Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Help with adware!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Help with adware!

Unread postby javier910 » July 14th, 2013, 12:40 pm

The logs you requested:

TDS

11:27:02.0728 7068 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
11:27:03.0270 7068 ============================================================
11:27:03.0270 7068 Current date / time: 2013/07/14 11:27:03.0270
11:27:03.0270 7068 SystemInfo:
11:27:03.0270 7068
11:27:03.0270 7068 OS Version: 6.1.7601 ServicePack: 1.0
11:27:03.0270 7068 Product type: Workstation
11:27:03.0271 7068 ComputerName: LUISJAVIER-PC
11:27:03.0271 7068 UserName: Luis Javier
11:27:03.0271 7068 Windows directory: C:\Windows
11:27:03.0271 7068 System windows directory: C:\Windows
11:27:03.0271 7068 Running under WOW64
11:27:03.0271 7068 Processor architecture: Intel x64
11:27:03.0271 7068 Number of processors: 2
11:27:03.0271 7068 Page size: 0x1000
11:27:03.0271 7068 Boot type: Normal boot
11:27:03.0271 7068 ============================================================
11:27:05.0588 7068 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x1E4843, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x5, Type 'K0', Flags 0x00000040
11:27:05.0601 7068 ============================================================
11:27:05.0601 7068 \Device\Harddisk0\DR0:
11:27:05.0601 7068 MBR partitions:
11:27:05.0601 7068 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
11:27:05.0601 7068 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x23ABC800
11:27:05.0602 7068 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x23B20800, BlocksNum 0x190D800
11:27:05.0602 7068 ============================================================
11:27:05.0682 7068 C: <-> \Device\Harddisk0\DR0\Partition2
11:27:05.0735 7068 D: <-> \Device\Harddisk0\DR0\Partition3
11:27:05.0735 7068 ============================================================
11:27:05.0735 7068 Initialize success
11:27:05.0735 7068 ============================================================
11:27:33.0055 4368 ============================================================
11:27:33.0055 4368 Scan started
11:27:33.0055 4368 Mode: Manual;
11:27:33.0055 4368 ============================================================
11:27:34.0303 4368 ================ Scan system memory ========================
11:27:34.0303 4368 System memory - ok
11:27:34.0303 4368 ================ Scan services =============================
11:27:34.0553 4368 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
11:27:34.0584 4368 1394ohci - ok
11:27:34.0662 4368 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
11:27:34.0709 4368 ACPI - ok
11:27:34.0771 4368 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
11:27:34.0771 4368 AcpiPmi - ok
11:27:34.0927 4368 [ ADDA5E1951B90D3D23C56D3CF0622ADC ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
11:27:34.0974 4368 AdobeARMservice - ok
11:27:35.0021 4368 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
11:27:35.0052 4368 adp94xx - ok
11:27:35.0099 4368 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
11:27:35.0130 4368 adpahci - ok
11:27:35.0146 4368 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
11:27:35.0192 4368 adpu320 - ok
11:27:35.0224 4368 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
11:27:35.0224 4368 AeLookupSvc - ok
11:27:35.0302 4368 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
11:27:35.0317 4368 AFD - ok
11:27:35.0364 4368 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
11:27:35.0380 4368 agp440 - ok
11:27:35.0442 4368 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
11:27:35.0458 4368 ALG - ok
11:27:35.0489 4368 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
11:27:35.0504 4368 aliide - ok
11:27:35.0520 4368 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
11:27:35.0520 4368 amdide - ok
11:27:35.0582 4368 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
11:27:35.0582 4368 AmdK8 - ok
11:27:35.0598 4368 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
11:27:35.0614 4368 AmdPPM - ok
11:27:35.0676 4368 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
11:27:35.0692 4368 amdsata - ok
11:27:35.0723 4368 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
11:27:35.0738 4368 amdsbs - ok
11:27:35.0770 4368 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
11:27:35.0770 4368 amdxata - ok
11:27:35.0848 4368 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
11:27:35.0863 4368 AppID - ok
11:27:35.0894 4368 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
11:27:35.0910 4368 AppIDSvc - ok
11:27:35.0957 4368 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll
11:27:35.0957 4368 Appinfo - ok
11:27:36.0113 4368 [ 018857EAD9A077A56AEDFC0E5EF7A24A ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:27:36.0144 4368 Apple Mobile Device - ok
11:27:36.0191 4368 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
11:27:36.0206 4368 arc - ok
11:27:36.0253 4368 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
11:27:36.0269 4368 arcsas - ok
11:27:36.0300 4368 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
11:27:36.0316 4368 AsyncMac - ok
11:27:36.0347 4368 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
11:27:36.0347 4368 atapi - ok
11:27:36.0612 4368 [ 96ABF88241F90FF647E55C934C55C2F1 ] athr C:\Windows\system32\DRIVERS\athrx.sys
11:27:36.0690 4368 athr - ok
11:27:36.0768 4368 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
11:27:36.0815 4368 AudioEndpointBuilder - ok
11:27:36.0846 4368 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
11:27:36.0846 4368 AudioSrv - ok
11:27:36.0940 4368 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
11:27:36.0955 4368 AxInstSV - ok
11:27:37.0002 4368 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
11:27:37.0033 4368 b06bdrv - ok
11:27:37.0080 4368 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
11:27:37.0127 4368 b57nd60a - ok
11:27:37.0252 4368 [ 01A24B415926BB5F772DBE12459D97DE ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
11:27:37.0298 4368 BBSvc - ok
11:27:37.0376 4368 [ 785DE7ABDA13309D6065305542829E76 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
11:27:37.0439 4368 BBUpdate - ok
11:27:37.0486 4368 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
11:27:37.0501 4368 BDESVC - ok
11:27:37.0517 4368 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
11:27:37.0532 4368 Beep - ok
11:27:37.0610 4368 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
11:27:37.0626 4368 BFE - ok
11:27:37.0688 4368 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
11:27:37.0751 4368 BITS - ok
11:27:37.0798 4368 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
11:27:37.0798 4368 blbdrive - ok
11:27:37.0907 4368 [ F832F1505AD8B83474BD9A5B1B985E01 ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe
11:27:37.0969 4368 Bonjour Service - ok
11:27:38.0032 4368 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
11:27:38.0047 4368 bowser - ok
11:27:38.0063 4368 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:27:38.0078 4368 BrFiltLo - ok
11:27:38.0078 4368 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:27:38.0094 4368 BrFiltUp - ok
11:27:38.0141 4368 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
11:27:38.0141 4368 Browser - ok
11:27:38.0172 4368 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
11:27:38.0188 4368 Brserid - ok
11:27:38.0219 4368 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
11:27:38.0234 4368 BrSerWdm - ok
11:27:38.0250 4368 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
11:27:38.0266 4368 BrUsbMdm - ok
11:27:38.0281 4368 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
11:27:38.0281 4368 BrUsbSer - ok
11:27:38.0328 4368 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
11:27:38.0328 4368 BTHMODEM - ok
11:27:38.0390 4368 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
11:27:38.0406 4368 bthserv - ok
11:27:38.0453 4368 [ D1787E11C6A0078DDEAF8CF3EE2AB293 ] CAXHWAZL C:\Windows\system32\DRIVERS\CAXHWAZL.sys
11:27:38.0468 4368 CAXHWAZL - ok
11:27:38.0500 4368 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
11:27:38.0515 4368 cdfs - ok
11:27:38.0578 4368 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
11:27:38.0593 4368 cdrom - ok
11:27:38.0671 4368 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
11:27:38.0671 4368 CertPropSvc - ok
11:27:38.0702 4368 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
11:27:38.0702 4368 circlass - ok
11:27:38.0749 4368 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
11:27:38.0749 4368 CLFS - ok
11:27:38.0827 4368 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:27:38.0968 4368 clr_optimization_v2.0.50727_32 - ok
11:27:39.0046 4368 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:27:39.0061 4368 clr_optimization_v2.0.50727_64 - ok
11:27:39.0170 4368 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:27:39.0389 4368 clr_optimization_v4.0.30319_32 - ok
11:27:39.0467 4368 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:27:39.0498 4368 clr_optimization_v4.0.30319_64 - ok
11:27:39.0529 4368 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
11:27:39.0545 4368 CmBatt - ok
11:27:39.0576 4368 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
11:27:39.0592 4368 cmdide - ok
11:27:39.0670 4368 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
11:27:39.0716 4368 CNG - ok
11:27:39.0794 4368 [ A44DFDB81DC62B11760881175E5B2266 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
11:27:39.0841 4368 CnxtHdAudService - ok
11:27:39.0904 4368 [ C7A0E61D5714AC20DE52D4F66EC773B8 ] Com4QLBEx C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
11:27:39.0982 4368 Com4QLBEx - ok
11:27:40.0013 4368 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
11:27:40.0028 4368 Compbatt - ok
11:27:40.0060 4368 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
11:27:40.0075 4368 CompositeBus - ok
11:27:40.0091 4368 COMSysApp - ok
11:27:40.0122 4368 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
11:27:40.0138 4368 crcdisk - ok
11:27:40.0200 4368 [ D8129C49798CBBFB2E4351D4B7B8EF9C ] CryptSvc C:\Windows\system32\cryptsvc.dll
11:27:40.0200 4368 CryptSvc - ok
11:27:40.0247 4368 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
11:27:40.0247 4368 DcomLaunch - ok
11:27:40.0309 4368 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
11:27:40.0340 4368 defragsvc - ok
11:27:40.0403 4368 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
11:27:40.0418 4368 DfsC - ok
11:27:40.0496 4368 [ 0B3F6C8F93C5C25977EA5A8B2E656357 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
11:27:40.0512 4368 dg_ssudbus - ok
11:27:40.0590 4368 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
11:27:40.0590 4368 Dhcp - ok
11:27:40.0637 4368 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
11:27:40.0637 4368 discache - ok
11:27:40.0684 4368 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
11:27:40.0699 4368 Disk - ok
11:27:40.0746 4368 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
11:27:40.0746 4368 Dnscache - ok
11:27:40.0808 4368 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
11:27:40.0840 4368 dot3svc - ok
11:27:40.0886 4368 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
11:27:40.0902 4368 Dot4 - ok
11:27:40.0964 4368 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\drivers\Dot4Prt.sys
11:27:40.0980 4368 Dot4Print - ok
11:27:41.0011 4368 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
11:27:41.0027 4368 dot4usb - ok
11:27:41.0074 4368 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
11:27:41.0105 4368 DPS - ok
11:27:41.0120 4368 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
11:27:41.0136 4368 drmkaud - ok
11:27:41.0214 4368 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
11:27:41.0308 4368 DXGKrnl - ok
11:27:41.0354 4368 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
11:27:41.0354 4368 EapHost - ok
11:27:41.0464 4368 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
11:27:41.0573 4368 ebdrv - ok
11:27:41.0635 4368 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
11:27:41.0635 4368 EFS - ok
11:27:41.0729 4368 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
11:27:41.0760 4368 ehRecvr - ok
11:27:41.0807 4368 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
11:27:41.0822 4368 ehSched - ok
11:27:41.0869 4368 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
11:27:41.0916 4368 elxstor - ok
11:27:41.0963 4368 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
11:27:41.0978 4368 ErrDev - ok
11:27:42.0041 4368 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
11:27:42.0056 4368 EventSystem - ok
11:27:42.0119 4368 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
11:27:42.0134 4368 exfat - ok
11:27:42.0166 4368 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
11:27:42.0181 4368 fastfat - ok
11:27:42.0259 4368 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
11:27:42.0275 4368 Fax - ok
11:27:42.0306 4368 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
11:27:42.0322 4368 fdc - ok
11:27:42.0353 4368 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
11:27:42.0369 4368 fdPHost - ok
11:27:42.0369 4368 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
11:27:42.0384 4368 FDResPub - ok
11:27:42.0431 4368 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
11:27:42.0447 4368 FileInfo - ok
11:27:42.0509 4368 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
11:27:42.0525 4368 Filetrace - ok
11:27:42.0649 4368 [ BB0667B0171B632B97EA759515476F07 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
11:27:42.0774 4368 FLEXnet Licensing Service - ok
11:27:42.0805 4368 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
11:27:42.0821 4368 flpydisk - ok
11:27:42.0868 4368 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
11:27:42.0899 4368 FltMgr - ok
11:27:42.0993 4368 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll
11:27:43.0055 4368 FontCache - ok
11:27:43.0149 4368 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:27:43.0211 4368 FontCache3.0.0.0 - ok
11:27:43.0242 4368 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
11:27:43.0258 4368 FsDepends - ok
11:27:43.0383 4368 [ DDEE99DC54EFA20BD5A442CD733C4462 ] FsUsbExDisk C:\Windows\SysWOW64\FsUsbExDisk.SYS
11:27:43.0414 4368 FsUsbExDisk - ok
11:27:43.0461 4368 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
11:27:43.0476 4368 Fs_Rec - ok
11:27:43.0554 4368 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
11:27:43.0554 4368 fvevol - ok
11:27:43.0601 4368 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
11:27:43.0617 4368 gagp30kx - ok
11:27:43.0695 4368 [ C44D560E441F091EA3B72F778EC60DE2 ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
11:27:43.0757 4368 GameConsoleService - ok
11:27:43.0788 4368 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:27:43.0804 4368 GEARAspiWDM - ok
11:27:43.0866 4368 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
11:27:43.0913 4368 gpsvc - ok
11:27:44.0007 4368 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:27:44.0053 4368 gupdate - ok
11:27:44.0069 4368 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:27:44.0069 4368 gupdatem - ok
11:27:44.0100 4368 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
11:27:44.0116 4368 hcw85cir - ok
11:27:44.0194 4368 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
11:27:44.0225 4368 HdAudAddService - ok
11:27:44.0256 4368 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
11:27:44.0272 4368 HDAudBus - ok
11:27:44.0303 4368 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
11:27:44.0319 4368 HidBatt - ok
11:27:44.0350 4368 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
11:27:44.0365 4368 HidBth - ok
11:27:44.0412 4368 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
11:27:44.0412 4368 HidIr - ok
11:27:44.0459 4368 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
11:27:44.0459 4368 hidserv - ok
11:27:44.0490 4368 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
11:27:44.0490 4368 HidUsb - ok
11:27:44.0537 4368 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
11:27:44.0537 4368 hkmsvc - ok
11:27:44.0599 4368 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
11:27:44.0631 4368 HomeGroupListener - ok
11:27:44.0662 4368 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
11:27:44.0677 4368 HomeGroupProvider - ok
11:27:44.0818 4368 [ BB1FC298BE53AAB1E110F6E786BD8AC5 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
11:27:44.0849 4368 HP Support Assistant Service - ok
11:27:44.0958 4368 [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
11:27:45.0005 4368 hpqcxs08 - ok
11:27:45.0036 4368 [ F3F72A2A86C22610BCA5439FA789DD52 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
11:27:45.0067 4368 hpqddsvc - ok
11:27:45.0114 4368 [ 9AF482D058BE59CC28BCE52E7C4B747C ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
11:27:45.0114 4368 HpqKbFiltr - ok
11:27:45.0223 4368 [ 9B7EDD3FE7C211C36E921D34D18A3A0A ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
11:27:45.0239 4368 hpqwmiex - ok
11:27:45.0301 4368 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
11:27:45.0333 4368 HpSAMD - ok
11:27:45.0411 4368 [ 447256D1C026654C5CD3CC17E7B20631 ] HsfXAudioService C:\Windows\SysWOW64\XAudio64.dll
11:27:45.0442 4368 HsfXAudioService - ok
11:27:45.0489 4368 [ 26C5D00321937E49B6BC91029947D094 ] HSF_DPV C:\Windows\system32\DRIVERS\CAX_DPV.sys
11:27:45.0535 4368 HSF_DPV - ok
11:27:45.0613 4368 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
11:27:45.0613 4368 HTTP - ok
11:27:45.0676 4368 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
11:27:45.0676 4368 hwpolicy - ok
11:27:45.0723 4368 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
11:27:45.0738 4368 i8042prt - ok
11:27:45.0816 4368 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
11:27:45.0863 4368 iaStorV - ok
11:27:45.0941 4368 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:27:46.0019 4368 idsvc - ok
11:27:46.0315 4368 [ 677AA5991026A65ADA128C4B59CF2BAD ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
11:27:46.0596 4368 igfx - ok
11:27:46.0643 4368 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
11:27:46.0643 4368 iirsp - ok
11:27:46.0705 4368 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
11:27:46.0737 4368 IKEEXT - ok
11:27:46.0783 4368 [ D485D3BD3E2179AA86853A182F70699F ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
11:27:46.0783 4368 IntcHdmiAddService - ok
11:27:46.0815 4368 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
11:27:46.0830 4368 intelide - ok
11:27:46.0877 4368 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
11:27:46.0893 4368 intelppm - ok
11:27:46.0924 4368 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
11:27:46.0939 4368 IPBusEnum - ok
11:27:46.0986 4368 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:27:47.0002 4368 IpFilterDriver - ok
11:27:47.0080 4368 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
11:27:47.0080 4368 iphlpsvc - ok
11:27:47.0127 4368 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
11:27:47.0142 4368 IPMIDRV - ok
11:27:47.0173 4368 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
11:27:47.0189 4368 IPNAT - ok
11:27:47.0298 4368 [ 9B812A3484D89EB934982D67FB7D9313 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
11:27:47.0361 4368 iPod Service - ok
11:27:47.0423 4368 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
11:27:47.0423 4368 IRENUM - ok
11:27:47.0470 4368 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
11:27:47.0485 4368 isapnp - ok
11:27:47.0548 4368 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
11:27:47.0579 4368 iScsiPrt - ok
11:27:47.0641 4368 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
11:27:47.0657 4368 kbdclass - ok
11:27:47.0704 4368 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
11:27:47.0719 4368 kbdhid - ok
11:27:47.0766 4368 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
11:27:47.0766 4368 KeyIso - ok
11:27:47.0813 4368 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
11:27:47.0844 4368 KSecDD - ok
11:27:47.0875 4368 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
11:27:47.0907 4368 KSecPkg - ok
11:27:47.0938 4368 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
11:27:47.0953 4368 ksthunk - ok
11:27:47.0985 4368 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
11:27:48.0031 4368 KtmRm - ok
11:27:48.0094 4368 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
11:27:48.0094 4368 LanmanServer - ok
11:27:48.0156 4368 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
11:27:48.0156 4368 LanmanWorkstation - ok
11:27:48.0234 4368 [ 47269F0DE1E5089C6F23BC1EC48CFC31 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
11:27:48.0265 4368 LightScribeService - ok
11:27:48.0297 4368 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
11:27:48.0297 4368 lltdio - ok
11:27:48.0328 4368 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
11:27:48.0359 4368 lltdsvc - ok
11:27:48.0390 4368 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
11:27:48.0406 4368 lmhosts - ok
11:27:48.0437 4368 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
11:27:48.0453 4368 LSI_FC - ok
11:27:48.0468 4368 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
11:27:48.0484 4368 LSI_SAS - ok
11:27:48.0515 4368 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:27:48.0515 4368 LSI_SAS2 - ok
11:27:48.0546 4368 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:27:48.0562 4368 LSI_SCSI - ok
11:27:48.0577 4368 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
11:27:48.0593 4368 luafv - ok
11:27:48.0655 4368 [ 0BB97D43299910CBFBA59C461B99B910 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
11:27:48.0671 4368 MBAMProtector - ok
11:27:48.0749 4368 [ 65085456FD9A74D7F1A999520C299ECB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
11:27:48.0811 4368 MBAMScheduler - ok
11:27:48.0843 4368 [ E0D7732F2D2E24B2DB3F67B6750295B8 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
11:27:48.0905 4368 MBAMService - ok
11:27:49.0014 4368 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
11:27:49.0030 4368 Mcx2Svc - ok
11:27:49.0045 4368 [ E4F44EC214B3E381E1FC844A02926666 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
11:27:49.0061 4368 mdmxsdk - ok
11:27:49.0092 4368 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
11:27:49.0108 4368 megasas - ok
11:27:49.0139 4368 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
11:27:49.0155 4368 MegaSR - ok
11:27:49.0186 4368 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
11:27:49.0186 4368 MMCSS - ok
11:27:49.0233 4368 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
11:27:49.0233 4368 Modem - ok
11:27:49.0264 4368 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
11:27:49.0264 4368 monitor - ok
11:27:49.0357 4368 [ 98A10AC4257A3BA48C9611338544EE49 ] MotoHelper C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
11:27:49.0997 4368 MotoHelper - ok
11:27:50.0059 4368 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
11:27:50.0075 4368 mouclass - ok
11:27:50.0137 4368 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
11:27:50.0137 4368 mouhid - ok
11:27:50.0215 4368 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
11:27:50.0215 4368 mountmgr - ok
11:27:50.0262 4368 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
11:27:50.0293 4368 mpio - ok
11:27:50.0325 4368 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
11:27:50.0340 4368 mpsdrv - ok
11:27:50.0403 4368 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
11:27:50.0434 4368 MpsSvc - ok
11:27:50.0481 4368 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
11:27:50.0512 4368 MRxDAV - ok
11:27:50.0605 4368 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
11:27:50.0637 4368 mrxsmb - ok
11:27:50.0683 4368 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:27:50.0715 4368 mrxsmb10 - ok
11:27:50.0730 4368 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:27:50.0746 4368 mrxsmb20 - ok
11:27:50.0793 4368 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
11:27:50.0808 4368 msahci - ok
11:27:50.0855 4368 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
11:27:50.0871 4368 msdsm - ok
11:27:50.0902 4368 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
11:27:50.0917 4368 MSDTC - ok
11:27:50.0964 4368 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
11:27:50.0964 4368 Msfs - ok
11:27:50.0980 4368 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
11:27:50.0995 4368 mshidkmdf - ok
11:27:51.0027 4368 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
11:27:51.0042 4368 msisadrv - ok
11:27:51.0089 4368 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
11:27:51.0105 4368 MSiSCSI - ok
11:27:51.0120 4368 msiserver - ok
11:27:51.0151 4368 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
11:27:51.0167 4368 MSKSSRV - ok
11:27:51.0183 4368 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
11:27:51.0183 4368 MSPCLOCK - ok
11:27:51.0198 4368 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
11:27:51.0214 4368 MSPQM - ok
11:27:51.0276 4368 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
11:27:51.0323 4368 MsRPC - ok
11:27:51.0354 4368 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
11:27:51.0370 4368 mssmbios - ok
11:27:51.0385 4368 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
11:27:51.0401 4368 MSTEE - ok
11:27:51.0432 4368 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
11:27:51.0432 4368 MTConfig - ok
11:27:51.0448 4368 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
11:27:51.0463 4368 Mup - ok
11:27:51.0510 4368 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
11:27:51.0526 4368 napagent - ok
11:27:51.0557 4368 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
11:27:51.0588 4368 NativeWifiP - ok
11:27:51.0651 4368 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
11:27:51.0651 4368 NDIS - ok
11:27:51.0682 4368 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
11:27:51.0697 4368 NdisCap - ok
11:27:51.0729 4368 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
