Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My computer won't load the desktop after Hitman Pro (FRST results)


  • This topic is locked This topic is locked
20 replies to this topic

#1 CarlosPM

CarlosPM

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 18 February 2015 - 09:23 AM

Hello everyone! I'm new here. Thank you so very very much for helping me in advance, this is driving me crazy :(

 

The problem is I noticed pop-up ads a couple of days ago and it got really bad yesterday. I looked on the Internet and run Malwarebytes Anti-Malware and Hitman Pro twice each as it was suggested. I also tried to erase by hand any suspicious programs or files that I saw.

 

After running Malwarebytes, when I tried to run my computer on normal mode I was getting a white screen with the pointing arrow.

 

After I run Hitman Pro on safe mode with network connection and trying to run the computer normally it would let me log in to my user but it would get stuck loading windows and wouldn't get in.

 

I read on the forum people had similar issues so I did what they were told and run FRST on repair mode.

This are the results I got out of it:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 15-02-2015
Ran by SYSTEM on MINWINPC on 18-02-2015 13:42:40
Running from g:\
Platform: Windows Vista ™ Business Service Pack 1 (X86) OS Language: Inglés (Estados Unidos)
Internet Explorer Version 7
Boot Mode: Recovery
 
The current controlset is ControlSet003
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [431456 2008-07-29] (TOSHIBA Corporation)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [37232 2008-06-11] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-06-11] (Adobe Systems Inc.)
HKLM\...\Run: [SweetIM] => C:\Program Files\SweetIM\Messenger\SweetIM.exe
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-15] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6275072 2008-08-27] (Realtek Semiconductor)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-04-30] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-01] (Apple Inc.)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1989920 2013-08-26] (Wondershare)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-01] (Oracle Corporation)
HKLM\...\RunOnce: [GrpConv] => grpconv -o
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\Carlos Pascual\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\Carlos Pascual\...\Run: [Sony PC Companion] => C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe [466144 2014-11-27] (Sony)
HKU\Carlos Pascual\...\Run: [Spotify Web Helper] => C:\Users\Carlos Pascual\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2015-01-30] (Spotify Ltd)
HKU\Carlos Pascual\...\Run: [Spotify] => C:\Users\Carlos Pascual\AppData\Roaming\Spotify\spotify.exe [6737976 2015-01-30] (Spotify Ltd)
HKU\Carlos Pascual\...\Run: [uTorrent] => C:\Users\Carlos Pascual\AppData\Roaming\uTorrent\uTorrent.exe [1677904 2015-02-12] (BitTorrent Inc.)
HKU\Carlos Pascual\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
HKU\Default\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default\...\Run: [TOSCDSPD] => C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [430080 2008-07-04] (TOSHIBA)
HKU\Default User\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [TOSCDSPD] => C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [430080 2008-07-04] (TOSHIBA)
HKU\England2\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\England2\...\Run: [TOSCDSPD] => C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [430080 2008-07-04] (TOSHIBA)
HKU\England2\...\RunOnce: [Application Restart #0] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-20] (Microsoft Corporation)
HKU\England2\...\RunOnce: [Application Restart #1] => C:\Program Files\Windows Sidebar\sidebar.exe [1233920 2009-04-10] (Microsoft Corporation)
HKU\England2\...\RunOnce: [Application Restart #2] => C:\Program Files\Windows Sidebar\sidebar.exe [1233920 2009-04-10] (Microsoft Corporation)
HKU\England2\...\RunOnce: [Application Restart #3] => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [198656 2008-01-20] (Microsoft Corporation)
HKU\February\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\February\...\Run: [TOSCDSPD] => C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [430080 2008-07-04] (TOSHIBA)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\England2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\February\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
BootExecute: autocheck autochk * PCloudBroom.exe \systemroot\system32\BroomData.bit
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 Authentec memory manager; C:\Windows\system32\TAMSvr.exe [49152 2008-09-01] (AuthenTec Inc.)
S2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2008-04-16] (TOSHIBA CORPORATION)
S2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-20] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-20] (Malwarebytes Corporation)
S2 McAfeeFramework; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [104000 2006-11-17] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [378184 2007-07-24] (McAfee, Inc.)
S2 McProxy; c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe [359248 2007-08-15] (McAfee, Inc.)
S2 McShield; C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe [144960 2006-11-28] (McAfee, Inc.)
S3 McSysmon; C:\Program Files\McAfee\VirusScan\mcsysmon.exe [695624 2007-07-24] (McAfee, Inc.)
S2 McTaskManager; C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe [54872 2006-11-28] (McAfee, Inc.)
S3 SmartFaceVWatchSrv; C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [77824 2008-08-25] (Toshiba)
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
S2 TempoMonitoringService; C:\Program Files\Toshiba TEMPRO\TempoSVC.exe [99720 2008-08-26] (Toshiba Europe GmbH)
S2 TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [106496 2008-07-15] (TOSHIBA Corporation)
S2 TPCHSrv; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [622592 2008-08-11] (TOSHIBA Corporation)
S2 TW3GSVC; C:\Program Files\Toshiba\3GUty\tw3gsvc.exe [110592 2008-07-17] (TOSHIBA CORPORATION)
S2 UNS; C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2058776 2008-04-29] (Intel Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-20] (Microsoft Corporation)
S2 WTouchService; C:\Program Files\WTouch\WTouchService.exe [95528 2008-08-01] (Wacom Technology, Corp.)
S2 56f83cd8; "C:\Windows\system32\rundll32.exe" "c:\Program Files\SoftwarePlus\SoftwarePlus.dll",serv
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
S0 AlfaFF; C:\Windows\System32\Drivers\AlfaFF.sys [42608 2008-07-25] (Alfa Corporation)
S3 ATSWPDRV; C:\Windows\System32\DRIVERS\ATSwpDrv.sys [146944 2008-08-14] (AuthenTec, Inc.)
S1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [378672 2014-12-15] (Symantec Corporation)
S0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] ()
S3 guardian2; C:\Windows\System32\Drivers\oz776.sys [68696 2008-04-21] (O2Micro)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [35992 2015-02-18] ()
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-20] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-02-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-20] (Malwarebytes Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [64360 2006-11-28] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [79304 2007-07-23] (McAfee, Inc.)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [35240 2007-07-20] (McAfee, Inc.)
S3 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [201288 2007-07-20] (McAfee, Inc.)
S3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [33800 2007-07-24] (McAfee, Inc.)
S3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [40488 2007-07-20] (McAfee, Inc.)
S1 mfetdik; C:\Windows\System32\drivers\mfetdik.sys [52136 2006-11-28] (McAfee, Inc.)
S1 MPFP; C:\Windows\System32\Drivers\Mpfp.sys [125728 2007-07-12] (McAfee, Inc.)
S3 Sony_EricssonWWSC; C:\Windows\System32\DRIVERS\toshscard.sys [24232 2008-08-07] (Sony Ericsson)
S0 speedfan; C:\Windows\System32\speedfan.sys [24184 2012-12-29] (Almico Software)
S3 toshbus; C:\Windows\System32\DRIVERS\toshbus.sys [276352 2008-09-10] (MCCI Corporation)
S3 toshcard; C:\Windows\System32\DRIVERS\toshcard.sys [351616 2008-09-10] (MCCI Corporation)
S3 toshgps; C:\Windows\System32\DRIVERS\toshgps.sys [76840 2008-09-11] (Ericsson AB)
S3 toshmdfl; C:\Windows\System32\DRIVERS\toshmdfl.sys [14976 2008-09-10] (MCCI Corporation)
S3 toshmdfl2; C:\Windows\System32\DRIVERS\toshmdfl2.sys [14976 2008-09-10] (MCCI Corporation)
S3 toshmdm; C:\Windows\System32\DRIVERS\toshmdm.sys [360192 2008-09-10] (MCCI Corporation)
S3 toshmdm2; C:\Windows\System32\DRIVERS\toshmdm2.sys [404864 2008-09-10] (MCCI Corporation)
S3 toshnd5; C:\Windows\System32\DRIVERS\toshnd5.sys [25856 2008-09-10] (MCCI Corporation)
S3 toshunic; C:\Windows\System32\DRIVERS\toshunic.sys [368128 2008-09-10] (MCCI Corporation)
S2 TVALZFL; C:\Windows\System32\DRIVERS\TVALZFL.sys [6144 2008-04-30] (TOSHIBA Corporation)
S3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [17960 2008-07-15] (Chicony Electronics Co., Ltd.)
S3 WacomVTHid; C:\Windows\System32\DRIVERS\WacomVTHid.sys [13992 2008-07-09] (Wacom Technology)
S3 wisdpen; C:\Windows\System32\DRIVERS\wisdpen.sys [30888 2008-03-27] (Wacom Technology)
S3 Bulk1528; System32\Drivers\Bulk1528.sys [X]
S2 Ca1528av; System32\Drivers\Ca1528av.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-18 13:42 - 2015-02-18 13:42 - 00000000 ___DC () C:\FRST
2015-02-18 05:14 - 2015-02-18 05:17 - 01125888 _____ (Farbar) C:\Users\Carlos Pascual\Downloads\FRST.exe
2015-02-18 04:59 - 2015-02-18 05:00 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\Carlos Pascual\Downloads\SpyHunter-Installer.exe
2015-02-18 04:46 - 2015-02-18 04:46 - 00035992 _____ () C:\Windows\System32\Drivers\hitmanpro37.sys
2015-02-18 01:11 - 2015-02-18 04:35 - 00012102 _____ () C:\Windows\System32\.crusader
2015-02-18 00:54 - 2015-02-18 01:11 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-02-18 00:54 - 2015-02-18 00:54 - 00001777 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2015-02-18 00:54 - 2015-02-18 00:54 - 00000000 ___HD () C:\Program Files\HitmanPro
2015-02-18 00:50 - 2015-02-18 00:54 - 10085648 _____ (SurfRight B.V.) C:\Users\Carlos Pascual\Downloads\HitmanPro.exe
2015-02-17 12:27 - 2015-02-18 03:53 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2015-02-17 12:26 - 2015-02-17 12:26 - 00000904 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-17 12:26 - 2015-02-17 12:26 - 00000000 ___HD () C:\Program Files\Malwarebytes Anti-Malware
2015-02-17 12:26 - 2015-02-17 12:26 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-17 12:26 - 2014-11-20 22:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2015-02-17 12:26 - 2014-11-20 22:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mwac.sys
2015-02-17 12:26 - 2014-11-20 22:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2015-02-17 12:21 - 2015-02-17 12:25 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Carlos Pascual\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-17 11:42 - 2015-02-17 12:57 - 00377752 _____ () C:\Users\Public\A day in the life - Mr. Mushroom.mp3.sfk
2015-02-17 11:27 - 2015-02-17 11:27 - 00000000 ____D () C:\Users\February\AppData\Roaming\vlc
2015-02-17 11:21 - 2015-02-17 11:21 - 00000000 ____D () C:\Users\February\Documents\My Recordings
2015-02-17 11:19 - 2015-02-17 11:33 - 00018108 _____ () C:\Users\Public\A day in the life.mx5
2015-02-17 07:23 - 2015-02-17 07:23 - 00213797 _____ () C:\Users\Public\Something like Olivia.mx5
2015-02-17 03:59 - 2015-02-17 04:43 - 00000000 ___DC () C:\AdwCleaner
2015-02-17 03:55 - 2015-02-17 03:56 - 02112512 _____ () C:\Users\Carlos Pascual\Downloads\adwcleaner_4.110 (1).exe
2015-02-17 03:46 - 2015-02-17 03:47 - 02112512 _____ () C:\Users\Carlos Pascual\Downloads\adwcleaner_4.110.exe
2015-02-16 09:54 - 2015-02-16 09:54 - 00000000 ____D () C:\Users\February\Documents\Bluetooth
2015-02-16 09:53 - 2015-02-16 09:53 - 00000000 ____D () C:\Users\February\AppData\Roaming\SynthMaker
2015-02-16 09:52 - 2015-02-16 09:52 - 00000000 ____D () C:\Users\February\AppData\Roaming\Acoustica
2015-02-16 09:51 - 2015-02-16 09:51 - 00000000 ____D () C:\Users\February\AppData\Local\Toshiba
2015-02-16 09:50 - 2015-02-16 09:50 - 00103576 _____ () C:\Users\February\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-16 09:50 - 2015-02-16 09:50 - 00000000 ____D () C:\Users\February\AppData\Roaming\Apple Computer
2015-02-16 09:49 - 2015-02-16 09:51 - 00000000 ____D () C:\Users\February\AppData\Roaming\Adobe
2015-02-16 09:49 - 2015-02-16 09:51 - 00000000 ____D () C:\Users\February\AppData\Local\Adobe
2015-02-16 09:49 - 2015-02-16 09:49 - 00001974 _____ () C:\Users\February\Desktop\Google Chrome.lnk
2015-02-16 09:49 - 2015-02-16 09:49 - 00000000 ____D () C:\Users\February\AppData\Local\Wondershare
2015-02-16 09:49 - 2015-02-16 09:49 - 00000000 ____D () C:\Users\February\AppData\Local\Google
2015-02-16 09:48 - 2015-02-16 09:52 - 00000000 ____D () C:\Users\February\AppData\Local\VirtualStore
2015-02-16 09:48 - 2015-02-16 09:48 - 00000020 ___SH () C:\Users\February\ntuser.ini
2015-02-16 09:48 - 2015-02-16 09:48 - 00000000 _SHDL () C:\Users\February\Reciente
2015-02-16 09:48 - 2015-02-16 09:48 - 00000000 _SHDL () C:\Users\February\Plantillas
2015-02-16 09:48 - 2015-02-16 09:48 - 00000000 _SHDL () C:\Users\February\Mis documentos
2015-02-16 09:48 - 2015-02-16 09:48 - 00000000 _SHDL () C:\Users\February\Menú Inicio
2015-02-16 09:48 - 2015-02-16 09:48 - 00000000 _SHDL () C:\Users\February\Impresoras
2015-02-16 09:48 - 2015-02-16 09:48 - 00000000 _SHDL () C:\Users\February\Entorno de red
2015-02-16 09:48 - 2015-02-16 09:48 - 00000000 _SHDL () C:\Users\February\Documents\Mis vídeos
2015-02-16 09:48 - 2015-02-16 09:48 - 00000000 _SHDL () C:\Users\February\Documents\Mis imágenes
2015-02-16 09:48 - 2015-02-16 09:48 - 00000000 _SHDL () C:\Users\February\Documents\Mi música
2015-02-16 09:48 - 2015-02-16 09:48 - 00000000 _SHDL () C:\Users\February\Datos de programa
2015-02-16 09:48 - 2015-02-16 09:48 - 00000000 _SHDL () C:\Users\February\Configuración local
2015-02-16 09:48 - 2015-02-16 09:48 - 00000000 _SHDL () C:\Users\February\AppData\Local\Historial
2015-02-16 09:48 - 2015-02-16 09:48 - 00000000 _SHDL () C:\Users\February\AppData\Local\Datos de programa
2015-02-16 09:47 - 2015-02-16 09:49 - 00000000 ____D () C:\users\February
2015-02-16 09:47 - 2012-01-20 00:47 - 00000000 ____D () C:\Users\February\AppData\Local\Microsoft Help
2015-02-16 09:47 - 2011-10-01 06:56 - 00000000 ____D () C:\Users\February\AppData\Roaming\Macromedia
2015-02-16 08:00 - 2015-02-16 09:46 - 00090144 _____ () C:\Users\Public\Don't look back 2.mx5
2015-02-15 07:35 - 2015-02-15 07:35 - 00001790 _____ () C:\Users\Public\Desktop\Mixcraft 7 (32 bits).lnk
2015-02-15 07:13 - 2015-02-18 01:11 - 00000000 ____D () C:\ProgramData\{8f86c97f-c265-f337-8f86-6c97fc2625ff}
2015-02-15 06:51 - 2015-02-18 01:11 - 00000000 ____D () C:\ProgramData\{6f90396a-21ec-a72f-6f90-0396a21ee5a8}
2015-02-15 05:52 - 2015-02-15 05:52 - 01989392 _____ (Acoustica, Inc) C:\Users\Carlos Pascual\Downloads\Mixcraft-7-Downloader.exe
2015-02-13 06:41 - 2015-02-13 06:41 - 00000549 _____ () C:\Users\Public\Desktop\WAV To MP3.lnk
2015-02-13 06:25 - 2015-02-13 06:25 - 00055200 _____ () C:\Users\Public\Don't look back in anger.mx5
2015-02-12 15:46 - 2015-02-12 15:46 - 01798144 _____ () C:\Users\Carlos Pascual\Downloads\telefonos moviles y su uso culturas modernas mbb.pps
2015-02-12 01:57 - 2015-02-17 04:02 - 00000000 ____D () C:\Users\Carlos Pascual\AppData\Roaming\uTorrent
2015-02-12 01:55 - 2015-02-12 01:55 - 01677904 _____ (BitTorrent Inc.) C:\Users\Carlos Pascual\Downloads\uTorrent_3_4_2_37754.exe
2015-02-11 22:18 - 2015-01-11 17:54 - 01177600 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2015-02-11 22:18 - 2015-01-11 17:54 - 00834048 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2015-02-11 22:18 - 2015-01-11 17:54 - 00106496 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2015-02-11 22:18 - 2015-01-11 17:53 - 06121472 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2015-02-11 22:18 - 2015-01-11 17:53 - 03635200 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2015-02-11 22:18 - 2015-01-11 17:53 - 01827328 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2015-02-11 22:18 - 2015-01-11 17:53 - 00671744 _____ (Microsoft Corporation) C:\Windows\System32\mstime.dll
2015-02-11 22:18 - 2015-01-11 17:53 - 00498688 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2015-02-11 22:18 - 2015-01-11 17:53 - 00480768 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2015-02-11 22:18 - 2015-01-11 17:53 - 00380928 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2015-02-11 22:18 - 2015-01-11 17:53 - 00347136 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2015-02-11 22:18 - 2015-01-11 17:53 - 00273408 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2015-02-11 22:18 - 2015-01-11 17:53 - 00214528 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2015-02-11 22:18 - 2015-01-11 17:53 - 00193024 _____ (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2015-02-11 22:18 - 2015-01-11 17:53 - 00180736 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2015-02-11 22:18 - 2015-01-11 17:53 - 00027648 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2015-02-11 22:18 - 2015-01-11 17:53 - 00019968 _____ (Microsoft Corporation) C:\Windows\System32\corpol.dll
2015-02-11 22:18 - 2015-01-11 16:25 - 00389632 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2015-02-11 22:18 - 2015-01-11 16:18 - 01383424 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2015-02-11 22:10 - 2014-11-25 18:05 - 00564224 _____ (Microsoft Corporation) C:\Windows\System32\oleaut32.dll
2015-02-11 22:09 - 2015-01-08 16:20 - 02063360 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2015-02-11 22:08 - 2015-01-12 17:39 - 00974848 _____ (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2015-02-11 22:03 - 2015-01-14 20:13 - 00440760 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2015-02-11 22:02 - 2014-12-07 17:59 - 00306176 _____ (Microsoft Corporation) C:\Windows\System32\scesrv.dll
2015-02-08 03:05 - 2015-02-08 03:05 - 00000000 __SHD () C:\found.002
2015-02-04 09:52 - 2015-02-04 09:52 - 00020400 _____ () C:\Users\Public\Gravity prueba2.mx5
2015-02-04 05:32 - 2015-02-04 05:32 - 00020808 _____ () C:\Users\Public\Gravity prueba.mx5
2015-01-30 02:46 - 2015-02-17 02:53 - 00000000 ____D () C:\Users\Carlos Pascual\AppData\Local\Spotify
2015-01-30 02:39 - 2015-02-17 11:20 - 00000000 ____D () C:\Users\Carlos Pascual\AppData\Roaming\Spotify
2015-01-29 05:56 - 2015-01-29 05:57 - 03777336 _____ (http://smile-files.com) C:\Users\Carlos Pascual\Downloads\Transcribe!_8.40.0_downloader.exe
2015-01-29 05:53 - 2015-01-29 05:53 - 02280320 _____ (Seventh String Software ) C:\Users\Carlos Pascual\Downloads\xscsetup (2).exe
2015-01-29 05:52 - 2015-01-29 05:53 - 02280320 _____ (Seventh String Software ) C:\Users\Carlos Pascual\Downloads\xscsetup (1).exe
2015-01-27 11:44 - 2015-01-27 12:13 - 00038088 _____ () C:\Users\Public\going down electrica.mx5
2015-01-23 09:56 - 2015-01-23 09:56 - 00035200 _____ () C:\Users\Public\Conrad.mx5
2015-01-21 05:53 - 2015-01-21 06:21 - 00311512 _____ () C:\Users\Public\Strange Creatures Audio Youtube.mp3.sfk
2015-01-21 05:04 - 2015-01-21 05:04 - 00013064 _____ () C:\Users\Public\Strange Creatures Youtubefinal.mx5
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-18 05:36 - 2010-01-05 02:56 - 00196608 _____ () C:\Windows\System32\Ikeext.etl
2015-02-18 05:21 - 2010-01-04 03:38 - 00000000 ____D () C:\users\Carlos Pascual
2015-02-18 05:20 - 2008-01-21 00:11 - 01624350 _____ () C:\Windows\System32\PerfStringBackup.INI
2015-02-18 05:19 - 2010-03-22 11:41 - 00001356 _____ () C:\Users\Carlos Pascual\AppData\Local\d3d9caps.dat
2015-02-18 04:46 - 2006-11-02 04:47 - 00003216 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-18 04:46 - 2006-11-02 04:47 - 00003216 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-18 04:30 - 2010-01-06 09:21 - 00091136 _____ () C:\Users\Carlos Pascual\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-18 02:19 - 2010-01-04 10:20 - 01849221 _____ () C:\Windows\WindowsUpdate.log
2015-02-18 00:38 - 2010-01-05 11:17 - 00000000 ____D () C:\Users\Carlos Pascual\AppData\Roaming\Skype
2015-02-17 16:24 - 2006-11-02 03:18 - 00000000 ____D () C:\Windows\tracing
2015-02-17 15:59 - 2013-10-09 10:56 - 00499086 _____ () C:\Windows\PFRO.log
2015-02-17 12:49 - 2010-01-06 14:12 - 00000000 ____D () C:\QUARANTINE
2015-02-17 11:42 - 2006-11-02 03:18 - 00000000 ___RD () C:\users\Public
2015-02-16 17:55 - 2008-09-06 06:53 - 00000000 ___HD () C:\Program Files\Common Files\InstallShield
2015-02-16 17:55 - 2008-09-06 06:50 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-02-15 09:56 - 2013-12-06 10:09 - 00000000 ____D () C:\ProgramData\Norton
2015-02-14 02:58 - 2014-02-23 11:32 - 00000000 ____D () C:\Users\Carlos Pascual\AppData\Roaming\vlc
2015-02-14 01:13 - 2006-11-02 04:47 - 03729760 _____ () C:\Windows\System32\FNTCACHE.DAT
2015-02-13 12:55 - 2010-01-04 03:38 - 00103576 _____ () C:\Users\Carlos Pascual\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-13 06:41 - 2014-11-04 02:23 - 00000000 ___DC () C:\WAV To MP3
2015-02-11 22:18 - 2013-08-08 13:50 - 00000000 ____D () C:\Windows\System32\MRT
2015-02-11 22:10 - 2008-09-06 07:20 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-11 22:10 - 2006-11-02 02:24 - 113756392 _____ (Microsoft Corporation) C:\Windows\System32\mrt.exe
2015-02-07 13:23 - 2014-06-06 10:24 - 00000000 ____D () C:\Users\Carlos Pascual\AppData\Local\Cuevana
2015-02-05 05:37 - 2012-07-02 14:03 - 00000000 ____D () C:\Users\Carlos Pascual\fotosserias
2015-02-02 15:23 - 2014-01-31 04:41 - 00000000 ___RD () C:\Users\Carlos Pascual\Dropbox
2015-01-29 09:07 - 2010-03-19 03:51 - 00000372 _____ () C:\Users\Public\Desktop\Opera.lnk
2015-01-29 07:32 - 2010-01-04 08:30 - 00000000 ____D () C:\Users\Carlos Pascual\AppData\Local\Adobe
2015-01-21 08:55 - 2014-05-11 09:51 - 00488026 _____ () C:\Windows\DPINST.LOG
2015-01-21 05:12 - 2013-11-03 04:18 - 00012740 _____ () C:\Windows\setupact.log
 
