATION)
Toshiba Book Place (HKLM\...\{A14962A7-2B7D-456E-BFCD-F54E3A88D41F}) (Version: 2.2.7530 - Nombre de su organización)
TOSHIBA Bulletin Board (HKLM\...\InstallShield_{36DE6EB4-8345-489F-9E07-C9F36F7E5823}) (Version: 1.6.11.32 - TOSHIBA Corporation)
TOSHIBA Bulletin Board (Version: 1.6.11.32 - TOSHIBA Corporation) Hidden
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.11 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\{ED55E523-7D1F-46D1-8121-F6CDCE2D1089}) (Version: 1.3.5.0 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM\...\InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}) (Version: 3.1.17.32 - TOSHIBA Corporation)
TOSHIBA Face Recognition (Version: 3.1.17.32 - TOSHIBA Corporation) Hidden
TOSHIBA Hardware Setup (HKLM\...\InstallShield_{33ABEB66-85BB-43B2-9448-85CB626C5A5F}) (Version: 4.08.09.00 - TOSHIBA)
TOSHIBA Hardware Setup (Version: 4.08.09.00 - TOSHIBA) Hidden
TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.0.9 - TOSHIBA Corporation)
TOSHIBA Media Controller (HKLM\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.87.2 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.7.4 - TOSHIBA CORPORATION)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.9.0 - TOSHIBA Corporation)
TOSHIBA Quality Application (HKLM\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)
TOSHIBA ReelTime (HKLM\...\InstallShield_{8CD0B97D-46E9-4293-B467-A24DB96DB6DB}) (Version: 1.7.21.32 - TOSHIBA Corporation)
TOSHIBA ReelTime (Version: 1.7.21.32 - TOSHIBA Corporation) Hidden
TOSHIBA Service Station (HKLM\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.13 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.2.8 - TOSHIBA Corporation)
TOSHIBA Supervisor Password (HKLM\...\InstallShield_{D2D8CB05-A9E1-4691-995C-2B78F4A58B8B}) (Version: 4.08.09.00 - TOSHIBA)
TOSHIBA Supervisor Password (Version: 4.08.09.00 - TOSHIBA) Hidden
TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.6.1 - TOSHIBA Corporation)
TOSHIBA Value Added Package (Version: 1.6.1 - TOSHIBA Corporation) Hidden
TOSHIBA VIDEO PLAYER (HKLM\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 4.00.7.06-A - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.3 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (Version: 2.0.3.3 - TOSHIBA Corporation) Hidden
TOSHIBA Wireless LAN Indicator (HKLM\...\{5B01BCB7-A5D3-476F-AF11-E515BA206591}) (Version: 1.0.5 - TOSHIBA CORPORATION)
Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version: 8.01 - Ghisler Software GmbH)
TrayApp (Version: 130.0.422.000 - Hewlett-Packard) Hidden
Unity Web Player (HKCU\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
UnloadSupport (Version: 11.0.0 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (Version:  - WildTangent) Hidden
Verizon Toolbar (HKLM\...\verizontb) (Version: 6.0.0.40 - Verizon and Visicom Media Inc.)
Virtual Villagers 4 - The Tree of Life (Version: 2.2.0.97 - WildTangent) Hidden
VMware Player (HKLM\...\VMware_Player) (Version: 5.0.2 - VMware, Inc)
VMware Player (Version: 5.0.2 - VMware, Inc.) Hidden
Vz In-Home Agent (HKLM\...\VzInHomeAgent) (Version: 9.0.63.0 - Verizon)
VzDownloadManager (HKCU\...\VzDownloadManager) (Version: 2.0.0.24 - Verizon)
WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
WildTangent Games App (Toshiba Games) (Version: 4.0.5.14 - WildTangent) Hidden
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinZip 17.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240D8}) (Version: 17.0.10381 - WinZip Computing, S.L. )
Zuma's Revenge (Version: 2.2.0.97 - WildTangent) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1246240811-1488634996-1864846537-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> C:\Users\Dani\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1246240811-1488634996-1864846537-1000_Classes\CLSID\{035FBE31-3755-450A-A775-5E6BBD43D344}\InprocServer32 -> C:\Users\Dani\AppData\Local\Google\Update\1.3.21.135\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1246240811-1488634996-1864846537-1000_Classes\CLSID\{0507EEDE-3AE7-49c7-BF37-0EB4A62D8638}\localserver32 -> C:\Program Files\Google\Google Talk\googletalk.exe (Google)
CustomCLSID: HKU\S-1-5-21-1246240811-1488634996-1864846537-1000_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> C:\Users\Dani\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-1246240811-1488634996-1864846537-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Dani\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1246240811-1488634996-1864846537-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Dani\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1246240811-1488634996-1864846537-1000_Classes\CLSID\{33b07fd4-5917-43e1-968d-4c79231836bf}\localserver32 -> C:\Program Files\Google\Google Talk\googletalk.exe (Google)