11:27:51.0744 4368 NdisTapi - ok
11:27:51.0807 4368 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
11:27:51.0822 4368 Ndisuio - ok
11:27:51.0869 4368 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
11:27:51.0885 4368 NdisWan - ok
11:27:51.0931 4368 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
11:27:51.0947 4368 NDProxy - ok
11:27:52.0150 4368 [ B90E093E7A7250906F1054418B5339C0 ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
11:27:52.0243 4368 Nero BackItUp Scheduler 4.0 - ok
11:27:52.0290 4368 [ D5AC41AE382738483FAFFBD7E373D49A ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
11:27:52.0306 4368 Net Driver HPZ12 - ok
11:27:52.0353 4368 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
11:27:52.0368 4368 NetBIOS - ok
11:27:52.0415 4368 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
11:27:52.0415 4368 NetBT - ok
11:27:52.0446 4368 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
11:27:52.0462 4368 Netlogon - ok
11:27:52.0493 4368 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
11:27:52.0509 4368 Netman - ok
11:27:52.0540 4368 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
11:27:52.0571 4368 netprofm - ok
11:27:52.0602 4368 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:27:52.0727 4368 NetTcpPortSharing - ok
11:27:52.0899 4368 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
11:27:53.0086 4368 netw5v64 - ok
11:27:53.0117 4368 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
11:27:53.0133 4368 nfrd960 - ok
11:27:53.0179 4368 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
11:27:53.0195 4368 NlaSvc - ok
11:27:53.0226 4368 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
11:27:53.0242 4368 Npfs - ok
11:27:53.0289 4368 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
11:27:53.0304 4368 nsi - ok
11:27:53.0320 4368 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
11:27:53.0320 4368 nsiproxy - ok
11:27:53.0398 4368 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
11:27:53.0491 4368 Ntfs - ok
11:27:53.0523 4368 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
11:27:53.0538 4368 Null - ok
11:27:53.0569 4368 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
11:27:53.0585 4368 nvraid - ok
11:27:53.0616 4368 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
11:27:53.0632 4368 nvstor - ok
11:27:53.0694 4368 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
11:27:53.0710 4368 nv_agp - ok
11:27:53.0819 4368 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:27:53.0897 4368 odserv - ok
11:27:53.0928 4368 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
11:27:53.0944 4368 ohci1394 - ok
11:27:53.0991 4368 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:27:54.0022 4368 ose - ok
11:27:54.0069 4368 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
11:27:54.0084 4368 p2pimsvc - ok
11:27:54.0115 4368 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
11:27:54.0147 4368 p2psvc - ok
11:27:54.0178 4368 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
11:27:54.0193 4368 Parport - ok
11:27:54.0225 4368 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
11:27:54.0240 4368 partmgr - ok
11:27:54.0271 4368 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
11:27:54.0271 4368 PcaSvc - ok
11:27:54.0318 4368 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
11:27:54.0334 4368 pci - ok
11:27:54.0365 4368 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
11:27:54.0381 4368 pciide - ok
11:27:54.0412 4368 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
11:27:54.0443 4368 pcmcia - ok
11:27:54.0474 4368 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
11:27:54.0490 4368 pcw - ok
11:27:54.0521 4368 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
11:27:54.0552 4368 PEAUTH - ok
11:27:54.0583 4368 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
11:27:54.0599 4368 PerfHost - ok
11:27:54.0708 4368 [ 35045CA2AB16A08330450FC0C1BC5C54 ] Pharos Systems ComTaskMaster C:\PROGRA~2\PHAROS~1\Core\CTskMstr.exe
11:27:54.0786 4368 Pharos Systems ComTaskMaster - ok
11:27:54.0864 4368 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
11:27:54.0958 4368 pla - ok
11:27:55.0036 4368 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
11:27:55.0051 4368 PlugPlay - ok
11:27:55.0114 4368 [ 37F6046CDC630442D7DC087501FF6FC6 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
11:27:55.0129 4368 Pml Driver HPZ12 - ok
11:27:55.0145 4368 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
11:27:55.0161 4368 PNRPAutoReg - ok
11:27:55.0192 4368 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
11:27:55.0192 4368 PNRPsvc - ok
11:27:55.0254 4368 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
11:27:55.0285 4368 PolicyAgent - ok
11:27:55.0332 4368 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
11:27:55.0332 4368 Power - ok
11:27:55.0395 4368 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
11:27:55.0410 4368 PptpMiniport - ok
11:27:55.0457 4368 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
11:27:55.0457 4368 Processor - ok
11:27:55.0519 4368 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
11:27:55.0519 4368 ProfSvc - ok
11:27:55.0551 4368 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
11:27:55.0551 4368 ProtectedStorage - ok
11:27:55.0613 4368 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
11:27:55.0629 4368 Psched - ok
11:27:55.0660 4368 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
11:27:55.0675 4368 PxHlpa64 - ok
11:27:55.0753 4368 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
11:27:55.0831 4368 ql2300 - ok
11:27:55.0847 4368 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
11:27:55.0863 4368 ql40xx - ok
11:27:55.0894 4368 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
11:27:55.0909 4368 QWAVE - ok
11:27:55.0941 4368 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
11:27:55.0956 4368 QWAVEdrv - ok
11:27:55.0972 4368 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
11:27:55.0972 4368 RasAcd - ok
11:27:56.0019 4368 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
11:27:56.0034 4368 RasAgileVpn - ok
11:27:56.0050 4368 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
11:27:56.0050 4368 RasAuto - ok
11:27:56.0112 4368 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
11:27:56.0128 4368 Rasl2tp - ok
11:27:56.0190 4368 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
11:27:56.0221 4368 RasMan - ok
11:27:56.0237 4368 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
11:27:56.0253 4368 RasPppoe - ok
11:27:56.0284 4368 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
11:27:56.0299 4368 RasSstp - ok
11:27:56.0346 4368 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
11:27:56.0393 4368 rdbss - ok
11:27:56.0409 4368 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
11:27:56.0424 4368 rdpbus - ok
11:27:56.0440 4368 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
11:27:56.0440 4368 RDPCDD - ok
11:27:56.0455 4368 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
11:27:56.0455 4368 RDPENCDD - ok
11:27:56.0471 4368 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
11:27:56.0471 4368 RDPREFMP - ok
11:27:56.0518 4368 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
11:27:56.0565 4368 RDPWD - ok
11:27:56.0611 4368 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
11:27:56.0643 4368 rdyboost - ok
11:27:56.0689 4368 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
11:27:56.0689 4368 RemoteAccess - ok
11:27:56.0736 4368 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
11:27:56.0752 4368 RemoteRegistry - ok
11:27:56.0814 4368 [ 498EB62A160674E793FA40FD65390625 ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
11:27:56.0923 4368 RichVideo - ok
11:27:56.0923 4368 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
11:27:56.0923 4368 RpcEptMapper - ok
11:27:56.0955 4368 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
11:27:56.0970 4368 RpcLocator - ok
11:27:57.0033 4368 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
11:27:57.0033 4368 RpcSs - ok
11:27:57.0079 4368 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
11:27:57.0095 4368 rspndr - ok
11:27:57.0157 4368 [ 2DB8116D52B19216812C4E6D5D837810 ] RSUSBSTOR C:\Windows\System32\Drivers\RtsUStor.sys
11:27:57.0173 4368 RSUSBSTOR - ok
11:27:57.0220 4368 [ B49DC435AE3695BAC5623DD94B05732D ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
11:27:57.0235 4368 RTL8167 - ok
11:27:57.0251 4368 RtsUIR - ok
11:27:57.0282 4368 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
11:27:57.0282 4368 SamSs - ok
11:27:57.0438 4368 [ 07310DF9FD1A62790B5A011048D8E121 ] SAVAdminService C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
11:27:57.0438 4368 SAVAdminService - ok
11:27:57.0485 4368 [ C3999EF390EB460A636E9FFBA040BF8A ] SAVOnAccess C:\Windows\system32\DRIVERS\savonaccess.sys
11:27:57.0516 4368 SAVOnAccess - ok
11:27:57.0594 4368 [ D31E18B53B0E52C234568BB61EEC7940 ] SAVService C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
11:27:57.0657 4368 SAVService - ok
11:27:57.0688 4368 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
11:27:57.0719 4368 sbp2port - ok
11:27:57.0750 4368 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
11:27:57.0781 4368 SCardSvr - ok
11:27:57.0828 4368 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
11:27:57.0844 4368 scfilter - ok
11:27:57.0906 4368 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
11:27:57.0984 4368 Schedule - ok
11:27:58.0031 4368 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
11:27:58.0031 4368 SCPolicySvc - ok
11:27:58.0078 4368 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
11:27:58.0093 4368 sdbus - ok
11:27:58.0187 4368 [ 7D67AEABEB597C602EDB5B3AE316E96A ] sdcfilter C:\Windows\system32\DRIVERS\sdcfilter.sys
11:27:58.0203 4368 sdcfilter - ok
11:27:58.0249 4368 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
11:27:58.0265 4368 SDRSVC - ok
11:27:58.0312 4368 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
11:27:58.0327 4368 secdrv - ok
11:27:58.0374 4368 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
11:27:58.0390 4368 seclogon - ok
11:27:58.0421 4368 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
11:27:58.0437 4368 SENS - ok
11:27:58.0468 4368 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
11:27:58.0483 4368 SensrSvc - ok
11:27:58.0515 4368 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
11:27:58.0515 4368 Serenum - ok
11:27:58.0530 4368 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
11:27:58.0546 4368 Serial - ok
11:27:58.0593 4368 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
11:27:58.0608 4368 sermouse - ok
11:27:58.0733 4368 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
11:27:58.0749 4368 SessionEnv - ok
11:27:58.0780 4368 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
11:27:58.0795 4368 sffdisk - ok
11:27:58.0811 4368 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
11:27:58.0811 4368 sffp_mmc - ok
11:27:58.0827 4368 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
11:27:58.0827 4368 sffp_sd - ok
11:27:58.0873 4368 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
11:27:58.0873 4368 sfloppy - ok
11:27:58.0920 4368 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
11:27:58.0951 4368 SharedAccess - ok
11:27:58.0998 4368 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
11:27:59.0014 4368 ShellHWDetection - ok
11:27:59.0061 4368 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:27:59.0076 4368 SiSRaid2 - ok
11:27:59.0092 4368 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
11:27:59.0107 4368 SiSRaid4 - ok
11:27:59.0201 4368 [ 7C15061CD0372487903B07B9BB03AFAD ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
11:27:59.0622 4368 SkypeUpdate - ok
11:27:59.0653 4368 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
11:27:59.0669 4368 Smb - ok
11:27:59.0716 4368 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
11:27:59.0731 4368 SNMPTRAP - ok
11:27:59.0841 4368 [ 89F663C9ACA369C0E327C00D2C220AA9 ] Sophos AutoUpdate Service C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
11:27:59.0903 4368 Sophos AutoUpdate Service - ok
11:27:59.0997 4368 [ BD03374253F79CE7A716A870DC85BD84 ] Sophos Web Control Service C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
11:27:59.0997 4368 Sophos Web Control Service - ok
11:28:00.0075 4368 [ 69FBE35A8165ADBC313AA7F64B868CA1 ] SophosBootDriver C:\Windows\system32\DRIVERS\SophosBootDriver.sys
11:28:00.0090 4368 SophosBootDriver - ok
11:28:00.0121 4368 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
11:28:00.0121 4368 spldr - ok
11:28:00.0184 4368 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
11:28:00.0215 4368 Spooler - ok
11:28:00.0355 4368 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
11:28:00.0449 4368 sppsvc - ok
11:28:00.0480 4368 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
11:28:00.0480 4368 sppuinotify - ok
11:28:00.0527 4368 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
11:28:00.0574 4368 srv - ok
11:28:00.0605 4368 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
11:28:00.0667 4368 srv2 - ok
11:28:00.0714 4368 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
11:28:00.0745 4368 SrvHsfHDA - ok
11:28:00.0808 4368 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
11:28:00.0886 4368 SrvHsfV92 - ok
11:28:00.0917 4368 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
11:28:00.0948 4368 SrvHsfWinac - ok
11:28:01.0011 4368 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
11:28:01.0042 4368 srvnet - ok
11:28:01.0073 4368 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
11:28:01.0104 4368 SSDPSRV - ok
11:28:01.0120 4368 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
11:28:01.0135 4368 SstpSvc - ok
11:28:01.0229 4368 [ EA8F41484CCC5BA6A1455C2AD3D1BE3C ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
11:28:01.0245 4368 ssudmdm - ok
11:28:01.0291 4368 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
11:28:01.0307 4368 stexstor - ok
11:28:01.0369 4368 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
11:28:01.0401 4368 stisvc - ok
11:28:01.0432 4368 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
11:28:01.0447 4368 swenum - ok
11:28:01.0650 4368 [ FF4057FF51ED100C0003B2FE128C2194 ] swi_service C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
11:28:02.0118 4368 swi_service - ok
11:28:02.0337 4368 [ 79FF2406BB7EB7DACB12EE3DBF8F91AE ] swi_update_64 C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe
11:28:02.0493 4368 swi_update_64 - ok
11:28:02.0524 4368 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
11:28:02.0555 4368 swprv - ok
11:28:02.0602 4368 [ BCF305959B53B200CEB2AD25AD22F8A7 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
11:28:02.0633 4368 SynTP - ok
11:28:02.0727 4368 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
11:28:02.0773 4368 SysMain - ok
11:28:02.0820 4368 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
11:28:02.0836 4368 TabletInputService - ok
11:28:02.0883 4368 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
11:28:02.0914 4368 TapiSrv - ok
11:28:02.0945 4368 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
11:28:02.0961 4368 TBS - ok
11:28:03.0054 4368 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] Tcpip C:\Windows\system32\drivers\tcpip.sys
11:28:03.0163 4368 Tcpip - ok
11:28:03.0257 4368 [ 9849EA3843A2ADBDD1497E97A85D8CAE ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
11:28:03.0273 4368 TCPIP6 - ok
11:28:03.0304 4368 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
11:28:03.0319 4368 tcpipreg - ok
11:28:03.0366 4368 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
11:28:03.0382 4368 TDPIPE - ok
11:28:03.0429 4368 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
11:28:03.0444 4368 TDTCP - ok
11:28:03.0491 4368 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
11:28:03.0507 4368 tdx - ok
11:28:03.0553 4368 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
11:28:03.0569 4368 TermDD - ok
11:28:03.0647 4368 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
11:28:03.0663 4368 TermService - ok
11:28:03.0694 4368 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
11:28:03.0709 4368 Themes - ok
11:28:03.0741 4368 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
11:28:03.0741 4368 THREADORDER - ok
11:28:03.0756 4368 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
11:28:03.0772 4368 TrkWks - ok
11:28:03.0850 4368 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
11:28:03.0850 4368 TrustedInstaller - ok
11:28:03.0912 4368 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
11:28:03.0928 4368 tssecsrv - ok
11:28:03.0975 4368 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
11:28:03.0990 4368 TsUsbFlt - ok
11:28:04.0053 4368 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
11:28:04.0068 4368 tunnel - ok
11:28:04.0115 4368 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
11:28:04.0131 4368 uagp35 - ok
11:28:04.0177 4368 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
11:28:04.0209 4368 udfs - ok
11:28:04.0255 4368 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
11:28:04.0271 4368 UI0Detect - ok
11:28:04.0302 4368 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
11:28:04.0302 4368 uliagpkx - ok
11:28:04.0365 4368 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
11:28:04.0380 4368 umbus - ok
11:28:04.0411 4368 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
11:28:04.0427 4368 UmPass - ok
11:28:04.0443 4368 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
11:28:04.0458 4368 upnphost - ok
11:28:04.0489 4368 [ F724B03C3DFAACF08D17D38BF3333583 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
11:28:04.0505 4368 USBAAPL64 - ok
11:28:04.0536 4368 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
11:28:04.0552 4368 usbccgp - ok
11:28:04.0583 4368 USBCCID - ok
11:28:04.0645 4368 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
11:28:04.0661 4368 usbcir - ok
11:28:04.0692 4368 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
11:28:04.0708 4368 usbehci - ok
11:28:04.0770 4368 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
11:28:04.0801 4368 usbhub - ok
11:28:04.0817 4368 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
11:28:04.0817 4368 usbohci - ok
11:28:04.0864 4368 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
11:28:04.0879 4368 usbprint - ok
11:28:04.0911 4368 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
11:28:04.0911 4368 usbscan - ok
11:28:04.0957 4368 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:28:04.0957 4368 USBSTOR - ok
11:28:05.0004 4368 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
11:28:05.0004 4368 usbuhci - ok
11:28:05.0067 4368 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
11:28:05.0067 4368 usbvideo - ok
11:28:05.0113 4368 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
11:28:05.0113 4368 UxSms - ok
11:28:05.0129 4368 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
11:28:05.0129 4368 VaultSvc - ok
11:28:05.0176 4368 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
11:28:05.0191 4368 vdrvroot - ok
11:28:05.0238 4368 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
11:28:05.0269 4368 vds - ok
11:28:05.0301 4368 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
11:28:05.0316 4368 vga - ok
11:28:05.0332 4368 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
11:28:05.0347 4368 VgaSave - ok
11:28:05.0379 4368 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
11:28:05.0410 4368 vhdmp - ok
11:28:05.0425 4368 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
11:28:05.0441 4368 viaide - ok
11:28:05.0472 4368 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
11:28:05.0488 4368 volmgr - ok
11:28:05.0519 4368 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
11:28:05.0535 4368 volmgrx - ok
11:28:05.0566 4368 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
11:28:05.0597 4368 volsnap - ok
11:28:05.0659 4368 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
11:28:05.0691 4368 vsmraid - ok
11:28:05.0784 4368 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
11:28:05.0862 4368 VSS - ok
11:28:05.0893 4368 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
11:28:05.0909 4368 vwifibus - ok
11:28:05.0940 4368 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
11:28:05.0940 4368 vwififlt - ok
11:28:05.0987 4368 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
11:28:05.0987 4368 W32Time - ok
11:28:06.0003 4368 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
11:28:06.0018 4368 WacomPen - ok
11:28:06.0081 4368 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
11:28:06.0096 4368 WANARP - ok
11:28:06.0112 4368 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
11:28:06.0112 4368 Wanarpv6 - ok
11:28:06.0190 4368 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
11:28:06.0268 4368 WatAdminSvc - ok
11:28:06.0361 4368 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
11:28:06.0424 4368 wbengine - ok
11:28:06.0455 4368 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
11:28:06.0486 4368 WbioSrvc - ok
11:28:06.0533 4368 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
11:28:06.0549 4368 wcncsvc - ok
11:28:06.0580 4368 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
11:28:06.0580 4368 WcsPlugInService - ok
11:28:06.0627 4368 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
11:28:06.0627 4368 Wd - ok
11:28:06.0689 4368 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
11:28:06.0736 4368 Wdf01000 - ok
11:28:06.0783 4368 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
11:28:06.0798 4368 WdiServiceHost - ok
11:28:06.0798 4368 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
11:28:06.0798 4368 WdiSystemHost - ok
11:28:06.0845 4368 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
11:28:06.0861 4368 WebClient - ok
11:28:06.0892 4368 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
11:28:06.0923 4368 Wecsvc - ok
11:28:06.0954 4368 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
11:28:06.0954 4368 wercplsupport - ok
11:28:06.0985 4368 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
11:28:06.0985 4368 WerSvc - ok
11:28:07.0017 4368 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
11:28:07.0032 4368 WfpLwf - ok
11:28:07.0048 4368 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
11:28:07.0063 4368 WIMMount - ok
11:28:07.0126 4368 [ A6EA7A3FC4B00F48535B506DB1E86EFD ] winachsf C:\Windows\system32\DRIVERS\CAX_CNXT.sys
11:28:07.0141 4368 winachsf - ok
11:28:07.0173 4368 WinDefend - ok
11:28:07.0188 4368 WinHttpAutoProxySvc - ok
11:28:07.0235 4368 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
11:28:07.0297 4368 Winmgmt - ok
11:28:07.0407 4368 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
11:28:07.0485 4368 WinRM - ok
11:28:07.0563 4368 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
11:28:07.0578 4368 WinUsb - ok
11:28:07.0641 4368 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
11:28:07.0703 4368 Wlansvc - ok
11:28:07.0750 4368 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
11:28:07.0765 4368 WmiAcpi - ok
11:28:07.0812 4368 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
11:28:07.0843 4368 wmiApSrv - ok
11:28:07.0875 4368 WMPNetworkSvc - ok
11:28:07.0890 4368 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
11:28:07.0953 4368 WPCSvc - ok
11:28:08.0124 4368 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
11:28:08.0187 4368 WPDBusEnum - ok
11:28:08.0218 4368 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
11:28:08.0218 4368 ws2ifsl - ok
11:28:08.0233 4368 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
11:28:08.0249 4368 wscsvc - ok
11:28:08.0249 4368 WSearch - ok
11:28:08.0358 4368 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
11:28:08.0374 4368 wuauserv - ok
11:28:08.0421 4368 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
11:28:08.0436 4368 WudfPf - ok
11:28:08.0483 4368 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
11:28:08.0499 4368 WUDFRd - ok
11:28:08.0561 4368 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
11:28:08.0577 4368 wudfsvc - ok
11:28:08.0623 4368 [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc C:\Windows\System32\wwansvc.dll
11:28:08.0655 4368 WwanSvc - ok
11:28:08.0686 4368 [ E8F3FA126A06F8E7088F63757112A186 ] XAudio C:\Windows\system32\DRIVERS\XAudio64.sys
11:28:08.0701 4368 XAudio - ok
11:28:08.0748 4368 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
11:28:08.0779 4368 yukonw7 - ok
11:28:08.0811 4368 ================ Scan global ===============================
11:28:08.0842 4368 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
11:28:08.0904 4368 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
11:28:08.0920 4368 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
11:28:08.0967 4368 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
11:28:08.0998 4368 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
11:28:09.0013 4368 [Global] - ok
11:28:09.0013 4368 ================ Scan MBR ==================================
11:28:09.0029 4368 [ D795EC05D8255BE48898B067F9E2F347 ] \Device\Harddisk0\DR0
11:28:09.0294 4368 \Device\Harddisk0\DR0 - ok
11:28:09.0294 4368 ================ Scan VBR ==================================
11:28:09.0294 4368 [ FD75DC59D90F30F8A8ACFB3EAD24B968 ] \Device\Harddisk0\DR0\Partition1
11:28:09.0294 4368 \Device\Harddisk0\DR0\Partition1 - ok
11:28:09.0341 4368 [ 04018CCAB842F1337A5A2E378F56CF3D ] \Device\Harddisk0\DR0\Partition2
11:28:09.0341 4368 \Device\Harddisk0\DR0\Partition2 - ok
11:28:09.0357 4368 [ E1F904975D2EC19540C7AF2438E4C366 ] \Device\Harddisk0\DR0\Partition3
11:28:09.0372 4368 \Device\Harddisk0\DR0\Partition3 - ok
11:28:09.0372 4368 ============================================================
11:28:09.0372 4368 Scan finished
11:28:09.0372 4368 ============================================================
11:28:09.0388 6588 Detected object count: 0
11:28:09.0388 6588 Actual detected object count: 0
11:29:03.0459 6476 Deinitialize success
javier910
Regular Member
 