==================== Known DLLs (Whitelisted) ============
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== Restore Points  =========================
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 14%
Total physical RAM: 3896.25 MB
Available physical RAM: 3326.44 MB
Total Pagefile: 3566.8 MB
Available Pagefile: 3398.21 MB
Total Virtual: 2047.88 MB
Available Virtual: 1970.61 MB
 
==================== Drives ================================
 
Drive c: (Vista) (Fixed) (Total:149.04 GB) (Free:20 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Data) (Fixed) (Total:147.58 GB) (Free:68.63 GB) NTFS
Drive f: (WinRE) (Fixed) (Total:1.46 GB) (Free:1.22 GB) NTFS
Drive g: (TORO) (Removable) (Total:1.85 GB) (Free:0.02 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: B853D9B7)
Partition 1: (Not Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Active) - (Size=149 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=147.6 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 1.9 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=1.9 GB) - (Type=06)
 
 
LastRegBack: 2015-02-18 05:10
 
==================== End Of Log ============================
 
 
 
 
 
Now I'm editing my post the day after. I just tried to log in on normal mode today again and the white screen with the pointing arrow is still there. Thank you for your help!

Edited by CarlosPM, 19 February 2015 - 03:23 AM.


BC AdBot (Login to Remove)

 


#2 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,054 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:10:07 PM

Posted 21 February 2015 - 08:39 AM

Greetings and :welcome: to BleepingComputer,
My name is xXToffeeXx, but feel free to call me Toffee if it is easier for you. I will be helping you with your malware problems.
 
A few points to cover before we start:

  • Do not run any tools without being instructed to as this makes my job much harder in trying to figure out what you have done.
  • Make sure to read my instructions fully before attempting a step.
  • If you have problems or questions with any of the steps, feel free to ask me. I will be happy to answer any questions you have.
  • Please follow the topic by clicking on the "Follow this topic" button, and make sure a tick is in the "receive notifications" and is set to "Instantly". Any replies should be made in this topic by clicking the "Reply to this topic" button.
  • Important information in my posts will often be in bold, make sure to take note of these.
  • I will attempt to reply as soon as possible, and normally within 24 hours of your reply. If this is not possible or I have a delay then I will let you know.
  • I will bump a topic after 3 days of no activity, and then will give you another 2 days to reply before a topic is closed. If you need more time than this please let me know.
  • Lets get going now :thumbup2:

==========================
 
Hi CarlosPM,

Running a fix Using Farbar's Recovery Scan Tool in the Recovery Environment:

  • From your clean computer, press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter.
  • Please copy and paste the contents of the below code box into the open notepad and save it on the flashdrive as fixlist.txt
HKLM\...\Run: [] => [X]
HKLM\...\RunOnce: [GrpConv] => grpconv -o
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
S2 56f83cd8; "C:\Windows\system32\rundll32.exe" "c:\Program Files\SoftwarePlus\SoftwarePlus.dll",serv
c:\Program Files\SoftwarePlus\SoftwarePlus.dll
  • Insert the USB device into your infected computer
  • Follow the process below to enter the System Recovery Options using one of the three options listed, then running Farbar's Recovery Scan Tool.

On a clean machine, please download Farbar Recovery Scan Tool and save it to the USB (feel free to use the frst download from my last instructions, if you still have it on the USB).
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html

 
To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

==========
 
On the System Recovery Options menu you will get the following options:
 
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

 
Select Command Prompt
 
==========
 
Once in the Command Prompt:

  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • It will make a log (Fixlog.txt) on the flash drive. Please copy and paste it to your reply.

Any luck with booting into normal mode?
 
xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#3 CarlosPM

CarlosPM
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 21 February 2015 - 11:12 AM

Hi Toffee! First of all thank you with all my heart for helping me!

 

I did what you told me and it's not working yet.

 

First time I booted it in normal mode and it got stuck loading the user accounts, I turned it off.

I booted it in normal mode again and this time I went through the user log in but it got stuck loading the desktop and now I'm using it in safe mode with network again.

 

I think maybe the problem why it didn't work is because yesterday I hid the Program Files folder unwillingly. I leave you here the output of the fixlist.

I just put the Program Files folder back to normal again, should I repeat the fixlist again? Thank you very very much!!

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 15-02-2015
Ran by SYSTEM at 2015-02-21 14:49:12 Run:1
Running from g:\
Boot Mode: Recovery
 
==============================================
 
Content of fixlist:
*****************
HKLM\...\Run: [] => [X]
HKLM\...\RunOnce: [GrpConv] => grpconv -o
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
S2 56f83cd8; "C:\Windows\system32\rundll32.exe" "c:\Program Files\SoftwarePlus\SoftwarePlus.dll",serv
c:\Program Files\SoftwarePlus\SoftwarePlus.dll
*****************
 
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\\GrpConv => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoControlPanel => value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\NoFolderOptions => value deleted successfully.
56f83cd8 => Service deleted successfully.
"c:\Program Files\SoftwarePlus\SoftwarePlus.dll" => File/Directory not found.
 
==== End of Fixlog 14:49:13 ====


#4 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,054 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:10:07 PM

Posted 21 February 2015 - 11:38 AM

Hi CarlosPM,
 

I think maybe the problem why it didn't work is because yesterday I hid the Program Files folder unwillingly.

What steps did you take that caused this?
 
Lets get a log from safe mode and see what that shows:
 
Please download Farbar Recovery Scan Tool and save it to your Desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.
 
xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#5 CarlosPM

CarlosPM
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 21 February 2015 - 11:52 AM

I clicked with the right button in the folder , clicked in hide and apply. I don't know why I did it...Silly me!  But the folder is back to normal again.

 

This are the results of FRST and Addition:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-02-2015
Ran by Carlos Pascual (administrator) on CARLOSPASCUAL1 on 21-02-2015 16:46:01
Running from C:\Users\Carlos Pascual\Downloads
Loaded Profiles: Carlos Pascual (Available profiles: Carlos Pascual & postgres & Mixcraft England 1 & England2 & Mixcraft England Jan & February)
Platform: Microsoft® Windows Vista™ Business  Service Pack 2 (X86) OS Language: Español (España, internacional)
Internet Explorer Version 7 (Default browser: Chrome)
Boot Mode: Safe Mode (with Networking)
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Carlos Pascual\Downloads\FRST (1).exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [431456 2008-07-30] (TOSHIBA Corporation)
HKLM\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [37232 2008-06-12] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-06-11] (Adobe Systems Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-15] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6275072 2008-08-28] (Realtek Semiconductor)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-01] (Apple Inc.)
HKLM\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1989920 2013-08-26] (Wondershare)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\RunOnce: [Update] => C:\Users\Carlos Pascual\AppData\Roaming\VOPackage\VOPackage.exe /runonce
HKLM\...\RunOnce: [SpUninstallCleanUp] => REG delete HKEY_LOCAL_MACHINE\Software\SearchProtect /f
HKLM\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2014-11-21] (Malwarebytes Corporation)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-2009512261-3591854202-2081583451-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-2009512261-3591854202-2081583451-1000\...\Run: [Sony PC Companion] => C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe [466144 2014-11-27] (Sony)
HKU\S-1-5-21-2009512261-3591854202-2081583451-1000\...\Run: [Spotify Web Helper] => C:\Users\Carlos Pascual\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2015-01-30] (Spotify Ltd)
HKU\S-1-5-21-2009512261-3591854202-2081583451-1000\...\Run: [Spotify] => C:\Users\Carlos Pascual\AppData\Roaming\Spotify\spotify.exe [6737976 2015-01-30] (Spotify Ltd)
HKU\S-1-5-21-2009512261-3591854202-2081583451-1000\...\Run: [uTorrent] => C:\Users\Carlos Pascual\AppData\Roaming\uTorrent\uTorrent.exe [1677904 2015-02-12] (BitTorrent Inc.)
HKU\S-1-5-21-2009512261-3591854202-2081583451-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-2009512261-3591854202-2081583451-1000\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[S1].txt [20400 2015-02-21] ()
HKU\S-1-5-21-2009512261-3591854202-2081583451-1000\...\MountPoints2: {d588d3df-60fb-11df-b05b-028037ec0200} - sysusb/usbdur.exe
HKU\S-1-5-21-2009512261-3591854202-2081583451-1000\...\MountPoints2: {f4397f89-d92c-11e3-9d2c-002258d0e3ee} - D:\Startme.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\England2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\February\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
ShellIconOverlayIdentifiers: [IconOvrly1] -> {A4EEBF66-92EB-4F2A-9F1E-2F6D14B30DA6} => C:\Program Files\TrueSuite Access Manager\IconOvrly.dll (Arachnoid Biometrics Identification Group Corp.)
BootExecute: autocheck autochk * PCloudBroom.exe \systemroot\system32\BroomData.bit
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2009512261-3591854202-2081583451-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.omniboxes.com/web/?type=ds&ts=1424533510&from=amt&uid=HitachiXHTS723232L9A360_090816FC1420NEH98ZRGX&q={searchTerms}
HKU\S-1-5-21-2009512261-3591854202-2081583451-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://elrellano.es/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-2009512261-3591854202-2081583451-1000 -> Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1206147.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2009512261-3591854202-2081583451-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Carlos Pascual\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKU\S-1-5-21-2009512261-3591854202-2081583451-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Carlos Pascual\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-2009512261-3591854202-2081583451-1000: @talk.google.com/O1DPlugin -> C:\Users\Carlos Pascual\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-2009512261-3591854202-2081583451-1000: @talk.google.com/O3DPlugin -> C:\Users\Carlos Pascual\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKU\S-1-5-21-2009512261-3591854202-2081583451-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Carlos Pascual\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-2009512261-3591854202-2081583451-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Carlos Pascual\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Carlos Pascual\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Carlos Pascual\AppData\Roaming\mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin ProgramFiles/Appdata: C:\Users\Carlos Pascual\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-01-08]
FF HKLM\...\Firefox\Extensions: [offerboxffx@offerbox.com] - C:\Program Files\OfferBox\offerboxffx@offerbox.com
 
Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default -> "https://www.facebook.com/", "hxxp://www.youtube.com/", "hxxp://gmail.com/", "hxxp://www.omniboxes.com/?type=hp&ts=1424533510&from=amt&uid=HitachiXHTS723232L9A360_090816FC1420NEH98ZRGX"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Carlos Pascual\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Carlos Pascual\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-05]
CHR Extension: (YouTube) - C:\Users\Carlos Pascual\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-05]
CHR Extension: (Google Search) - C:\Users\Carlos Pascual\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-05]
CHR Extension: (Google Wallet) - C:\Users\Carlos Pascual\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-03]
CHR Extension: (Gmail) - C:\Users\Carlos Pascual\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-05]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2012-01-17]
 
Opera: 
=======
StartMenuInternet: (HKLM) Opera.exe - E:\Opera.exe
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 Authentec memory manager; C:\Windows\system32\TAMSvr.exe [49152 2008-09-02] (AuthenTec Inc.) [File not signed]
S2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2008-04-16] (TOSHIBA CORPORATION) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2010-12-25] (Macrovision Europe Ltd.) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S2 McAfeeFramework; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [104000 2006-11-17] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [378184 2007-07-25] (McAfee, Inc.)
S2 McProxy; c:\Program Files\Common Files\McAfee\McProxy\McProxy.exe [359248 2007-08-15] (McAfee, Inc.)
S2 McShield; C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe [144960 2006-11-29] (McAfee, Inc.)
S3 McSysmon; C:\Program Files\McAfee\VirusScan\mcsysmon.exe [695624 2007-07-24] (McAfee, Inc.)
S2 McTaskManager; C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe [54872 2006-11-29] (McAfee, Inc.)
S2 pyfehube; C:\Users\Carlos Pascual\AppData\Local\80C20947-1424533583-DE11-8075-B05989029619\snswF558.tmp [229376 2015-02-21] () [File not signed]
S2 qizoxeni; C:\Users\Carlos Pascual\AppData\Roaming\80C20947-1424533423-DE11-8075-B05989029619\jnslE8C8.tmp [90624 2015-02-21] () [File not signed]
S3 SmartFaceVWatchSrv; C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [77824 2008-08-25] (Toshiba) [File not signed]
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S2 TempoMonitoringService; C:\Program Files\Toshiba TEMPRO\TempoSVC.exe [99720 2008-08-26] (Toshiba Europe GmbH)
S2 TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [106496 2008-07-15] (TOSHIBA Corporation) [File not signed]
S2 TPCHSrv; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [622592 2008-08-11] (TOSHIBA Corporation) [File not signed]
S2 TW3GSVC; C:\Program Files\Toshiba\3GUty\tw3gsvc.exe [110592 2008-07-18] (TOSHIBA CORPORATION) [File not signed]
S2 UNS; C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2058776 2008-04-29] (Intel Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
S2 WTouchService; C:\Program Files\WTouch\WTouchService.exe [95528 2008-08-01] (Wacom Technology, Corp.)
S2 gofikubi; C:\Users\Carlos Pascual\AppData\Roaming\80C20947-1424533423-DE11-8075-B05989029619\nsg9E99.tmpfs [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
R0 AlfaFF; C:\Windows\System32\Drivers\AlfaFF.sys [42608 2008-07-25] (Alfa Corporation)
S3 ATSWPDRV; C:\Windows\System32\DRIVERS\ATSwpDrv.sys [146944 2008-08-14] (AuthenTec, Inc.)
S1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [378672 2014-12-15] (Symantec Corporation)
R0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] () [File not signed]
R3 guardian2; C:\Windows\System32\Drivers\oz776.sys [68696 2008-04-22] (O2Micro)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [35992 2015-02-18] ()
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [64360 2006-11-29] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [79304 2007-07-24] (McAfee, Inc.)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [35240 2007-07-21] (McAfee, Inc.)
S3 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [201288 2007-07-21] (McAfee, Inc.)
S3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [33800 2007-07-24] (McAfee, Inc.)
S3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [40488 2007-07-21] (McAfee, Inc.)
R1 mfetdik; C:\Windows\System32\drivers\mfetdik.sys [52136 2006-11-29] (McAfee, Inc.)
R1 MPFP; C:\Windows\System32\Drivers\Mpfp.sys [125728 2007-07-13] (McAfee, Inc.)
U0 rvbmrvyn; C:\Windows\System32\drivers\jscatuj.sys [52440 2015-02-21] (Malwarebytes Corporation)
R3 Sony_EricssonWWSC; C:\Windows\System32\DRIVERS\toshscard.sys [24232 2008-08-07] (Sony Ericsson)
R0 speedfan; C:\Windows\System32\speedfan.sys [24184 2012-12-29] (Almico Software)
R3 toshbus; C:\Windows\System32\DRIVERS\toshbus.sys [276352 2008-09-10] (MCCI Corporation)
S3 toshcard; C:\Windows\System32\DRIVERS\toshcard.sys [351616 2008-09-10] (MCCI Corporation)
S3 toshgps; C:\Windows\System32\DRIVERS\toshgps.sys [76840 2008-09-11] (Ericsson AB)
S3 toshmdfl; C:\Windows\System32\DRIVERS\toshmdfl.sys [14976 2008-09-10] (MCCI Corporation)
S3 toshmdfl2; C:\Windows\System32\DRIVERS\toshmdfl2.sys [14976 2008-09-10] (MCCI Corporation)
S3 toshmdm; C:\Windows\System32\DRIVERS\toshmdm.sys [360192 2008-09-10] (MCCI Corporation)
S3 toshmdm2; C:\Windows\System32\DRIVERS\toshmdm2.sys [404864 2008-09-10] (MCCI Corporation)
R3 toshnd5; C:\Windows\System32\DRIVERS\toshnd5.sys [25856 2008-09-10] (MCCI Corporation)
R3 toshunic; C:\Windows\System32\DRIVERS\toshunic.sys [368128 2008-09-10] (MCCI Corporation)
R2 TVALZFL; C:\Windows\System32\DRIVERS\TVALZFL.sys [6144 2008-04-30] (TOSHIBA Corporation)
S3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [17960 2008-07-15] (Chicony Electronics Co., Ltd.)
R3 WacomVTHid; C:\Windows\System32\DRIVERS\WacomVTHid.sys [13992 2008-07-09] (Wacom Technology)
R3 wisdpen; C:\Windows\System32\DRIVERS\wisdpen.sys [30888 2008-03-27] (Wacom Technology)
S3 ysusb32; C:\Windows\System32\drivers\ysusb32.sys [98088 2013-04-05] (Yamaha Corporation)
S3 Bulk1528; System32\Drivers\Bulk1528.sys [X]
S2 Ca1528av; System32\Drivers\Ca1528av.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-21 16:46 - 2015-02-21 16:46 - 00022154 _____ () C:\Users\Carlos Pascual\Downloads\FRST.txt
2015-02-21 16:45 - 2015-02-21 16:45 - 01126400 _____ (Farbar) C:\Users\Carlos Pascual\Downloads\FRST (1).exe
2015-02-21 16:41 - 2015-02-21 16:41 - 00052440 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\jscatuj.sys
2015-02-21 15:46 - 2015-02-21 15:46 - 00000000 ____D () C:\Users\Carlos Pascual\AppData\Local\80C20947-1424533583-DE11-8075-B05989029619
2015-02-21 15:46 - 2015-02-21 15:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WajaNEnhance
2015-02-21 15:45 - 2015-02-21 15:45 - 00000556 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserM_1_7_22_478699874-4155726479-3780505679-3006UA__313335343533353739392d34784145552a2a3423326c57.job
2015-02-21 15:43 - 2015-02-21 15:44 - 00000000 ____D () C:\Users\Carlos Pascual\AppData\Roaming\80C20947-1424533423-DE11-8075-B05989029619
2015-02-21 15:41 - 2015-02-21 15:44 - 00001370 _____ () C:\Windows\Tasks\YLCI.job
2015-02-19 19:16 - 2015-02-21 13:33 - 00325894 _____ () C:\Users\Public\Going Down con CI1.mx5
2015-02-19 14:46 - 2015-02-19 14:46 - 00000000 ____D () C:\Program Files\Yamaha
2015-02-19 14:46 - 2015-02-19 14:46 - 00000000 ____D () C:\Program Files\Common Files\Steinberg
2015-02-19 14:16 - 2015-02-19 14:16 - 00000000 ____D () C:\Users\Carlos Pascual\AppData\Local\Downloaded Installations
2015-02-18 21:42 - 2015-02-21 16:46 - 00000000 ___DC () C:\FRST
2015-02-18 16:04 - 2015-02-18 16:04 - 00000987 _____ () C:\Users\Carlos Pascual\Downloads\fixlist.txt
2015-02-18 13:14 - 2015-02-18 13:17 - 01125888 _____ (Farbar) C:\Users\Carlos Pascual\Downloads\FRST.exe
2015-02-18 12:59 - 2015-02-18 13:00 - 03044736 _____ (Enigma Software Group USA, LLC.) C:\Users\Carlos Pascual\Downloads\SpyHunter-Installer.exe
2015-02-18 12:46 - 2015-02-18 12:46 - 00035992 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2015-02-18 09:11 - 2015-02-18 12:35 - 00012102 _____ () C:\Windows\system32\.crusader
2015-02-18 08:54 - 2015-02-18 09:11 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-02-18 08:54 - 2015-02-18 08:54 - 00001777 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2015-02-18 08:54 - 2015-02-18 08:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-02-18 08:54 - 2015-02-18 08:54 - 00000000 ____D () C:\Program Files\HitmanPro
2015-02-18 08:50 - 2015-02-18 08:54 - 10085648 _____ (SurfRight B.V.) C:\Users\Carlos Pascual\Downloads\HitmanPro.exe
2015-02-17 20:27 - 2015-02-21 16:17 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-17 20:26 - 2015-02-17 20:26 - 00000904 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-17 20:26 - 2015-02-17 20:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-17 20:26 - 2015-02-17 20:26 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-17 20:26 - 2015-02-17 20:26 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-02-17 20:26 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-17 20:26 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-17 20:26 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-17 20:21 - 2015-02-17 20:25 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Carlos Pascual\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-17 19:42 - 2015-02-17 20:57 - 00377752 _____ () C:\Users\Public\A day in the life - Mr. Mushroom.mp3.sfk
2015-02-17 19:27 - 2015-02-21 15:06 - 00000000 ____D () C:\Users\February\AppData\Roaming\vlc
2015-02-17 19:19 - 2015-02-17 19:33 - 00018108 _____ () C:\Users\Public\A day in the life.mx5
2015-02-17 15:23 - 2015-02-17 15:23 - 00213797 _____ () C:\Users\Public\Something like Olivia.mx5
2015-02-17 11:59 - 2015-02-21 15:52 - 00000000 ___DC () C:\AdwCleaner
2015-02-17 11:55 - 2015-02-17 11:56 - 02112512 _____ () C:\Users\Carlos Pascual\Downloads\adwcleaner_4.110 (1).exe
2015-02-17 11:46 - 2015-02-17 11:47 - 02112512 _____ () C:\Users\Carlos Pascual\Downloads\adwcleaner_4.110.exe
2015-02-16 17:53 - 2015-02-16 17:53 - 00000000 ____D () C:\Users\February\AppData\Roaming\SynthMaker
2015-02-16 17:52 - 2015-02-16 17:52 - 00000000 ____D () C:\Users\February\AppData\Roaming\Acoustica
2015-02-16 17:51 - 2015-02-16 17:51 - 00000000 ____D () C:\Users\February\AppData\Local\Toshiba
2015-02-16 17:50 - 2015-02-16 17:50 - 00103576 _____ () C:\Users\February\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-16 17:50 - 2015-02-16 17:50 - 00000000 ____D () C:\Users\February\AppData\Roaming\Apple Computer
2015-02-16 17:49 - 2015-02-16 17:51 - 00000000 ____D () C:\Users\February\AppData\Roaming\Adobe
2015-02-16 17:49 - 2015-02-16 17:51 - 00000000 ____D () C:\Users\February\AppData\Local\Adobe
2015-02-16 17:49 - 2015-02-16 17:49 - 00001974 _____ () C:\Users\February\Desktop\Google Chrome.lnk
2015-02-16 17:49 - 2015-02-16 17:49 - 00000954 _____ () C:\Users\February\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-16 17:49 - 2015-02-16 17:49 - 00000949 _____ () C:\Users\February\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-02-16 17:49 - 2015-02-16 17:49 - 00000000 ____D () C:\Users\February\AppData\Local\Wondershare