CustomCLSID: HKU\S-1-5-21-1246240811-1488634996-1864846537-1000_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Dani\AppData\Local\Google\Update\1.3.23.9\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1246240811-1488634996-1864846537-1000_Classes\CLSID\{3560575F-7C2D-48AE-AB45-DAD430A95EBE}\InprocServer32 -> C:\Program Files\WinZip\adxloader.dll ()
CustomCLSID: HKU\S-1-5-21-1246240811-1488634996-1864846537-1000_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\Dani\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-1246240811-1488634996-1864846537-1000_Classes\CLSID\{444785F1-DE89-4295-863A-D46C3A781394}\InprocServer32 -> C:\Users\Dani\AppData\LocalLow\Unity\WebPlayer\loader\UnityWebPluginAX.ocx (Unity Technologies ApS)
CustomCLSID: HKU\S-1-5-21-1246240811-1488634996-1864846537-1000_Classes\CLSID\{45C6AFA5-2C13-402f-BC5D-45CC8172EF6B}\InprocServer32 -> C:\Program Files\Toshiba\Bluetooth Toshiba Stack\sys\TosBtExt.dll (TOSHIBA)
CustomCLSID: HKU\S-1-5-21-1246240811-1488634996-1864846537-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Dani\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1246240811-1488634996-1864846537-1000_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\Dani\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-1246240811-1488634996-1864846537-1000_Classes\CLSID\{62A0D750-DED9-448C-B693-406B34BB0892}\InprocServer32 -> C:\Users\Dani\AppData\Local\Google\Update\1.3.21.145\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1246240811-1488634996-1864846537-1000_Classes\CLSID\{634059C0-D264-4B2C-AE80-F73E48D33E5B}\InprocServer32 -> C:\Users\Dani\AppData\Local\Google\Update\1.3.21.123\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1246240811-1488634996-1864846537-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Dani\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1246240811-1488634996-1864846537-1000_Classes\CLSID\{8B9F5BF4-0407-4BB2-9FED-4C0372DABD00}\localserver32 -> C:\Users\Dani\AppData\Local\Facebook\Video\Skype\FacebookVideoCallingProxy.exe (Skype Limited)
CustomCLSID: HKU\S-1-5-21-1246240811-1488634996-1864846537-1000_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Dani\AppData\Local\Google\Update\1.3.24.15\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1246240811-1488634996-1864846537-1000_Classes\CLSID\{A45426FB-E444-42B2-AA56-419F8FBEEC61}\InprocServer32 -> C:\Users\Dani\AppData\Local\Google\Update\1.3.22.3\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1246240811-1488634996-1864846537-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Dani\AppData\Local\Google\Update\1.3.21.165\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1246240811-1488634996-1864846537-1000_Classes\CLSID\{A8F086C3-2497-4229-82FE-586F2D326F95}\localserver32 -> C:\Program Files\Google\Google Talk\googletalk.exe (Google)
CustomCLSID: HKU\S-1-5-21-1246240811-1488634996-1864846537-1000_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\Dani\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-1246240811-1488634996-1864846537-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Dani\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1246240811-1488634996-1864846537-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Dani\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1246240811-1488634996-1864846537-1000_Classes\CLSID\{C5A2122B-A05B-4FD8-AE49-91990AE10998}\InprocServer32 -> C:\Users\Dani\AppData\Local\Google\Update\1.3.21.115\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1246240811-1488634996-1864846537-1000_Classes\CLSID\{cbd32acd-3033-5dc4-af3e-a32955785032}\InprocServer32 -> C:\Users\Dani\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll (Electronic Arts)
CustomCLSID: HKU\S-1-5-21-1246240811-1488634996-1864846537-1000_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Users\Dani\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CustomCLSID: HKU\S-1-5-21-1246240811-1488634996-1864846537-1000_Classes\CLSID\{d33f3ced-d7d5-44f1-a9fe-6927dabb1934}\localserver32 -> C:\Program Files\Google\Google Talk\googletalk.exe (Google)
CustomCLSID: HKU\S-1-5-21-1246240811-1488634996-1864846537-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Dani\AppData\Local\Google\Update\1.3.24.15\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1246240811-1488634996-1864846537-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Dani\AppData\Local\Google\Update\1.3.24.15\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1246240811-1488634996-1864846537-1000_Classes\CLSID\{EB06378B-ABB6-4B3C-9B40-D488DD8A6E93}\InprocServer32 -> C:\Users\Dani\AppData\Local\Google\Update\1.3.22.5\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-1246240811-1488634996-1864846537-1000_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Dani\AppData\Local\Google\Update\1.3.24.7\psuser.dll No File
 