Posts: 31
Joined: July 12th, 2013, 12:06 pm
Advertisement
Register to Remove

Re: Help with adware!

Unread postby javier910 » July 14th, 2013, 12:40 pm

FRST

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-07-2013
Ran by Luis Javier (administrator) on 14-07-2013 11:32:04
Running from C:\Users\Luis Javier\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
(Pharos Systems International) C:\PROGRA~2\PHAROS~1\Core\CTskMstr.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(Spotify Ltd) C:\Users\Luis Javier\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Dropbox, Inc.) C:\Users\Luis Javier\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Sony Corporation) C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(CyberLink Corp.) C:\Program Files (x86)\HP\QuickPlay\QPService.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Sophos Limited) C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
() C:\Program Files (x86)\tutoriales100_mx_11\tutoriales100_mx_11.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
() C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1808168 2009-06-18] (Synaptics Incorporated)
HKLM\...\Run: [cAudioFilterAgent] - C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [495104 2009-07-14] (Conexant Systems, Inc.)
HKCU\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW [1668664 2009-10-26] (Hewlett-Packard)
HKCU\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2363392 2010-02-22] (Hewlett-Packard Company)
HKCU\...\Run: [msnmsgr] - "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [x]
HKCU\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe /c [307768 2010-07-06] ()
HKCU\...\Run: [Facebook Update] - "C:\Users\Luis Javier\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-11] (Facebook Inc.)
HKCU\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload [1561968 2013-05-23] (Samsung)
HKCU\...\Run: [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup [x]
HKCU\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [1106288 2013-05-23] (Samsung)
HKCU\...\Run: [Skype] - "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18678376 2013-04-19] (Skype Technologies S.A.)
HKCU\...\Run: [Spotify] - "C:\Users\Luis Javier\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart [4643328 2013-06-20] (Spotify Ltd)
HKCU\...\Run: [Spotify Web Helper] - "C:\Users\Luis Javier\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1104384 2013-06-20] (Spotify Ltd)
HKCU\...\Run: [GoogleDriveSync] - "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart [19676256 2013-06-06] (Google)
HKCU\...\Policies\system: [WallpaperStyle] 2
HKLM-x32\...\Run: [QPService] - "C:\Program Files (x86)\HP\QuickPlay\QPService.exe" [468264 2009-06-24] (CyberLink Corp.)
HKLM-x32\...\Run: [UCam_Menu] - "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0" [218408 2009-02-18] (CyberLink Corp.)
HKLM-x32\...\Run: [QlbCtrl.exe] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start [323640 2010-02-25] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] - "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED [581480 2009-05-12] (Symantec Corporation)
HKLM-x32\...\Run: [UpdatePRCShortCut] - "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover" [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [WirelessAssistant] - C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [500792 2010-03-23] (Hewlett-Packard Company)
HKLM-x32\...\Run: [QuickTime Task] - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [AppleSyncNotifier] - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [47904 2010-12-14] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421160 2010-12-13] (Apple Inc.)
HKLM-x32\...\Run: [BrStsWnd] - C:\Program Files (x86)\Brownie\BrstsW64.exe Autorun [3695928 2009-08-19] (brother)
HKLM-x32\...\Run: [Sophos AutoUpdate Monitor] - C:\Program Files (x86)\Sophos\AutoUpdate\almon.exe [929272 2013-02-13] (Sophos Limited)
HKLM-x32\...\Run: [DivXUpdate] - "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1230704 2011-03-21] ()
HKLM-x32\...\Run: [Brdefprn] - C:\Program Files (x86)\Brother\BRHL2170\Brdefprn.exe -d [45056 2010-07-29] ()
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-05-23] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [tutoriales100_mx_11] - "C:\Program Files (x86)\tutoriales100_mx_11\tutoriales100_mx_11.exe" [3960680 2013-02-27] ()
HKLM-x32\...\Run: [Adobe ARM] - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-05-11] (Adobe Systems Incorporated)
HKU\Default\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1668664 2009-10-26] (Hewlett-Packard)
HKU\Default\...\Policies\system: [WallpaperStyle] 2
HKU\Default User\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1668664 2009-10-26] (Hewlett-Packard)
HKU\Default User\...\Policies\system: [WallpaperStyle] 2
HKU\Guest\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1668664 2009-10-26] (Hewlett-Packard)
HKU\Guest\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2363392 2010-02-22] (Hewlett-Packard Company)
HKU\Guest\...\Policies\system: [WallpaperStyle] 2
HKU\no one\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1668664 2009-10-26] (Hewlett-Packard)
HKU\no one\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2363392 2010-02-22] (Hewlett-Packard Company)
HKU\no one\...\Policies\system: [WallpaperStyle] 2
AppInit_DLLs: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL [218256 2012-12-22] (Sophos Limited)
AppInit_DLLs-x32: C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL [221840 2012-12-22] (Sophos Limited)
Startup: C:\ProgramData\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Luis Javier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Luis Javier\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Luis Javier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Herramienta de búsqueda de soportes de PMB.lnk
ShortcutTarget: Herramienta de búsqueda de soportes de PMB.lnk -> C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {25D357A3-3118-4329-96B3-E9B6F844645B} URL = http://mx.search.yahoo.com/search?fr=ch ... =386496&p={searchTerms}
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: dymanet - {64c6c7b0-3789-a383-e982-ecc5a035eed3} - C:\Windows\SysWow64\8b744725-7128-f7f0-dcc2-1f737e976f98.dll ()
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/produ ... wsdc32.cab
DPF: HKLM-x32 {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zone.msn.com/binary/So ... b56986.cab
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/i ... ction2.cab
DPF: HKLM-x32 {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/200 ... ader55.cab
DPF: HKLM-x32 {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Me ... b56907.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9 19 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [88128] (Sophos Limited)
Winsock: Catalog9-x64 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Winsock: Catalog9-x64 19 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll [131648] (Sophos Limited)
Tcpip\Parameters: [DhcpNameServer] 10.3.77.10 10.3.1.100

FireFox:
========
FF ProfilePath: C:\Users\Luis Javier\AppData\Roaming\Mozilla\Firefox\Profiles\8ndmvsv6.default
FF Keyword.URL: hxxp://mx.search.yahoo.com/search?fr=gr ... =386496&p=
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.4.1 - C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @veetle.com/vbp;version=0.9.17 - C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.17 - C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.17 - C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @doubletwist.com/NPPodcast - C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll No File
FF Plugin HKCU: @movenetworks.com/Quantum Media Player - C:\Users\Luis Javier\AppData\Roaming\Move Networks\plugins\071803000001\npqmp071803000001.dll (Move Networks)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Luis Javier\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\answers.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml
FF Extension: No Name - C:\Users\Luis Javier\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
FF Extension: No Name - C:\Users\Luis Javier\AppData\Roaming\Mozilla\Extensions\songbird@songbirdnest.com
FF Extension: No Name - C:\Users\Luis Javier\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: wtxpcom - C:\Users\Luis Javier\AppData\Roaming\Mozilla\Firefox\Profiles\8ndmvsv6.default\Extensions\wtxpcom@mybrowserbar.com
FF Extension: youtubedownloader - C:\Users\Luis Javier\AppData\Roaming\Mozilla\Firefox\Profiles\8ndmvsv6.default\Extensions\youtubedownloader@mybrowserbar.com
FF Extension: z - C:\Program Files (x86)\Mozilla Firefox\extensions\{81df63a1-ec2c-5b84-0e9f-1007a5009873}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\

Chrome:
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U4) - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Veetle TV Player) - C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
CHR Plugin: (Veetle Broadcaster Plugin) - C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
CHR Plugin: (Veetle TV Core) - C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
CHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Facebook Video Calling Plugin) - C:\Users\Luis Javier\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
CHR Plugin: (Move Media Player 7) - C:\Users\Luis Javier\AppData\Roaming\Move Networks\plugins\071803000001\npqmp071803000001.dll (Move Networks)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.40.255) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Extension: (Google Docs) - C:\Users\LUISJA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\LUISJA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\LUISJA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\LUISJA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Gmail) - C:\Users\LUISJA~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

==================== Services (Whitelisted) =================

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [227184 2011-08-10] ()
R2 Pharos Systems ComTaskMaster; C:\PROGRA~2\PHAROS~1\Core\CTskMstr.exe [290816 2008-05-16] (Pharos Systems International)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-01-21] ()
R2 SAVAdminService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [217592 2013-02-13] (Sophos Limited)
R2 SAVService; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [159296 2012-12-22] (Sophos Limited)
R2 Sophos AutoUpdate Service; C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe [237048 2013-02-13] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [357400 2012-08-04] (Sophos Limited)
R2 swi_service; C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2890232 2013-03-22] (Sophos Limited)
S2 swi_update_64; C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe [2010688 2012-12-22] (Sophos Limited)