2015-02-16 17:49 - 2015-02-16 17:49 - 00000000 ____D () C:\Users\February\AppData\Local\Google
2015-02-16 17:48 - 2015-02-16 17:52 - 00000000 ____D () C:\Users\February\AppData\Local\VirtualStore
2015-02-16 17:48 - 2015-02-16 17:48 - 00000920 _____ () C:\Users\February\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
2015-02-16 17:48 - 2015-02-16 17:48 - 00000020 ___SH () C:\Users\February\ntuser.ini
2015-02-16 17:48 - 2015-02-16 17:48 - 00000000 _SHDL () C:\Users\February\Reciente
2015-02-16 17:48 - 2015-02-16 17:48 - 00000000 _SHDL () C:\Users\February\Plantillas
2015-02-16 17:48 - 2015-02-16 17:48 - 00000000 _SHDL () C:\Users\February\Mis documentos
2015-02-16 17:48 - 2015-02-16 17:48 - 00000000 _SHDL () C:\Users\February\Menú Inicio
2015-02-16 17:48 - 2015-02-16 17:48 - 00000000 _SHDL () C:\Users\February\Impresoras
2015-02-16 17:48 - 2015-02-16 17:48 - 00000000 _SHDL () C:\Users\February\Entorno de red
2015-02-16 17:48 - 2015-02-16 17:48 - 00000000 _SHDL () C:\Users\February\Datos de programa
2015-02-16 17:48 - 2015-02-16 17:48 - 00000000 _SHDL () C:\Users\February\Configuración local
2015-02-16 17:48 - 2015-02-16 17:48 - 00000000 _SHDL () C:\Users\February\AppData\Roaming\Microsoft\Windows\Start Menu\Programas
2015-02-16 17:48 - 2015-02-16 17:48 - 00000000 _SHDL () C:\Users\February\AppData\Local\Historial
2015-02-16 17:48 - 2015-02-16 17:48 - 00000000 _SHDL () C:\Users\February\AppData\Local\Datos de programa
2015-02-16 17:47 - 2015-02-16 17:49 - 00000000 ____D () C:\Users\February
2015-02-16 17:47 - 2012-01-20 08:47 - 00000000 ____D () C:\Users\February\AppData\Local\Microsoft Help
2015-02-16 17:47 - 2011-10-01 14:56 - 00000000 ____D () C:\Users\February\AppData\Roaming\Macromedia
2015-02-16 17:47 - 2008-01-21 02:43 - 00000000 ___RD () C:\Users\February\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-02-16 17:47 - 2008-01-21 02:43 - 00000000 ___RD () C:\Users\February\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-02-16 16:00 - 2015-02-16 17:46 - 00090144 _____ () C:\Users\Public\Don't look back 2.mx5
2015-02-15 16:00 - 2015-02-15 16:06 - 00000000 ____D () C:\Users\Carlos Pascual\Favorites\Pictures\Documents\Mixcraft Projects
2015-02-15 15:35 - 2015-02-15 15:35 - 00001796 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Mixcraft 7 (32 bits).lnk
2015-02-15 15:35 - 2015-02-15 15:35 - 00001790 _____ () C:\Users\Public\Desktop\Mixcraft 7 (32 bits).lnk
2015-02-15 15:35 - 2015-02-15 15:35 - 00000000 ____D () C:\Users\Carlos Pascual\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Acoustica Mixcraft 7 (32 bits)
2015-02-15 15:35 - 2015-02-15 15:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acoustica Mixcraft 7 (32 bits)
2015-02-15 15:13 - 2015-02-18 09:11 - 00000000 ____D () C:\ProgramData\{8f86c97f-c265-f337-8f86-6c97fc2625ff}
2015-02-15 14:51 - 2015-02-18 09:11 - 00000000 ____D () C:\ProgramData\{6f90396a-21ec-a72f-6f90-0396a21ee5a8}
2015-02-15 13:52 - 2015-02-15 13:52 - 01989392 _____ (Acoustica, Inc) C:\Users\Carlos Pascual\Downloads\Mixcraft-7-Downloader.exe
2015-02-13 14:41 - 2015-02-13 14:41 - 00000549 _____ () C:\Users\Public\Desktop\WAV To MP3.lnk
2015-02-13 14:25 - 2015-02-13 14:25 - 00055200 _____ () C:\Users\Public\Don't look back in anger.mx5
2015-02-12 23:46 - 2015-02-12 23:46 - 01798144 _____ () C:\Users\Carlos Pascual\Downloads\telefonos moviles y su uso culturas modernas mbb.pps
2015-02-12 09:59 - 2015-02-12 09:59 - 00000751 _____ () C:\Users\Carlos Pascual\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2015-02-12 09:57 - 2015-02-17 12:02 - 00000000 ____D () C:\Users\Carlos Pascual\AppData\Roaming\uTorrent
2015-02-12 09:55 - 2015-02-12 09:55 - 01677904 _____ (BitTorrent Inc.) C:\Users\Carlos Pascual\Downloads\uTorrent_3_4_2_37754.exe
2015-02-12 06:18 - 2015-01-12 01:54 - 01177600 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-12 06:18 - 2015-01-12 01:54 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-12 06:18 - 2015-01-12 01:54 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-02-12 06:18 - 2015-01-12 01:53 - 06121472 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-12 06:18 - 2015-01-12 01:53 - 03635200 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-12 06:18 - 2015-01-12 01:53 - 01827328 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-12 06:18 - 2015-01-12 01:53 - 00671744 _____ (Microsoft Corporation) C:\Windows\system32\mstime.dll
2015-02-12 06:18 - 2015-01-12 01:53 - 00498688 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-12 06:18 - 2015-01-12 01:53 - 00480768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-12 06:18 - 2015-01-12 01:53 - 00380928 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-12 06:18 - 2015-01-12 01:53 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-12 06:18 - 2015-01-12 01:53 - 00273408 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-12 06:18 - 2015-01-12 01:53 - 00214528 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-12 06:18 - 2015-01-12 01:53 - 00193024 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-02-12 06:18 - 2015-01-12 01:53 - 00180736 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-12 06:18 - 2015-01-12 01:53 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-12 06:18 - 2015-01-12 01:53 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\corpol.dll
2015-02-12 06:18 - 2015-01-12 00:25 - 00389632 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-02-12 06:18 - 2015-01-12 00:18 - 01383424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-12 06:10 - 2014-11-26 02:05 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-12 06:09 - 2015-01-09 00:20 - 02063360 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-12 06:08 - 2015-01-13 01:39 - 00974848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-12 06:03 - 2015-01-15 04:13 - 00440760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-12 06:02 - 2014-12-08 01:59 - 00306176 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-08 11:05 - 2015-02-08 11:05 - 00000000 __SHD () C:\found.002
2015-02-04 17:52 - 2015-02-04 17:52 - 00020400 _____ () C:\Users\Public\Gravity prueba2.mx5
2015-02-04 13:32 - 2015-02-04 13:32 - 00020808 _____ () C:\Users\Public\Gravity prueba.mx5
2015-01-30 10:46 - 2015-02-17 10:53 - 00000000 ____D () C:\Users\Carlos Pascual\AppData\Local\Spotify
2015-01-30 10:46 - 2015-01-30 10:46 - 00001747 _____ () C:\Users\Carlos Pascual\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2015-01-30 10:39 - 2015-02-17 19:20 - 00000000 ____D () C:\Users\Carlos Pascual\AppData\Roaming\Spotify
2015-01-29 13:56 - 2015-01-29 13:57 - 03777336 _____ (http://smile-files.com) C:\Users\Carlos Pascual\Downloads\Transcribe!_8.40.0_downloader.exe
2015-01-29 13:53 - 2015-01-29 13:53 - 02280320 _____ (Seventh String Software ) C:\Users\Carlos Pascual\Downloads\xscsetup (2).exe
2015-01-29 13:52 - 2015-01-29 13:53 - 02280320 _____ (Seventh String Software ) C:\Users\Carlos Pascual\Downloads\xscsetup (1).exe
2015-01-27 19:44 - 2015-01-27 20:13 - 00038088 _____ () C:\Users\Public\going down electrica.mx5
2015-01-25 16:12 - 2015-01-25 16:12 - 00001248 _____ () C:\Users\Carlos Pascual\AppData\Roaming\YLCI
2015-01-23 17:56 - 2015-01-23 17:56 - 00035200 _____ () C:\Users\Public\Conrad.mx5
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-02-21 16:29 - 2010-10-05 17:30 - 00000000 ____D () C:\Program Files\Acoustica Shared Effects
2015-02-21 16:00 - 2010-01-04 11:46 - 00000954 _____ () C:\Users\Carlos Pascual\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-21 15:56 - 2008-01-21 08:11 - 01652678 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-02-21 15:55 - 2010-01-05 10:56 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2015-02-21 15:54 - 2013-10-09 18:56 - 00500720 _____ () C:\Windows\PFRO.log
2015-02-21 15:52 - 2010-01-04 11:38 - 00000000 ____D () C:\Users\Carlos Pascual
2015-02-21 15:45 - 2010-04-08 08:02 - 00000586 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-02-21 15:45 - 2010-03-19 11:51 - 00000586 _____ () C:\Users\Public\Desktop\Opera.lnk
2015-02-21 15:22 - 2010-01-04 18:20 - 01853677 _____ () C:\Windows\WindowsUpdate.log
2015-02-21 15:10 - 2010-03-22 19:41 - 00001356 _____ () C:\Users\Carlos Pascual\AppData\Local\d3d9caps.dat
2015-02-21 15:09 - 2014-02-23 19:32 - 00000000 ____D () C:\Users\Carlos Pascual\AppData\Roaming\vlc
2015-02-21 15:07 - 2010-11-15 21:01 - 00000000 ____D () C:\Users\Public\Youtube
2015-02-21 14:55 - 2006-11-02 13:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-21 14:55 - 2006-11-02 12:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-21 14:55 - 2006-11-02 12:47 - 00003216 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-21 13:33 - 2006-11-02 11:18 - 00000000 ___RD () C:\Users\Public
2015-02-20 23:21 - 2006-11-02 12:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
2015-02-20 18:54 - 2010-01-06 17:21 - 00090624 _____ () C:\Users\Carlos Pascual\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-20 16:52 - 2006-11-02 11:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-02-20 16:51 - 2011-12-03 10:24 - 00000833 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Songr.lnk
2015-02-20 16:51 - 2011-12-03 10:24 - 00000000 ____D () C:\Program Files\Songr
2015-02-20 08:40 - 2010-02-05 17:16 - 00001084 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-18 16:59 - 2010-12-23 12:56 - 00000000 ____D () C:\Windows\pss
2015-02-18 13:46 - 2010-01-06 22:12 - 00000000 ____D () C:\QUARANTINE
2015-02-18 08:41 - 2010-02-05 17:16 - 00001088 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-18 08:38 - 2010-01-05 19:17 - 00000000 ____D () C:\Users\Carlos Pascual\AppData\Roaming\Skype
2015-02-18 08:22 - 2006-11-02 13:01 - 00032588 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-18 00:24 - 2006-11-02 11:18 - 00000000 ____D () C:\Windows\tracing
2015-02-17 23:55 - 2013-12-06 18:09 - 00000458 ____H () C:\Windows\Tasks\Norton Security Scan for Carlos Pascual.job
2015-02-17 01:55 - 2008-09-06 14:53 - 00000000 ____D () C:\Program Files\Common Files\InstallShield
2015-02-17 01:55 - 2008-09-06 14:50 - 00000000 ____D () C:\Program Files\InstallShield Installation Information
2015-02-15 17:56 - 2013-12-06 18:09 - 00000000 ____D () C:\ProgramData\Norton
2015-02-14 09:13 - 2006-11-02 12:47 - 03729760 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-13 20:55 - 2010-01-04 11:38 - 00103576 _____ () C:\Users\Carlos Pascual\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-13 14:41 - 2014-11-04 10:23 - 00000000 ___DC () C:\WAV To MP3
2015-02-13 14:41 - 2014-11-04 10:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WAV To MP3
2015-02-12 06:18 - 2013-08-08 21:50 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-12 06:10 - 2008-09-06 15:20 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-12 06:10 - 2006-11-02 10:24 - 113756392 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2015-02-07 21:23 - 2014-06-06 18:24 - 00000000 ____D () C:\Users\Carlos Pascual\AppData\Local\Cuevana
2015-02-05 13:37 - 2012-07-02 22:03 - 00000000 ____D () C:\Users\Carlos Pascual\fotosserias
2015-02-02 23:23 - 2014-01-31 12:41 - 00000000 ___RD () C:\Users\Carlos Pascual\Dropbox
2015-01-29 15:32 - 2010-01-04 16:30 - 00000000 ____D () C:\Users\Carlos Pascual\AppData\Local\Adobe
 