==================== Restore Points  =========================
 
20-10-2014 02:03:37 Installed SpyHunter
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:04 - 2009-06-10 17:39 - 00000824 ____N C:\windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {2741B572-08C7-40C8-BD9C-CD0FD43055B1} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1246240811-1488634996-1864846537-1000Core => C:\Users\Dani\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-02-03] (Facebook Inc.)
Task: {6221D2F0-73C7-4391-8BFC-BD43D55E3620} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {65540757-140B-4461-8C83-9E5FE0D542A1} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1246240811-1488634996-1864846537-1000UA => C:\Users\Dani\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-15] (Google Inc.)
Task: {81FBB428-101C-47B0-890B-8BFDD2F0D905} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2014-01-09] (Enigma Software Group USA, LLC.)
Task: {94E10DD2-79CD-44A4-9A0D-E982146901A3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1246240811-1488634996-1864846537-1000Core => C:\Users\Dani\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-15] (Google Inc.)
Task: {A5B37D72-46B6-42C3-909A-0DB4C13C99CC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-22] (Google Inc.)
Task: {D9B082FF-B14C-4B3E-AD20-3E13E31D5619} - System32\Tasks\{8E56DC91-57B0-492E-9483-3281552524FA} => Firefox.exe http://ui.skype.com/ui/0/6.6.0.106/es/abandoninstall?page=tsProgressBar
Task: {EC9D4455-A441-4360-BA4B-FA19D16F530C} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1246240811-1488634996-1864846537-1000UA => C:\Users\Dani\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-02-03] (Facebook Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1246240811-1488634996-1864846537-1000Core.job => C:\Users\Dani\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1246240811-1488634996-1864846537-1000UA.job => C:\Users\Dani\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1246240811-1488634996-1864846537-1000Core.job => C:\Users\Dani\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1246240811-1488634996-1864846537-1000UA.job => C:\Users\Dani\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-11-17 23:30 - 2011-01-28 01:15 - 00172032 _____ () C:\Program Files\PostgreSQL\8.4\bin\LIBPQ.dll
2012-11-17 23:30 - 2009-02-12 15:01 - 00976384 _____ () C:\Program Files\PostgreSQL\8.4\bin\libxml2.dll
2012-11-17 23:30 - 2005-07-20 06:48 - 00059904 _____ () C:\Program Files\PostgreSQL\8.4\bin\zlib1.dll
2013-02-26 01:28 - 2013-02-26 01:28 - 01260624 _____ () C:\Program Files\VMware\VMware Player\libxml2.dll
2014-05-23 02:10 - 2014-05-23 02:10 - 00693920 _____ () C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x86.dll
2011-04-04 23:18 - 2011-04-04 23:18 - 00094208 _____ () C:\Windows\System32\IccLibDll.dll
2010-11-18 21:18 - 2010-11-18 21:18 - 11205120 _____ () C:\Program Files\Toshiba\FlashCards\BlackPng.dll
2010-03-03 18:14 - 2010-03-03 18:14 - 00016184 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF10.dll
2010-03-03 18:14 - 2010-03-03 18:14 - 00016184 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnF11.dll
2010-12-15 19:18 - 2010-12-15 19:18 - 00107936 _____ () C:\Program Files\Toshiba\TECO\MUIHelp.dll
2011-07-27 18:31 - 2011-07-27 18:31 - 03279792 _____ () C:\Program Files\Toshiba\BulletinBoard\TosNcUi.dll
2014-05-26 05:52 - 2014-05-26 05:52 - 32733088 _____ () C:\Program Files\Adobe\Adobe Creative Cloud\HEX\libcef.dll
2014-04-18 14:50 - 2014-04-18 14:50 - 01974272 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\334a97999b9cb6aec3edf17f946e1ea7\Kies.UI.ni.dll