==================== Drivers (Whitelisted) ====================

S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] ()
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-02-05] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [154952 2012-12-22] (Sophos Limited)
S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [36640 2012-08-04] (Sophos Limited)
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [25608 2011-03-12] (Sophos Plc)
U4 eabfiltr;
S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [x]
S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-07-14 11:31 - 2013-07-14 11:31 - 01777839 _____ (Farbar) C:\Users\Luis Javier\Desktop\FRST64.exe
2013-07-14 11:31 - 2013-07-14 11:31 - 00000000 ____D C:\FRST
2013-07-14 11:16 - 2013-07-14 11:16 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Luis Javier\Desktop\tdsskiller.exe
2013-07-13 19:11 - 2013-07-13 19:11 - 00448512 _____ (OldTimer Tools) C:\Users\Luis Javier\Desktop\TFC.exe
2013-07-13 09:36 - 2013-07-13 09:36 - 00000000 ____D C:\_OTL
2013-07-12 22:16 - 2013-07-12 22:17 - 00602112 _____ (OldTimer Tools) C:\Users\Luis Javier\Desktop\OTL.exe
2013-07-12 22:09 - 2013-07-13 16:11 - 00000000 ____D C:\Users\LUISJA~1\AppData\Local\eorezo
2013-07-12 22:05 - 2013-07-12 22:06 - 00000361 _____ C:\Windows\DeleteOnReboot.bat
2013-07-12 22:02 - 2013-07-12 22:02 - 00662345 _____ C:\Users\Luis Javier\Desktop\adwcleaner.exe
2013-07-12 18:16 - 2013-07-12 19:58 - 00000000 _____ C:\Windows\system32\vireng.log
2013-07-12 17:02 - 2013-07-12 17:02 - 00688992 ____R (Swearware) C:\Users\Luis Javier\Desktop\dds.com
2013-07-12 00:06 - 2013-07-12 00:07 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-12 00:02 - 2013-07-12 00:05 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Luis Javier\Desktop\mbam-setup-1.75.0.1300.exe
2013-07-11 00:19 - 2013-06-04 01:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-11 00:19 - 2013-06-03 23:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-07-11 00:19 - 2013-05-06 01:03 - 01887744 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-11 00:19 - 2013-05-05 23:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-11 00:18 - 2013-06-04 22:34 - 03153920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-11 00:17 - 2013-04-09 18:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-07-11 00:17 - 2013-04-02 17:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-10 11:09 - 2013-07-10 11:09 - 00064512 ____H C:\Users\Luis Javier\Downloads\~WRL0003.tmp
2013-07-04 14:43 - 2013-07-04 14:47 - 134513066 _____ C:\Users\Luis Javier\Downloads\Dieux du Stade 2013- Watch Cinema- video.mp4
2013-07-04 14:37 - 2013-07-04 14:37 - 00012325 _____ C:\Users\Luis Javier\Downloads\[isoHunt] download (2).torrent
2013-06-30 21:43 - 2013-07-14 11:08 - 00000000 ___SD C:\Users\Luis Javier\Google Drive
2013-06-30 21:43 - 2013-06-30 21:43 - 00001710 _____ C:\Users\Luis Javier\Desktop\Google Drive.lnk
2013-06-30 21:40 - 2013-06-30 21:40 - 00800192 _____ (Google Inc.) C:\Users\Luis Javier\Downloads\googledrivesync.exe
2013-06-30 21:40 - 2013-06-30 21:40 - 00000000 ____D C:\Users\Luis Javier\AppData\LocalGoogle
2013-06-30 21:17 - 2013-06-30 21:17 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-30 21:17 - 2012-04-04 18:47 - 00227720 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-06-30 21:13 - 2013-06-30 21:13 - 00903080 _____ (Oracle Corporation) C:\Users\Luis Javier\Downloads\chromeinstall-7u25.exe
2013-06-30 15:25 - 2013-06-30 15:25 - 03766456 _____ C:\Users\Luis Javier\Downloads\Unconfirmed 769234.crdownload
2013-06-28 12:18 - 2013-06-28 12:18 - 00251480 _____ C:\Users\Luis Javier\Downloads\F643.tmp
2013-06-27 13:58 - 2013-07-13 10:06 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-06-26 11:29 - 2013-06-26 11:29 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2013-06-25 09:57 - 2013-04-17 02:02 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-25 09:57 - 2013-04-17 01:24 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2013-06-24 23:21 - 2013-06-24 23:21 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-06-24 23:21 - 2013-06-24 23:21 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-06-24 23:21 - 2013-06-24 23:21 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2013-06-24 23:21 - 2013-06-24 23:21 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-06-24 23:21 - 2013-06-24 23:21 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-06-24 23:21 - 2013-06-24 23:21 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-06-24 23:21 - 2013-06-24 23:21 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2013-06-24 23:21 - 2013-06-24 23:21 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-06-24 23:21 - 2013-06-24 23:21 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-06-24 23:21 - 2013-06-24 23:21 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-06-24 23:21 - 2013-06-24 23:21 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-06-24 23:21 - 2013-06-24 23:21 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-06-24 23:21 - 2013-06-24 23:21 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-06-24 23:21 - 2013-06-24 23:21 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-06-24 23:21 - 2013-06-24 23:21 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-06-24 23:21 - 2013-06-24 23:21 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-06-24 23:21 - 2013-06-24 23:21 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-06-24 23:21 - 2013-06-24 23:21 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2013-06-24 23:21 - 2013-06-24 23:21 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-06-24 23:21 - 2013-06-24 23:21 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-06-24 23:21 - 2013-06-24 23:21 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-06-24 23:21 - 2013-06-24 23:21 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-06-24 23:21 - 2013-06-24 23:21 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2013-06-24 23:21 - 2013-06-24 23:21 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2013-06-24 23:21 - 2013-06-24 23:21 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-06-24 23:21 - 2013-06-24 23:21 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-06-24 23:21 - 2013-06-24 23:21 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-06-24 23:21 - 2013-06-24 23:21 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-06-24 23:21 - 2013-06-24 23:21 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-06-24 23:21 - 2013-06-24 23:21 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-24 23:21 - 2013-06-24 23:21 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-24 23:21 - 2013-06-24 23:21 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-24 23:21 - 2013-06-24 23:21 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-24 23:21 - 2013-06-24 23:21 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-24 23:21 - 2013-06-24 23:21 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-24 23:21 - 2013-06-24 23:21 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-24 23:21 - 2013-06-24 23:21 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-24 23:21 - 2013-06-24 23:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-24 23:21 - 2013-06-24 23:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-24 23:21 - 2013-06-24 23:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-24 23:21 - 2013-06-24 23:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-24 23:21 - 2013-06-24 23:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-24 23:21 - 2013-06-24 23:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-24 23:21 - 2013-06-24 23:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-24 23:21 - 2013-06-24 23:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-24 23:21 - 2013-06-24 23:21 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-24 23:21 - 2013-06-24 23:21 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-20 13:25 - 2013-07-14 11:09 - 00000000 ____D C:\Users\Luis Javier\AppData\Roaming\Spotify
2013-06-20 13:25 - 2013-06-20 13:30 - 00000000 ____D C:\Users\LUISJA~1\AppData\Local\Spotify
2013-06-20 13:25 - 2013-06-20 13:25 - 00092776 _____ (Spotify Ltd) C:\Users\Luis Javier\Downloads\spotify.exe
2013-06-20 13:25 - 2013-06-20 13:25 - 00001826 _____ C:\Users\Luis Javier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2013-06-18 15:14 - 2013-06-18 15:14 - 00000000 _____ C:\Users\Luis Javier\Desktop\9gag.htm
2013-06-17 13:12 - 2013-06-17 13:12 - 00981504 _____ C:\Users\Luis Javier\Downloads\MicrosoftFixit50778.msi
2013-06-16 11:22 - 2013-06-16 11:34 - 381812060 ____R C:\Users\Luis Javier\Desktop\The.Walking.Dead.S03E16.REPACK.HDTV.x264-EVOLVE.mp4
2013-06-16 11:22 - 2013-04-01 00:10 - 00020794 _____ C:\Users\Luis Javier\Desktop\The.Walking.Dead.S03E16.REPACK.HDTV.x264-EVOLVE.ESP.wWw.SubsTeam.Net.srt
2013-06-16 11:21 - 2013-06-16 11:21 - 00015607 _____ C:\Users\Luis Javier\Downloads\[isoHunt] The.Walking.Dead.S03E16.REPACK.HDTV.x264-EVOLVE.mp4.torrent
2013-06-16 11:21 - 2013-06-16 11:21 - 00009104 _____ C:\Users\Luis Javier\Downloads\325931.rar
2013-06-16 11:20 - 2013-06-16 11:28 - 00000000 ____D C:\Users\Luis Javier\Downloads\The Walking Dead S03E15 HDTV x264-ASAP[ettv]
2013-06-16 11:19 - 2013-06-16 11:20 - 00009813 _____ C:\Users\Luis Javier\Downloads\325417.rar
2013-06-16 11:19 - 2013-06-16 11:19 - 00033861 _____ C:\Users\Luis Javier\Downloads\[isoHunt] 2141416.torrent
2013-06-14 20:13 - 2013-06-14 20:13 - 00012190 _____ C:\Users\Luis Javier\Downloads\the-walking-dead-third-season_english-701420.zip
2013-06-14 20:04 - 2013-06-14 20:20 - 00000000 ____D C:\Users\Luis Javier\Downloads\The Walking Dead S03E14 HDTV x264-ASAP[ettv]
2013-06-14 20:03 - 2013-06-14 20:03 - 00029984 _____ C:\Users\Luis Javier\Downloads\[isoHunt] The Walking Dead S03E14 HDTV x264-ASAP[ettv].torrent
2013-06-14 20:00 - 2013-06-14 20:20 - 00000000 ____D C:\Users\Luis Javier\Downloads\The Walking Dead S03E13 HDTV x264-2HD[ettv]
2013-06-14 19:31 - 2013-06-14 19:31 - 00025890 _____ C:\Users\Luis Javier\Downloads\[isoHunt] The Walking Dead S03E13 HDTV x264-2HD[ettv].torrent
2013-06-14 19:13 - 2013-06-14 19:13 - 00076458 _____ C:\Users\Luis Javier\Downloads\Outlook.zip

==================== One Month Modified Files and Folders =======

2013-07-14 11:31 - 2013-07-14 11:31 - 01777839 _____ (Farbar) C:\Users\Luis Javier\Desktop\FRST64.exe
2013-07-14 11:31 - 2013-07-14 11:31 - 00000000 ____D C:\FRST
2013-07-14 11:26 - 2010-01-02 05:05 - 00000000 ____D C:\Users\Luis Javier\AppData\Roaming\Skype
2013-07-14 11:19 - 2009-07-13 23:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-14 11:19 - 2009-07-13 23:45 - 00023248 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-14 11:16 - 2013-07-14 11:16 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Luis Javier\Desktop\tdsskiller.exe
2013-07-14 11:10 - 2013-02-06 10:58 - 00000000 ____D C:\Users\Luis Javier\AppData\Roaming\Dropbox
2013-07-14 11:10 - 2009-11-17 08:39 - 00000290 _____ C:\ProgramData\hpqp.ini
2013-07-14 11:09 - 2013-06-20 13:25 - 00000000 ____D C:\Users\Luis Javier\AppData\Roaming\Spotify
2013-07-14 11:08 - 2013-06-30 21:43 - 00000000 ___SD C:\Users\Luis Javier\Google Drive
2013-07-14 11:08 - 2013-02-06 11:02 - 00000000 ___RD C:\Users\Luis Javier\Dropbox
2013-07-14 11:08 - 2011-01-03 14:42 - 00000709 _____ C:\Windows\Brownie.ini
2013-07-14 11:07 - 2013-01-15 19:25 - 00000904 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-14 11:07 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-14 11:06 - 2009-07-13 23:51 - 00343504 _____ C:\Windows\setupact.log
2013-07-14 01:52 - 2009-11-17 08:15 - 02027500 _____ C:\Windows\WindowsUpdate.log
2013-07-14 01:06 - 2013-01-15 19:25 - 00000908 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-14 00:18 - 2011-10-01 18:08 - 00000952 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3015314384-3129878688-3584949256-1000UA.job
2013-07-13 21:27 - 2011-10-01 18:08 - 00000930 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3015314384-3129878688-3584949256-1000Core.job
2013-07-13 19:11 - 2013-07-13 19:11 - 00448512 _____ (OldTimer Tools) C:\Users\Luis Javier\Desktop\TFC.exe
2013-07-13 16:11 - 2013-07-12 22:09 - 00000000 ____D C:\Users\LUISJA~1\AppData\Local\eorezo
2013-07-13 10:27 - 2010-01-02 03:25 - 01303470 _____ C:\Windows\PFRO.log
2013-07-13 10:06 - 2013-06-27 13:58 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-13 09:36 - 2013-07-13 09:36 - 00000000 ____D C:\_OTL
2013-07-12 22:17 - 2013-07-12 22:16 - 00602112 _____ (OldTimer Tools) C:\Users\Luis Javier\Desktop\OTL.exe
2013-07-12 22:06 - 2013-07-12 22:05 - 00000361 _____ C:\Windows\DeleteOnReboot.bat
2013-07-12 22:05 - 2010-07-09 13:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-07-12 22:04 - 2012-10-03 17:56 - 00000000 ____D C:\Program Files (x86)\SavingsApp
2013-07-12 22:02 - 2013-07-12 22:02 - 00662345 _____ C:\Users\Luis Javier\Desktop\adwcleaner.exe
2013-07-12 22:01 - 2013-01-15 19:25 - 00003904 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-07-12 22:01 - 2013-01-15 19:25 - 00003652 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-12 19:58 - 2013-07-12 18:16 - 00000000 _____ C:\Windows\system32\vireng.log
2013-07-12 19:40 - 2011-03-15 22:54 - 00000000 ____D C:\Windows\$XNTUninstall643$
2013-07-12 19:39 - 2012-04-19 19:04 - 00000000 ____D C:\Users\LUISJA~1\AppData\Local\Motorola
2013-07-12 19:29 - 2010-05-09 23:12 - 00000000 ____D C:\Program Files (x86)\uTorrent
2013-07-12 17:02 - 2013-07-12 17:02 - 00688992 ____R (Swearware) C:\Users\Luis Javier\Desktop\dds.com
2013-07-12 10:42 - 2011-12-23 17:59 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-07-12 10:42 - 2010-01-10 15:46 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2013-07-12 00:07 - 2013-07-12 00:06 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-07-12 00:05 - 2013-07-12 00:02 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Luis Javier\Desktop\mbam-setup-1.75.0.1300.exe
2013-07-11 18:52 - 2009-07-13 23:45 - 00435848 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-11 18:49 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-11 18:49 - 2009-07-14 00:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-07-11 12:06 - 2010-01-02 02:44 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-11 11:43 - 2012-05-11 17:32 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-11 11:43 - 2012-05-11 17:32 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-07-11 00:36 - 2009-07-14 00:13 - 00747506 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-10 11:09 - 2013-07-10 11:09 - 00064512 ____H C:\Users\Luis Javier\Downloads\~WRL0003.tmp
2013-07-06 17:42 - 2010-02-08 00:57 - 00000000 ____D C:\Users\Luis Javier\AppData\Roaming\vlc
2013-07-04 14:47 - 2013-07-04 14:43 - 134513066 _____ C:\Users\Luis Javier\Downloads\Dieux du Stade 2013- Watch Cinema- video.mp4
2013-07-04 14:37 - 2013-07-04 14:37 - 00012325 _____ C:\Users\Luis Javier\Downloads\[isoHunt] download (2).torrent
2013-07-02 13:17 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2013-06-30 21:43 - 2013-06-30 21:43 - 00001710 _____ C:\Users\Luis Javier\Desktop\Google Drive.lnk
2013-06-30 21:43 - 2010-01-02 02:43 - 00000000 ____D C:\Users\Luis Javier
2013-06-30 21:40 - 2013-06-30 21:40 - 00800192 _____ (Google Inc.) C:\Users\Luis Javier\Downloads\googledrivesync.exe
2013-06-30 21:40 - 2013-06-30 21:40 - 00000000 ____D C:\Users\Luis Javier\AppData\LocalGoogle
2013-06-30 21:40 - 2010-03-30 11:13 - 00000000 ____D C:\Users\LUISJA~1\AppData\Local\Google
2013-06-30 21:40 - 2010-03-30 11:13 - 00000000 ____D C:\Program Files (x86)\Google
2013-06-30 21:17 - 2013-06-30 21:17 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-06-30 21:17 - 2012-05-11 19:31 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-06-30 21:17 - 2012-05-11 19:31 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-06-30 21:17 - 2009-08-21 14:29 - 00000000 ____D C:\Program Files (x86)\Java
2013-06-30 21:13 - 2013-06-30 21:13 - 00903080 _____ (Oracle Corporation) C:\Users\Luis Javier\Downloads\chromeinstall-7u25.exe
2013-06-30 15:25 - 2013-06-30 15:25 - 03766456 _____ C:\Users\Luis Javier\Downloads\Unconfirmed 769234.crdownload
2013-06-28 12:18 - 2013-06-28 12:18 - 00251480 _____ C:\Users\Luis Javier\Downloads\F643.tmp
2013-06-26 11:29 - 2013-06-26 11:29 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2013-06-26 11:28 - 2009-08-21 12:27 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-06-26 11:26 - 2013-03-10 22:10 - 00002006 _____ C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
2013-06-26 11:26 - 2013-01-06 15:40 - 00000000 ____D C:\Program Files (x86)\Samsung
2013-06-26 11:26 - 2012-04-19 19:00 - 00000000 ____D C:\Users\LUISJA~1\AppData\Local\Downloaded Installations
2013-06-25 09:37 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2013-06-25 09:37 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2013-06-25 09:37 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\zh-HK
2013-06-25 09:37 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\tr-TR
2013-06-24 23:23 - 2013-05-21 00:22 - 00016670 _____ C:\Windows\IE10_main.log
2013-06-24 23:21 - 2013-06-24 23:21 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-06-24 23:21 - 2013-06-24 23:21 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-06-24 23:21 - 2013-06-24 23:21 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2013-06-24 23:21 - 2013-06-24 23:21 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-06-24 23:21 - 2013-06-24 23:21 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-06-24 23:21 - 2013-06-24 23:21 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-06-24 23:21 - 2013-06-24 23:21 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2013-06-24 23:21 - 2013-06-24 23:21 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-06-24 23:21 - 2013-06-24 23:21 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-06-24 23:21 - 2013-06-24 23:21 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-06-24 23:21 - 2013-06-24 23:21 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-06-24 23:21 - 2013-06-24 23:21 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-06-24 23:21 - 2013-06-24 23:21 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-06-24 23:21 - 2013-06-24 23:21 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-06-24 23:21 - 2013-06-24 23:21 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-06-24 23:21 - 2013-06-24 23:21 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-06-24 23:21 - 2013-06-24 23:21 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-06-24 23:21 - 2013-06-24 23:21 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2013-06-24 23:21 - 2013-06-24 23:21 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-06-24 23:21 - 2013-06-24 23:21 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-06-24 23:21 - 2013-06-24 23:21 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-06-24 23:21 - 2013-06-24 23:21 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-06-24 23:21 - 2013-06-24 23:21 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2013-06-24 23:21 - 2013-06-24 23:21 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2013-06-24 23:21 - 2013-06-24 23:21 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-06-24 23:21 - 2013-06-24 23:21 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-06-24 23:21 - 2013-06-24 23:21 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-06-24 23:21 - 2013-06-24 23:21 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-06-24 23:21 - 2013-06-24 23:21 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-06-24 23:21 - 2013-06-24 23:21 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-24 23:21 - 2013-06-24 23:21 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-24 23:21 - 2013-06-24 23:21 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-24 23:21 - 2013-06-24 23:21 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-24 23:21 - 2013-06-24 23:21 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-24 23:21 - 2013-06-24 23:21 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-24 23:21 - 2013-06-24 23:21 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-24 23:21 - 2013-06-24 23:21 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-24 23:21 - 2013-06-24 23:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-24 23:21 - 2013-06-24 23:21 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-24 23:21 - 2013-06-24 23:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-24 23:21 - 2013-06-24 23:21 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-24 23:21 - 2013-06-24 23:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-24 23:21 - 2013-06-24 23:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-24 23:21 - 2013-06-24 23:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-24 23:21 - 2013-06-24 23:21 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-24 23:21 - 2013-06-24 23:21 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-24 23:21 - 2013-06-24 23:21 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-21 17:11 - 2009-07-14 00:08 - 00032588 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-06-20 13:30 - 2013-06-20 13:25 - 00000000 ____D C:\Users\LUISJA~1\AppData\Local\Spotify
2013-06-20 13:25 - 2013-06-20 13:25 - 00092776 _____ (Spotify Ltd) C:\Users\Luis Javier\Downloads\spotify.exe
2013-06-20 13:25 - 2013-06-20 13:25 - 00001826 _____ C:\Users\Luis Javier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2013-06-18 15:14 - 2013-06-18 15:14 - 00000000 _____ C:\Users\Luis Javier\Desktop\9gag.htm
2013-06-18 11:56 - 2010-03-20 00:56 - 00000000 ____D C:\Users\Luis Javier\Desktop\BROTHER
2013-06-17 13:12 - 2013-06-17 13:12 - 00981504 _____ C:\Users\Luis Javier\Downloads\MicrosoftFixit50778.msi
2013-06-16 11:34 - 2013-06-16 11:22 - 381812060 ____R C:\Users\Luis Javier\Desktop\The.Walking.Dead.S03E16.REPACK.HDTV.x264-EVOLVE.mp4
2013-06-16 11:28 - 2013-06-16 11:20 - 00000000 ____D C:\Users\Luis Javier\Downloads\The Walking Dead S03E15 HDTV x264-ASAP[ettv]
2013-06-16 11:21 - 2013-06-16 11:21 - 00015607 _____ C:\Users\Luis Javier\Downloads\[isoHunt] The.Walking.Dead.S03E16.REPACK.HDTV.x264-EVOLVE.mp4.torrent
2013-06-16 11:21 - 2013-06-16 11:21 - 00009104 _____ C:\Users\Luis Javier\Downloads\325931.rar
2013-06-16 11:20 - 2013-06-16 11:19 - 00009813 _____ C:\Users\Luis Javier\Downloads\325417.rar
2013-06-16 11:19 - 2013-06-16 11:19 - 00033861 _____ C:\Users\Luis Javier\Downloads\[isoHunt] 2141416.torrent
2013-06-15 10:13 - 2013-06-13 00:40 - 00010674 _____ C:\Users\Luis Javier\Documents\GASTOS JUNIO.xlsx
2013-06-15 09:49 - 2013-04-26 12:19 - 00000356 _____ C:\Windows\Tasks\HPCeeScheduleForLuis Javier.job
2013-06-15 09:49 - 2009-07-14 00:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-06-14 20:20 - 2013-06-14 20:04 - 00000000 ____D C:\Users\Luis Javier\Downloads\The Walking Dead S03E14 HDTV x264-ASAP[ettv]
2013-06-14 20:20 - 2013-06-14 20:00 - 00000000 ____D C:\Users\Luis Javier\Downloads\The Walking Dead S03E13 HDTV x264-2HD[ettv]
2013-06-14 20:13 - 2013-06-14 20:13 - 00012190 _____ C:\Users\Luis Javier\Downloads\the-walking-dead-third-season_english-701420.zip
2013-06-14 20:03 - 2013-06-14 20:03 - 00029984 _____ C:\Users\Luis Javier\Downloads\[isoHunt] The Walking Dead S03E14 HDTV x264-ASAP[ettv].torrent
2013-06-14 19:33 - 2013-04-26 12:19 - 00003222 _____ C:\Windows\System32\Tasks\HPCeeScheduleForLuis Javier
2013-06-14 19:31 - 2013-06-14 19:31 - 00025890 _____ C:\Users\Luis Javier\Downloads\[isoHunt] The Walking Dead S03E13 HDTV x264-2HD[ettv].torrent
2013-06-14 19:13 - 2013-06-14 19:13 - 00076458 _____ C:\Users\Luis Javier\Downloads\Outlook.zip

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-07-13 22:23

==================== End Of Log ============================
javier910
Regular Member
 
Posts: 31
Joined: July 12th, 2013, 12:06 pm

Re: Help with adware!