==================== Files in the root of some directories =======
 
2015-01-25 16:12 - 2015-01-25 16:12 - 0001248 _____ () C:\Users\Carlos Pascual\AppData\Roaming\YLCI
2010-03-22 19:41 - 2015-02-21 15:10 - 0001356 _____ () C:\Users\Carlos Pascual\AppData\Local\d3d9caps.dat
2010-01-06 17:21 - 2015-02-20 18:54 - 0090624 _____ () C:\Users\Carlos Pascual\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-04 11:48 - 2014-11-04 11:48 - 0628432 _____ (CMI Limited) C:\Users\Carlos Pascual\AppData\Local\nsx4FD9.tmp
2014-11-04 10:34 - 2014-11-04 10:34 - 0612994 _____ (CMI Limited) C:\Users\Carlos Pascual\AppData\Local\nsz6CC9.tmp
2011-01-20 23:02 - 2011-01-20 23:02 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
 
Some content of TEMP:
====================
C:\Users\Carlos Pascual\AppData\Local\Temp\Quarantine.exe
C:\Users\Carlos Pascual\AppData\Local\Temp\Show Hidden Files Windows Vist Downloader__3687_i1470730311_il1208919.exe
C:\Users\Carlos Pascual\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-02-21 16:10
 
==================== End Of Log ============================

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 21-02-2015
Ran by Carlos Pascual at 2015-02-21 16:46:46
Running from C:\Users\Carlos Pascual\Downloads
Boot Mode: Safe Mode (with Networking)
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-2009512261-3591854202-2081583451-1000\...\uTorrent) (Version: 3.4.2.37754 - BitTorrent Inc.)
2007 Microsoft Office system (HKLM\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Acoustica Effects Pack (HKLM\...\Acoustica Effects Pack) (Version: 3.0 - Acoustica, Inc)
Acoustica Mixcraft 5 (HKLM\...\Acoustica Mixcraft 5) (Version:  - Acoustica)
Activation Assistant for the 2007 Microsoft Office suites (HKLM\...\Activation Assistant for the 2007 Microsoft Office suites) (Version:  - Microsoft Corporation)
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0 - Microsoft Corporation) Hidden
Adobe Acrobat 9 Pro - Italiano, Español, Nederlands, Português (HKLM\...\{AC76BA86-1040-7D70-7760-000000000004}{AC76BA86-1040-7D70-7760-000000000004}) (Version: 9.0.0 - Adobe Systems)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)
Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Download Assistant (HKLM\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.0.5 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 10.0.45.2 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.1.102.55 - Adobe Systems Incorporated)
Adobe Premiere Pro CS5.5 (HKLM\...\{0497EAED-70DA-4BBE-BEB3-AF77FD8788EA}) (Version: 5.5 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) - Español (HKLM\...\{AC76BA86-7AD7-1034-7B44-AA1000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.6.147 - Adobe Systems, Inc.)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.2.303.101 - ALPS ELECTRIC CO., LTD)
Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asistencia de seguridad de TOSHIBA (HKLM\...\{1E63ACB5-D45E-4856-8FC9-78F4B0D7BB80}) (Version: 2.0.4 - TOSHIBA)
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v6.10.10(T) - TOSHIBA CORPORATION)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Camera Assistant Software for Toshiba (HKLM\...\{37C866E4-AA67-4725-9E95-A39968DD7960}) (Version: 1.7.212.0819L - Chicony Electronics Co.,Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 4.06 - Piriform)
Cinema_Plus_v1.4V21.02 (HKLM\...\Cinema_Plus_v1.4V21.02) (Version: 1.36.01.22 - Cinema_Plus_v1.4V21.02)
Compatibilidad con Aplicaciones de Apple (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Compresor WinRAR (HKLM\...\WinRAR archiver) (Version:  - )
Controlador de Touch (HKLM\...\Touch Driver) (Version:  - )
Cuevana Storm versión 0.3b (HKLM\...\{2AFB4518-E1D7-4D74-B4FC-C65AE00E531D}_is1) (Version: 0.3b - Cuevana)
Desinstalación de CopyTrans Suite solamente (HKU\S-1-5-21-2009512261-3591854202-2081583451-1000\...\CopyTrans Suite) (Version: 2.33 - WindSolutions)
Facebook Video Calling 1.2.0.287 (HKLM\...\{B92C5909-1D37-4C51-8397-A28BB28E5DC3}) (Version: 1.2.287 - Skype Limited)
Galería fotográfica de Windows Live (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 40.0.2214.111 - Google Inc.)
Google Talk Plugin (HKLM\...\{DDB824DA-C431-3A3E-B997-F4B5539838FC}) (Version: 4.7.0.15362 - Google)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
Herramienta de carga de Windows Live (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.238 - SurfRight B.V.)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Intel® Management Engine Interface (HKLM\...\HECI) (Version:  - Intel Corporation)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version:  - )
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
iTunes (HKLM\...\{C197BC08-3D82-4651-8886-E68C21578A38}) (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Java™ 6 Update 6 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160060}) (Version: 1.6.0.60 - Sun Microsystems, Inc.)
Java™ SE Development Kit 6 Update 13 (HKLM\...\{32A3A4F4-B792-11D6-A78A-00B0D0160130}) (Version: 1.6.0.130 - Sun Microsystems, Inc.)
Malwarebytes Anti-Malware versión 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Manuales de TOSHIBA (HKLM\...\{F037967A-5121-4FD5-92E0-9E87C6E50304}) (Version: 7.40 - TOSHIBA)
McAfee AntiSpyware Enterprise Module (HKLM\...\McAfee Anti-Spyware Enterprise Module) (Version: 8.5.0.163 - McAfee, Inc.)
McAfee Security Scan (HKLM\...\McAfee Security Scan) (Version:  - )
McAfee VirusScan Enterprise (HKLM\...\{35C03C04-3F1F-42C2-A989-A757EE691F65}) (Version: 8.6.0 - McAfee, Inc.)
Medidor de consumo de energía (Version: 1.0.0.9 - TOSHIBA Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Excel 2007 Help Actualización (KB963678) (HKLM\...\{90120000-0016-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{59E09C3D-4878-47D9-87DB-6D0018026889}) (Version:  - Microsoft)
Microsoft Office Excel 2007 Help Actualización (KB963678) (HKLM\...\{90120000-0016-0C0A-0000-0000000FF1CE}_PROPLUS_{59E09C3D-4878-47D9-87DB-6D0018026889}) (Version:  - Microsoft)
Microsoft Office Outlook 2007 Help Actualización (KB963677) (HKLM\...\{90120000-001A-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{59C244C2-0C37-4E85-8F7E-DBDD3958B694}) (Version:  - Microsoft)
Microsoft Office Outlook 2007 Help Actualización (KB963677) (HKLM\...\{90120000-001A-0C0A-0000-0000000FF1CE}_PROPLUS_{59C244C2-0C37-4E85-8F7E-DBDD3958B694}) (Version:  - Microsoft)
Microsoft Office Powerpoint 2007 Help Actualización (KB963669) (HKLM\...\{90120000-0018-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{F318245D-05AE-4681-A749-A036CE44AF29}) (Version:  - Microsoft)
Microsoft Office Powerpoint 2007 Help Actualización (KB963669) (HKLM\...\{90120000-0018-0C0A-0000-0000000FF1CE}_PROPLUS_{F318245D-05AE-4681-A749-A036CE44AF29}) (Version:  - Microsoft)
Microsoft Office Professional Plus 2007 (HKLM\...\PROPLUS) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Word 2007 Help Actualización (KB963665) (HKLM\...\{90120000-001B-0C0A-0000-0000000FF1CE}_PROHYBRIDR_{377BA42A-1C84-45D6-94B8-6D00887D172D}) (Version:  - Microsoft)
Microsoft Office Word 2007 Help Actualización (KB963665) (HKLM\...\{90120000-001B-0C0A-0000-0000000FF1CE}_PROPLUS_{377BA42A-1C84-45D6-94B8-6D00887D172D}) (Version:  - Microsoft)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
MSXML 4.0 SP2 (KB941833) (HKLM\...\{C523D256-313D-4866-B36A-F3DE528246EF}) (Version: 4.20.9849.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MySQL Connector J (HKLM\...\{F5816AB0-8B0A-4956-9005-8187E245E262}) (Version: 5.1.24 - Oracle Corporation)
MySQL Connector Net 6.6.5 (HKLM\...\{1AAD0C51-CE9E-4ECD-BB2D-6981472569B1}) (Version: 6.6.5 - Oracle)
Norton Security Scan (HKLM\...\NSS) (Version: 4.1.0.28 - Symantec Corporation)
Opera 10.62 (HKLM\...\{18E65799-76BD-46EF-9E53-972FE5A40736}) (Version: 10.62 - Opera Software ASA)
OZ776 SCR Driver V1.1.4.202 (HKLM\...\InstallShield_{068B2432-7CF2-449C-97A6-95E16E7F4880}) (Version: 1.1.4.202 - O2Micro)
OZ776 SCR Driver V1.1.4.202 (Version: 1.1.4.202 - O2Micro) Hidden
Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41417}) (Version: 3.61.0 - dotPDN LLC)
Panda Cloud Cleaner (HKLM\...\{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1) (Version: 1.0.76 - Panda Security)
Paquete de idioma de Microsoft .NET Framework 3.5 SP1 - esn (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - esn) (Version:  - Microsoft Corporation)
PxMergeModule (Version: 1.00.0000 - Your Company Name) Hidden
QuickTime (HKLM\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5695 - Realtek Semiconductor Corp.)
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.05 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.54.05 - RICOH)
Silenciador de unidad de CD/DVD (HKLM\...\{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}) (Version: 2.02.05 - TOSHIBA)
Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.9.9216 - Skype Technologies S.A.)
Skype™ 7.0 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Songr (HKLM\...\Songr) (Version: 2.0.2330 - Xamasoft)
Sony PC Companion 2.10.245 (HKLM\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.245 - Sony)
SPCA1528 PC Driver (HKLM\...\{570C2A84-A145-4DF0-AE9D-012584DF09DC}) (Version: 2.2.2.0 - sunplus)
SpeedFan (remove only) (HKLM\...\SpeedFan) (Version:  - )
Spotify (HKU\S-1-5-21-2009512261-3591854202-2081583451-1000\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
SSHVnc (HKLM\...\SSHVnc) (Version: 0.0.1.3 - 3sp)
SweetIM for Messenger 3.3 (HKLM\...\{1D301950-EA2F-4882-9AA0-49467756842A}) (Version: 3.3.0007 - SweetIM Technologies Ltd.) <==== ATTENTION
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Tecnología de gestión activa Intel® (HKLM\...\MESOL) (Version:  - Intel Corporation)
TOSHIBA Assist (HKLM\...\{12B3A009-A080-4619-9A2A-C6DB151D8D67}) (Version: 2.01.08 - TOSHIBA)
TOSHIBA ConfigFree (HKLM\...\{0D5D0BEE-FBA9-4928-A50D-6CDFAB827755}) (Version: 7.2.20 - TOSHIBA Corporation)
TOSHIBA Diagnóstico de refrigeración (HKLM\...\InstallShield_{7F3B0E97-447F-4199-84E3-7745BAA2E497}) (Version: 1.00.04 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.0.1.3 - TOSHIBA Corporation)
TOSHIBA DVD PLAYER (HKLM\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 1.40.20 - TOSHIBA Corporation)
TOSHIBA Extended Tiles for Windows Mobility Center (HKLM\...\InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}) (Version: 1.01.00 - Toshiba)
TOSHIBA F3507g Mobile Broadband Device (HKLM\...\{3A52E924-A331-4020-9E70-0270B37E8899}) (Version: 5.0.1047.15 - TOSHIBA)
TOSHIBA Face Recognition (HKLM\...\InstallShield_{C730E42C-935A-45BB-A0C5-37E5234D111B}) (Version: 2.0.16.32 - TOSHIBA Corporation)
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.0.2.5 - TOSHIBA Corporation)
Toshiba Online Product Information (HKLM\...\{2290A680-4083-410A-ADCC-7092C67FC052}) (Version: 1.00.0012 - TOSHIBA)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.0.6.0 - TOSHIBA Corporation)
TOSHIBA Recovery Disc Creator (HKLM\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.0.0.2 - TOSHIBA)
TOSHIBA SD Memory Boot Utility (HKLM\...\{BBF5493A-05FB-4449-90DE-84A61EB78154}) (Version: 1.3.1.2 - TOSHIBA)
TOSHIBA SD Memory Utilities (HKLM\...\{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}) (Version: 1.8.1.4 - TOSHIBA)
TOSHIBA Software Modem (HKLM\...\TOSHIBA Software Modem) (Version: 2.1.77 (SM2177ALD04) - Agere Systems)
TOSHIBA Tablet PC Extension (HKLM\...\InstallShield_{3FA13137-DE7F-47CF-ABC8-6BE20863E329}) (Version: 1.0.0.8 - TOSHIBA Corporation)
Toshiba TEMPRO (HKLM\...\{03FAA727-E2B7-471C-AC41-2E1C7F29C7EA}) (Version: 1.2 - Toshiba Europe GmbH)
TOSHIBA USB Sleep and Charge Utility (HKLM\...\{E487EE7D-EAAA-4E2A-9116-E3B477D8A74F}) (Version: 1.0.10.0 - TOSHIBA)
TOSHIBA Value Added Package (HKLM\...\InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}) (Version: 1.1.26 - TOSHIBA Corporation)
TOSHIBA Wireless Key Logon (HKLM\...\{FC4C645F-8EBC-4F1E-A517-D1505B43A374}) (Version: 3.0.0.6 - TOSHIBA Corporation)
TOSHIBA Wireless Manager (HKLM\...\{943D9211-567E-4DD1-83AD-9A25A6FB0E92}) (Version: 5.2.1047.46 - TOSHIBA)
TRDCReminder (HKLM\...\InstallShield_{773970F1-5EBA-4474-ADEE-1EA3B0A59492}) (Version: 1.00.0015 - TOSHIBA)
TRDCReminder (Version: 1.00.0015 - TOSHIBA) Hidden
TRORDCLauncher (HKLM\...\InstallShield_{E65C7D8E-186D-484B-BEA8-DEF0331CE600}) (Version: 1.0.0.1 - TOSHIBA)
TRORDCLauncher (Version: 1.0.0.1 - TOSHIBA) Hidden
TrueSuite Access Manager (HKLM\...\{A2075A09-28AA-4D30-9BCC-82EAD9FA51BD}) (Version: 2.01.22.00 - ABIG)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0011-0000-0000-0000000FF1CE}_PROPLUS_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Utilidad para inicio de sesión con código de acceso al Tablet PC TOSHIBA (HKLM\...\{AC971CEE-1480-479D-81AF-1CB4D10467B0}) (Version: 2.00.09 - TOSHIBA)
Vegas Pro 11.0 (HKLM\...\{B6B60BAE-0296-11E2-BDFE-F04DA23A5C58}) (Version: 11.0.700 - Sony)
VLC media player 2.1.1 (HKLM\...\VLC media player) (Version: 2.1.1 - VideoLAN)
VSO Media Player_0.2.1.412 (HKLM\...\{EE403F12-3D1D-45EE-864D-32C30BFDFFD8}_is1) (Version: 0.2.1.412 - VSO Software)
WAV To MP3 V2 (HKLM\...\WAV To MP3_is1) (Version:  - http://www.WAVMP3.net)
Windows Live Asistente para el inicio de sesión (HKLM\...\{7593234B-2AEB-4FC9-B02D-C9B30D86084C}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Sync (HKLM\...\{914DD274-9C5D-44CA-9AC7-12B8D2D4DA08}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Yamaha Steinberg USB Driver (HKLM\...\InstallShield_{E6335A49-D510-4576-B52A-2CF4F3762717}) (Version: 1.8.0 - Yamaha Corporation)
Yamaha Steinberg USB Driver (Version: 1.8.0 - Yamaha Corporation) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2009512261-3591854202-2081583451-1000_Classes\CLSID\{00b7e0ab-817a-44ad-a04b-d1148d524136}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2009512261-3591854202-2081583451-1000_Classes\CLSID\{022105BD-948A-40C9-AB42-A3300DDF097F}\localserver32 -> "C:\Users\Carlos Pascual\AppData\Local\Google\Update\GoogleUpdate.exe" No File
CustomCLSID: HKU\S-1-5-21-2009512261-3591854202-2081583451-1000_Classes\CLSID\{1FD1FE74-9E3C-4C1C-AEEB-AAB592AD770F}\localserver32 -> "C:\Users\Carlos Pascual\AppData\Local\Facebook\Update\FacebookUpdate.exe" No File
CustomCLSID: HKU\S-1-5-21-2009512261-3591854202-2081583451-1000_Classes\CLSID\{22181302-A8A6-4F84-A541-E5CBFC70CC43}\localserver32 -> C:\Users\Carlos Pascual\AppData\Local\Google\Update\1.3.21.165\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2009512261-3591854202-2081583451-1000_Classes\CLSID\{2F0E2680-9FF5-43C0-B76E-114A56E93598}\localserver32 -> C:\Users\Carlos Pascual\AppData\Local\Google\Update\1.3.21.165\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2009512261-3591854202-2081583451-1000_Classes\CLSID\{39125640-8D80-11DC-A2FE-C5C455D89593}\InprocServer32 -> C:\Users\Carlos Pascual\AppData\Local\Google\Google Talk Plugin\googletalkax.dll (Google)
CustomCLSID: HKU\S-1-5-21-2009512261-3591854202-2081583451-1000_Classes\CLSID\{51F9E8EF-59D7-475B-A106-C7EA6F30C119}\localserver32 -> C:\Users\Carlos Pascual\AppData\Local\Google\Update\1.3.21.165\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2009512261-3591854202-2081583451-1000_Classes\CLSID\{5E71E4F3-E8C7-4906-9626-973E418762B6}\InprocServer32 -> C:\Users\Carlos Pascual\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll (Facebook Inc.)
CustomCLSID: HKU\S-1-5-21-2009512261-3591854202-2081583451-1000_Classes\CLSID\{6D7374DE-63AA-473C-8C02-60D9CDCD84C5}\InprocServer32 -> C:\Users\Carlos Pascual\AppData\Local\Google\Update\1.3.21.153\psuser.dll No File
CustomCLSID: HKU\S-1-5-21-2009512261-3591854202-2081583451-1000_Classes\CLSID\{7c6e29bc-8b8b-4c3d-859e-af6cd158be0f}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2009512261-3591854202-2081583451-1000_Classes\CLSID\{88d969c0-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2009512261-3591854202-2081583451-1000_Classes\CLSID\{88d969c1-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2009512261-3591854202-2081583451-1000_Classes\CLSID\{88d969c2-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2009512261-3591854202-2081583451-1000_Classes\CLSID\{88d969c3-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2009512261-3591854202-2081583451-1000_Classes\CLSID\{88d969c4-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2009512261-3591854202-2081583451-1000_Classes\CLSID\{88d969c5-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2009512261-3591854202-2081583451-1000_Classes\CLSID\{88d969c6-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2009512261-3591854202-2081583451-1000_Classes\CLSID\{88d969c8-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2009512261-3591854202-2081583451-1000_Classes\CLSID\{88d969c9-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2009512261-3591854202-2081583451-1000_Classes\CLSID\{88d969ca-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2009512261-3591854202-2081583451-1000_Classes\CLSID\{88d969d6-f192-11d4-a65f-0040963251e5}\InprocServer32 -> C:\Windows\system32\msxml4.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2009512261-3591854202-2081583451-1000_Classes\CLSID\{9793fbbf-e9db-3b01-b322-3430cbcf3cd5}\InprocServer32 -> C:\Users\Carlos Pascual\AppData\Local\Google\Google Talk Plugin\gtpo3d_host.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2009512261-3591854202-2081583451-1000_Classes\CLSID\{A54D478D-4F70-4F72-9A74-17C9986E35AB}\InprocServer32 -> C:\Users\Carlos Pascual\AppData\Local\Google\Update\1.3.21.165\psuser.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2009512261-3591854202-2081583451-1000_Classes\CLSID\{AB9F4455-E591-4132-A386-0B91EAEDB96C}\InprocServer32 -> C:\Users\Carlos Pascual\AppData\Local\Google\Google Talk Plugin\o1dax.dll (Google)
CustomCLSID: HKU\S-1-5-21-2009512261-3591854202-2081583451-1000_Classes\CLSID\{C3101A8B-0EE1-4612-BFE9-41FFC1A3C19D}\InprocServer32 -> C:\Users\Carlos Pascual\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2009512261-3591854202-2081583451-1000_Classes\CLSID\{C442AC41-9200-4770-8CC0-7CDB4F245C55}\InprocServer32 -> C:\Users\Carlos Pascual\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2009512261-3591854202-2081583451-1000_Classes\CLSID\{CBE9C57E-FFA9-4123-8354-AD360D6DD3CC}\InprocServer32 -> C:\Users\Carlos Pascual\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CustomCLSID: HKU\S-1-5-21-2009512261-3591854202-2081583451-1000_Classes\CLSID\{E67BE843-BBBE-4484-95FB-05271AE86750}\localserver32 -> C:\Users\Carlos Pascual\AppData\Local\Google\Update\1.3.21.165\GoogleUpdateOnDemand.exe (Google Inc.)
CustomCLSID: HKU\S-1-5-21-2009512261-3591854202-2081583451-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Carlos Pascual\AppData\Local\Google\Update\1.3.21.165\psuser.dll (Google Inc.)
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2006-11-02 10:23 - 2006-09-18 21:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0A96AD08-256A-42F3-8236-9DB1E58D778D} - System32\Tasks\APSnotifierPP3 => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {183B28F8-3DBF-41D4-82C1-451D2C97C984} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {2ACC1E32-CD98-43EB-9B29-116C4853F439} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {30AA837B-AA4F-4C21-939C-0B928D7350B8} - System32\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3} => C:\Users\CARLOS~1\AppData\Local\Temp\Vgh.exe <==== ATTENTION
Task: {35538342-9F6B-4FE6-96ED-CC8D8713B0CF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-15] (Google Inc.)
Task: {3C2C04AF-F1FE-4EFF-ABF7-BDB0CE701555} - \LuckyTab No Task File <==== ATTENTION
Task: {46C1D4F0-37F3-4146-9DC9-695B83A2A119} - System32\Tasks\APSnotifierPP1 => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {4B961527-A53E-4042-B825-144AEE8A6A9D} - System32\Tasks\{7838F4B1-5116-4A4C-BD9F-8D2B86CFD92D} => pcalua.exe -a "F:\C&amp;C Renegade.exe" -d F:\
Task: {560598BB-4AF2-4461-9537-286903D5873E} - \{62C40AA6-4406-467a-A5A5-DFDF1B559B7A} No Task File <==== ATTENTION
Task: {5D864A7F-2CE1-4ED7-9F30-17A5F714300E} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-21] (Microsoft Corporation)
Task: {5E651493-802F-4140-9A59-0C4D747DDBA3} - System32\Tasks\{5C16174E-C840-40AE-87BA-56DA8E1AE7C5} => Iexplore.exe http://ui.skype.com/ui/0/4.1.0.179/es/abandoninstall?page=tsChrome&amp;installinfo=google-toolbar:notoffered;toolbarpresent,google-chrome:offered-installed
Task: {6724B0EC-6492-42AA-BB19-52672BAE9697} - System32\Tasks\Norton Security Scan for Carlos Pascual => C:\Program Files\Norton Security Scan\Engine\4.1.0.28\Nss.exe [2014-01-27] (Symantec Corporation)
Task: {826AD1F2-B2BB-4B9C-9A21-5E51E822F522} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2008-01-21] (Microsoft Corporation)
Task: {955FE442-1927-4794-8735-D252D507F228} - System32\Tasks\APSnotifierPP2 => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {CAE7FAF2-1BEC-463F-B06C-06AF59943DA6} - System32\Tasks\{92805EEC-2503-4DA6-8D5A-D0767AACB42B} => C:\Program Files\Skype\Phone\Skype.exe [2014-12-11] (Skype Technologies S.A.)
Task: {F61351BF-05B7-4E14-8B6D-98CE7FBE6CF4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-10-15] (Google Inc.)
Task: {FC4AFBF8-EB26-47CC-9C87-14844024555B} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd)
Task: {FDBCB76C-CF19-477A-98B3-C52942FABC6C} - \SmartWeb Upgrade Trigger Task No Task File <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserM_1_7_22_478699874-4155726479-3780505679-3006UA__313335343533353739392d34784145552a2a3423326c57.job => Wscript.exed//B C:\ProgramData\PastaLeadsAgent\startprocess.js pastaleadss.exe
Task: C:\Windows\Tasks\Norton Security Scan for Carlos Pascual.job => C:\PROGRA~1\NORTON~2\Engine\410~1.28\Nss.exe
Task: C:\Windows\Tasks\YLCI.job => C:\Users\Carlos Pascual\AppData\Roaming\YLCI.exe <==== ATTENTION
 