2014-04-18 14:50 - 2014-04-18 14:50 - 00079360 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\8dfa4d8cf70cbe864e04aa5516a490eb\Kies.MVVM.ni.dll
2014-04-18 14:50 - 2014-04-18 14:50 - 00189952 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\7db457e04c22cbc35a3f2c410afbaaed\Kies.Common.DeviceServiceLib.Interface.ni.dll
2014-04-18 14:51 - 2014-04-18 14:51 - 00367616 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\DevicePhoto\ce0d4b475145923bf8de663b355d29ba\DevicePhoto.ni.dll
2014-04-18 14:51 - 2014-04-18 14:51 - 00301568 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\DeviceVideo\a9ad82e242d3177acca52c9c009290e3\DeviceVideo.ni.dll
2014-04-18 14:51 - 2014-04-18 14:51 - 00616448 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\DevicePodcast\139c498f714a5f022a7b558ec05c0751\DevicePodcast.ni.dll
2014-04-18 14:51 - 2014-04-18 14:51 - 00307200 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\DummyStorePlugin\6c0d142223f8d9d904178f12c59039a6\DummyStorePlugin.ni.dll
2014-04-18 14:51 - 2014-04-18 14:51 - 15016960 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\f7ee05a86eb5f9f4bb2102b3a709195d\Kies.Theme.ni.dll
2014-04-18 14:50 - 2014-04-18 14:50 - 00582144 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\1b60448ff24f80a7b2f0f8492043b7b0\Kies.Common.DeviceServiceLib.FileService.ni.dll
2014-04-18 14:50 - 2014-04-18 14:50 - 00046592 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\Kies.Common.DeviceS#\8082a92ed2263798a730f4b563b2e54f\Kies.Common.DeviceServiceLib.FirmwareUpdate.FirmwareUpdateAgentHelper.ni.dll
2014-04-18 14:50 - 2014-04-18 14:50 - 01003008 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\DeviceCommonLib\ec9e65d97aec479d13ba8dbd29bc60ed\DeviceCommonLib.ni.dll
2013-05-23 23:31 - 2013-05-23 23:31 - 00232960 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\d30dd594f264c0bdcc68e2bbff360cfd\ASF_cSharpAPI.ni.dll
2014-10-23 19:31 - 2014-10-23 19:31 - 00098816 _____ () C:\Users\Dani\AppData\Local\Temp\_MEI21642\win32api.pyd
2014-10-23 19:31 - 2014-10-23 19:31 - 00110080 _____ () C:\Users\Dani\AppData\Local\Temp\_MEI21642\pywintypes27.dll
2014-10-23 19:31 - 2014-10-23 19:31 - 00364544 _____ () C:\Users\Dani\AppData\Local\Temp\_MEI21642\pythoncom27.dll
2014-10-23 19:31 - 2014-10-23 19:31 - 00045568 _____ () C:\Users\Dani\AppData\Local\Temp\_MEI21642\_socket.pyd
2014-10-23 19:31 - 2014-10-23 19:31 - 01160704 _____ () C:\Users\Dani\AppData\Local\Temp\_MEI21642\_ssl.pyd
2014-10-23 19:31 - 2014-10-23 19:31 - 00320512 _____ () C:\Users\Dani\AppData\Local\Temp\_MEI21642\win32com.shell.shell.pyd
2014-10-23 19:31 - 2014-10-23 19:31 - 00713216 _____ () C:\Users\Dani\AppData\Local\Temp\_MEI21642\_hashlib.pyd
2014-10-23 19:31 - 2014-10-23 19:31 - 01175040 _____ () C:\Users\Dani\AppData\Local\Temp\_MEI21642\wx._core_.pyd
2014-10-23 19:31 - 2014-10-23 19:31 - 00805888 _____ () C:\Users\Dani\AppData\Local\Temp\_MEI21642\wx._gdi_.pyd
2014-10-23 19:31 - 2014-10-23 19:31 - 00811008 _____ () C:\Users\Dani\AppData\Local\Temp\_MEI21642\wx._windows_.pyd
2014-10-23 19:31 - 2014-10-23 19:31 - 01062400 _____ () C:\Users\Dani\AppData\Local\Temp\_MEI21642\wx._controls_.pyd
2014-10-23 19:31 - 2014-10-23 19:31 - 00735232 _____ () C:\Users\Dani\AppData\Local\Temp\_MEI21642\wx._misc_.pyd
2014-10-23 19:31 - 2014-10-23 19:31 - 00128512 _____ () C:\Users\Dani\AppData\Local\Temp\_MEI21642\_elementtree.pyd
2014-10-23 19:31 - 2014-10-23 19:31 - 00127488 _____ () C:\Users\Dani\AppData\Local\Temp\_MEI21642\pyexpat.pyd
2014-10-23 19:31 - 2014-10-23 19:31 - 00557056 _____ () C:\Users\Dani\AppData\Local\Temp\_MEI21642\pysqlite2._sqlite.pyd
2014-10-23 19:31 - 2014-10-23 19:31 - 00007168 _____ () C:\Users\Dani\AppData\Local\Temp\_MEI21642\hashobjs_ext.pyd