Unread postby javier910 » July 14th, 2013, 12:41 pm

Addition

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-07-2013
Ran by Luis Javier at 2013-07-14 11:34:25
Running from C:\Users\Luis Javier\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================


Update for Microsoft Office 2007 (KB2508958) (x32)
64 Bit HP CIO Components Installer (Version: 6.2.1)
Acrobat.com (x32 Version: 1.6.65)
Activate Norton Online Backup (x32 Version: 1.1.20.0)
Adobe AIR (x32 Version: 1.5.0.7220)
Adobe Flash Player 10 ActiveX (x32 Version: 10.1.102.64)
Adobe Flash Player 10 Plugin (x32 Version: 10.1.53.64)
Adobe Reader XI (11.0.03) (x32 Version: 11.0.03)
Adobe Shockwave Player 11.5 (x32 Version: 11.5.9.620)
Advertising Center (x32 Version: 0.0.0.1)
A-PDF Page Master (x32)
A-PDF Scan Optimizer (x32)
Apple Application Support (x32 Version: 1.4.1)
Apple Mobile Device Support (Version: 3.3.0.69)
Apple Software Update (x32 Version: 2.1.2.120)
Atheros Driver Installation Program (x32 Version: 9.0)
AVCWare iPod to iPod/Computer/iTunes Transfer (x32 Version: 2.1.43.0423)
Bing Bar (x32 Version: 7.0.850.0)
Bonjour (Version: 2.0.4.0)
Brother HL-2170W (x32 Version: 1.00)
BufferChm (x32 Version: 130.0.331.000)
Cisco EAP-FAST Module (x32 Version: 2.2.14)
Cisco LEAP Module (x32 Version: 1.0.19)
Cisco PEAP Module (x32 Version: 1.1.6)
Compatibility Pack for the 2007 Office system (x32 Version: 12.0.6612.1000)
Contextual Tracker Dymanet (x32)
Copy (x32 Version: 130.0.366.000)
CopyTrans Suite Remove Only (HKCU Version: 2.08)
CyberLink DVD Suite (x32 Version: 6.0.3101)
CyberLink YouCam (x32 Version: 2.0.3115)
Destinations (x32 Version: 130.0.0.0)
DeviceDiscovery (x32 Version: 130.0.372.000)
DivX Setup (x32 Version: 2.4.1.4)
DJ_AIO_05_F4400_Software_Min (x32 Version: 130.0.448.000)
Dropbox (HKCU Version: 2.0.22)
Easy Phone Tunes (x32 Version: 132)
EViews 5 (x32)
exant HD Audio (Version: 4.98.60.50)
F4400 (x32 Version: 130.0.448.000)
Facebook Video Calling 1.2.0.287 (x32 Version: 1.2.287)
FLV Player X (x32 Version: 1.0.1)
FreeRIP Toolbar v7.2 (x32 Version: 7.2)
FreeRIP v3.61 (x32 Version: 3.61)
Google Chrome (x32 Version: 28.0.1500.72)
Google Drive (x32 Version: 1.10.4769.632)
Google Update Helper (x32 Version: 1.3.21.153)
GPBaseService2 (x32 Version: 130.0.371.000)
Graphmatica (x32)
HDAUDIO Soft Data Fax Modem with SmartCP (Version: 7.80.4.50)
HeidiSQL 6.0 (x32 Version: 6.0)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000)
HP Advisor (x32 Version: 3.2.9652.3188)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7)
HP Customer Participation Program 13.0 (Version: 13.0)
HP Deskjet F4400 Printer Driver Software 13.0 Rel .5 (Version: 13.0)
HP DVD Play 3.7 (x32 Version: 3.7.0.6623)
HP Games (x32 Version: 1.0.0.71)
HP Imaging Device Functions 13.0 (Version: 13.0)
HP Print Projects 1.0 (Version: 1.0)
HP Product Detection (x32 Version: 9.7.3)
HP Quick Launch Buttons (x32 Version: 6.50.16.1)
HP Setup (x32 Version: 1.2.3220.3079)
HP Smart Web Printing (x32 Version: 131.1.35898)
HP Smart Web Printing 4.5 (Version: 4.5)
HP Solution Center 13.0 (Version: 13.0)
HP Support Assistant (x32 Version: 7.0.39.15)
HP Update (x32 Version: 5.001.000.014)
HP User Guides 0156 (x32 Version: 1.02.0001)
HP Wireless Assistant (x32 Version: 3.50.11.2)
HPPhotoGadget (x32 Version: 130.0.282.000)
hpPrintProjects (x32 Version: 130.0.303.000)
HPProductAssistant (x32 Version: 130.0.371.000)
HPSSupply (x32 Version: 130.0.371.000)
hpWLPGInstaller (x32 Version: 130.0.303.000)
iCal 4.1 Web Calendar (x32)
Intel(R) Graphics Media Accelerator Driver (Version: 8.15.10.2202)
iPod PC Transfer 6.4 (x32 Version: 6.4)
iPod to Computer Transfer 4.8.3 (x32 Version: 4.8.3)
iTunes (Version: 10.1.1.4)
Java 7 Update 25 (x32 Version: 7.0.250)
Java Auto Updater (x32 Version: 2.1.9.5)
JavaFX 2.1.0 (x32 Version: 2.1.0)
Junk Mail filter update (x32 Version: 14.0.8117.416)
LabelPrint (x32 Version: 2.5.1913)
LightScribe System Software (x32 Version: 1.18.12.1)
LizardTech DjVu Control (x32)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
MarketResearch (x32 Version: 130.0.374.000)
Media Player Codec Pack 3.9.5 (x32)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (x32 Version: 2.0.48.0)
Microsoft Live Search Toolbar (x32 Version: 3.0.560.0)
Microsoft Office 2003 Web Components (x32 Version: 11.0.8173.0)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (x32 Version: 12.0.6612.1000)
Microsoft Office Professional 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Suite Activation Assistant (x32 Version: 2.9)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 (x32)
Microsoft SQL Server 2005 Backward compatibility (Version: 8.05.1054)
Microsoft SQL Server 2005 Books Online (English) (x32 Version: 9.00.1399.06)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft SQL Server 2005 Tools (x32 Version: 9.00.1399.06)
Microsoft SQL Server Native Client (Version: 9.00.1399.06)
Microsoft SQL Server Setup Support Files (English) (x32 Version: 9.00.1399.06)
Microsoft Sync Framework Runtime Native v1.0 (x86) (x32 Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (x32 Version: 1.0.1215.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (x32 Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual Studio 2005 Premier Partner Edition - ENU (x32 Version: 8.0.50728)
Microsoft Visual Studio 2005 Premier Partner Edition - ENU Service Pack 1 (KB926601) (x32 Version: 1)
Microsoft Works (x32 Version: 9.7.0621)
MobileMe Control Panel (Version: 3.1.5.0)
MotoHelper 2.0.53 Driver 5.2.0 (x32 Version: 2.0.53)
MotoHelper MergeModules (x32 Version: 1.2.0)
Motorola Mobile Drivers Installation 5.2.0 (Version: 5.2.0)
Move Media Player (HKCU)
Mozilla Firefox (3.6.28) (x32 Version: 3.6.28 (en-GB))
MSVCRT (x32 Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Music Transfer (x32 Version: 1.3.00.11130)
muvee Reveal (x32 Version: 7.0.43.12698)
MyFreeCodec (HKCU)
MySQL Workbench 5.2 CE (x32 Version: 5.2.33)
Nero 9 Essentials (x32)
Nero ControlCenter (x32 Version: 9.0.0.1)
Nero Installer (x32 Version: 4.4.9.0)
Nero Online Upgrade (x32 Version: 1.3.0.0)
Nero StartSmart (x32 Version: 9.4.12.100)
Nero StartSmart OEM (x32 Version: 9.4.10.100)
neroxml (x32 Version: 1.0.0)
novaPDF Standard Desktop 7.0 printer
Octoshape add-in for Adobe Flash Player (HKCU)
pdfforge Toolbar v7.2 (x32 Version: 7.2)
Pharos (x32)
PlayFLV (x32)
Power2Go (x32 Version: 6.0.3101)
PowerDirector (x32 Version: 7.0.3101)
PowerRecover (x32 Version: 5.5.1923)
Primo (x32 Version: 1.00.0000)
QLBCASL (x32 Version: 6.40.17.2)
QuickTime (x32 Version: 7.69.80.9)
Realtek 8136 8168 8169 Ethernet Driver (x32 Version: 1.00.0007)
Realtek USB 2.0 Card Reader (x32 Version: 6.1.7100.30093)
Rosetta Stone Version 3 (x32 Version: 3.4.5.0)
Runtime (x32 Version: 1.00.0000)
Safari (x32 Version: 5.33.19.4)
Samsung Kies (x32 Version: 2.5.1.12123_2)
Samsung Story Album Viewer (x32 Version: 1.0.0.13052_1)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.24.0)
Scan (x32 Version: 13.0.0.0)
Shop for HP Supplies (Version: 13.0)
Skype Toolbars (x32 Version: 5.3.7555)
Skype™ 6.3 (x32 Version: 6.3.107)
SolutionCenter (x32 Version: 130.0.373.000)
Sony Picture Utility (x32 Version: 4.2.02.15040)
Sophos Anti-Virus (x32 Version: 10.2.8)
Sophos AutoUpdate (x32 Version: 2.9.0.344)
Spotify (HKCU Version: 0.9.1.53.g876fa9df)
SQLXML4 (Version: 9.00.1399.06)
Status (x32 Version: 130.0.373.000)
Synaptics Pointing Device Driver (Version: 13.2.2.0)
The Options Toolbox v5.0 (x32)
Time Adjuster STANDARD 3.1 (HKCU)
Toolbox (x32 Version: 130.0.648.000)
TrayApp (x32 Version: 130.0.376.000)
tutoriales100_mx_11 (x32)
Universal Document Converter (Demo) (x32 Version: 5.0)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office Access 2007 Help (KB963663) (x32)
Update for Microsoft Office Excel 2007 Help (KB963678) (x32)
Update for Microsoft Office OneNote 2007 Help (KB963670) (x32)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32)
Update for Microsoft Office Outlook 2007 Help (KB963677) (x32)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817563) 32-Bit Edition (x32)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update for Microsoft Office Publisher 2007 Help (KB963667) (x32)
Update for Microsoft Office Script Editor Help (KB963671) (x32)
Update for Microsoft Office Word 2007 Help (KB963665) (x32)
Update for Microsoft Visual Studio 2005 Premier Partner Edition - ENU (KB932232) (x32 Version: 1)
VC80CRTRedist - 8.0.50727.4053 (x32 Version: 1.1.0)
Veetle TV 0.9.17 (x32 Version: 0.9.17)
Videora iPod Converter 5.04 (x32 Version: 5.04)
Visual Studio 2008 x64 Redistributables (x32 Version: 10.0.0.2)
VLC media player 1.0.5 (x32 Version: 1.0.5)
WebReg (x32 Version: 130.0.132.017)
Windows Live Communications Platform (x32 Version: 14.0.8117.416)
Windows Live Essentials (x32 Version: 14.0.8117.0416)
Windows Live Essentials (x32 Version: 14.0.8117.416)
Windows Live Mail (x32 Version: 14.0.8117.0416)
Windows Live Movie Maker (x32 Version: 14.0.8117.0416)
Windows Live OneCare safety scanner (x32 Version: 1.0.0.0)
Windows Live OneCare safety scanner (x32)
Windows Live Photo Gallery (x32 Version: 14.0.8117.416)
Windows Live Sign-in Assistant (x32 Version: 5.000.818.5)
Windows Live Sync (x32 Version: 14.0.8117.416)
Windows Live Upload Tool (x32 Version: 14.0.8014.1029)
Windows Live Writer (x32 Version: 14.0.8117.0416)
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8)
WinRAR archiver (x32)
WinX DVD Author 6.2 (x32)
WinX DVD Ripper 5.5.8 (x32)
Xvid 1.2.1 final uninstall (x32 Version: 1.2)
Yahoo! Toolbar (x32)
YouTube Downloader 2.7 (x32)
YouTube Downloader App 2.03 (x32 Version: 2.03)

==================== Restore Points =========================

26-06-2013 16:27:08 Installed Samsung Story Album Viewer
29-06-2013 06:54:27 OTL Restore Point - 6/29/2013 1:54:24 AM
01-07-2013 02:15:08 Installed Java 7 Update 25
03-07-2013 15:36:37 Windows Update
09-07-2013 15:59:24 Windows Update
11-07-2013 05:07:25 Windows Update
11-07-2013 16:53:05 Windows Update
13-07-2013 00:30:16 Removed Dealio Toolbar v7.2.
13-07-2013 00:32:09 Removed Java(TM) 6 Update 14 (64-bit)
13-07-2013 00:34:07 Removed Java(TM) 6 Update 37
13-07-2013 00:36:26 Removed MOTOROLA MEDIA LINK.
13-07-2013 00:39:43 Removed YTD Toolbar v7.2.
13-07-2013 14:37:23 OTL Restore Point - 7/13/2013 9:37:05 AM
14-07-2013 00:20:41 OTL Restore Point - 7/13/2013 7:20:31 PM

==================== Hosts content: ==========================

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {008707D7-A9DA-4327-BFCE-B75E41CE5A8A} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3015314384-3129878688-3584949256-1000Core => C:\Users\Luis Javier\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)
Task: {25ACEA90-51C2-4BDC-A6EE-2C1109E3E09A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-04-01] (Hewlett-Packard Company)
Task: {2B4C3972-7D4E-4647-AC4E-130C3E96CA11} - System32\Tasks\EPUpdater => C:\Users\LUISJA~1\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe No File
Task: {5238F2C3-7D71-4A70-86E5-C27980491209} - System32\Tasks\MotoHelper Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-08-08] ()
Task: {57678ED5-74F0-486C-BB74-76E6E7439F13} - System32\Tasks\MotoHelper Initial Update => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-08-08] ()
Task: {650A16B9-E3BC-43F6-B654-506FFD7636F7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2009-10-22] (Apple Inc.)
Task: {6CC934F6-C435-4C5F-893A-385D5F54B903} - System32\Tasks\SidebarExecute => C:\Program Files (x86)\Windows Sidebar\sidebar.exe [2010-11-20] (Microsoft Corporation)
Task: {6E88CD79-8CB6-43B8-9128-CC1729641297} - System32\Tasks\Driver Fetch => C:\Program Files (x86)\Driver Fetch\2.0.0.0\DriverFetch.exe No File
Task: {8795C842-8A68-4C6E-A84D-B3933AF10A07} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-15] (Google Inc.)
Task: {92BD534F-2017-47CE-B9E3-3E26FB459BCA} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3015314384-3129878688-3584949256-1000UA => C:\Users\Luis Javier\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-11] (Facebook Inc.)
Task: {95CE7F23-1444-4D49-BE79-9FBC64CADEC4} - System32\Tasks\Updater4639.exe => C:\Users\Luis [2012-01-14] ()
Task: {C46B9AF2-7A7D-40DC-9B92-DE629C6575CF} - System32\Tasks\HPCeeScheduleForLuis Javier => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {D0A3DD50-2804-48C4-99E4-1CF55C21711B} - System32\Tasks\MotoHelper Routing => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-08-08] ()
Task: {D75913D9-5F89-49F0-9857-F71DE68E99B8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-15] (Google Inc.)
Task: {DCB37AAC-6112-4377-8D44-27823EAC8949} - System32\Tasks\{51058C59-F64D-4763-B2F4-FC4A9DED40D7} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-04-19] (Skype Technologies S.A.)
Task: {DD876712-CD13-4648-BCB7-A818426AACAF} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {ED137758-5980-4171-8736-2EBB4841CA85} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => C:\program files\windows defender\MpCmdRun.exe [2009-07-13] (Microsoft Corporation)
Task: {F1A54108-65E0-49E0-BBD0-7BF028F66108} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {FADF480A-FC21-4B8D-8817-84BD80A81BE0} - System32\Tasks\MotoHelper MUM => C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-08-08] ()
Task: C:\Windows\Tasks\Driver Fetch.job => C:\Program Files (x86)\Driver Fetch\2.0.0.0\DriverFetch.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3015314384-3129878688-3584949256-1000Core.job => C:\Users\Luis Javier\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3015314384-3129878688-3584949256-1000UA.job => C:\Users\Luis Javier\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForLuis Javier.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Faulty Device Manager Devices =============

Name: Realtek PCIe FE Family Controller
Description: Realtek PCIe FE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8167
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/13/2013 10:31:53 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 17581

Error: (07/13/2013 10:31:53 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 17581

Error: (07/13/2013 10:31:53 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/13/2013 10:31:52 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 16505

Error: (07/13/2013 10:31:52 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 16505

Error: (07/13/2013 10:31:52 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/13/2013 10:31:51 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15491

Error: (07/13/2013 10:31:51 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 15491

Error: (07/13/2013 10:31:51 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/13/2013 10:31:50 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 14477


System errors:
=============
Error: (07/14/2013 11:09:28 AM) (Source: DCOM) (User: )
Description: 1053hpqwmiex{F5539356-2F02-40D4-999E-FA61F45FE12E}

Error: (07/14/2013 11:09:27 AM) (Source: Service Control Manager) (User: )
Description: The HP Software Framework Service service failed to start due to the following error:
%%1053

Error: (07/14/2013 11:09:27 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the HP Software Framework Service service to connect.

Error: (07/13/2013 09:27:19 PM) (Source: Service Control Manager) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.