==================== Loaded Modules (whitelisted) ==============
 
2010-01-05 19:16 - 2007-01-17 16:36 - 00129024 _____ () C:\Program Files\WinRAR\rarext.dll
2015-02-06 01:02 - 2015-02-04 09:02 - 09170760 _____ () C:\Program Files\Google\Chrome\Application\40.0.2214.111\pdf.dll
2014-04-10 00:20 - 2014-02-10 11:44 - 04592128 _____ () C:\Users\Carlos Pascual\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libglesv2.dll
2014-04-10 00:20 - 2014-02-10 11:44 - 00112128 _____ () C:\Users\Carlos Pascual\AppData\Local\Google\Chrome\User Data\SwiftShader\3.2.6.45159\libegl.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\Carlos Pascual:zylomtest
AlternateDataStreams: C:\Users\Carlos Pascual:zylomtr{000HQ7FF-AD7A-3FG5-CHL5-24516UNKQ673}
AlternateDataStreams: C:\Users\Carlos Pascual\Downloads\DE PABLOS FERNANDEZDIEGO MR 15MAR MAD PHL (1).eml:OECustomProperty
AlternateDataStreams: C:\Users\Carlos Pascual\Downloads\DE PABLOS FERNANDEZDIEGO MR 15MAR MAD PHL (2).eml:OECustomProperty
AlternateDataStreams: C:\Users\Carlos Pascual\Downloads\DE PABLOS FERNANDEZDIEGO MR 15MAR MAD PHL (3).eml:OECustomProperty
AlternateDataStreams: C:\Users\Carlos Pascual\Downloads\DE PABLOS FERNANDEZDIEGO MR 15MAR MAD PHL (4).eml:OECustomProperty
AlternateDataStreams: C:\Users\Carlos Pascual\Downloads\DE PABLOS FERNANDEZDIEGO MR 15MAR MAD PHL (5).eml:OECustomProperty
AlternateDataStreams: C:\Users\Carlos Pascual\Downloads\DE PABLOS FERNANDEZDIEGO MR 15MAR MAD PHL.eml:OECustomProperty
AlternateDataStreams: C:\Users\Carlos Pascual\Downloads\DEPABLOSFERNANDEZDIEGOMR 15MAR MAD PHL (1).eml:OECustomProperty
AlternateDataStreams: C:\Users\Carlos Pascual\Downloads\DEPABLOSFERNANDEZDIEGOMR 15MAR MAD PHL (2).eml:OECustomProperty
AlternateDataStreams: C:\Users\Carlos Pascual\Downloads\DEPABLOSFERNANDEZDIEGOMR 15MAR MAD PHL.eml:OECustomProperty
AlternateDataStreams: C:\Users\Carlos Pascual\Downloads\FW RV Surrealismo..eml:OECustomProperty
AlternateDataStreams: C:\Users\Carlos Pascual\Downloads\PASCUAL MARTINCARLOS MR 15MAR MAD PHL (1).eml:OECustomProperty
AlternateDataStreams: C:\Users\Carlos Pascual\Downloads\PASCUAL MARTINCARLOS MR 15MAR MAD PHL (2).eml:OECustomProperty
AlternateDataStreams: C:\Users\Carlos Pascual\Downloads\PASCUAL MARTINCARLOS MR 15MAR MAD PHL (3).eml:OECustomProperty
AlternateDataStreams: C:\Users\Carlos Pascual\Downloads\PASCUAL MARTINCARLOS MR 15MAR MAD PHL (4).eml:OECustomProperty
AlternateDataStreams: C:\Users\Carlos Pascual\Downloads\PASCUAL MARTINCARLOS MR 15MAR MAD PHL (5).eml:OECustomProperty
AlternateDataStreams: C:\Users\Carlos Pascual\Downloads\PASCUAL MARTINCARLOS MR 15MAR MAD PHL (6).eml:OECustomProperty
AlternateDataStreams: C:\Users\Carlos Pascual\Downloads\PASCUAL MARTINCARLOS MR 15MAR MAD PHL (7).eml:OECustomProperty
AlternateDataStreams: C:\Users\Carlos Pascual\Downloads\PASCUAL MARTINCARLOS MR 15MAR MAD PHL (8).eml:OECustomProperty
AlternateDataStreams: C:\Users\Carlos Pascual\Downloads\PASCUAL MARTINCARLOS MR 15MAR MAD PHL.eml:OECustomProperty
AlternateDataStreams: C:\Users\Carlos Pascual\Downloads\PASCUALMARTINCARLOSMR 15MAR MAD PHL (1).eml:OECustomProperty
AlternateDataStreams: C:\Users\Carlos Pascual\Downloads\PASCUALMARTINCARLOSMR 15MAR MAD PHL (2).eml:OECustomProperty
AlternateDataStreams: C:\Users\Carlos Pascual\Downloads\PASCUALMARTINCARLOSMR 15MAR MAD PHL (3).eml:OECustomProperty
AlternateDataStreams: C:\Users\Carlos Pascual\Downloads\PASCUALMARTINCARLOSMR 15MAR MAD PHL (4).eml:OECustomProperty
AlternateDataStreams: C:\Users\Carlos Pascual\Downloads\PASCUALMARTINCARLOSMR 15MAR MAD PHL.eml:OECustomProperty
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AudioEndpointBuilder => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Audiosrv => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MMCSS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\{4D36E96C-E325-11CE-BFC1-08002BE10318} => ""="Sound, video and game controllers"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2009512261-3591854202-2081583451-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Carlos Pascual\Favorites\Pictures\Documents\Desktop\picasabackground.bmp
DNS Servers: 192.168.1.254
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk => C:\Windows\pss\Adobe Gamma.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth Manager.lnk => C:\Windows\pss\Bluetooth Manager.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan.lnk => C:\Windows\pss\McAfee Security Scan.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TOSHIBA Face Recognition Watcher.lnk => C:\Windows\pss\TOSHIBA Face Recognition Watcher.lnk.CommonStartup
MSCONFIG\startupreg: 00TCrdMain => %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: Apoint => C:\Program Files\Apoint2K\Apoint.exe
MSCONFIG\startupreg: ares => "C:\Program Files\Ares\Ares.exe" -h
MSCONFIG\startupreg: Button Disable => %ProgramFiles%\Toshiba\TOSHIBA Button Disable\TBD.exe
MSCONFIG\startupreg: Camera Assistant Software => "C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe" /start
MSCONFIG\startupreg: cfFncEnabler.exe => cfFncEnabler.exe
MSCONFIG\startupreg: FingerPrintNotifer => "C:\Program Files\TrueSuite Access Manager\FpNotifier.exe"
MSCONFIG\startupreg: Google EULA Launcher => c:\Program Files\Google\Google EULA\GoogleEULALauncher.exe IE PA
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: HSON => %ProgramFiles%\TOSHIBA\TBS\HSON.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: ITSecMng => %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: McAfeeUpdaterUI => "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
MSCONFIG\startupreg: NDSTray.exe => NDSTray.exe
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: picon => "C:\Program Files\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" -startup
MSCONFIG\startupreg: PwdBank => "C:\Program Files\TrueSuite Access Manager\PwdBank.exe"
MSCONFIG\startupreg: QNB2EB90WX => C:\Users\CARLOS~1\AppData\Local\Temp\Vgh.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RegistryBooster => "C:\Program Files\Uniblue\RegistryBooster\launcher.exe" delay 20000 
MSCONFIG\startupreg: RtHDVCpl => RtHDVCpl.exe
MSCONFIG\startupreg: ShStatEXE => "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
MSCONFIG\startupreg: SmoothView => %ProgramFiles%\Toshiba\SmoothView\SmoothView.exe
MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
MSCONFIG\startupreg: TAcelMgr => %ProgramFiles%\Toshiba\TOSHIBA Accelerometer Utilities\TAcelMgr\TAcelMgr.exe
MSCONFIG\startupreg: ThpSrv => C:\Windows\system32\thpsrv /logon
MSCONFIG\startupreg: topi => C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe -startup
MSCONFIG\startupreg: TosAutLk => C:\Program Files\TOSHIBA\WirelessKeyLogon\TosAutLk.exe -s
MSCONFIG\startupreg: TOSDCR => %ProgramFiles%\TOSHIBA\PasswordUtility\TOSDCR.exe
MSCONFIG\startupreg: Toshiba Registration => C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe
MSCONFIG\startupreg: Toshiba TEMPO => C:\Program Files\Toshiba TEMPRO\Toshiba.Tempo.UI.TrayApplication.exe
MSCONFIG\startupreg: TOSHIBA_3G_UTY => C:\Program Files\Toshiba\3GUty\TW3GCTRL.exe
MSCONFIG\startupreg: TPCHWMsg => %ProgramFiles%\TOSHIBA\TPHM\TPCHWMsg.exe
MSCONFIG\startupreg: TRot.exe => %ProgramFiles%\Toshiba\TOSHIBA Rotation Utility\TRot.exe
MSCONFIG\startupreg: TSkrMain => %ProgramFiles%\Toshiba\TOSHIBA Accelerometer Utilities\Shaker\TSkrMain.exe
MSCONFIG\startupreg: UsbMonitor => "C:\Program Files\TrueSuite Access Manager\usbnotify.exe"
 
==================== Accounts: =============================
 
Administrador (S-1-5-21-2009512261-3591854202-2081583451-500 - Administrator - Disabled)
Carlos Pascual (S-1-5-21-2009512261-3591854202-2081583451-1000 - Administrator - Enabled) => C:\Users\Carlos Pascual
England2 (S-1-5-21-2009512261-3591854202-2081583451-1026 - Administrator - Enabled) => C:\Users\England2
February (S-1-5-21-2009512261-3591854202-2081583451-1028 - Administrator - Enabled) => C:\Users\February
Invitado (S-1-5-21-2009512261-3591854202-2081583451-501 - Limited - Disabled)
Mixcraft England 1 (S-1-5-21-2009512261-3591854202-2081583451-1025 - Administrator - Enabled) => C:\Users\Mixcraft England 1
Mixcraft England Jan (S-1-5-21-2009512261-3591854202-2081583451-1027 - Administrator - Enabled) => C:\Users\Mixcraft England Jan
postgres (S-1-5-21-2009512261-3591854202-2081583451-1014 - Limited - Enabled) => C:\Users\postgres
 
==================== Faulty Device Manager Devices =============
 
Name: Adaptador ISATAP de Microsoft #5
Description: Adaptador ISATAP de Microsoft
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/21/2015 03:56:46 PM) (Source: Outlook) (EventID: 35) (User: )
Description: Error al determinar si el almacén está en el ámbito de rastreo (error=0x8007043c).
 
Error: (02/21/2015 03:56:46 PM) (Source: Outlook) (EventID: 34) (User: )
Description: No se pudo obtener el administrador de ámbito de rastreo. Error = 0x8007043c.
 
Error: (02/21/2015 03:56:39 PM) (Source: Outlook) (EventID: 35) (User: )
Description: Error al determinar si el almacén está en el ámbito de rastreo (error=0x8007043c).
 
Error: (02/21/2015 03:56:39 PM) (Source: Outlook) (EventID: 34) (User: )
Description: No se pudo obtener el administrador de ámbito de rastreo. Error = 0x8007043c.
 
Error: (02/21/2015 03:56:07 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 
Error: (02/21/2015 03:55:43 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\longhorn\com\complus\src\events\tier1\eventsystemobj.cpp458007043c
 
Error: (02/21/2015 03:53:14 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 512) (User: )
Description: 
Details:
Could not query the status of the EventSystem service.
 
System Error:
Se está cerrando el sistema.
 
Error: (02/21/2015 03:44:48 PM) (Source: MsiInstaller) (EventID: 11309) (User: CarlosPascual1)
Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt.  System error 3.  Verify that the file exists and that you can access it.
 
Error: (02/21/2015 03:42:20 PM) (Source: MsiInstaller) (EventID: 11309) (User: CarlosPascual1)
Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt.  System error 3.  Verify that the file exists and that you can access it.
 
Error: (02/21/2015 03:41:20 PM) (Source: MsiInstaller) (EventID: 11309) (User: CarlosPascual1)
Description: Product: Google Update Helper -- Error 1309. Error reading from file: C:\Program Files\globalUpdate\Update\1.3.25.0\Google\Update\RequiredFile.txt.  System error 3.  Verify that the file exists and that you can access it.
 
 
System errors:
=============
Error: (01/17/2010 09:51:00 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: mfetdik
 
Error: (01/17/2010 09:49:22 AM) (Source: HTTP) (EventID: 15016) (User: )
Description: \Device\Http\ReqQueueKerberos
 
Error: (01/17/2010 00:42:24 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: mfetdik
 
Error: (01/17/2010 00:40:49 AM) (Source: HTTP) (EventID: 15016) (User: )
Description: \Device\Http\ReqQueueKerberos
 
Error: (01/16/2010 02:29:26 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: mfetdik
 
Error: (01/16/2010 02:27:57 PM) (Source: HTTP) (EventID: 15016) (User: )
Description: \Device\Http\ReqQueueKerberos
 
Error: (01/16/2010 10:29:02 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: mfetdik
 
Error: (01/16/2010 10:27:25 AM) (Source: HTTP) (EventID: 15016) (User: )
Description: \Device\Http\ReqQueueKerberos
 
Error: (01/16/2010 00:37:43 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: mfetdik
 
Error: (01/16/2010 00:37:43 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: WTouch Service1
 
 
Microsoft Office Sessions:
=========================
Error: (02/26/2013 09:46:54 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1830 seconds with 660 seconds of active time.  This session ended with a crash.
 
Error: (01/10/2013 00:23:56 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 723 seconds with 0 seconds of active time.  This session ended with a crash.
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-02-21 16:46:37.324
  Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys porque el conjunto de hashes de imagen por página no se encuentra en el sistema.
 
  Date: 2015-02-21 16:46:37.075
  Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys porque el conjunto de hashes de imagen por página no se encuentra en el sistema.
 
  Date: 2015-02-21 16:46:36.825
  Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys porque el conjunto de hashes de imagen por página no se encuentra en el sistema.
 
  Date: 2015-02-21 16:46:36.572
  Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys porque el conjunto de hashes de imagen por página no se encuentra en el sistema.
 
  Date: 2015-02-21 16:46:36.182
  Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys porque el conjunto de hashes de imagen por página no se encuentra en el sistema.
 