2014-10-23 19:31 - 2014-10-23 19:31 - 00087552 _____ () C:\Users\Dani\AppData\Local\Temp\_MEI21642\_ctypes.pyd
2014-10-23 19:31 - 2014-10-23 19:31 - 00119808 _____ () C:\Users\Dani\AppData\Local\Temp\_MEI21642\win32file.pyd
2014-10-23 19:31 - 2014-10-23 19:31 - 00108544 _____ () C:\Users\Dani\AppData\Local\Temp\_MEI21642\win32security.pyd
2014-10-23 19:31 - 2014-10-23 19:31 - 00018432 _____ () C:\Users\Dani\AppData\Local\Temp\_MEI21642\win32event.pyd
2014-10-23 19:31 - 2014-10-23 19:31 - 00038912 _____ () C:\Users\Dani\AppData\Local\Temp\_MEI21642\win32inet.pyd
2014-10-23 19:31 - 2014-10-23 19:31 - 00070656 _____ () C:\Users\Dani\AppData\Local\Temp\_MEI21642\wx._html2.pyd
2014-10-23 19:31 - 2014-10-23 19:31 - 00167936 _____ () C:\Users\Dani\AppData\Local\Temp\_MEI21642\win32gui.pyd
2014-10-23 19:31 - 2014-10-23 19:31 - 00011264 _____ () C:\Users\Dani\AppData\Local\Temp\_MEI21642\win32crypt.pyd
2014-10-23 19:31 - 2014-10-23 19:31 - 00027136 _____ () C:\Users\Dani\AppData\Local\Temp\_MEI21642\_multiprocessing.pyd
2014-10-23 19:31 - 2014-10-23 19:31 - 00686080 _____ () C:\Users\Dani\AppData\Local\Temp\_MEI21642\unicodedata.pyd
2014-10-23 19:31 - 2014-10-23 19:31 - 00122368 _____ () C:\Users\Dani\AppData\Local\Temp\_MEI21642\wx._wizard.pyd
2014-10-23 19:31 - 2014-10-23 19:31 - 00010240 _____ () C:\Users\Dani\AppData\Local\Temp\_MEI21642\select.pyd
2014-10-23 19:31 - 2014-10-23 19:31 - 00024064 _____ () C:\Users\Dani\AppData\Local\Temp\_MEI21642\win32pipe.pyd
2014-10-23 19:31 - 2014-10-23 19:31 - 00025600 _____ () C:\Users\Dani\AppData\Local\Temp\_MEI21642\win32pdh.pyd
2014-10-23 19:31 - 2014-10-23 19:31 - 00525640 _____ () C:\Users\Dani\AppData\Local\Temp\_MEI21642\windows._lib_cacheinvalidation.pyd
2014-10-23 19:31 - 2014-10-23 19:31 - 00035840 _____ () C:\Users\Dani\AppData\Local\Temp\_MEI21642\win32process.pyd
2014-10-23 19:31 - 2014-10-23 19:31 - 00017408 _____ () C:\Users\Dani\AppData\Local\Temp\_MEI21642\win32profile.pyd
2014-10-23 19:31 - 2014-10-23 19:31 - 00022528 _____ () C:\Users\Dani\AppData\Local\Temp\_MEI21642\win32ts.pyd
2014-10-23 19:31 - 2014-10-23 19:31 - 00078336 _____ () C:\Users\Dani\AppData\Local\Temp\_MEI21642\wx._animate.pyd
2014-09-24 21:56 - 2014-09-23 00:06 - 01098056 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.124\libglesv2.dll
2014-09-24 21:56 - 2014-09-23 00:06 - 00174408 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.124\libegl.dll
2014-09-24 21:56 - 2014-09-23 00:07 - 08577864 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.124\pdf.dll
2014-09-24 21:56 - 2014-09-23 00:07 - 00331592 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll
2014-09-24 21:56 - 2014-09-23 00:06 - 01660232 _____ () C:\Program Files\Google\Chrome\Application\37.0.2062.124\ffmpegsumo.dll
2014-05-23 02:10 - 2014-05-23 02:10 - 05341856 _____ () C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
2014-05-12 22:22 - 2014-05-12 22:22 - 02217128 _____ () C:\Program Files\Adobe\Adobe Creative Cloud\CoreSync\plugins\ExchangePlugin\ExManCoreLib\ExManZxpSign.dll
2011-06-10 00:05 - 2011-06-10 00:05 - 00079784 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2014-05-26 05:52 - 2014-05-26 05:52 - 00742816 _____ () C:\Program Files\Adobe\Adobe Creative Cloud\HEX\libglesv2.dll
2014-05-26 05:52 - 2014-05-26 05:52 - 00136608 _____ () C:\Program Files\Adobe\Adobe Creative Cloud\HEX\libegl.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\Dani\Downloads\noname.eml:OECustomProperty
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: KiesAirMessage => C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesPreload => C:\Program Files\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
 