Error: (07/13/2013 07:20:30 PM) (Source: SAVOnAccess) (User: )
Description: File [...Device\HarddiskVolume2\PROGRA~2\Sophos\SOPHOS~1\WSCClient.exe]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process SAVAdminServic, (start check timestamp [ 1ce8027f272a4a7]).

Error: (07/13/2013 07:20:29 PM) (Source: SAVOnAccess) (User: )
Description: File [...Program Files (x86)\Sophos\Sophos Anti-Virus\ICManagement.dll]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process SAVAdminServic, (start check timestamp [ 1ce8027f26b8087]).

Error: (07/13/2013 07:20:29 PM) (Source: SAVOnAccess) (User: )
Description: File [...rogram Files (x86)\Sophos\Sophos Anti-Virus\SWIManagement.dll]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process swi_service.ex, (start check timestamp [ 1ce8027f266bdc6]).

Error: (07/13/2013 07:20:29 PM) (Source: SAVOnAccess) (User: )
Description: File [...\Device\HarddiskVolume2\Windows\system32\sppwinob.dll]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process sppsvc.exe, (start check timestamp [ 1ce8027f1eaf638]).

Error: (07/13/2013 07:20:29 PM) (Source: SAVOnAccess) (User: )
Description: File [...ogram Files (x86)\Sophos\Sophos Anti-Virus\VirusDetection.dll]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process SAVAdminServic, (start check timestamp [ 1ce8027f2587584]).

Error: (07/13/2013 07:20:29 PM) (Source: SAVOnAccess) (User: )
Description: File [...ram Files (x86)\Sophos\Sophos Anti-Virus\ComponentManager.dll]'s scan succeeded following a timeout/busy condition - it is being logged in case it contributed to that condition. Process SAVAdminServic, (start check timestamp [ 1ce8027f24ef003]).


Microsoft Office Sessions:
=========================
Error: (05/27/2013 07:34:30 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 25 seconds with 0 seconds of active time. This session ended with a crash.

Error: (11/17/2011 02:31:24 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 3377 seconds with 2940 seconds of active time. This session ended with a crash.

Error: (11/17/2011 01:30:58 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 8579 seconds with 6480 seconds of active time. This session ended with a crash.

Error: (11/17/2011 10:45:30 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 2266 seconds with 2220 seconds of active time. This session ended with a crash.

Error: (11/16/2011 00:51:59 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 29 seconds with 0 seconds of active time. This session ended with a crash.

Error: (11/16/2011 00:51:23 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6565.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 25 seconds with 0 seconds of active time. This session ended with a crash.

Error: (04/13/2010 04:58:09 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6500.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 522 seconds with 60 seconds of active time. This session ended with a crash.


CodeIntegrity Errors:
===================================
Date: 2013-03-10 21:09:55.951
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-03-10 21:09:55.535
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-03-10 21:09:52.662
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-03-10 21:09:52.307
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-03-10 21:09:49.351
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-03-10 21:09:49.003
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-03-10 21:09:45.713
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-03-10 21:09:45.304
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-03-10 21:09:42.577
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-03-10 21:09:42.169
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 37%
Total physical RAM: 3999.19 MB
Available physical RAM: 2483.1 MB
Total Pagefile: 7996.57 MB
Available Pagefile: 5989.15 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:285.37 GB) (Free:66.73 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:12.53 GB) (Free:2.09 GB) NTFS (Disk=0 Partition=3) ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 098B9E73)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=285 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13 GB) - (Type=07 NTFS)

==================== End Of Log ============================
javier910
Regular Member
 
Posts: 31
Joined: July 12th, 2013, 12:06 pm

Re: Help with adware!

Unread postby askey127 » July 14th, 2013, 1:03 pm

When you get a chance, is it true that you are seeing these in Chrome?
If you use Firefox, do they still show up?

Looking at those logs.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Help with adware!

Unread postby javier910 » July 14th, 2013, 1:28 pm

Yes, they show up even when I am not browsing the web at all...
javier910
Regular Member
 
Posts: 31
Joined: July 12th, 2013, 12:06 pm

Re: Help with adware!

Unread postby askey127 » July 14th, 2013, 2:57 pm

javier910,
----------------------------------------------
Perform a Custom Fix with OTL
Run OTL (Right click and choose "Run as administrator" in Vista/Win7)
  • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include "Code:select all"):
    Code: Select all
    :Commands
    [CREATERESTOREPOINT]
    
    :OTL
    
    BHO: dymanet: {64c6c7b0-3789-a383-e982-ecc5a035eed3} - C:\Windows\SysWOW64\8b744725-7128-f7f0-dcc2-1f737e976f98.dll
    
    :Files
    C:\Windows\SysWOW64\8b744725-7128-f7f0-dcc2-1f737e976f98.dll
    ipconfig /flushdns /c
    
    :Commands
    [EMPTYTEMP]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, and click to allow the Reboot when it is done.
    When the computer Reboots, and you start your usual account, a Notepad text file will appear.
  • Copy the contents of that file and post it in your next reply.
    That is the FIX log file. It will also be available and named by timestamp here: C:\_OTL\Moved Files\mmddyyyy_hhmmss.log
----------------------------------------------
After posting the Resulting log, Please Rescan as follows:
Open OTL again and click the Quick Scan button. Post the new log it produces, OTL.txt, in a separate reply.
---------------------------------------------
Please download SystemLook from the link below and save it to your Desktop.
Download Mirror #1 (64-bit)[/b]
  • Double-click SystemLook.exe to run it. OK the User Account Control.
  • Copy the content of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *dymanet*
    *windowssystem32.exe*
    
    :folderfind
    *dymanet*
    
    :Regfind
    dymanet
    
    
  • Click the Look button to start the scan.
    Because of the Registry searches, the scan may take 15 minutes or a bit more to run on a large machine. Please be patient.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The results log can also be found on your Desktop, entitled SystemLook.txt

So we will be looking for the FIX log and a new OTL.txt, along with the contents of SystemLook.txt

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Help with adware!

Unread postby javier910 » July 14th, 2013, 5:01 pm

Hello Askey, here are the logs:

FIX

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
========== FILES ==========
C:\Windows\SysWOW64\8b744725-7128-f7f0-dcc2-1f737e976f98.dll moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Luis Javier\Desktop\cmd.bat deleted successfully.
C:\Users\Luis Javier\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Luis Javier
->Temp folder emptied: 94301966 bytes
->Temporary Internet Files folder emptied: 2241271 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 16020222 bytes
->Google Chrome cache emptied: 228131337 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 671 bytes

User: no one
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 109568 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 27937 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 431222 bytes

Total Files Cleaned = 325.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 07142013_152330

Files\Folders moved on Reboot...
C:\Users\Luis Javier\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\SysWow64\~GLH0015.TMP scheduled to be moved on reboot.
File move failed. C:\Windows\temp\Pharos\UpdaterLog.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
javier910
Regular Member
 
Posts: 31
Joined: July 12th, 2013, 12:06 pm

Re: Help with adware!

Unread postby javier910 » July 14th, 2013, 5:02 pm

OTL

OTL logfile created on: 7/14/2013 3:36:53 PM - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Luis Javier\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

3.91 Gb Total Physical Memory | 1.95 Gb Available Physical Memory | 50.05% Memory free
7.81 Gb Paging File | 5.73 Gb Available in Paging File | 73.35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.37 Gb Total Space | 68.21 Gb Free Space | 23.90% Space Free | Partition Type: NTFS
Drive D: | 12.53 Gb Total Space | 2.09 Gb Free Space | 16.70% Space Free | Partition Type: NTFS

Computer Name: LUISJAVIER-PC | User Name: Luis Javier | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Luis Javier\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Luis Javier\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
PRC - C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
PRC - C:\Users\Luis Javier\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
PRC - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe (Sophos Limited)
PRC - C:\Program Files (x86)\tutoriales100_mx_11\tutoriales100_mx_11.exe ()
PRC - C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe (Sophos Limited)
PRC - C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe (Sophos Limited)
PRC - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Limited)
PRC - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Limited)
PRC - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe (Sophos Limited)
PRC - C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe ()
PRC - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe ()
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
PRC - C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe (Pharos Systems International)


========== Modules (No Company Name) ==========

MOD - C:\Users\Luis Javier\AppData\Local\Temp\_MEI34042\pysqlite2._sqlite.pyd ()
MOD - C:\Users\Luis Javier\AppData\Local\Temp\_MEI34042\_elementtree.pyd ()
MOD - C:\Users\Luis Javier\AppData\Local\Temp\_MEI34042\win32api.pyd ()
MOD - C:\Users\Luis Javier\AppData\Local\Temp\_MEI34042\_socket.pyd ()
MOD - C:\Users\Luis Javier\AppData\Local\Temp\_MEI34042\win32ts.pyd ()
MOD - C:\Users\Luis Javier\AppData\Local\Temp\_MEI34042\windows._cacheinvalidation.pyd ()
MOD - C:\Users\Luis Javier\AppData\Local\Temp\_MEI34042\wx._gdi_.pyd ()
MOD - C:\Users\Luis Javier\AppData\Local\Temp\_MEI34042\wx._misc_.pyd ()
MOD - C:\Users\Luis Javier\AppData\Local\Temp\_MEI34042\pythoncom27.dll ()
MOD - C:\Users\Luis Javier\AppData\Local\Temp\_MEI34042\win32com.shell.shell.pyd ()
MOD - C:\Users\Luis Javier\AppData\Local\Temp\_MEI34042\_ctypes.pyd ()
MOD - C:\Users\Luis Javier\AppData\Local\Temp\_MEI34042\wx._html2.pyd ()
MOD - C:\Users\Luis Javier\AppData\Local\Temp\_MEI34042\_multiprocessing.pyd ()
MOD - C:\Users\Luis Javier\AppData\Local\Temp\_MEI34042\win32profile.pyd ()
MOD - C:\Users\Luis Javier\AppData\Local\Temp\_MEI34042\win32crypt.pyd ()
MOD - C:\Users\Luis Javier\AppData\Local\Temp\_MEI34042\wx._core_.pyd ()
MOD - C:\Users\Luis Javier\AppData\Local\Temp\_MEI34042\PyWinTypes27.dll ()
MOD - C:\Users\Luis Javier\AppData\Local\Temp\_MEI34042\win32security.pyd ()
MOD - C:\Users\Luis Javier\AppData\Local\Temp\_MEI34042\_ssl.pyd ()
MOD - C:\Users\Luis Javier\AppData\Local\Temp\_MEI34042\wx._windows_.pyd ()
MOD - C:\Users\Luis Javier\AppData\Local\Temp\_MEI34042\_hashlib.pyd ()
MOD - C:\Users\Luis Javier\AppData\Local\Temp\_MEI34042\win32process.pyd ()
MOD - C:\Users\Luis Javier\AppData\Local\Temp\_MEI34042\win32pdh.pyd ()
MOD - C:\Users\Luis Javier\AppData\Local\Temp\_MEI34042\wx._wizard.pyd ()
MOD - C:\Users\Luis Javier\AppData\Local\Temp\_MEI34042\win32file.pyd ()
MOD - C:\Users\Luis Javier\AppData\Local\Temp\_MEI34042\win32inet.pyd ()
MOD - C:\Users\Luis Javier\AppData\Local\Temp\_MEI34042\wx._controls_.pyd ()
MOD - C:\Users\Luis Javier\AppData\Local\Temp\_MEI34042\unicodedata.pyd ()
MOD - C:\Users\Luis Javier\AppData\Local\Temp\_MEI34042\pyexpat.pyd ()
MOD - C:\Users\Luis Javier\AppData\Local\Temp\_MEI34042\win32event.pyd ()
MOD - C:\Users\Luis Javier\AppData\Local\Temp\_MEI34042\select.pyd ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\8a419cb1ccbeb80d7985b839e7d56369\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\2338d6dfcf2fee97810bb13b5d8b84c3\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\a7a3ebc76a454af37918211506e81e31\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a2920ed81e097f8551231a9350697bbd\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\c8ea295fd4dce110b32c3c4f0e3807b2\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f95e6b6a92e3e28a3b553fe2998dd308\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\fc4a8709f71eba20cc71c7905bba3dee\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\178644ab40108f3becd8b91049a254c3\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\bfa7a95284aec941f4b03bae0debe07c\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\033da6b735d41afaa20309b5e87e2ae0\UIAutomationTypes.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\ef17be93e209cc95b9768c7822530432\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\c25666b99761bc42322bae2e59968df8\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\32066405eb9ab14056b2af3115d2a6de\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\9e24b9ffd816c0c90efc4d3fc9fd745f\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\187c13e8967097d2ed1e5f123e7d890a\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\85f08103502e5ff944cef0bf10e011a5\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\64fc35391d57638930a0b33cf70ad40a\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\ffd7a625cefa32bcea5a2af8394b5b69\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\5d6d3ee0245de707ceb6a61466130f1b\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\18129e9f3b1b5d82dcd1904ac6c471df\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\6e682e0f78f6a2c28be080c8940bebb4\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\75d9bc7426ceb0de95259ba4f0b33de5\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ddab8d958a389e0578db75ff35a5d772\mscorlib.ni.dll ()
MOD - C:\Users\Luis Javier\AppData\Roaming\Dropbox\bin\libcef.dll ()
MOD - C:\Program Files (x86)\tutoriales100_mx_11\tutoriales100_mx_11.exe ()
MOD - C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll ()
MOD - C:\Users\Luis Javier\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll ()
MOD - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (swi_service) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe (Sophos Limited)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Sophos AutoUpdate Service) -- C:\Program Files (x86)\Sophos\AutoUpdate\ALsvc.exe (Sophos Limited)
SRV - (SAVAdminService) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Limited)
SRV - (SAVService) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Limited)
SRV - (swi_update_64) -- C:\ProgramData\Sophos\Web Intelligence\swi_update_64.exe (Sophos Limited)
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (Sophos Web Control Service) -- C:\Program Files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe (Sophos Limited)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (MotoHelper) -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (HsfXAudioService) -- C:\Windows\SysWOW64\XAudio64.dll (Conexant Systems, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (Pharos Systems ComTaskMaster) -- C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe (Pharos Systems International)


========== Driver Services (SafeList) ==========

DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (SAVOnAccess) -- C:\Windows\SysNative\drivers\savonaccess.sys (Sophos Limited)
DRV:64bit: - (sdcfilter) -- C:\Windows\SysNative\drivers\sdcfilter.sys (Sophos Limited)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (SophosBootDriver) -- C:\Windows\SysNative\drivers\SophosBootDriver.sys (Sophos Plc)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (XAudio) -- C:\Windows\SysNative\drivers\XAudio64.sys (Conexant Systems, Inc.)
DRV:64bit: - (HSF_DPV) -- C:\Windows\SysNative\drivers\CAX_DPV.sys (Conexant Systems, Inc.)
DRV:64bit: - (mdmxsdk) -- C:\Windows\SysNative\drivers\mdmxsdk.sys (Conexant)
DRV:64bit: - (winachsf) -- C:\Windows\SysNative\drivers\CAX_CNXT.sys (Conexant Systems, Inc.)
DRV:64bit: - (CAXHWAZL) -- C:\Windows\SysNative\drivers\CAXHWAZL.sys (Conexant Systems, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (IntcHdmiAddService) -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel(R) Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (FsUsbExDisk) -- C:\Windows\SysWOW64\FsUsbExDisk.Sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{C34A1A1D-7C23-4BF0-BA37-9DB4879394B3}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{C34A1A1D-7C23-4BF0-BA37-9DB4879394B3}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{25D357A3-3118-4329-96B3-E9B6F844645B}: "URL" = http://mx.search.yahoo.com/search?fr=ch ... =386496&p={searchTerms}
IE - HKCU\..\SearchScopes\{C34A1A1D-7C23-4BF0-BA37-9DB4879394B3}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ;192.168.*.*

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=386496&ilc=12"
FF - prefs.js..extensions.enabledItems: smartwebprinting@hp.com:4.51
FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:6.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {81df63a1-ec2c-5b84-0e9f-1007a5009873}:4.6.8.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..keyword.URL: "http://mx.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=386496&p="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.17: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.17: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@doubletwist.com/NPPodcast: C:\Program Files (x86)\Common Files\doubleTwist\NPPodcast.dll File not found
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\Luis Javier\AppData\Roaming\Move Networks\plugins\071803000001\npqmp071803000001.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Luis Javier\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/08/21 14:06:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/31 15:26:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.28\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/05/19 13:45:07 | 000,000,000 | ---D | M]