  Date: 2015-02-21 16:46:35.933
  Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys porque el conjunto de hashes de imagen por página no se encuentra en el sistema.
 
  Date: 2015-02-21 16:46:35.683
  Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys porque el conjunto de hashes de imagen por página no se encuentra en el sistema.
 
  Date: 2015-02-21 16:46:35.434
  Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys porque el conjunto de hashes de imagen por página no se encuentra en el sistema.
 
  Date: 2015-02-21 16:46:13.161
  Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys porque el conjunto de hashes de imagen por página no se encuentra en el sistema.
 
  Date: 2015-02-21 16:46:12.911
  Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Windows\System32\drivers\mwac.sys porque el conjunto de hashes de imagen por página no se encuentra en el sistema.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™2 Duo CPU P8700 @ 2.53GHz
Percentage of memory in use: 37%
Total physical RAM: 2936.25 MB
Available physical RAM: 1829.22 MB
Total Pagefile: 6075.55 MB
Available Pagefile: 5332.31 MB
Total Virtual: 2047.88 MB
Available Virtual: 1917.29 MB
 
==================== Drives ================================
 
Drive c: (Vista) (Fixed) (Total:149.04 GB) (Free:19.77 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (TORO) (Removable) (Total:1.85 GB) (Free:0.02 GB) FAT
Drive e: (Data) (Fixed) (Total:147.58 GB) (Free:68.13 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: B853D9B7)
Partition 1: (Not Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Active) - (Size=149 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=147.6 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 1.9 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=1.9 GB) - (Type=06)
 
==================== End Of Log ============================


#6 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,054 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:10:07 PM

Posted 22 February 2015 - 09:47 AM

Hi CarlosPM,
 
We need to run a fix with FRST:

  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter.
  • Copy and paste the script below in the notepad document:​
BootExecute: autocheck autochk * PCloudBroom.exe \systemroot\system32\BroomData.bit
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
S2 pyfehube; C:\Users\Carlos Pascual\AppData\Local\80C20947-1424533583-DE11-8075-B05989029619\snswF558.tmp [229376 2015-02-21] () [File not signed]
S2 qizoxeni; C:\Users\Carlos Pascual\AppData\Roaming\80C20947-1424533423-DE11-8075-B05989029619\jnslE8C8.tmp [90624 2015-02-21] () [File not signed]
S2 gofikubi; C:\Users\Carlos Pascual\AppData\Roaming\80C20947-1424533423-DE11-8075-B05989029619\nsg9E99.tmpfs [X]
C:\Users\Carlos Pascual\AppData\Roaming\80C20947-1424533423-DE11-8075-B05989029619
C:\Users\Carlos Pascual\AppData\Local\80C20947-1424533583-DE11-8075-B05989029619
2010-01-06 17:21 - 2015-02-20 18:54 - 0090624 _____ () C:\Users\Carlos Pascual\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-04 11:48 - 2014-11-04 11:48 - 0628432 _____ (CMI Limited) C:\Users\Carlos Pascual\AppData\Local\nsx4FD9.tmp
2014-11-04 10:34 - 2014-11-04 10:34 - 0612994 _____ (CMI Limited) C:\Users\Carlos Pascual\AppData\Local\nsz6CC9.tmp
2011-01-20 23:02 - 2011-01-20 23:02 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
C:\Users\Carlos Pascual\AppData\Local\Temp\Show Hidden Files Windows Vist Downloader__3687_i1470730311_il1208919.exe
Task: {30AA837B-AA4F-4C21-939C-0B928D7350B8} - System32\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3} => C:\Users\CARLOS~1\AppData\Local\Temp\Vgh.exe <==== ATTENTION
Task: {3C2C04AF-F1FE-4EFF-ABF7-BDB0CE701555} - \LuckyTab No Task File <==== ATTENTION
C:\Users\CARLOS~1\AppData\Local\Temp\Vgh.exe
Task: {560598BB-4AF2-4461-9537-286903D5873E} - \{62C40AA6-4406-467a-A5A5-DFDF1B559B7A} No Task File <==== ATTENTION
Task: {FDBCB76C-CF19-477A-98B3-C52942FABC6C} - \SmartWeb Upgrade Trigger Task No Task File <==== ATTENTION
Task: C:\Windows\Tasks\YLCI.job => C:\Users\Carlos Pascual\AppData\Roaming\YLCI.exe <==== ATTENTION
C:\Users\Carlos Pascual\AppData\Roaming\YLCI.exe
AlternateDataStreams: C:\Users\Carlos Pascual:zylomtest
AlternateDataStreams: C:\Users\Carlos Pascual:zylomtr{000HQ7FF-AD7A-3FG5-CHL5-24516UNKQ673}
  • Save the file to your desktop and name it as fixlist.txt

Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run.
  • Please copy and paste the log in your next reply.

Reboot after the fix and let me know if you can boot into normal mode.
 
xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#7 CarlosPM

CarlosPM
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 22 February 2015 - 10:13 AM

Hi Toffee, thanks again for the patience!

 

I'm sorry but it's not working yet. When I restarted the computer in normal mode, it got stuck loading the user accounts. I tried again and it did the same.

This is the fixlog I got out of the fixlist:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 21-02-2015
Ran by Carlos Pascual at 2015-02-22 14:59:44 Run:2
Running from C:\Users\Carlos Pascual\Favorites\Pictures\Documents\Desktop\FRST
Loaded Profiles: Carlos Pascual (Available profiles: Carlos Pascual & postgres & Mixcraft England 1 & England2 & Mixcraft England Jan & February)
Boot Mode: Safe Mode (with Networking)
 
==============================================
 
Content of fixlist:
*****************
BootExecute: autocheck autochk * PCloudBroom.exe \systemroot\system32\BroomData.bit
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
S2 pyfehube; C:\Users\Carlos Pascual\AppData\Local\80C20947-1424533583-DE11-8075-B05989029619\snswF558.tmp [229376 2015-02-21] () [File not signed]
S2 qizoxeni; C:\Users\Carlos Pascual\AppData\Roaming\80C20947-1424533423-DE11-8075-B05989029619\jnslE8C8.tmp [90624 2015-02-21] () [File not signed]
S2 gofikubi; C:\Users\Carlos Pascual\AppData\Roaming\80C20947-1424533423-DE11-8075-B05989029619\nsg9E99.tmpfs [X]
C:\Users\Carlos Pascual\AppData\Roaming\80C20947-1424533423-DE11-8075-B05989029619
C:\Users\Carlos Pascual\AppData\Local\80C20947-1424533583-DE11-8075-B05989029619
2010-01-06 17:21 - 2015-02-20 18:54 - 0090624 _____ () C:\Users\Carlos Pascual\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-11-04 11:48 - 2014-11-04 11:48 - 0628432 _____ (CMI Limited) C:\Users\Carlos Pascual\AppData\Local\nsx4FD9.tmp
2014-11-04 10:34 - 2014-11-04 10:34 - 0612994 _____ (CMI Limited) C:\Users\Carlos Pascual\AppData\Local\nsz6CC9.tmp
2011-01-20 23:02 - 2011-01-20 23:02 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
C:\Users\Carlos Pascual\AppData\Local\Temp\Show Hidden Files Windows Vist Downloader__3687_i1470730311_il1208919.exe
Task: {30AA837B-AA4F-4C21-939C-0B928D7350B8} - System32\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3} => C:\Users\CARLOS~1\AppData\Local\Temp\Vgh.exe <==== ATTENTION
Task: {3C2C04AF-F1FE-4EFF-ABF7-BDB0CE701555} - \LuckyTab No Task File <==== ATTENTION
C:\Users\CARLOS~1\AppData\Local\Temp\Vgh.exe
Task: {560598BB-4AF2-4461-9537-286903D5873E} - \{62C40AA6-4406-467a-A5A5-DFDF1B559B7A} No Task File <==== ATTENTION
Task: {FDBCB76C-CF19-477A-98B3-C52942FABC6C} - \SmartWeb Upgrade Trigger Task No Task File <==== ATTENTION
Task: C:\Windows\Tasks\YLCI.job => C:\Users\Carlos Pascual\AppData\Roaming\YLCI.exe <==== ATTENTION
C:\Users\Carlos Pascual\AppData\Roaming\YLCI.exe
AlternateDataStreams: C:\Users\Carlos Pascual:zylomtest
AlternateDataStreams: C:\Users\Carlos Pascual:zylomtr{000HQ7FF-AD7A-3FG5-CHL5-24516UNKQ673}
*****************
 
HKLM\System\CurrentControlSet\Control\Session Manager\\BootExecute => Value was restored successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
pyfehube => Service deleted successfully.
qizoxeni => Service deleted successfully.
gofikubi => Service deleted successfully.
C:\Users\Carlos Pascual\AppData\Roaming\80C20947-1424533423-DE11-8075-B05989029619 => Moved successfully.
C:\Users\Carlos Pascual\AppData\Local\80C20947-1424533583-DE11-8075-B05989029619 => Moved successfully.
C:\Users\Carlos Pascual\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => Moved successfully.
C:\Users\Carlos Pascual\AppData\Local\nsx4FD9.tmp => Moved successfully.
C:\Users\Carlos Pascual\AppData\Local\nsz6CC9.tmp => Moved successfully.
C:\ProgramData\ezsidmv.dat => Moved successfully.
C:\Users\Carlos Pascual\AppData\Local\Temp\Show Hidden Files Windows Vist Downloader__3687_i1470730311_il1208919.exe => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{30AA837B-AA4F-4C21-939C-0B928D7350B8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{30AA837B-AA4F-4C21-939C-0B928D7350B8}" => Key deleted successfully.
C:\Windows\System32\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{3C2C04AF-F1FE-4EFF-ABF7-BDB0CE701555}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3C2C04AF-F1FE-4EFF-ABF7-BDB0CE701555}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LuckyTab" => Key deleted successfully.
"C:\Users\CARLOS~1\AppData\Local\Temp\Vgh.exe" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{560598BB-4AF2-4461-9537-286903D5873E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{560598BB-4AF2-4461-9537-286903D5873E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FDBCB76C-CF19-477A-98B3-C52942FABC6C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FDBCB76C-CF19-477A-98B3-C52942FABC6C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SmartWeb Upgrade Trigger Task" => Key deleted successfully.
C:\Windows\Tasks\YLCI.job => Moved successfully.
"C:\Users\Carlos Pascual\AppData\Roaming\YLCI.exe" => File/Directory not found.
C:\Users\Carlos Pascual => ":zylomtest" ADS removed successfully.
C:\Users\Carlos Pascual => ":zylomtr{000HQ7FF-AD7A-3FG5-CHL5-24516UNKQ673}" ADS removed successfully.
 
==== End of Fixlog 14:59:45 ====


#8 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,054 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:10:07 PM

Posted 23 February 2015 - 03:43 PM

Hi CarlosPM,
 
Download Windows Repair (All in One) from this site
 
Install the program then run it.
 
NOTE 1. In Windows Vista, 7 and 8 right click on the program, click "Run As Administrator".
NOTE 2. Disable your antivirus program before running Windows Repair.

 
Go to Step 3 and click on Check button next to 1. See If Check Disk Is Needed.
If the tool indicates that the Check Disk is needed click on Do It button next to 2. Check Disk, then restart your computer.
 
1406373241-3-o.png
 
 
Once the above is done, go to Step 4 and allow it to run System File Check by clicking on the Do It button.
 
1406373250-4-o.png
 
 
Go to Step 5 and under"System Restore" click on Create button.
 
1406373259-5-o.png
 
 
Go to Start Repairs tab and click the Start button.
 
1406373267-start1-o.png
 
 
Leave the check marks as they are.
NOTE for Windows 8 users. Reset Registry Permissions is NOT checked by design.
 
Click on Start Repairs button.
 
1406373275-start2-o.png
 
 
After the repair finished, you may be prompted to restart the computer. Please allow it to do so.
 
Please post the Windows Repair log which is located in the following folder:
64-bit systems - C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Logs
32-bit systems - C:\Program Files\Tweaking.com\Windows Repair (All in One)\Logs
 
xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#9 CarlosPM

CarlosPM
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 23 February 2015 - 04:56 PM

Hi Toffee! Thank you once more! I did it all and tried to boot in normal mode but it's still getting stuck loading the user accounts.

This is the log I got out of the programme:

 

Tweaking.com - Windows Repair v2.11.1
--------------------------------------------------------------------------------
 
System Variables
--------------------------------------------------------------------------------
OS: Windows Vista ™ Business
OS Architecture: 32-bit
OS Version: 6.0.6002
OS Service Pack: Service Pack 2
Computer Name: CARLOSPASCUAL1
Windows Drive: C:\
Windows Path: C:\Windows
Program Files: C:\Program Files
Current Profile: C:\Users\Carlos Pascual
Current Profile SID: S-1-5-21-2009512261-3591854202-2081583451-1000
Current Profile Classes: S-1-5-21-2009512261-3591854202-2081583451-1000_Classes
Profiles Location: C:\Users
Profiles Location 2: C:\Windows\ServiceProfiles
Local Settings AppData: C:\Users\Carlos Pascual\AppData\Local
--------------------------------------------------------------------------------
 
System Information
--------------------------------------------------------------------------------
System Up Time: 0 Days 00:05:39
 
Process Count: 34
Commit Total: 690,55 MB
Commit Limit: 5,94 GB
Commit Peak: 693,53 MB
Handle Count: 9566
Kernel Total: 153,97 MB
Kernel Paged: 70,15 MB
Kernel Non Paged: 83,82 MB
System Cache: 589,23 MB
Thread Count: 463
--------------------------------------------------------------------------------
 
Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 2,87 GB
Memory Used: 873,19 MB(29,7384%)
Memory Avail.: 2,01 GB
--------------------------------------------------------------------------------
 
Cleaning Memory Before Starting Repairs...
 
Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 2,87 GB
Memory Used: 624,34 MB(21,2631%)
Memory Avail.: 2,26 GB
--------------------------------------------------------------------------------
 
Starting Repairs...
   Started at (23/02/2015 21:28:11)
 
Setting Any Missing 'InstallDate' From Uninstall Sections Before Running Repair...
Total Missing 'InstallDate' Fixed: 180
 
01 - Reset Registry Permissions 01/03
   HKEY_CURRENT_USER & Sub Keys
   Start (23/02/2015 21:28:16)
 
   You can tell the repair is working as SetACL_32.exe or SetACL_64.exe will be running.
 
   Running Repair Under Current User Account
   Done (23/02/2015 21:28:26)
 
01 - Reset Registry Permissions 02/03
   HKEY_LOCAL_MACHINE & Sub Keys
   Start (23/02/2015 21:28:26)
 
   You can tell the repair is working as SetACL_32.exe or SetACL_64.exe will be running.
 
   Running Repair Under System Account
   Done (23/02/2015 21:32:57)
 
01 - Reset Registry Permissions 03/03
   HKEY_CLASSES_ROOT & Sub Keys
   Start (23/02/2015 21:32:57)
 
   You can tell the repair is working as SetACL_32.exe or SetACL_64.exe will be running.
 
   Running Repair Under System Account
   Done (23/02/2015 21:33:47)
 
03 - Reset Service Permissions
   Start (23/02/2015 21:33:47)
 
   You can tell the repair is working as SetACL_32.exe or SetACL_64.exe will be running.
 
   Running Repair Under System Account
   Done (23/02/2015 21:33:52)
 
04 - Register System Files
   Start (23/02/2015 21:33:52)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (23/02/2015 21:34:14)
 
05 - Repair WMI
   Start (23/02/2015 21:34:14)
 
   Starting Security Center So We Can Export The Security Info.
 
   Exporting Antivirus Info...
   No Antivirus Products Reported.
 
   Exporting AntiSpyware Info...
   Windows Defender Exported.
 
   Exporting 3rd Party Firewall Info...
   No Firewall Products Reported.
 