========================= Accounts: ==========================
 
Administrador (S-1-5-21-1246240811-1488634996-1864846537-500 - Administrator - Disabled)
Dani (S-1-5-21-1246240811-1488634996-1864846537-1000 - Administrator - Enabled) => C:\Users\Dani
Invitado (S-1-5-21-1246240811-1488634996-1864846537-501 - Limited - Disabled)
postgres (S-1-5-21-1246240811-1488634996-1864846537-1004 - Limited - Enabled) => C:\Users\postgres.Shibatito
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/23/2014 07:32:41 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/22/2014 11:05:55 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Solo información.
Error:  Initialization failed 0x80070422 Type: 88::UnexpectedError.
 
Error: (10/22/2014 10:56:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/19/2014 09:58:22 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Solo información.
Error:  Initialization failed 0x80070422 Type: 88::UnexpectedError.
 
Error: (10/19/2014 09:49:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/19/2014 09:22:43 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Solo información.
Error:  Initialization failed 0x80070422 Type: 88::UnexpectedError.
 
Error: (10/19/2014 09:13:30 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (10/19/2014 09:12:38 PM) (Source: PostgreSQL) (EventID: 0) (User: )
Description: 2014-10-19 22:12:38 CLSTFATAL:  the database system is starting up
 
Error: (10/19/2014 09:12:36 PM) (Source: PostgreSQL) (EventID: 0) (User: )
Description: 2014-10-19 22:12:36 CLSTFATAL:  the database system is starting up
 
Error: (10/19/2014 09:11:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Nombre de la aplicación con errores: Adobe CEF Helper.exe, versión: 2.6.0.392, marca de tiempo: 0x5382862c
Nombre del módulo con errores: libcef.dll, versión: 3.1364.1094.0, marca de tiempo: 0x5116d679
Código de excepción: 0x80000003
Desplazamiento de errores: 0x008ecbe3
Id. del proceso con errores: 0xa8c
Hora de inicio de la aplicación con errores: 0xAdobe CEF Helper.exe0
Ruta de acceso de la aplicación con errores: Adobe CEF Helper.exe1
Ruta de acceso del módulo con errores: Adobe CEF Helper.exe2
Id. del informe: Adobe CEF Helper.exe3
 
 
System errors:
=============
Error: (10/23/2014 07:31:17 PM) (Source: ipnathlp) (EventID: 30013) (User: )
Description: 192.168.1.2192.168.137.0255.255.255.0
 
Error: (10/23/2014 07:31:17 PM) (Source: ipnathlp) (EventID: 1233) (User: )
Description: 
 
Error: (10/22/2014 10:55:56 PM) (Source: ipnathlp) (EventID: 30013) (User: )
Description: 192.168.1.2192.168.137.0255.255.255.0
 
Error: (10/22/2014 10:55:56 PM) (Source: ipnathlp) (EventID: 1233) (User: )
Description: 
 
Error: (10/20/2014 00:39:25 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {D085A4AB-CAB1-4729-9DF8-FCEEDDBD19E4}
 
Error: (10/19/2014 10:04:41 PM) (Source: ipnathlp) (EventID: 30013) (User: )
Description: 192.168.1.7192.168.137.0255.255.255.0
 
Error: (10/19/2014 10:01:15 PM) (Source: bowser) (EventID: 8003) (User: )
Description: El explorador maestro recibió una notificación del equipo DANI-PC
que cree que es el explorador maestro para el dominio en el transporte NetBT_Tcpip_{624AFB98-78EA-4488-8458-7D91A3CF76.
El explorador maestro está detenido o se está forzando una elección.
 
Error: (10/19/2014 09:52:26 PM) (Source: ipnathlp) (EventID: 30013) (User: )
Description: 192.168.1.7192.168.137.0255.255.255.0
 
Error: (10/19/2014 09:50:45 PM) (Source: ipnathlp) (EventID: 30013) (User: )
Description: 192.168.1.7192.168.137.0255.255.255.0
 
Error: (10/19/2014 09:48:23 PM) (Source: ipnathlp) (EventID: 30013) (User: )
Description: 192.168.1.7192.168.137.0255.255.255.0
 
 
Microsoft Office Sessions:
=========================
Error: (07/26/2014 03:38:13 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2508 seconds with 60 seconds of active time.  This session ended with a crash.
 
Error: (03/25/2014 00:03:55 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1715 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error: (03/08/2013 06:23:33 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 7206 seconds with 180 seconds of active time.  This session ended with a crash.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i3-2350M CPU @ 2.30GHz
Percentage of memory in use: 58%
Total physical RAM: 2765.86 MB
Available physical RAM: 1153.43 MB
Total Pagefile: 5530.01 MB
Available Pagefile: 3398.87 MB
Total Virtual: 2047.88 MB
Available Virtual: 1891.21 MB
 
==================== Drives ================================
 
Drive c: (TI106275W0C) (Fixed) (Total:594.71 GB) (Free:279.88 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596.2 GB) (Disk ID: 98E9B164)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=594.7 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:12 PM

Posted 24 October 2014 - 07:58 AM

Clean your Temporary files/Folders.

Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program.
  • TFC will close all open programs itself in order to run.
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted, it should not take long to finish.
  • Once it's finished, click OK to reboot.
  • If it does not reboot, reboot your system manually.
  • ===

    Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
    start
    
    HKLM\...\Run: [] => [X]
    InternetURL: C:\Users\Dani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\INSTALL_TOR.URL -> https://paytordmbdekmizq.tor4pay.com/185zsx8
    Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
    R2 postgresql-8.4; C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "C:/Program Files/PostgreSQL/8.4/data" -w [X]
    C:\DECRYPT_INSTRUCTION.HTML
    C:\DECRYPT_INSTRUCTION.TXT
    C:\Users\Dani\Desktop\INSTALL_TOR.URL
    C:\INSTALL_TOR.URL
    C:\Users\DECRYPT_INSTRUCTION.HTML
    C:\Users\Dani\DECRYPT_INSTRUCTION.HTML
    C:\Users\DECRYPT_INSTRUCTION.TXT
    C:\Users\Dani\DECRYPT_INSTRUCTION.TXT
    C:\Users\INSTALL_TOR.URL
    C:\Users\Dani\INSTALL_TOR.URL
    C:\Users\Dani\Downloads\DECRYPT_INSTRUCTION.HTML
    C:\Users\Dani\Downloads\DECRYPT_INSTRUCTION.TXT
    C:\Users\Dani\Downloads\INSTALL_TOR.URL
    C:\Users\Dani\Documents\DECRYPT_INSTRUCTION.HTML
    C:\Users\Dani\Documents\DECRYPT_INSTRUCTION.TXT
    C:\Users\Dani\Documents\INSTALL_TOR.URL
    C:\Users\Dani\AppData\Roaming\DECRYPT_INSTRUCTION.HTML
    C:\Users\Dani\AppData\DECRYPT_INSTRUCTION.HTML
    C:\Users\Dani\AppData\Roaming\DECRYPT_INSTRUCTION.TXT
    C:\Users\Dani\AppData\DECRYPT_INSTRUCTION.TXT
    C:\Users\Dani\AppData\Roaming\INSTALL_TOR.URL
    C:\Users\Dani\AppData\INSTALL_TOR.URL
    C:\Users\Dani\AppData\Local\DECRYPT_INSTRUCTION.HTML
    C:\Users\Dani\AppData\Local\DECRYPT_INSTRUCTION.TXT
    C:\Users\Dani\AppData\Local\INSTALL_TOR.URL
    C:\Users\Cumple Elizabeth\DECRYPT_INSTRUCTION.HTML
    C:\Users\AULA VIRTUAL PSP401\DECRYPT_INSTRUCTION.HTML
    C:\Users\Cumple Elizabeth\DECRYPT_INSTRUCTION.TXT
    C:\Users\AULA VIRTUAL PSP401\DECRYPT_INSTRUCTION.TXT
    C:\Users\Cumple Elizabeth\INSTALL_TOR.URL
    C:\Users\AULA VIRTUAL PSP401\INSTALL_TOR.URL
    C:\ProgramData\DECRYPT_INSTRUCTION.HTML
    C:\ProgramData\DECRYPT_INSTRUCTION.TXT
    C:\ProgramData\INSTALL_TOR.URL
    C:\Users\Dani\Downloads\[kickass.to]22.jump.street.2014.1080p.brrip.x264.yify.torrent
    C:\Users\Dani\Downloads\[kickass.to]godzilla.2014.1080p.brrip.x264.yify.torrent
    
    End
    
    Save the files as fixlist.txt into the same folder as FRST

    Run FRST and click Fix only once and wait.

    Restart the computer normally to reset the registry.

    The tool will create a log Fixlog.txt please post it to your reply.
    ===

    This is all I can see that is related to the infection.

    How is the computer running now?


  • [/list]


#7 k2ron

k2ron
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:12 PM

Posted 24 October 2014 - 02:59 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 23-10-2014
Ran by Dani at 2014-10-24 15:57:05 Run:1
Running from C:\Users\Dani\Downloads
Loaded Profiles: Dani & postgres (Available profiles: Dani & postgres)
Boot Mode: Normal
 
==============================================
 
Content of fixlist:
*****************
start
 
HKLM\...\Run: [] => [X]
InternetURL: C:\Users\Dani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\INSTALL_TOR.URL -> https://paytordmbdekmizq.tor4pay.com/185zsx8
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
R2 postgresql-8.4; C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "C:/Program Files/PostgreSQL/8.4/data" -w [X]
C:\DECRYPT_INSTRUCTION.HTML
C:\DECRYPT_INSTRUCTION.TXT
C:\Users\Dani\Desktop\INSTALL_TOR.URL
C:\INSTALL_TOR.URL
C:\Users\DECRYPT_INSTRUCTION.HTML
C:\Users\Dani\DECRYPT_INSTRUCTION.HTML
C:\Users\DECRYPT_INSTRUCTION.TXT
C:\Users\Dani\DECRYPT_INSTRUCTION.TXT
C:\Users\INSTALL_TOR.URL
C:\Users\Dani\INSTALL_TOR.URL
C:\Users\Dani\Downloads\DECRYPT_INSTRUCTION.HTML
C:\Users\Dani\Downloads\DECRYPT_INSTRUCTION.TXT
C:\Users\Dani\Downloads\INSTALL_TOR.URL
C:\Users\Dani\Documents\DECRYPT_INSTRUCTION.HTML
C:\Users\Dani\Documents\DECRYPT_INSTRUCTION.TXT
C:\Users\Dani\Documents\INSTALL_TOR.URL
C:\Users\Dani\AppData\Roaming\DECRYPT_INSTRUCTION.HTML
C:\Users\Dani\AppData\DECRYPT_INSTRUCTION.HTML
C:\Users\Dani\AppData\Roaming\DECRYPT_INSTRUCTION.TXT
C:\Users\Dani\AppData\DECRYPT_INSTRUCTION.TXT
C:\Users\Dani\AppData\Roaming\INSTALL_TOR.URL
C:\Users\Dani\AppData\INSTALL_TOR.URL
C:\Users\Dani\AppData\Local\DECRYPT_INSTRUCTION.HTML
C:\Users\Dani\AppData\Local\DECRYPT_INSTRUCTION.TXT
C:\Users\Dani\AppData\Local\INSTALL_TOR.URL
C:\Users\Cumple Elizabeth\DECRYPT_INSTRUCTION.HTML
C:\Users\AULA VIRTUAL PSP401\DECRYPT_INSTRUCTION.HTML
C:\Users\Cumple Elizabeth\DECRYPT_INSTRUCTION.TXT
C:\Users\AULA VIRTUAL PSP401\DECRYPT_INSTRUCTION.TXT
C:\Users\Cumple Elizabeth\INSTALL_TOR.URL
C:\Users\AULA VIRTUAL PSP401\INSTALL_TOR.URL
C:\ProgramData\DECRYPT_INSTRUCTION.HTML
C:\ProgramData\DECRYPT_INSTRUCTION.TXT
C:\ProgramData\INSTALL_TOR.URL
C:\Users\Dani\Downloads\[kickass.to]22.jump.street.2014.1080p.brrip.x264.yify.torrent
C:\Users\Dani\Downloads\[kickass.to]godzilla.2014.1080p.brrip.x264.yify.torrent
 
End
*****************
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
C:\Users\Dani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\INSTALL_TOR.URL => Moved successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value deleted successfully.
"HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}" => Key deleted successfully.
"HKCR\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}" => Key deleted successfully.
"HKCR\CLSID\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}" => Key deleted successfully.
"HKCR\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}" => Key deleted successfully.
postgresql-8.4 => Service stopped successfully.
postgresql-8.4 => Service deleted successfully.
C:\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Dani\Desktop\INSTALL_TOR.URL => Moved successfully.
C:\INSTALL_TOR.URL => Moved successfully.
C:\Users\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\Dani\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Dani\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\INSTALL_TOR.URL => Moved successfully.
C:\Users\Dani\INSTALL_TOR.URL => Moved successfully.
C:\Users\Dani\Downloads\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\Dani\Downloads\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Dani\Downloads\INSTALL_TOR.URL => Moved successfully.
C:\Users\Dani\Documents\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\Dani\Documents\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Dani\Documents\INSTALL_TOR.URL => Moved successfully.
C:\Users\Dani\AppData\Roaming\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\Dani\AppData\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\Dani\AppData\Roaming\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Dani\AppData\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Dani\AppData\Roaming\INSTALL_TOR.URL => Moved successfully.
C:\Users\Dani\AppData\INSTALL_TOR.URL => Moved successfully.
C:\Users\Dani\AppData\Local\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\Dani\AppData\Local\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Dani\AppData\Local\INSTALL_TOR.URL => Moved successfully.
C:\Users\Cumple Elizabeth\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\AULA VIRTUAL PSP401\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\Users\Cumple Elizabeth\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\AULA VIRTUAL PSP401\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\Users\Cumple Elizabeth\INSTALL_TOR.URL => Moved successfully.
C:\Users\AULA VIRTUAL PSP401\INSTALL_TOR.URL => Moved successfully.
C:\ProgramData\DECRYPT_INSTRUCTION.HTML => Moved successfully.
C:\ProgramData\DECRYPT_INSTRUCTION.TXT => Moved successfully.
C:\ProgramData\INSTALL_TOR.URL => Moved successfully.
C:\Users\Dani\Downloads\[kickass.to]22.jump.street.2014.1080p.brrip.x264.yify.torrent => Moved successfully.
C:\Users\Dani\Downloads\[kickass.to]godzilla.2014.1080p.brrip.x264.yify.torrent => Moved successfully.
 
==== End of Fixlog ====


#8 k2ron

k2ron
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:12 PM

Posted 24 October 2014 - 03:09 PM

I reboot and the autoload of the decrypt page appars to be gone.

I still have a bunch of files decrypt_instruction or install_tor all around the folders. Can I go and delete them? and after that, how can I recover the files? 



#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:12 PM

Posted 25 October 2014 - 07:23 AM

I still have a bunch of files decrypt_instruction or install_tor all around the folders. Can I go and delete them?

Yes you can.

As for you files they are un=recoverable.

Unless you have a back up on disk which you can re-install.

#10 k2ron

k2ron
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:12 PM

Posted 28 October 2014 - 09:34 AM

:( And what if I decide to pay to get the decryption code? Would it be safe?



#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:12 PM

Posted 28 October 2014 - 12:46 PM

If it's worth for you to try do it.

I would not trust these guys.

#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:12 PM

Posted 03 November 2014 - 11:08 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:12 PM

Posted 03 November 2014 - 02:18 PM

This topic has been re-opened at the request of the person who originally posted.

#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:12 PM

Posted 03 November 2014 - 02:21 PM


Quoted from the PM.

Hi Nasdaq,
I'd not been using the laptop since the last day I followed your instructions and apparently the laptop seemed clean. But yesterday I tried using it and at one point it got locked by a full screen page that said FBI, Obama or something similar to that and doesn't allow me to do anything. Is this related to Cryptowall or is it something else? Could you please help? Thanks


It might be an other type of ranmsomware.

Follow the instructions on this page.

http://www.bleepingcomputer.com/virus-removal/remove-fbi-cybercrime-division-ransomware

Keep me posted.

#15 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:06:12 PM

Posted 09 November 2014 - 11:48 AM

Are you still with me?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users