[2012/05/11 19:42:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Luis Javier\AppData\Roaming\Mozilla\Extensions
[2010/10/08 00:16:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Luis Javier\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
[2012/05/11 19:42:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Luis Javier\AppData\Roaming\Mozilla\Extensions\songbird@songbirdnest.com
[2013/07/12 22:12:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Luis Javier\AppData\Roaming\Mozilla\Firefox\Profiles\8ndmvsv6.default\extensions
[2012/10/28 13:29:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/11/16 23:07:43 | 000,000,000 | ---D | M] (z) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{81df63a1-ec2c-5b84-0e9f-1007a5009873}
[2010/08/29 12:50:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/21 13:15:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/02/07 15:08:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/08 17:11:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/08/08 11:07:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) -- C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM
[2009/08/21 14:06:04 | 000,000,000 | ---D | M] (HP Smart Web Printing) -- C:\PROGRAM FILES (X86)\HP\DIGITAL IMAGING\SMART WEB PRINTING\MOZILLAADDON3
[2013/01/31 15:26:08 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazon-en-GB.xml
[2013/01/31 15:26:08 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\chambers-en-GB.xml
[2013/01/31 15:26:08 | 000,000,769 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-en-GB.xml
[2013/01/31 15:26:09 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U4 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files (x86)\Veetle\Player\npvlc.dll
CHR - plugin: Veetle Broadcaster Plugin (Enabled) = C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\Luis Javier\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Move Media Player 7 (Enabled) = C:\Users\Luis Javier\AppData\Roaming\Move Networks\plugins\071803000001\npqmp071803000001.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - Extension: Google Docs = C:\Users\Luis Javier\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Luis Javier\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Luis Javier\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Luis Javier\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Gmail = C:\Users\Luis Javier\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O2 - BHO: (dymanet) - {64c6c7b0-3789-a383-e982-ecc5a035eed3} - C:\Windows\SysWow64\8b744725-7128-f7f0-dcc2-1f737e976f98.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Brdefprn] C:\Program Files (x86)\Brother\BRHL2170\Brdefprn.exe ()
O4 - HKLM..\Run: [BrStsWnd] C:\Program Files (x86)\Brownie\BrstsW64.exe (brother)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Program Files (x86)\Sophos\AutoUpdate\ALMon.exe (Sophos Limited)
O4 - HKLM..\Run: [tutoriales100_mx_11] C:\Program Files (x86)\tutoriales100_mx_11\tutoriales100_mx_11.exe ()
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKCU..\Run: [Facebook Update] C:\Users\Luis Javier\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup File not found
O4 - HKCU..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKCU..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background File not found
O4 - HKCU..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4 - HKCU..\Run: [Spotify] C:\Users\Luis Javier\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Luis Javier\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - Startup: C:\Users\Luis Javier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Luis Javier\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Luis Javier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Herramienta de búsqueda de soportes de PMB.lnk = C:\Program Files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp_64.dll (Sophos Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/produ ... wsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zone.msn.com/binary/So ... b56986.cab (Solitaire Showdown Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20270.www2.hp.com/ediags/gmn2/i ... ction2.cab (GMNRev Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/200 ... ader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 10.4.1)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Me ... b56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinsta ... s-i586.cab (Java Plug-in 1.7.0_25)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.3.77.10 10.3.1.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{54D7BC1F-2D45-41F2-B3F1-00FCF3233219}: DhcpNameServer = 10.3.77.10 10.3.1.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A2B22902-3A30-4E4D-9F12-1B6DB8D88653}: DhcpNameServer = 137.82.27.42 142.103.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~2.DLL) - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured_x64.dll (Sophos Limited)
O20 - AppInit_DLLs: (C:\PROGRA~2\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\Program Files (x86)\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Limited)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/07/14 11:31:43 | 000,000,000 | ---D | C] -- C:\FRST
[2013/07/14 11:31:13 | 001,777,839 | ---- | C] (Farbar) -- C:\Users\Luis Javier\Desktop\FRST64.exe
[2013/07/14 11:16:32 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Luis Javier\Desktop\tdsskiller.exe
[2013/07/13 19:11:37 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\Luis Javier\Desktop\TFC.exe
[2013/07/13 09:36:52 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/07/12 22:16:37 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Luis Javier\Desktop\OTL.exe
[2013/07/12 22:09:40 | 000,000,000 | ---D | C] -- C:\Users\Luis Javier\AppData\Local\eorezo
[2013/07/12 17:02:16 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Luis Javier\Desktop\dds.com
[2013/07/12 00:06:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/07/12 00:06:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/07/12 00:02:59 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Luis Javier\Desktop\mbam-setup-1.75.0.1300.exe
[2013/06/30 21:43:49 | 000,000,000 | --SD | C] -- C:\Users\Luis Javier\Google Drive
[2013/06/30 21:40:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[2013/06/30 21:17:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/06/27 13:58:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/06/26 11:29:47 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump
[2013/06/20 13:25:42 | 000,000,000 | ---D | C] -- C:\Users\Luis Javier\AppData\Local\Spotify
[2013/06/20 13:25:19 | 000,000,000 | ---D | C] -- C:\Users\Luis Javier\AppData\Roaming\Spotify
[9 C:\Users\Luis Javier\Documents\*.tmp files -> C:\Users\Luis Javier\Documents\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\Luis Javier\Desktop\*.tmp files -> C:\Users\Luis Javier\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/07/14 15:38:19 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/14 15:38:19 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/14 15:31:58 | 000,000,290 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2013/07/14 15:31:02 | 000,000,709 | ---- | M] () -- C:\Windows\Brownie.ini
[2013/07/14 15:28:17 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/14 15:27:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/07/14 15:27:45 | 3145,089,024 | -HS- | M] () -- C:\hiberfil.sys
[2013/07/14 15:18:01 | 000,000,952 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3015314384-3129878688-3584949256-1000UA.job
[2013/07/14 15:06:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/14 11:31:19 | 001,777,839 | ---- | M] (Farbar) -- C:\Users\Luis Javier\Desktop\FRST64.exe
[2013/07/14 11:24:08 | 000,277,482 | ---- | M] () -- C:\Users\Luis Javier\Documents\adware3.png
[2013/07/14 11:18:42 | 000,461,605 | ---- | M] () -- C:\Users\Luis Javier\Documents\adware2.png
[2013/07/14 11:16:45 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Luis Javier\Desktop\tdsskiller.exe
[2013/07/14 11:15:48 | 000,462,760 | ---- | M] () -- C:\Users\Luis Javier\Documents\adware1.png
[2013/07/13 21:27:33 | 000,000,930 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3015314384-3129878688-3584949256-1000Core.job
[2013/07/13 19:11:43 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\Luis Javier\Desktop\TFC.exe
[2013/07/13 10:06:57 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/07/12 22:17:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Luis Javier\Desktop\OTL.exe
[2013/07/12 22:06:14 | 000,000,361 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013/07/12 22:02:37 | 000,662,345 | ---- | M] () -- C:\Users\Luis Javier\Desktop\adwcleaner.exe
[2013/07/12 18:22:03 | 000,024,074 | ---- | M] () -- C:\Users\Luis Javier\Desktop\eticket-Mr-CHONGVAZQUEZ-LUIS JAVIER .pdf
[2013/07/12 17:02:29 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Luis Javier\Desktop\dds.com
[2013/07/12 00:05:47 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Luis Javier\Desktop\mbam-setup-1.75.0.1300.exe
[2013/07/11 18:52:20 | 000,435,848 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/07/11 00:36:03 | 000,747,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/07/11 00:36:03 | 000,626,306 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/07/11 00:36:03 | 000,111,098 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/06/30 22:45:25 | 000,233,816 | ---- | M] () -- C:\Users\Luis Javier\Desktop\german placement test.png
[2013/06/30 21:43:51 | 000,001,710 | ---- | M] () -- C:\Users\Luis Javier\Desktop\Google Drive.lnk
[2013/06/30 21:21:10 | 001,635,239 | ---- | M] () -- C:\Users\Luis Javier\Desktop\mvhs.pdf
[2013/06/30 19:08:56 | 000,044,726 | ---- | M] () -- C:\Users\Luis Javier\Desktop\tum acceptance.png
[2013/06/28 10:17:56 | 000,002,283 | ---- | M] () -- C:\Users\Luis Javier\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/06/26 11:29:07 | 000,002,164 | ---- | M] () -- C:\Users\Luis Javier\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Story Album Viewer.lnk
[2013/06/26 11:26:29 | 000,002,006 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
[2013/06/18 15:14:43 | 000,000,000 | ---- | M] () -- C:\Users\Luis Javier\Desktop\9gag.htm
[2013/06/17 18:30:03 | 002,201,400 | ---- | M] () -- C:\Users\Luis Javier\Desktop\llenado visa alemana.pdf
[2013/06/16 11:34:48 | 381,812,060 | R--- | M] () -- C:\Users\Luis Javier\Desktop\The.Walking.Dead.S03E16.REPACK.HDTV.x264-EVOLVE.mp4
[2013/06/15 09:49:05 | 000,000,356 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForLuis Javier.job
[9 C:\Users\Luis Javier\Documents\*.tmp files -> C:\Users\Luis Javier\Documents\*.tmp -> ]
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Users\Luis Javier\Desktop\*.tmp files -> C:\Users\Luis Javier\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/07/14 11:24:08 | 000,277,482 | ---- | C] () -- C:\Users\Luis Javier\Documents\adware3.png
[2013/07/14 11:18:41 | 000,461,605 | ---- | C] () -- C:\Users\Luis Javier\Documents\adware2.png
[2013/07/14 11:15:48 | 000,462,760 | ---- | C] () -- C:\Users\Luis Javier\Documents\adware1.png
[2013/07/12 22:05:05 | 000,000,361 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013/07/12 22:02:24 | 000,662,345 | ---- | C] () -- C:\Users\Luis Javier\Desktop\adwcleaner.exe
[2013/07/12 18:22:02 | 000,024,074 | ---- | C] () -- C:\Users\Luis Javier\Desktop\eticket-Mr-CHONGVAZQUEZ-LUIS JAVIER .pdf
[2013/06/30 22:45:24 | 000,233,816 | ---- | C] () -- C:\Users\Luis Javier\Desktop\german placement test.png
[2013/06/30 21:43:51 | 000,001,710 | ---- | C] () -- C:\Users\Luis Javier\Desktop\Google Drive.lnk
[2013/06/30 21:21:09 | 001,635,239 | ---- | C] () -- C:\Users\Luis Javier\Desktop\mvhs.pdf
[2013/06/30 19:08:56 | 000,044,726 | ---- | C] () -- C:\Users\Luis Javier\Desktop\tum acceptance.png
[2013/06/27 13:58:18 | 000,002,283 | ---- | C] () -- C:\Users\Luis Javier\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/06/27 13:58:18 | 000,002,183 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013/06/26 11:29:07 | 000,002,164 | ---- | C] () -- C:\Users\Luis Javier\Application Data\Microsoft\Internet Explorer\Quick Launch\Samsung Story Album Viewer.lnk
[2013/06/20 13:25:40 | 000,001,826 | ---- | C] () -- C:\Users\Luis Javier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
[2013/06/18 15:14:42 | 000,000,000 | ---- | C] () -- C:\Users\Luis Javier\Desktop\9gag.htm
[2013/06/17 18:30:00 | 002,201,400 | ---- | C] () -- C:\Users\Luis Javier\Desktop\llenado visa alemana.pdf
[2013/06/16 11:22:45 | 381,812,060 | R--- | C] () -- C:\Users\Luis Javier\Desktop\The.Walking.Dead.S03E16.REPACK.HDTV.x264-EVOLVE.mp4
[2013/06/16 11:22:10 | 000,020,794 | ---- | C] () -- C:\Users\Luis Javier\Desktop\The.Walking.Dead.S03E16.REPACK.HDTV.x264-EVOLVE.ESP.wWw.SubsTeam.Net.srt
[2013/05/19 13:38:50 | 000,000,144 | ---- | C] () -- C:\Windows\wininit.ini
[2013/03/10 22:08:05 | 000,110,592 | ---- | C] () -- C:\Windows\SysWow64\FsUsbExDevice.Dll
[2013/03/10 22:08:05 | 000,037,344 | ---- | C] () -- C:\Windows\SysWow64\FsUsbExDisk.Sys
[2012/12/18 11:06:10 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012/12/18 11:06:06 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012/12/18 11:06:06 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012/12/18 11:06:06 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012/12/18 11:06:06 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012/10/03 17:41:53 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011/10/25 22:53:18 | 000,001,492 | ---- | C] () -- C:\ProgramData\ss.ini
[2011/02/11 13:49:46 | 000,001,854 | ---- | C] () -- C:\Users\Luis Javier\AppData\Roaming\GhostObjGAFix.xml
[2010/11/05 10:53:17 | 000,003,584 | ---- | C] () -- C:\Users\Luis Javier\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/26 20:53:33 | 000,000,036 | ---- | C] () -- C:\Users\Luis Javier\AppData\Local\housecall.guid.cache
[2010/01/03 00:39:52 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/11/17 08:39:56 | 000,000,290 | ---- | C] () -- C:\ProgramData\hpqp.ini

========== ZeroAccess Check ==========

[2010/08/07 18:18:11 | 000,000,544 | ---- | M] () -- C:\$Recycle.bin\S-1-5-21-3015314384-3129878688-3584949256-1000\$INPTO0B.u
[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/27 00:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 23:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 20:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2010/11/21 04:08:03 | 000,000,000 | ---D | M] -- C:\Users\Luis Javier\AppData\Roaming\AVG10
[2012/07/03 21:32:24 | 000,000,000 | ---D | M] -- C:\Users\Luis Javier\AppData\Roaming\DAEMON Tools Lite
[2011/03/18 13:02:57 | 000,000,000 | ---D | M] -- C:\Users\Luis Javier\AppData\Roaming\DBDesigner4
[2011/03/08 18:47:43 | 000,000,000 | ---D | M] -- C:\Users\Luis Javier\AppData\Roaming\deluge
[2012/10/03 19:53:44 | 000,000,000 | ---D | M] -- C:\Users\Luis Javier\AppData\Roaming\Digiarty
[2013/07/14 15:32:44 | 000,000,000 | ---D | M] -- C:\Users\Luis Javier\AppData\Roaming\Dropbox
[2011/03/15 22:59:53 | 000,000,000 | ---D | M] -- C:\Users\Luis Javier\AppData\Roaming\HeidiSQL
[2010/05/08 15:36:54 | 000,000,000 | ---D | M] -- C:\Users\Luis Javier\AppData\Roaming\iPodtoComputer
[2011/03/18 13:14:42 | 000,000,000 | ---D | M] -- C:\Users\Luis Javier\AppData\Roaming\MySQL
[2011/03/09 20:54:55 | 000,000,000 | ---D | M] -- C:\Users\Luis Javier\AppData\Roaming\Quantitative Micro Software
[2010/05/29 18:54:33 | 000,000,000 | ---D | M] -- C:\Users\Luis Javier\AppData\Roaming\Red Kawa
[2011/02/18 14:54:23 | 000,000,000 | ---D | M] -- C:\Users\Luis Javier\AppData\Roaming\Regensoft
[2013/03/02 18:07:20 | 000,000,000 | ---D | M] -- C:\Users\Luis Javier\AppData\Roaming\Samsung
[2010/01/19 21:26:21 | 000,000,000 | ---D | M] -- C:\Users\Luis Javier\AppData\Roaming\Softland
[2012/05/11 19:42:27 | 000,000,000 | ---D | M] -- C:\Users\Luis Javier\AppData\Roaming\Songbird2
[2013/07/14 15:31:27 | 000,000,000 | ---D | M] -- C:\Users\Luis Javier\AppData\Roaming\Spotify
[2010/01/11 00:12:31 | 000,000,000 | ---D | M] -- C:\Users\Luis Javier\AppData\Roaming\Stata10
[2010/01/19 22:56:41 | 000,000,000 | ---D | M] -- C:\Users\Luis Javier\AppData\Roaming\UDC Profiles
[2010/01/15 20:07:36 | 000,000,000 | ---D | M] -- C:\Users\Luis Javier\AppData\Roaming\VOWSoft
[2012/04/29 20:02:25 | 000,000,000 | ---D | M] -- C:\Users\Luis Javier\AppData\Roaming\WindSolutions

========== Purity Check ==========



< End of report >
javier910
Regular Member
 
Posts: 31
Joined: July 12th, 2013, 12:06 pm

Re: Help with adware!

Unread postby javier910 » July 14th, 2013, 5:02 pm

Systemlook

SystemLook 04.09.10 by jpshortstuff
Log created at 15:58 on 14/07/2013 by Luis Javier
Administrator - Elevation successful

========== filefind ==========

Searching for "*dymanet*"
No files found.

Searching for "*windowssystem32.exe*"
No files found.

========== folderfind ==========

Searching for "*dymanet*"
No folders found.

========== Regfind ==========

Searching for "dymanet"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{64c6c7b0-3789-a383-e982-ecc5a035eed3}]
@="dymanet"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\DymanetA_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\DymanetA_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\c2f6ab11-d54d-ddbc-3efc-5692dc13cafe]
"DisplayName"="Contextual Tracker Dymanet"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{64c6c7b0-3789-a383-e982-ecc5a035eed3}]
@="dymanet"

-= EOF =-
javier910
Regular Member
 
Posts: 31
Joined: July 12th, 2013, 12:06 pm

Re: Help with adware!

Unread postby askey127 » July 14th, 2013, 6:48 pm

javier910,
----------------------------------------------
Perform a Custom Fix with OTL
Run OTL (Right click and choose "Run as administrator" in Vista/Win7)
  • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include the word "Code"):
    Code: Select all
    :Commands
    [CREATERESTOREPOINT]
    
    :Reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{64c6c7b0-3789-a383-e982-ecc5a035eed3}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\DymanetA_RASAPI32]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\DymanetA_RASMANCS]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\c2f6ab11-d54d-ddbc-3efc-5692dc13cafe]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{64c6c7b0-3789-a383-e982-ecc5a035eed3}]
    
    :commands
    [Reboot]
    
  • Then click the Run Fix button at the top.
    When the computer Reboots, and you start your usual account, a Notepad text file will appear.
  • Copy the contents of that file and post it in your next reply.
    That is the FIX log file. It will also be available and named by timestamp here: C:\_OTL\Moved Files\mmddyyyy_hhmmss.log

Let me know how the machine behaves now.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Help with adware!

Unread postby javier910 » July 14th, 2013, 9:39 pm

Hi askey127

I did the FIX and rebooted the computer but didn't get the FIX log as usual. Unfortunately, I am still getting the ads.
javier910
Regular Member
 
Posts: 31
Joined: July 12th, 2013, 12:06 pm

Re: Help with adware!

Unread postby askey127 » July 15th, 2013, 7:33 am

javier910,
Please try to re-run the OTL fix again and see whether you can get a log at reboot.

-----------------------------------------------------------
Download and Run ComboFix
IMPORTANT NOTE: ComboFix is a VERY POWERFUL tool. DO NOT use it without guidance.
ComboFix uses very forceful tactics to remove malware from your system. Your antivirus software may warn you about the file.
You will need to disable all your antivirus software BEFORE running ComboFix.
.
  • Download ComboFix from here
  • Rename it while saving the download as zzz.exe and save it to your Desktop. Do not try to rename it after it has been saved to your desktop, or an infection may prevent you from using it.
    **Note: It is important that it is saved directly to your desktop and run from the desktop, not from any other folder on your computer**
  • DISABLE SOPHOS ANTIVIRUS
    Right-click on the blue Sophos shield in your System Tray (near your clock in the lower right hand corner of your desktop), then click Open Sophos Anti-Virus.
    When the Sophos Anti-Virus window opens, click Configure Sophos Anti-Virus.
    Under the Configure section, click On-access scanning.
    Un-check the checkbox next to Enable on-access scanning for this computer.
    Click OK, then close the Sophos Anti-Virus window.
  • Now start ComboFix (zzz.exe). Right click and choose "Run as administrator".
  • OK any disclaimers and start the Scan.
  • Do not touch the computer AT ALL while ComboFix is running.
  • It will run through about 50 tasks, and take a while to assemble the report.
    When finished, the report will open. Post the log in your next reply, and then Reenable Sophos
A copy of the log will be located here if you need it-> C:\ComboFix.txt
If you cannot connect to the internet after running ComboFix, unplug the cable you use to connect to the internet and plug it back in.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Help with adware!