   Running Repair Under Current User Account
   Done (23/02/2015 21:41:37)
 
06 - Repair Windows Firewall
   Start (23/02/2015 21:41:37)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (23/02/2015 21:42:05)
 
07 - Repair Internet Explorer
   Start (23/02/2015 21:42:05)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (23/02/2015 21:42:19)
 
08 - Repair MDAC/MS Jet
   Start (23/02/2015 21:42:19)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (23/02/2015 21:42:24)
 
09 - Repair Hosts File
   Start (23/02/2015 21:42:24)
   Running Repair Under System Account
   Done (23/02/2015 21:42:25)
 
10 - Remove Policies Set By Infections
   Start (23/02/2015 21:42:25)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (23/02/2015 21:42:28)
 
11 - Repair Start Menu Icons Removed By Infections
   Start (23/02/2015 21:42:28)
   Running Repair Under System Account
   Done (23/02/2015 21:42:29)
 
12 - Repair Icons
   Start (23/02/2015 21:42:29)
   Running Repair Under Current User Account
   Done (23/02/2015 21:42:31)
 
13 - Repair Winsock & DNS Cache
   Start (23/02/2015 21:42:31)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (23/02/2015 21:42:40)
 
15 - Repair Proxy Settings
   Start (23/02/2015 21:42:40)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (23/02/2015 21:42:43)
 
17 - Repair Windows Updates
   Start (23/02/2015 21:42:43)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Setting Windows Updates Files That Are In Use To Be Removed At Next Boot.
   Done (23/02/2015 21:43:21)
 
18 - Repair CD/DVD Missing/Not Working
   Start (23/02/2015 21:43:21)
   iTunes was found, adding UpperFilters for iTunes Reg Key
   UpperFilters added?: True
   Done (23/02/2015 21:43:21)
 
19 - Repair Volume Shadow Copy Service
   Start (23/02/2015 21:43:21)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (23/02/2015 21:43:49)
 
21 - Repair MSI (Windows Installer)
   Start (23/02/2015 21:43:49)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (23/02/2015 21:43:58)
 
23.01 - Repair bat Association
   Start (23/02/2015 21:43:58)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (23/02/2015 21:44:01)
 
23.02 - Repair cmd Association
   Start (23/02/2015 21:44:01)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (23/02/2015 21:44:03)
 
23.03 - Repair com Association
   Start (23/02/2015 21:44:03)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (23/02/2015 21:44:05)
 
23.04 - Repair Directory Association
   Start (23/02/2015 21:44:05)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (23/02/2015 21:44:07)
 
23.05 - Repair Drive Association
   Start (23/02/2015 21:44:07)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (23/02/2015 21:44:09)
 
23.06 - Repair exe Association
   Start (23/02/2015 21:44:09)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (23/02/2015 21:44:11)
 
23.07 - Repair Folder Association
   Start (23/02/2015 21:44:11)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (23/02/2015 21:44:13)
 
23.08 - Repair inf Association
   Start (23/02/2015 21:44:13)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (23/02/2015 21:44:15)
 
23.09 - Repair lnk (Shortcuts) Association
   Start (23/02/2015 21:44:15)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (23/02/2015 21:44:18)
 
23.10 - Repair msc Association
   Start (23/02/2015 21:44:18)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (23/02/2015 21:44:20)
 
23.11 - Repair reg Association
   Start (23/02/2015 21:44:20)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (23/02/2015 21:44:22)
 
23.12 - Repair scr Association
   Start (23/02/2015 21:44:22)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (23/02/2015 21:44:24)
 
24 - Repair Windows Safe Mode
   Start (23/02/2015 21:44:24)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (23/02/2015 21:44:26)
 
25 - Repair Print Spooler
   Start (23/02/2015 21:44:26)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (23/02/2015 21:44:30)
 
26 - Restore Important Windows Services
   Start (23/02/2015 21:44:30)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (23/02/2015 21:44:37)
 
27 - Set Windows Services To Default Startup
   Start (23/02/2015 21:44:37)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (23/02/2015 21:44:41)
 
   Skipping Repair.
   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
   Current version: 6.0
 
   Skipping Repair.
   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
   Current version: 6.0
 
   Skipping Repair.
   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
   Current version: 6.0
 
31 - Repair Windows 'New' Submenu
   Start (23/02/2015 21:44:41)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (23/02/2015 21:44:43)
 
Cleaning up empty logs...
 
All Selected Repairs Done.
   Done at (23/02/2015 21:44:43)
   Total Repair Time: 00:16:34
 
 
...YOU MUST RESTART YOUR SYSTEM...


#10 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,054 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:10:07 PM

Posted 26 February 2015 - 12:04 PM

Hi CarlosPM,

 

Do you have your windows CD?

 

When you say it gets stuck loading the user accounts, have you chosen the user account by this point, or does it freeze before then?

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#11 CarlosPM

CarlosPM
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 27 February 2015 - 05:58 AM

Hi Toffee!

 

No, unfortunately I don't have the Windows CD.

 

When it got stuck it was always (5 or 6 times that I tried to boot it in normal mode) before the user profile accounts were loaded.

I think once or twice it loaded the user accounts and I got through the log in and got stuck stuck afterwards.

 

Thanks!



#12 CarlosPM

CarlosPM
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 28 February 2015 - 05:44 AM

Hi again Toffee! I've just booted it in normal mode by mistake and this time it got through the user account login and "loaded the desktop". All I could see was a white screen with the pointing arrow. 

 

Thank you!



#13 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,054 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:10:07 PM

Posted 02 March 2015 - 03:12 PM

Hi CarlosPM,

 

Sorry about the delay, my fault.

 

Please download GSmartControl for Windows and save it to your desktop:

  • Unzip the folder to your desktop
  • Double click gsmartcontrol.exe
  • Allow the program to search for and list your hard drive(s)
  • Double click your drive
  • Go to the PERFORM TESTS tab
  • Make sure that the TEST TYPE is set to SHORT SELF-TEST
  • Click the EXECUTE button
  • After the test completes, click the VIEW OUTPUT button and copy and paste the contents in your reply

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#14 CarlosPM

CarlosPM
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 03 March 2015 - 12:45 PM

Hi Toffee! :) 

 

Thanks again! I thought you had given up already haha

 

This is the output I got from the program:

 

smartctl 5.43 2012-06-30 r3573 [i686-w64-mingw32-vista-sp2] (sf-5.43-1)
Copyright © 2002-12 by Bruce Allen, http://smartmontools.sourceforge.net
 
=== START OF INFORMATION SECTION ===
Model Family:     Hitachi Travelstar 7K320
Device Model:     Hitachi HTS723232L9A360
Serial Number:    090816FC1420NEH98ZRG
LU WWN Device Id: 5 000cca 582d25098
Firmware Version: FC4OC30F
User Capacity:    320.072.933.376 bytes [320 GB]
Sector Size:      512 bytes logical/physical
Device is:        In smartctl database [for details use: -P show]
ATA Version is:   8
ATA Standard is:  ATA-8-ACS revision 3f
Local Time is:    Tue Mar 03 17:41:22 2015 HGMT
SMART support is: Available - device has SMART capability.
SMART support is: Enabled
 
=== START OF READ SMART DATA SECTION ===
SMART overall-health self-assessment test result: PASSED
 
General SMART Values:
Offline data collection status:  (0x00) Offline data collection activity
was never started.
Auto Offline Data Collection: Disabled.
Self-test execution status:      (   0) The previous self-test routine completed
without error or no self-test has ever 
been run.
Total time to complete Offline 
data collection: (  645) seconds.
Offline data collection
capabilities: (0x5b) SMART execute Offline immediate.
Auto Offline data collection on/off support.
Suspend Offline collection upon new
command.
Offline surface scan supported.
Self-test supported.
No Conveyance Self-test supported.
Selective Self-test supported.
SMART capabilities:            (0x0003) Saves SMART data before entering
power-saving mode.
Supports SMART auto save timer.
Error logging capability:        (0x01) Error logging supported.
General Purpose Logging supported.
Short self-test routine 
recommended polling time: (   2) minutes.
Extended self-test routine
recommended polling time: (  96) minutes.
SCT capabilities:       (0x003d) SCT Status supported.
SCT Error Recovery Control supported.
SCT Feature Control supported.
SCT Data Table supported.
 
SMART Attributes Data Structure revision number: 16
Vendor Specific SMART Attributes with Thresholds:
ID# ATTRIBUTE_NAME          FLAG     VALUE WORST THRESH TYPE      UPDATED  WHEN_FAILED RAW_VALUE
  1 Raw_Read_Error_Rate     0x000b   100   100   011    Pre-fail  Always       -       0
  2 Throughput_Performance  0x0005   100   100   005    Pre-fail  Offline      -       0
  3 Spin_Up_Time            0x0007   215   215   007    Pre-fail  Always       -       1
  4 Start_Stop_Count        0x0012   097   097   018    Old_age   Always       -       5498
  5 Reallocated_Sector_Ct   0x0033   100   100   051    Pre-fail  Always       -       1
  7 Seek_Error_Rate         0x000b   100   100   011    Pre-fail  Always       -       0
  8 Seek_Time_Performance   0x0005   100   100   005    Pre-fail  Offline      -       0
  9 Power_On_Hours          0x0012   072   072   018    Old_age   Always       -       12685
 10 Spin_Retry_Count        0x0013   100   100   019    Pre-fail  Always       -       0
 12 Power_Cycle_Count       0x0032   097   097   050    Old_age   Always       -       5276
191 G-Sense_Error_Rate      0x000a   100   100   010    Old_age   Always       -       0
192 Power-Off_Retract_Count 0x0032   099   099   050    Old_age   Always       -       4294902046
193 Load_Cycle_Count        0x0012   092   092   018    Old_age   Always       -       80921
194 Temperature_Celsius     0x0002   137   137   002    Old_age   Always       -       40 (Min/Max 12/60)
196 Reallocated_Event_Count 0x0032   100   100   050    Old_age   Always       -       1
197 Current_Pending_Sector  0x0022   100   100   034    Old_age   Always       -       0
198 Offline_Uncorrectable   0x0008   100   100   008    Old_age   Offline      -       0
199 UDMA_CRC_Error_Count    0x000a   200   200   010    Old_age   Always       -       4
223 Load_Retry_Count        0x000a   100   100   010    Old_age   Always       -       0
 
SMART Error Log Version: 1
ATA Error Count: 15 (device log contains only the most recent five errors)
CR = Command Register [HEX]
FR = Features Register [HEX]
SC = Sector Count Register [HEX]
SN = Sector Number Register [HEX]
CL = Cylinder Low Register [HEX]
CH = Cylinder High Register [HEX]
DH = Device/Head Register [HEX]
DC = Device Command Register [HEX]
ER = Error register [HEX]
ST = Status register [HEX]
Powered_Up_Time is measured from power on, and printed as
DDd+hh:mm:SS.sss where DD=days, hh=hours, mm=minutes,
SS=sec, and sss=millisec. It "wraps" after 49.710 days.
 
Error 15 occurred at disk power-on lifetime: 12480 hours (520 days + 0 hours)
  When the command that caused the error occurred, the device was active or idle.
 
  After command completion occurred, registers were:
  ER ST SC SN CL CH DH
  -- -- -- -- -- -- --
  10 51 08 e0 89 fa 40  Error: IDNF at LBA = 0x00fa89e0 = 16419296
 
  Commands leading to the command that caused the error were:
  CR FR SC SN CL CH DH DC   Powered_Up_Time  Command/Feature_Name
  -- -- -- -- -- -- -- --  ----------------  --------------------
  60 08 38 e0 89 fa 40 00      00:35:47.100  READ FPDMA QUEUED
  60 08 30 c8 50 9c 40 00      00:35:47.000  READ FPDMA QUEUED
  60 08 28 90 5f 6b 40 00      00:35:47.000  READ FPDMA QUEUED
  60 08 20 e8 b2 b5 40 00      00:35:47.000  READ FPDMA QUEUED
  60 08 18 18 4b 3f 40 00      00:35:47.000  READ FPDMA QUEUED
 
Error 14 occurred at disk power-on lifetime: 12480 hours (520 days + 0 hours)
  When the command that caused the error occurred, the device was active or idle.
 
  After command completion occurred, registers were:
  ER ST SC SN CL CH DH
  -- -- -- -- -- -- --
  10 51 08 40 8a fa 40  Error: IDNF at LBA = 0x00fa8a40 = 16419392
 
  Commands leading to the command that caused the error were:
  CR FR SC SN CL CH DH DC   Powered_Up_Time  Command/Feature_Name
  -- -- -- -- -- -- -- --  ----------------  --------------------
  60 08 68 40 8a fa 40 00      00:35:43.800  READ FPDMA QUEUED
  60 08 60 a0 4c 9c 40 00      00:35:43.800  READ FPDMA QUEUED
  60 08 58 50 cf ae 40 00      00:35:43.700  READ FPDMA QUEUED
  60 08 50 c8 4c 9c 40 00      00:35:43.700  READ FPDMA QUEUED
  60 08 48 48 e9 1c 40 00      00:35:43.700  READ FPDMA QUEUED
 
Error 13 occurred at disk power-on lifetime: 12480 hours (520 days + 0 hours)
  When the command that caused the error occurred, the device was active or idle.
 
  After command completion occurred, registers were:
  ER ST SC SN CL CH DH
  -- -- -- -- -- -- --
  10 51 08 d0 7f fa 40  Error: IDNF at LBA = 0x00fa7fd0 = 16416720
 
  Commands leading to the command that caused the error were:
  CR FR SC SN CL CH DH DC   Powered_Up_Time  Command/Feature_Name
  -- -- -- -- -- -- -- --  ----------------  --------------------
  60 08 40 d0 7f fa 40 00      00:35:42.900  READ FPDMA QUEUED
  60 08 38 28 74 00 40 00      00:35:42.900  READ FPDMA QUEUED
  60 08 30 f0 f2 d5 40 00      00:35:42.900  READ FPDMA QUEUED
  60 08 28 28 4c 9c 40 00      00:35:42.800  READ FPDMA QUEUED
  60 08 20 08 72 3f 40 00      00:35:42.800  READ FPDMA QUEUED
 
Error 12 occurred at disk power-on lifetime: 12480 hours (520 days + 0 hours)
  When the command that caused the error occurred, the device was active or idle.
 
  After command completion occurred, registers were:
  ER ST SC SN CL CH DH
  -- -- -- -- -- -- --
  10 51 08 38 8a fa 40  Error: IDNF at LBA = 0x00fa8a38 = 16419384
 
  Commands leading to the command that caused the error were:
  CR FR SC SN CL CH DH DC   Powered_Up_Time  Command/Feature_Name
  -- -- -- -- -- -- -- --  ----------------  --------------------
  60 08 38 38 8a fa 40 00      00:34:58.100  READ FPDMA QUEUED
  60 08 30 f0 8a 9b 40 00      00:34:58.100  READ FPDMA QUEUED
  60 08 28 30 c3 44 40 00      00:34:58.100  READ FPDMA QUEUED
  60 08 20 20 a6 c7 40 00      00:34:58.100  READ FPDMA QUEUED
  60 08 18 c0 fc 35 40 00      00:34:58.100  READ FPDMA QUEUED
 
Error 11 occurred at disk power-on lifetime: 12477 hours (519 days + 21 hours)
  When the command that caused the error occurred, the device was active or idle.
 
  After command completion occurred, registers were:
  ER ST SC SN CL CH DH
  -- -- -- -- -- -- --
  10 51 08 88 8a fa 40  Error: IDNF at LBA = 0x00fa8a88 = 16419464
 
  Commands leading to the command that caused the error were:
  CR FR SC SN CL CH DH DC   Powered_Up_Time  Command/Feature_Name
  -- -- -- -- -- -- -- --  ----------------  --------------------
  60 08 88 88 8a fa 40 00      00:16:02.800  READ FPDMA QUEUED
  2f 00 01 10 00 00 40 00      00:16:02.800  READ LOG EXT
  60 08 80 88 8a fa 40 00      00:16:02.700  READ FPDMA QUEUED
  61 2d 78 00 7a ff 40 00      00:16:02.700  WRITE FPDMA QUEUED
  60 48 70 70 ba b7 40 00      00:16:02.700  READ FPDMA QUEUED
 
SMART Self-test log structure revision number 1
No self-tests have been logged.  [To run self-tests, use: smartctl -t]
 
 
SMART Selective self-test log data structure revision number 1
 SPAN  MIN_LBA  MAX_LBA  CURRENT_TEST_STATUS
    1        0        0  Not_testing
    2        0        0  Not_testing
    3        0        0  Not_testing
    4        0        0  Not_testing
    5        0        0  Not_testing
Selective self-test flags (0x0):
  After scanning selected spans, do NOT read-scan remainder of disk.
If Selective self-test is pending on power-up, resume after 0 minute delay.


#15 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,054 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:10:07 PM

Posted 05 March 2015 - 01:25 PM

Hi CarlosPM,

 

Any pink lines on the tab where it shows the data?

 

Press the windows key and R together at the same time, and type msconfig.exe in the Run box that appears. Press enter. Click on the Services tab, click to select the Hide all Microsoft services check box, and then click Disable all. Click OK, and then click Restart.

 

Are you able to load in normal mode now?

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users