Unread postby javier910 » July 15th, 2013, 4:52 pm

Hello askey,

I ran the OTL fix again, and didn't get any log whatsoever. Afterwards, I ran the Combofix, and here is the resulting log:

ComboFix 13-07-15.01 - Luis Javier 15/07/2013 15:13:00.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.3999.1774 [GMT -5:00]
Running from: c:\users\Luis Javier\Desktop\zzz.exe
AV: Sophos Anti-Virus *Disabled/Updated* {65FBD860-96D8-75EF-C7ED-7BE27E6C498A}
SP: Sophos Anti-Virus *Disabled/Updated* {DE9A3984-B0E2-7A61-FD5D-409005EB0337}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\SavingsApp
c:\program files (x86)\SavingsApp\SavingsApp-bg.exe
c:\program files (x86)\SavingsApp\SavingsApp.exe
c:\program files (x86)\SavingsApp\SavingsApp.ico
c:\program files (x86)\SavingsApp\SavingsApp.ini
c:\program files (x86)\SavingsApp\SavingsAppInstaller.log
c:\program files (x86)\SavingsApp\Uninstall.exe
c:\users\Luis Javier\AppData\Local\EoRezo
c:\users\Luis Javier\AppData\Local\EoRezo\eorezo\1.10\eorezo.cyl
c:\users\Luis Javier\AppData\Local\Temp\_MEI28922\_ctypes.pyd
c:\users\Luis Javier\AppData\Local\Temp\_MEI28922\_elementtree.pyd
c:\users\Luis Javier\AppData\Local\Temp\_MEI28922\_hashlib.pyd
c:\users\Luis Javier\AppData\Local\Temp\_MEI28922\_multiprocessing.pyd
c:\users\Luis Javier\AppData\Local\Temp\_MEI28922\_socket.pyd
c:\users\Luis Javier\AppData\Local\Temp\_MEI28922\_ssl.pyd
c:\users\Luis Javier\AppData\Local\Temp\_MEI28922\pyexpat.pyd
c:\users\Luis Javier\AppData\Local\Temp\_MEI28922\pysqlite2._sqlite.pyd
c:\users\Luis Javier\AppData\Local\Temp\_MEI28922\python27.dll
c:\users\Luis Javier\AppData\Local\Temp\_MEI28922\pythoncom27.dll
c:\users\Luis Javier\AppData\Local\Temp\_MEI28922\PyWinTypes27.dll
c:\users\Luis Javier\AppData\Local\Temp\_MEI28922\select.pyd
c:\users\Luis Javier\AppData\Local\Temp\_MEI28922\unicodedata.pyd
c:\users\Luis Javier\AppData\Local\Temp\_MEI28922\win32api.pyd
c:\users\Luis Javier\AppData\Local\Temp\_MEI28922\win32com.shell.shell.pyd
c:\users\Luis Javier\AppData\Local\Temp\_MEI28922\win32crypt.pyd
c:\users\Luis Javier\AppData\Local\Temp\_MEI28922\win32event.pyd
c:\users\Luis Javier\AppData\Local\Temp\_MEI28922\win32file.pyd
c:\users\Luis Javier\AppData\Local\Temp\_MEI28922\win32inet.pyd
c:\users\Luis Javier\AppData\Local\Temp\_MEI28922\win32pdh.pyd
c:\users\Luis Javier\AppData\Local\Temp\_MEI28922\win32process.pyd
c:\users\Luis Javier\AppData\Local\Temp\_MEI28922\win32profile.pyd
c:\users\Luis Javier\AppData\Local\Temp\_MEI28922\win32security.pyd
c:\users\Luis Javier\AppData\Local\Temp\_MEI28922\win32ts.pyd
c:\users\Luis Javier\AppData\Local\Temp\_MEI28922\windows._cacheinvalidation.pyd
c:\users\Luis Javier\AppData\Local\Temp\_MEI28922\wx._controls_.pyd
c:\users\Luis Javier\AppData\Local\Temp\_MEI28922\wx._core_.pyd
c:\users\Luis Javier\AppData\Local\Temp\_MEI28922\wx._gdi_.pyd
c:\users\Luis Javier\AppData\Local\Temp\_MEI28922\wx._html2.pyd
c:\users\Luis Javier\AppData\Local\Temp\_MEI28922\wx._misc_.pyd
c:\users\Luis Javier\AppData\Local\Temp\_MEI28922\wx._windows_.pyd
c:\users\Luis Javier\AppData\Local\Temp\_MEI28922\wx._wizard.pyd
c:\users\Luis Javier\AppData\Local\Temp\_MEI28922\wxbase294u_net_vc90.dll
c:\users\Luis Javier\AppData\Local\Temp\_MEI28922\wxbase294u_vc90.dll
c:\users\Luis Javier\AppData\Local\Temp\_MEI28922\wxmsw294u_adv_vc90.dll
c:\users\Luis Javier\AppData\Local\Temp\_MEI28922\wxmsw294u_core_vc90.dll
c:\users\Luis Javier\AppData\Local\Temp\_MEI28922\wxmsw294u_html_vc90.dll
c:\users\Luis Javier\AppData\Local\Temp\_MEI28922\wxmsw294u_webview_vc90.dll
c:\users\Luis Javier\Documents\~WRL0003.tmp
c:\users\Luis Javier\Documents\~WRL0004.tmp
c:\users\Luis Javier\Documents\~WRL0005.tmp
c:\users\Luis Javier\Documents\~WRL0006.tmp
c:\users\Luis Javier\Documents\~WRL0007.tmp
c:\users\Luis Javier\Documents\~WRL0008.tmp
c:\users\Luis Javier\Documents\~WRL1079.tmp
c:\users\Luis Javier\Documents\~WRL1715.tmp
c:\users\Luis Javier\Documents\~WRL1912.tmp
c:\users\LUISJA~1\AppData\Local\Temp\_MEI28922\_ctypes.pyd
c:\users\LUISJA~1\AppData\Local\Temp\_MEI28922\_elementtree.pyd
c:\users\LUISJA~1\AppData\Local\Temp\_MEI28922\_hashlib.pyd
c:\users\LUISJA~1\AppData\Local\Temp\_MEI28922\_multiprocessing.pyd
c:\users\LUISJA~1\AppData\Local\Temp\_MEI28922\_socket.pyd
c:\users\LUISJA~1\AppData\Local\Temp\_MEI28922\_ssl.pyd
c:\users\LUISJA~1\AppData\Local\Temp\_MEI28922\pyexpat.pyd
c:\users\LUISJA~1\AppData\Local\Temp\_MEI28922\pysqlite2._sqlite.pyd
c:\users\LUISJA~1\AppData\Local\Temp\_MEI28922\python27.dll
c:\users\LUISJA~1\AppData\Local\Temp\_MEI28922\pythoncom27.dll
c:\users\LUISJA~1\AppData\Local\Temp\_MEI28922\PyWinTypes27.dll
c:\users\LUISJA~1\AppData\Local\Temp\_MEI28922\select.pyd
c:\users\LUISJA~1\AppData\Local\Temp\_MEI28922\unicodedata.pyd
c:\users\LUISJA~1\AppData\Local\Temp\_MEI28922\win32api.pyd
c:\users\LUISJA~1\AppData\Local\Temp\_MEI28922\win32com.shell.shell.pyd
c:\users\LUISJA~1\AppData\Local\Temp\_MEI28922\win32crypt.pyd
c:\users\LUISJA~1\AppData\Local\Temp\_MEI28922\win32event.pyd
c:\users\LUISJA~1\AppData\Local\Temp\_MEI28922\win32file.pyd
c:\users\LUISJA~1\AppData\Local\Temp\_MEI28922\win32inet.pyd
c:\users\LUISJA~1\AppData\Local\Temp\_MEI28922\win32pdh.pyd
c:\users\LUISJA~1\AppData\Local\Temp\_MEI28922\win32process.pyd
c:\users\LUISJA~1\AppData\Local\Temp\_MEI28922\win32profile.pyd
c:\users\LUISJA~1\AppData\Local\Temp\_MEI28922\win32security.pyd
c:\users\LUISJA~1\AppData\Local\Temp\_MEI28922\win32ts.pyd
c:\users\LUISJA~1\AppData\Local\Temp\_MEI28922\windows._cacheinvalidation.pyd
c:\users\LUISJA~1\AppData\Local\Temp\_MEI28922\wx._controls_.pyd
c:\users\LUISJA~1\AppData\Local\Temp\_MEI28922\wx._core_.pyd
c:\users\LUISJA~1\AppData\Local\Temp\_MEI28922\wx._gdi_.pyd
c:\users\LUISJA~1\AppData\Local\Temp\_MEI28922\wx._html2.pyd
c:\users\LUISJA~1\AppData\Local\Temp\_MEI28922\wx._misc_.pyd
c:\users\LUISJA~1\AppData\Local\Temp\_MEI28922\wx._windows_.pyd
c:\users\LUISJA~1\AppData\Local\Temp\_MEI28922\wx._wizard.pyd
c:\users\LUISJA~1\AppData\Local\Temp\_MEI28922\wxbase294u_net_vc90.dll
c:\users\LUISJA~1\AppData\Local\Temp\_MEI28922\wxbase294u_vc90.dll
c:\users\LUISJA~1\AppData\Local\Temp\_MEI28922\wxmsw294u_adv_vc90.dll
c:\users\LUISJA~1\AppData\Local\Temp\_MEI28922\wxmsw294u_core_vc90.dll
c:\users\LUISJA~1\AppData\Local\Temp\_MEI28922\wxmsw294u_html_vc90.dll
c:\users\LUISJA~1\AppData\Local\Temp\_MEI28922\wxmsw294u_webview_vc90.dll
c:\windows\$xntuninstall643$
c:\windows\$xntuninstall643$\zrpt.xml
c:\windows\SysWow64\~GLH0015.TMP
.
.
((((((((((((((((((((((((( Files Created from 2013-06-15 to 2013-07-15 )))))))))))))))))))))))))))))))
.
.
2013-07-15 20:26 . 2013-07-15 20:26 -------- d-----w- c:\users\no one\AppData\Local\temp
2013-07-14 16:31 . 2013-07-14 16:31 -------- d-----w- C:\FRST
2013-07-13 14:36 . 2013-07-13 14:36 -------- d-----w- C:\_OTL
2013-07-13 03:05 . 2013-07-13 03:06 361 ----a-w- c:\windows\DeleteOnReboot.bat
2013-07-12 15:36 . 2013-06-12 03:08 9552976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{872E0589-E1DB-479C-8B36-84B523329941}\mpengine.dll
2013-07-11 05:18 . 2013-06-05 03:34 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-07-11 05:17 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-07-11 05:17 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-07-01 02:43 . 2013-07-15 19:15 -------- d-s---w- c:\users\Luis Javier\Google Drive
2013-07-01 02:17 . 2013-07-01 02:17 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-07-01 02:17 . 2013-07-01 02:17 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-25 14:57 . 2013-04-17 06:24 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-06-25 14:57 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2013-06-20 18:25 . 2013-07-15 19:58 -------- d-----w- c:\users\Luis Javier\AppData\Roaming\Spotify
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-04 14:15 . 2013-06-04 14:15 103448 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2013-06-04 14:15 . 2013-06-04 14:15 203672 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2013-05-19 17:27 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2013-05-19 17:27 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2013-05-17 06:14 . 2013-06-12 22:18 1188864 ----a-w- c:\windows\system32\wininet.dll
2013-05-17 06:13 . 2013-06-12 22:18 1492992 ----a-w- c:\windows\system32\urlmon.dll
2013-05-17 06:13 . 2013-06-12 22:18 134144 ----a-w- c:\windows\system32\url.dll
2013-05-17 06:10 . 2013-06-12 22:18 9061376 ----a-w- c:\windows\system32\mshtml.dll
2013-05-17 06:10 . 2013-06-12 22:18 97792 ----a-w- c:\windows\system32\mshtmled.dll
2013-05-17 06:10 . 2013-06-12 22:18 735232 ----a-w- c:\windows\system32\msfeeds.dll
2013-05-17 06:09 . 2013-06-12 22:18 64512 ----a-w- c:\windows\system32\jsproxy.dll
2013-05-17 06:09 . 2013-06-12 22:18 2458112 ----a-w- c:\windows\system32\iertutil.dll
2013-05-17 06:09 . 2013-06-12 22:18 247808 ----a-w- c:\windows\system32\ieui.dll
2013-05-17 06:09 . 2013-06-12 22:18 12294656 ----a-w- c:\windows\system32\ieframe.dll
2013-05-16 18:21 . 2013-06-12 22:18 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2013-05-16 17:10 . 2013-06-12 22:18 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2013-05-16 16:44 . 2013-06-12 22:18 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-05-13 05:51 . 2013-06-12 22:17 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-05-13 05:51 . 2013-06-12 22:17 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-05-13 05:51 . 2013-06-12 22:17 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-05-13 05:50 . 2013-06-12 22:17 52224 ----a-w- c:\windows\system32\certenc.dll
2013-05-13 04:45 . 2013-06-12 22:17 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-05-13 04:45 . 2013-06-12 22:17 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-05-13 04:45 . 2013-06-12 22:17 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-05-13 03:43 . 2013-06-12 22:17 1192448 ----a-w- c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-12 22:17 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2013-05-13 03:08 . 2013-06-12 22:17 43008 ----a-w- c:\windows\SysWow64\certenc.dll
2013-05-10 05:49 . 2013-06-12 22:17 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-05-10 03:20 . 2013-06-12 22:17 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-05-08 06:39 . 2013-06-12 22:18 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-05-02 07:06 . 2010-12-09 05:15 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-26 05:51 . 2013-06-12 22:17 751104 ----a-w- c:\windows\system32\win32spl.dll
2013-04-26 04:55 . 2013-06-12 22:17 492544 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-04-25 23:30 . 2013-06-12 22:15 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Luis Javier\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Luis Javier\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Luis Javier\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-02-22 2363392]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-07-06 307768]
"Facebook Update"="c:\users\Luis Javier\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2013-05-23 1561968]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-04-19 18678376]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-06-07 19676256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QPService"="c:\program files (x86)\HP\QuickPlay\QPService.exe" [2009-06-24 468264]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-18 218408]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 323640]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-03-23 500792]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"BrStsWnd"="c:\program files (x86)\Brownie\BrstsW64.exe" [2009-08-19 3695928]
"Sophos AutoUpdate Monitor"="c:\program files (x86)\Sophos\AutoUpdate\almon.exe" [2013-02-13 929272]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"Brdefprn"="c:\program files (x86)\Brother\BRHL2170\Brdefprn.exe" [2010-07-29 45056]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2013-05-23 311152]
"tutoriales100_mx_11"="c:\program files (x86)\tutoriales100_mx_11\tutoriales100_mx_11.exe" [2013-02-27 3960680]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
.
c:\users\Luis Javier\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Luis Javier\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-24 27776968]
Herramienta de búsqueda de soportes de PMB.lnk - c:\program files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe /noballoononstart [2010-1-3 327680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-22 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~2\Sophos\SOPHOS~1\sophos_detoured.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 swi_update_64;Sophos Web Intelligence Update;c:\programdata\Sophos\Web Intelligence\swi_update_64.exe;c:\programdata\Sophos\Web Intelligence\swi_update_64.exe [x]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\SysWOW64\FsUsbExDisk.SYS;c:\windows\SysWOW64\FsUsbExDisk.SYS [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys;c:\windows\SYSNATIVE\DRIVERS\Rts516xIR.sys [x]
R3 sdcfilter;sdcfilter;c:\windows\system32\DRIVERS\sdcfilter.sys;c:\windows\SYSNATIVE\DRIVERS\sdcfilter.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
R4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys;c:\windows\SYSNATIVE\DRIVERS\SophosBootDriver.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 SAVOnAccess;SAVOnAccess;c:\windows\system32\DRIVERS\savonaccess.sys;c:\windows\SYSNATIVE\DRIVERS\savonaccess.sys [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe;c:\program files (x86)\Sophos\Sophos Anti-Virus\SAVAdminService.exe [x]
S2 SAVService;Sophos Anti-Virus;c:\program files (x86)\Sophos\Sophos Anti-Virus\SavService.exe;c:\program files (x86)\Sophos\Sophos Anti-Virus\SavService.exe [x]
S2 Sophos Web Control Service;Sophos Web Control Service;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [x]
S2 swi_service;Sophos Web Intelligence Service;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe;c:\program files (x86)\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [x]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys;c:\windows\SYSNATIVE\DRIVERS\CAXHWAZL.sys [x]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys;c:\windows\SYSNATIVE\drivers\IntcHdmi.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-02-22 18:38 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-13 15:06 1173456 ----a-w- c:\program files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-07-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3015314384-3129878688-3584949256-1000Core.job
- c:\users\Luis Javier\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-01 02:13]
.
2013-07-15 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3015314384-3129878688-3584949256-1000UA.job
- c:\users\Luis Javier\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-01 02:13]
.
2013-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-16 00:25]
.
2013-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-16 00:25]
.
2013-07-15 c:\windows\Tasks\HPCeeScheduleForLuis Javier.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 04:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Luis Javier\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Luis Javier\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Luis Javier\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Luis Javier\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-06-07 04:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-07 04:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-06-07 04:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-06-07 04:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-06-07 04:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2009-07-14 495104]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\progra~2\Sophos\SOPHOS~1\sophos_detoured_x64.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyOverride = ;192.168.*.*
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\programdata\Sophos\Web Intelligence\swi_ifslsp.dll
TCP: DhcpNameServer = 10.3.77.10 10.3.1.100
FF - ProfilePath - c:\users\Luis Javier\AppData\Roaming\Mozilla\Firefox\Profiles\8ndmvsv6.default\
FF - prefs.js: keyword.URL - hxxp://mx.search.yahoo.com/search?fr=gr ... =386496&p=
FF - Ext: z: {81df63a1-ec2c-5b84-0e9f-1007a5009873} - c:\program files (x86)\Mozilla Firefox\extensions\{81df63a1-ec2c-5b84-0e9f-1007a5009873}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{64c6c7b0-3789-a383-e982-ecc5a035eed3} - (no file)
Wow6432Node-HKCU-Run-HPADVISOR - c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
Wow6432Node-HKCU-Run-KiesAirMessage - c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{501451DE-5808-4599-B544-8BD0915B6B24}_is1 - c:\program files (x86)\FreeRIP3\unins000.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
AddRemove-Octoshape add-in for Adobe Flash Player - c:\users\Luis Javier\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\progra~2\PHAROS~1\Core\CTskMstr.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Sophos\AutoUpdate\ALsvc.exe
.
**************************************************************************
.
Completion time: 2013-07-15 15:43:38 - machine was rebooted
ComboFix-quarantined-files.txt 2013-07-15 20:43
.
Pre-Run: 69,067,845,632 bytes free
Post-Run: 68,473,704,448 bytes free
.
- - End Of File - - 9538527D6AFD5B166A5340538176F777
D795EC05D8255BE48898B067F9E2F347
javier910
Regular Member
 
Posts: 31
Joined: July 12th, 2013, 12:06 pm

Re: Help with adware!

Unread postby askey127 » July 15th, 2013, 6:49 pm

javier910,
Exactly who is providing your Internet connection right now?
Are you running from a router?
Is anyone else on the same router?
-----------------------------------------------------------
Create a batch file
  1. Open Notepad.
  2. Copy/paste the following text into the empty Notepad window.
    Code: Select all
    @echo off
    Nslookup www.malwarebytes.org >> results.txt
    Nslookup www.google.com >> results.txt
    Nslookup www.google.co.uk  >> results.txt
    start notepad results.txt
    Del %0
    
  3. Save the file as xxx.bat on your desktop. Save it with the file type... all types *.*.
  4. Double click the file xxx.bat to execute.

results.txt should open in Notepad automatically when the script has complete, post the contents of this file in your next response.

---------------------------------------------
Run CKScanner
Download CKScanner from HERE
Important - Save it to your desktop.
Right-Click CKScanner.exe, choose Run as administrator and click Search For Files.
After a couple minutes or less, when some text appears in the box, click Save List To File.
A message box will verify the file saved. It is important that you run the program just once..
Double-click the CKFiles.txt icon on your desktop, give permission if asked, and copy/paste the contents in your next reply.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Help with adware!

Unread postby javier910 » July 15th, 2013, 8:17 pm

Hello askey,

My company is Cablevision, which is a company that provides TV, phone and Internet services. Yes, I'm connected from a router and so are some other members of my family. The ads seem to have stopped since I ran Combofix...

Here are the logs:

Results:
Server: UnKnown
Address: 10.3.77.10

Name: gs1.wac.v2cdn.net
Address: 72.21.91.19
Aliases: www.malwarebytes.org
wac.1D00.edgecastcdn.net

Server: UnKnown
Address: 10.3.77.10

Name: www.google.com
Addresses: 2607:f8b0:4000:801::1014
74.125.227.144
74.125.227.146
74.125.227.145
74.125.227.148
74.125.227.147

Server: UnKnown
Address: 10.3.77.10

Name: www.google.co.uk
Addresses: 2607:f8b0:4000:801::101f
74.125.227.152
74.125.227.151
74.125.227.159
javier910
Regular Member
 
Posts: 31
Joined: July 12th, 2013, 12:06 pm
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 105 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware