[Render]

Can you browse with Firefox?

[Advertisements]

Always had. Internet Explorer is uninstalled from my PC. The 127.0.0.1 proxy change on FF was just a 1-minute incident. [bleep] malware didnt beat me.

[Daniel Tasayco]

Always had. Internet Explorer is uninstalled from my PC. The 127.0.0.1 proxy change on FF was just a 1-minute incident. [bleep] malware didnt beat me.

[Render]

We should proceed with general antimalware scan which can take quite a long time so please be patient.

Download Virus Removal Tool (VRT) from Here to your desktop
(You have to enter your e-mail address and click on Submit Form button. Please download latest English version of this tool)

Run the programme you have just downloaded to your desktop (it will be randomly named )

First we will run a virus scan

Click the cog in the upper right



Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan
(Please be patient as this scan can take a few hours)


Allow VRT to delete all infections found
Once it has finished select report tab (last tab)
Select Detected threads report from the left and press Save button
Save it to your desktop and attach to your next post


Now the Analysis

Rerun VRT and select the Manual Disinfection tab and press Start Gathering System Information



On completion click the link to locate the zip file to upload and attach to your next post

[Daniel Tasayco]

Status: Detected (events: 1)
01/01/2012 06:18:03 Detected virus Virus.Win32.Suspic.gen G:\System Volume Information\_restore{B37924F3-B57D-440A-A342-926C65052E71}\RP3\A0000053.exe High

Man, I think the whole infection is now gone -some latent remnants maybe-. Just found out that those blue screens I mentioned are very common on certain specific game.

Edited by Daniel Tasayco, 01 January 2012 - 03:51 PM.

[Daniel Tasayco]

 avptool_sysinfo.zip   17.41KB   85 downloads

[Render]

Please do a Quick OTL scan and post the log.

[Daniel Tasayco]

OTL logfile created on: 02/01/2012 19:38:08 - Run 5
OTL by OldTimer - Version 3.2.31.0 Folder = G:\Instaladores\Portatiles
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 0000280A | Country: Perú | Language: ESR | Date Format: dd/MM/yyyy

2,98 Gb Total Physical Memory | 1,74 Gb Available Physical Memory | 58,53% Memory free
5,96 Gb Paging File | 4,37 Gb Available in Paging File | 73,39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 39,06 Gb Total Space | 6,48 Gb Free Space | 16,58% Space Free | Partition Type: NTFS
Drive D: | 35,46 Gb Total Space | 15,81 Gb Free Space | 44,60% Space Free | Partition Type: NTFS
Drive G: | 149,05 Gb Total Space | 20,73 Gb Free Space | 13,91% Space Free | Partition Type: NTFS

Computer Name: PC | User Name: Skippan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/12/24 11:51:35 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox 3.6 Beta 1\firefox.exe
PRC - [2011/12/24 11:51:34 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox 3.6 Beta 1\plugin-container.exe
PRC - [2011/12/21 13:34:39 | 000,584,192 | ---- | M] (OldTimer Tools) -- G:\Instaladores\Portatiles\OTL.exe
PRC - [2011/10/25 21:01:18 | 000,417,792 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011/10/25 21:00:46 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011/08/01 23:45:51 | 001,242,448 | ---- | M] (Valve Corporation) -- G:\Steam1\steam.exe
PRC - [2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/09 15:08:58 | 000,146,000 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
PRC - [2010/10/28 18:32:48 | 001,352,272 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
PRC - [2009/08/29 01:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Skippan\Local Settings\Apps\F.lux\flux.exe
PRC - [2009/07/13 20:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/02/06 14:23:36 | 000,727,720 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2009/02/06 14:23:12 | 002,021,400 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/24 11:51:34 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox 3.6 Beta 1\mozjs.dll
MOD - [2011/12/08 13:18:13 | 014,410,024 | ---- | M] () -- G:\Steam1\bin\libcef.dll
MOD - [2011/12/08 13:18:09 | 000,194,344 | ---- | M] () -- G:\Steam1\bin\chromehtml.dll
MOD - [2011/12/08 13:18:07 | 000,091,432 | ---- | M] () -- G:\Steam1\bin\avutil-50.dll
MOD - [2011/12/08 13:18:05 | 000,155,432 | ---- | M] () -- G:\Steam1\bin\avformat-52.dll
MOD - [2011/12/08 13:18:03 | 000,914,216 | ---- | M] () -- G:\Steam1\bin\avcodec-52.dll
MOD - [2011/11/17 17:59:15 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011/11/04 09:54:16 | 000,930,304 | ---- | M] () -- C:\Users\Skippan\AppData\Roaming\Mozilla\Firefox\Profiles\2351liaf.default\extensions\[email protected]\platform\WINNT_x86-msvc\components\lpxpcom.dll
MOD - [2011/10/14 09:14:17 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\ae9d0d1289e64e7bf042108e547251ac\Microsoft.VisualBasic.ni.dll
MOD - [2011/10/14 08:36:43 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\275680f2b9db0501d53c50ea7d7a43f0\System.Xml.ni.dll
MOD - [2011/10/14 08:36:39 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e9ebeb7959f1c916ebf6fca8f7077d6c\System.Configuration.ni.dll
MOD - [2011/10/14 08:36:38 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\95b9866ab6e4437ef5dc5855ebab4e33\System.ni.dll
MOD - [2011/10/14 08:36:31 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll
MOD - [2009/08/29 01:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Skippan\Local Settings\Apps\F.lux\flux.exe
MOD - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
MOD - [2007/09/02 13:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/12/14 15:26:36 | 003,316,000 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_b427739.dll -- (Akamai)
SRV - [2011/10/25 21:00:46 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011/08/02 09:29:32 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- D:\Project\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/10/28 05:13:30 | 000,293,456 | ---- | M] (Logitech, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/02/06 14:27:06 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/02/06 14:23:36 | 000,727,720 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)


========== Driver Services (SafeList) ==========

DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/10/25 22:03:48 | 008,853,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011/10/25 20:21:36 | 000,264,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2011/03/27 05:35:12 | 000,020,384 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys -- (atitray)
DRV - [2010/11/20 17:27:45 | 000,420,920 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/09/14 14:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)) WsAudio_DeviceS(5)
DRV - [2010/09/14 14:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)) WsAudio_DeviceS(4)
DRV - [2010/09/14 14:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)) WsAudio_DeviceS(3)
DRV - [2010/09/14 14:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)) WsAudio_DeviceS(2)
DRV - [2010/09/14 14:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)) WsAudio_DeviceS(1)
DRV - [2010/09/11 08:14:02 | 000,023,608 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DrmRAudio.sys -- (DrmRAudio)
DRV - [2010/08/24 12:31:18 | 000,028,624 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2010/08/24 12:31:02 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2010/08/24 12:30:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2010/02/03 15:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/09/28 20:57:28 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/09/28 19:34:48 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2009/07/13 18:53:40 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST)
DRV - [2009/07/13 18:53:36 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\loop.sys -- (msloop)
DRV - [2009/07/13 18:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 17:02:52 | 000,214,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1y6032.sys -- (e1yexpress) Controlador de conexiones de red Gigabit Intel®
DRV - [2009/06/17 11:56:24 | 000,079,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2009/06/17 11:55:26 | 000,063,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2009/06/17 11:55:18 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2009/06/10 16:19:48 | 009,853,248 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/02/06 14:24:26 | 000,092,800 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV - [2009/02/06 14:23:18 | 000,106,208 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/02/06 14:19:52 | 000,113,448 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamon.sys -- (eamon)
DRV - [2008/08/11 12:41:00 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = es-pe
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FA BA 3A E8 79 5A CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50929

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.12
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.2
FF - prefs.js..extensions.enabledItems: [email protected]:7.2.2
FF - prefs.js..extensions.enabledItems: {c33c5b47-69c8-45a4-a5e0-af85bbe628dd}:1.6.1.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.70.0
FF - prefs.js..extensions.enabledItems: {0fa2149e-bb2c-4ac2-a8d3-479599819475}:2.0.1
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 50929
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\Project\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\Project\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox 3.6 Beta 1\components [2011/12/24 11:51:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox 3.6 Beta 1\plugins [2011/11/02 20:54:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2009/10/31 19:05:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\Skippan\AppData\Roaming\IDM\idmmzcc5

[2011/02/24 15:52:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Skippan\AppData\Roaming\mozilla\Extensions
[2011/12/12 07:17:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Skippan\AppData\Roaming\mozilla\Firefox\Profiles\2351liaf.default\extensions
[2011/12/12 07:17:34 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Skippan\AppData\Roaming\mozilla\Firefox\Profiles\2351liaf.default\extensions\[email protected]
[2010/08/02 20:04:18 | 000,002,388 | ---- | M] () -- C:\Users\Skippan\AppData\Roaming\Mozilla\Firefox\Profiles\2351liaf.default\searchplugins\google-images-album-art-300x300.xml
[2010/08/02 20:03:24 | 000,002,686 | ---- | M] () -- C:\Users\Skippan\AppData\Roaming\Mozilla\Firefox\Profiles\2351liaf.default\searchplugins\google-imgenes.xml
[2009/05/25 18:53:21 | 000,002,996 | ---- | M] () -- C:\Users\Skippan\AppData\Roaming\Mozilla\Firefox\Profiles\2351liaf.default\searchplugins\imdb.xml
[2010/03/21 13:44:33 | 000,004,859 | ---- | M] () -- C:\Users\Skippan\AppData\Roaming\Mozilla\Firefox\Profiles\2351liaf.default\searchplugins\isohunt--bt-search.xml
[2011/12/04 15:14:13 | 000,000,727 | ---- | M] () -- C:\Users\Skippan\AppData\Roaming\Mozilla\Firefox\Profiles\2351liaf.default\searchplugins\podnapisinet.xml
[2009/07/20 21:39:58 | 000,002,305 | ---- | M] () -- C:\Users\Skippan\AppData\Roaming\Mozilla\Firefox\Profiles\2351liaf.default\searchplugins\rae---dle-aproximacin.xml
[2009/04/21 19:08:09 | 000,001,330 | ---- | M] () -- C:\Users\Skippan\AppData\Roaming\Mozilla\Firefox\Profiles\2351liaf.default\searchplugins\wikipedia-en.xml
[2009/11/11 14:37:26 | 000,001,348 | ---- | M] () -- C:\Users\Skippan\AppData\Roaming\Mozilla\Firefox\Profiles\2351liaf.default\searchplugins\wikipedia-es.xml
[2011/12/07 07:45:22 | 000,001,997 | ---- | M] () -- C:\Users\Skippan\AppData\Roaming\Mozilla\Firefox\Profiles\2351liaf.default\searchplugins\wolframalpha.xml
[2009/04/20 16:27:00 | 000,001,546 | ---- | M] () -- C:\Users\Skippan\AppData\Roaming\Mozilla\Firefox\Profiles\2351liaf.default\searchplugins\wowhead.xml
[2009/04/20 15:46:21 | 000,001,905 | ---- | M] () -- C:\Users\Skippan\AppData\Roaming\Mozilla\Firefox\Profiles\2351liaf.default\searchplugins\wowwiki-en.xml
[2009/04/20 15:20:23 | 000,002,379 | ---- | M] () -- C:\Users\Skippan\AppData\Roaming\Mozilla\Firefox\Profiles\2351liaf.default\searchplugins\wr-english-spanish.xml
[2009/05/25 18:53:21 | 000,002,431 | ---- | M] () -- C:\Users\Skippan\AppData\Roaming\Mozilla\Firefox\Profiles\2351liaf.default\searchplugins\youtube.xml
() (No name found) -- C:\USERS\SKIPPAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2351LIAF.DEFAULT\EXTENSIONS\{097D3191-E6FA-4728-9826-B533D755359D}.XPI
() (No name found) -- C:\USERS\SKIPPAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2351LIAF.DEFAULT\EXTENSIONS\{C33C5B47-69C8-45A4-A5E0-AF85BBE628DD}.XPI
() (No name found) -- C:\USERS\SKIPPAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2351LIAF.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\SKIPPAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2351LIAF.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
() (No name found) -- C:\USERS\SKIPPAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2351LIAF.DEFAULT\EXTENSIONS\{EF4E370E-D9F0-4E00-B93E-A4F274CFDD5A}.XPI
() (No name found) -- C:\USERS\SKIPPAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2351LIAF.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\SKIPPAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2351LIAF.DEFAULT\EXTENSIONS\[email protected]

O1 HOSTS File: ([2011/12/29 10:45:12 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Project\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {B760D5A4-8D24-4CB6-942E-D6BB540AD88C} - No CLSID value found.
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [AtiTrayTools] C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe (Ray Adams)
O4 - HKCU..\Run: [F.lux] C:\Users\Skippan\Local Settings\Apps\F.lux\flux.exe ()
O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - Startup: C:\Users\Skippan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ATI Tray Tools.lnk = C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe (Ray Adams)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xportar a Microsoft Excel - D:\Project\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Open with &LoadScout... - C:\Program Files\SoftLogica\LoadScout 3.0\LoadScout.exe ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Ranges: Range1979 ([http] in Sitios de confianza)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.222.222 208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{14D39336-A29D-4F0F-85A3-B1877CBDEA6A}: DhcpNameServer = 208.67.222.222 208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{14D39336-A29D-4F0F-85A3-B1877CBDEA6A}: NameServer = 8.8.8.8,8.8.8.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B5FAC8AF-9297-40D3-94EF-BDB2CC4BCE6D}: DhcpNameServer = 208.67.222.222 208.67.220.220
O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found
O18 - Protocol\Handler\AutorunsDisabled\skype4com - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\AutorunsDisabled: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop Components:0 (Mi página de inicio actual) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/01 14:37:05 | 000,000,000 | ---D | C] -- C:\Users\Skippan\AppData\Local\{68BFD988-A01E-4F3A-B128-CB656EF051DE}
[2011/12/29 16:45:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/12/28 10:15:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/28 10:15:07 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/12/28 10:15:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/12/28 10:08:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/12/25 17:30:42 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/12/25 17:30:42 | 000,000,000 | ---D | C] -- C:\Users\Skippan\AppData\Local\temp
[2011/12/25 17:24:15 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/12/25 16:52:10 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/12/25 16:52:10 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/12/25 16:52:10 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/12/25 16:52:02 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/12/25 16:49:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/25 15:26:50 | 000,000,000 | ---D | C] -- C:\Users\Skippan\AppData\Roaming\AtomZombieData
[2011/12/25 14:59:25 | 000,000,000 | ---D | C] -- C:\Users\Skippan\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/12/24 13:15:28 | 000,000,000 | ---D | C] -- C:\Users\Skippan\AppData\Roaming\Broken Rules
[2011/12/24 10:47:52 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx
[2011/12/24 10:47:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft XNA
[2011/12/23 19:34:39 | 000,000,000 | ---D | C] -- C:\Users\Skippan\Documents\23-12-2011
[2011/12/23 19:33:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/12/23 19:33:26 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/12/21 13:16:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes-BackupByMalwarebytesPortable
[2011/12/21 13:16:02 | 000,000,000 | ---D | C] -- C:\Users\Skippan\AppData\Roaming\Malwarebytes
[2011/12/18 21:48:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Steam
[2011/12/18 21:47:36 | 000,000,000 | ---D | C] -- C:\ProgramData\PopCap Games
[2011/12/13 16:01:15 | 000,102,400 | ---- | C] (Blizzard Entertainment) -- C:\Windows\DIIUnin.exe
[2011/12/13 16:01:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo II
[2011/12/11 19:25:48 | 000,000,000 | ---D | C] -- C:\Users\Skippan\AppData\Local\{52AF3B7A-6DCB-434D-AA54-64B91158BA46}
[2011/12/11 19:25:34 | 000,000,000 | ---D | C] -- C:\Users\Skippan\AppData\Local\{DCC9C6D0-1E4A-4936-93CF-2A5DAA2C39F9}
[2011/12/11 14:09:35 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2011/12/11 14:08:42 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2011/12/09 13:32:56 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2011/12/09 13:25:21 | 000,000,000 | ---D | C] -- C:\Program Files\CA580
[2011/12/09 13:24:40 | 000,000,000 | ---D | C] -- C:\Users\Skippan\AppData\Roaming\125CA
[2011/12/08 11:06:16 | 000,000,000 | ---D | C] -- C:\Users\Skippan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ornamentum
[2011/12/04 22:12:59 | 000,000,000 | ---D | C] -- C:\Users\Skippan\AppData\Local\{B20F920D-DEEB-4821-82E5-99D6E6B81E27}
[2011/12/04 22:12:46 | 000,000,000 | ---D | C] -- C:\Users\Skippan\AppData\Local\{28944516-6CCF-4523-AD5D-A442BAFB1F2A}
[2011/12/04 22:12:43 | 000,000,000 | ---D | C] -- C:\Users\Skippan\AppData\Local\{7C8F2549-141E-4080-880B-7FA20C6B13EA}

========== Files - Modified Within 30 Days ==========

[2012/01/02 15:37:07 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/02 15:37:07 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/02 15:30:10 | 000,000,292 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2012/01/02 15:30:01 | 000,151,552 | ---- | M] () -- C:\Windows\KMSEmulator.exe
[2012/01/02 15:29:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/02 15:29:39 | 2400,096,256 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/01 14:38:42 | 000,703,602 | ---- | M] () -- C:\Windows\System32\perfh00A.dat
[2012/01/01 14:38:42 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/01 14:38:42 | 000,137,600 | ---- | M] () -- C:\Windows\System32\perfc00A.dat
[2012/01/01 14:38:42 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/01/01 08:04:01 | 000,000,404 | -HS- | M] () -- C:\Windows\0460089drv.spi
[2011/12/29 19:36:35 | 000,007,613 | ---- | M] () -- C:\Users\Skippan\AppData\Local\Resmon.ResmonCfg
[2011/12/29 10:45:12 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/12/28 09:53:00 | 000,176,764 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat
[2011/12/25 15:19:06 | 000,000,132 | ---- | M] () -- C:\Users\Skippan\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/12/17 11:11:50 | 000,000,285 | ---- | M] () -- C:\Users\Skippan\AppData\Roaming\Network Meter_Settings.ini
[2011/12/15 14:52:24 | 003,772,248 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/13 16:01:16 | 000,013,107 | ---- | M] () -- C:\Windows\DIIUnin.dat
[2011/12/13 16:01:15 | 000,102,400 | ---- | M] (Blizzard Entertainment) -- C:\Windows\DIIUnin.exe
[2011/12/13 16:01:15 | 000,002,829 | ---- | M] () -- C:\Windows\DIIUnin.pif
[2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2012/01/01 07:53:40 | 000,000,404 | -HS- | C] () -- C:\Windows\0460089drv.spi
[2011/12/25 16:52:10 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/25 16:52:10 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/25 16:52:10 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/25 16:52:10 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/25 16:52:10 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/13 16:01:16 | 000,013,107 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2011/12/13 16:01:15 | 000,002,829 | ---- | C] () -- C:\Windows\DIIUnin.pif
[2011/10/25 20:31:36 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat
[2011/10/25 20:31:36 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/09/12 17:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011/08/30 09:33:12 | 000,239,869 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011/07/27 17:49:34 | 000,000,285 | ---- | C] () -- C:\Users\Skippan\AppData\Roaming\Network Meter_Settings.ini
[2011/07/16 14:17:06 | 000,151,552 | ---- | C] () -- C:\Windows\KMSEmulator.exe
[2011/07/08 22:36:24 | 003,772,248 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/05/24 23:44:26 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011/03/26 14:15:58 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/02/12 15:58:50 | 000,155,090 | ---- | C] () -- C:\Windows\HPHins15.dat
[2011/02/01 23:19:07 | 000,055,808 | ---- | C] () -- C:\Windows\System32\zlib1.dll
[2010/12/20 07:46:36 | 000,000,132 | ---- | C] () -- C:\Users\Skippan\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/12/19 14:15:11 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010/12/15 22:38:37 | 000,001,456 | ---- | C] () -- C:\Users\Skippan\AppData\Local\Adobe Guardar para Web 12.0 Prefs
[2010/09/14 20:09:58 | 000,140,496 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010/06/03 21:06:44 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/06/02 18:55:25 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/04/27 19:08:03 | 000,000,305 | ---- | C] () -- C:\Windows\game.ini
[2010/04/04 22:30:51 | 000,303,104 | ---- | C] () -- C:\Windows\System32\CmiInstallResAll.dll
[2010/04/04 22:30:51 | 000,002,678 | ---- | C] () -- C:\Windows\cmudax3.ini
[2010/03/02 16:55:36 | 000,022,328 | ---- | C] () -- C:\Users\Skippan\AppData\Roaming\PnkBstrK.sys
[2010/02/20 22:32:22 | 000,280,736 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010/02/20 22:31:58 | 000,090,112 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010/02/15 09:25:06 | 000,176,764 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010/01/07 12:49:13 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2009/12/23 20:24:52 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/11/09 14:44:23 | 000,000,088 | RHS- | C] () -- C:\ProgramData\95DBFB04A2.sys
[2009/11/09 14:44:22 | 000,002,984 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2009/10/31 18:46:58 | 000,146,432 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2009/10/31 18:46:58 | 000,072,704 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2009/10/31 18:05:53 | 000,007,613 | ---- | C] () -- C:\Users\Skippan\AppData\Local\Resmon.ResmonCfg
[2009/07/14 03:48:37 | 000,703,602 | ---- | C] () -- C:\Windows\System32\perfh00A.dat
[2009/07/14 03:48:37 | 000,341,432 | ---- | C] () -- C:\Windows\System32\perfi00A.dat
[2009/07/14 03:48:37 | 000,137,600 | ---- | C] () -- C:\Windows\System32\perfc00A.dat
[2009/07/14 03:48:37 | 000,041,390 | ---- | C] () -- C:\Windows\System32\perfd00A.dat
[2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:05:48 | 000,615,810 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 21:05:48 | 000,106,190 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 19:55:09 | 001,332,736 | ---- | C] () -- C:\Windows\System32\hpotiop1.dll
[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/04/20 14:08:13 | 009,226,664 | ---- | C] () -- C:\Users\Skippan\AppData\Local\IconCache (1).db
[2009/04/19 20:07:16 | 000,034,816 | ---- | C] () -- C:\Users\Skippan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/19 20:03:15 | 000,072,744 | ---- | C] () -- C:\Users\Skippan\AppData\Local\GDIPFONTCACHEV1 (1).DAT
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007/08/28 01:45:15 | 000,002,828 | ---- | C] () -- C:\Windows\hphmdl15.dat
[2007/02/04 13:16:10 | 000,074,240 | ---- | C] () -- C:\Windows\ogg.exe

========== LOP Check ==========

[2011/12/09 16:20:28 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\125CA
[2011/04/25 23:52:16 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Amazon
[2011/12/28 16:42:05 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\AtomZombieData
[2010/05/01 14:45:37 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\bitolithic
[2010/12/06 23:05:44 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\BitTorrent
[2011/12/01 19:49:04 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Braid
[2011/12/24 13:15:28 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Broken Rules
[2011/07/21 00:29:07 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\calibre
[2010/11/27 09:02:04 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Canneverbe Limited
[2010/09/19 17:00:37 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/10/31 18:26:27 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Criterion Games
[2011/12/11 14:52:58 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\DMCache
[2011/02/07 18:52:03 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\fofix
[2009/10/31 19:12:08 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Foxit
[2011/06/14 23:53:28 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Foxit Software
[2011/01/26 21:59:52 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Leadertech
[2010/08/17 15:12:33 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\LG Electronics
[2010/11/21 19:32:36 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\LoadScout
[2011/02/24 14:10:23 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Logia
[2011/11/01 22:29:40 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\MinMaxGames
[2011/03/07 22:13:56 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\mkvtoolnix
[2010/11/28 13:46:28 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Mount&Blade Warband
[2011/07/22 15:18:34 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\My Battle for Middle-earth™ II Files
[2009/12/23 20:32:15 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Opera
[2010/12/23 12:09:22 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Polynomial
[2011/07/26 11:33:18 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Rainmeter
[2010/08/16 16:21:15 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Red Alert 3
[2011/12/25 14:59:25 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/02/07 13:21:10 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\TeraCopy
[2009/10/31 18:26:30 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\The Creative Assembly
[2009/11/14 22:12:59 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\TuneUp Software
[2010/04/23 23:31:23 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Ubisoft
[2011/12/30 15:38:19 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\uTorrent
[2011/08/08 17:50:32 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Watchtower
[2011/11/30 20:01:34 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Windows Live Writer
[2009/11/01 11:29:04 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\WUU
[2012/01/02 15:30:10 | 000,000,292 | ---- | M] () -- C:\Windows\Tasks\AutoKMS.job
[2011/12/02 15:27:39 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

[Render]

We need to run an OTL Fix

Warning This fix is only relevant for this system and no other, using on another computer may cause problems.

• Please double click on on your Desktop (If running Vista or Windows 7, right click on it and select "Run as an Administrator")
• Under the Custom Scans/Fixes box copy and paste this in (Please carefully select all text in code box beginning with : ):
  
  

  :OTL
  IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50929
  FF - prefs.js..network.proxy.http: "127.0.0.1"
  FF - prefs.js..network.proxy.http_port: 50929
  FF - prefs.js..network.proxy.type: 0
  [2012/01/02 15:30:10 | 000,000,292 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
  [2012/01/02 15:30:01 | 000,151,552 | ---- | M] () -- C:\Windows\KMSEmulator.exe
  [2012/01/01 08:04:01 | 000,000,404 | -HS- | M] () -- C:\Windows\0460089drv.spi
    	
  :Files
  ipconfig /flushdns /c
  
  :Reg
  
  :Commands
  [purity]
  [resethosts]
  [emptytemp]
  [EMPTYJAVA]
  [emptyflash]
  [createrestorepoint]
  [reboot]

• Make sure all other windows are closed and to let it run uninterrupted.
• Click on button.
• OTL may ask to reboot the machine. Please do so if asked.
• Click on button.
• A report will open. Copy and Paste that report in your next reply.
• If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.
• Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

[Daniel Tasayco]

All processes killed
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: "127.0.0.1" removed from network.proxy.http
Prefs.js: 50929 removed from network.proxy.http_port
Prefs.js: 0 removed from network.proxy.type
C:\Windows\Tasks\AutoKMS.job moved successfully.
C:\Windows\KMSEmulator.exe moved successfully.
C:\Windows\0460089drv.spi moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Configuraci¢n IP de Windows
Se vaci¢ correctamente la cach‚ de resoluci¢n de DNS.
G:\Instaladores\Portatiles\cmd.bat deleted successfully.
G:\Instaladores\Portatiles\cmd.txt deleted successfully.
========== REGISTRY ==========
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: floppyc
->Temp folder emptied: 133198 bytes
->Temporary Internet Files folder emptied: 39989408 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 65089344 bytes
->Flash cache emptied: 2571 bytes

User: LogMeInRemoteUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Skippan
->Temp folder emptied: 34666688 bytes
->Temporary Internet Files folder emptied: 537711 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 687137018 bytes
->Flash cache emptied: 6965 bytes

User: Thymaris
->Temp folder emptied: 61814 bytes
->Temporary Internet Files folder emptied: 626835 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 39851923 bytes
->Flash cache emptied: 1442 bytes

User: vencer
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 75319216 bytes
->Flash cache emptied: 615 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 501641587 bytes
RecycleBin emptied: 1070031 bytes

Total Files Cleaned = 1 379,00 mb


[EMPTYJAVA]

User: Administrator

User: All Users

User: Default

User: Default User

User: floppyc
->Java cache emptied: 0 bytes

User: LogMeInRemoteUser

User: Public

User: Skippan
->Java cache emptied: 0 bytes

User: Thymaris
->Java cache emptied: 0 bytes

User: vencer
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0,00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default

User: Default User

User: floppyc
->Flash cache emptied: 0 bytes

User: LogMeInRemoteUser

User: Public

User: Skippan
->Flash cache emptied: 0 bytes

User: Thymaris
->Flash cache emptied: 0 bytes

User: vencer
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb



OTL by OldTimer - Version 3.2.31.0 log created on 01032012_233033

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

[Render]

Please run a quick OTL scan and post the log.

[Daniel Tasayco]

OTL logfile created on: 04/01/2012 19:00:43 - Run 6
OTL by OldTimer - Version 3.2.31.0 Folder = G:\Instaladores\Portatiles
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 0000280A | Country: Perú | Language: ESR | Date Format: dd/MM/yyyy

1,96 Gb Total Physical Memory | 0,76 Gb Available Physical Memory | 38,76% Memory free
3,93 Gb Paging File | 2,39 Gb Available in Paging File | 60,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 39,06 Gb Total Space | 9,14 Gb Free Space | 23,39% Space Free | Partition Type: NTFS
Drive D: | 35,46 Gb Total Space | 15,81 Gb Free Space | 44,60% Space Free | Partition Type: NTFS
Drive G: | 149,05 Gb Total Space | 19,73 Gb Free Space | 13,24% Space Free | Partition Type: NTFS

Computer Name: PC | User Name: Skippan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/12/24 11:51:35 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox 3.6 Beta 1\firefox.exe
PRC - [2011/12/24 11:51:34 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox 3.6 Beta 1\plugin-container.exe
PRC - [2011/12/21 13:34:39 | 000,584,192 | ---- | M] (OldTimer Tools) -- G:\Instaladores\Portatiles\OTL.exe
PRC - [2011/10/25 21:01:18 | 000,417,792 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011/10/25 21:00:46 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011/08/01 23:45:51 | 001,242,448 | ---- | M] (Valve Corporation) -- G:\Steam1\steam.exe
PRC - [2011/05/24 11:02:16 | 000,929,792 | ---- | M] (Ray Adams) -- C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe
PRC - [2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/09 15:08:58 | 000,146,000 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
PRC - [2010/10/28 18:32:48 | 001,352,272 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
PRC - [2009/08/29 01:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Skippan\Local Settings\Apps\F.lux\flux.exe
PRC - [2009/07/13 20:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/02/06 14:23:36 | 000,727,720 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2009/02/06 14:23:12 | 002,021,400 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe


========== Modules (No Company Name) ==========

MOD - [2011/12/24 11:51:34 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox 3.6 Beta 1\mozjs.dll
MOD - [2011/12/08 13:18:13 | 014,410,024 | ---- | M] () -- G:\Steam1\bin\libcef.dll
MOD - [2011/12/08 13:18:09 | 000,194,344 | ---- | M] () -- G:\Steam1\bin\chromehtml.dll
MOD - [2011/12/08 13:18:07 | 000,091,432 | ---- | M] () -- G:\Steam1\bin\avutil-50.dll
MOD - [2011/12/08 13:18:05 | 000,155,432 | ---- | M] () -- G:\Steam1\bin\avformat-52.dll
MOD - [2011/12/08 13:18:03 | 000,914,216 | ---- | M] () -- G:\Steam1\bin\avcodec-52.dll
MOD - [2011/11/17 17:59:15 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011/11/04 09:54:16 | 000,930,304 | ---- | M] () -- C:\Users\Skippan\AppData\Roaming\Mozilla\Firefox\Profiles\2351liaf.default\extensions\[email protected]\platform\WINNT_x86-msvc\components\lpxpcom.dll
MOD - [2011/10/14 09:14:17 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\ae9d0d1289e64e7bf042108e547251ac\Microsoft.VisualBasic.ni.dll
MOD - [2011/10/14 08:36:43 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\275680f2b9db0501d53c50ea7d7a43f0\System.Xml.ni.dll
MOD - [2011/10/14 08:36:39 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e9ebeb7959f1c916ebf6fca8f7077d6c\System.Configuration.ni.dll
MOD - [2011/10/14 08:36:38 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\95b9866ab6e4437ef5dc5855ebab4e33\System.ni.dll
MOD - [2011/10/14 08:36:31 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll
MOD - [2011/02/19 16:14:48 | 000,187,904 | ---- | M] () -- C:\Program Files\Ray Adams\ATI Tray Tools\raphook.dll
MOD - [2009/08/29 01:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Skippan\Local Settings\Apps\F.lux\flux.exe
MOD - [2008/04/11 11:33:18 | 000,020,480 | ---- | M] () -- C:\Program Files\Ray Adams\ATI Tray Tools\plugins\mg_intelcpu.dll
MOD - [2008/04/09 11:08:46 | 000,016,896 | ---- | M] () -- C:\Program Files\Ray Adams\ATI Tray Tools\plugins\mg_amdcore.dll
MOD - [2007/09/14 10:35:34 | 000,020,480 | ---- | M] () -- C:\Program Files\Ray Adams\ATI Tray Tools\plugins\mg_cpuload.dll
MOD - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
MOD - [2007/09/02 13:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.dll
MOD - [2007/03/07 07:26:34 | 000,077,824 | ---- | M] () -- C:\Program Files\Ray Adams\ATI Tray Tools\support.dll
MOD - [2007/03/07 07:25:26 | 000,024,576 | ---- | M] () -- C:\Program Files\Ray Adams\ATI Tray Tools\kbdhook.dll
MOD - [2007/01/03 15:09:46 | 000,017,408 | ---- | M] () -- C:\Program Files\Ray Adams\ATI Tray Tools\plugins\mg_xvlt.dll
MOD - [2006/12/26 12:53:28 | 000,019,456 | ---- | M] () -- C:\Program Files\Ray Adams\ATI Tray Tools\plugins\mg_hdddtemp.dll
MOD - [2006/12/25 04:02:24 | 000,024,576 | ---- | M] () -- C:\Program Files\Ray Adams\ATI Tray Tools\plugins\mongraphsexample.dll
MOD - [2005/11/29 12:38:20 | 000,023,552 | ---- | M] () -- C:\Program Files\Ray Adams\ATI Tray Tools\plugins\hddtemp.dll
MOD - [2005/11/29 12:34:38 | 000,028,672 | ---- | M] () -- C:\Program Files\Ray Adams\ATI Tray Tools\plugins\pciset.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/12/14 15:26:36 | 003,316,000 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_b427739.dll -- (Akamai)
SRV - [2011/10/25 21:00:46 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011/08/02 09:29:32 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- D:\Project\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/10/28 05:13:30 | 000,293,456 | ---- | M] (Logitech, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/02/06 14:27:06 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/02/06 14:23:36 | 000,727,720 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)


========== Driver Services (SafeList) ==========

DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/10/25 22:03:48 | 008,853,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011/10/25 20:21:36 | 000,264,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2011/03/27 05:35:12 | 000,020,384 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys -- (atitray)
DRV - [2010/11/20 17:27:45 | 000,420,920 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/09/14 14:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)) WsAudio_DeviceS(5)
DRV - [2010/09/14 14:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)) WsAudio_DeviceS(4)
DRV - [2010/09/14 14:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)) WsAudio_DeviceS(3)
DRV - [2010/09/14 14:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)) WsAudio_DeviceS(2)
DRV - [2010/09/14 14:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)) WsAudio_DeviceS(1)
DRV - [2010/09/11 08:14:02 | 000,023,608 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DrmRAudio.sys -- (DrmRAudio)
DRV - [2010/08/24 12:31:18 | 000,028,624 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2010/08/24 12:31:02 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2010/08/24 12:30:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2010/02/03 15:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/09/28 20:57:28 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/09/28 19:34:48 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2009/07/13 18:53:40 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST)
DRV - [2009/07/13 18:53:36 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\loop.sys -- (msloop)
DRV - [2009/07/13 18:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 17:02:52 | 000,214,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1y6032.sys -- (e1yexpress) Controlador de conexiones de red Gigabit Intel®
DRV - [2009/06/17 11:56:24 | 000,079,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2009/06/17 11:55:26 | 000,063,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2009/06/17 11:55:18 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2009/06/10 16:19:48 | 009,853,248 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/02/06 14:24:26 | 000,092,800 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV - [2009/02/06 14:23:18 | 000,106,208 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/02/06 14:19:52 | 000,113,448 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamon.sys -- (eamon)
DRV - [2008/08/11 12:41:00 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = es-pe
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FA BA 3A E8 79 5A CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google Imágenes"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.12
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.2
FF - prefs.js..extensions.enabledItems: [email protected]:7.2.2
FF - prefs.js..extensions.enabledItems: {c33c5b47-69c8-45a4-a5e0-af85bbe628dd}:1.6.1.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.70.0
FF - prefs.js..extensions.enabledItems: {0fa2149e-bb2c-4ac2-a8d3-479599819475}:2.0.1
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 50929
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\Project\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\Project\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox 3.6 Beta 1\components [2011/12/24 11:51:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox 3.6 Beta 1\plugins [2011/11/02 20:54:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2009/10/31 19:05:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\Skippan\AppData\Roaming\IDM\idmmzcc5

[2011/02/24 15:52:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Skippan\AppData\Roaming\mozilla\Extensions
[2011/12/12 07:17:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Skippan\AppData\Roaming\mozilla\Firefox\Profiles\2351liaf.default\extensions
[2011/12/12 07:17:34 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Skippan\AppData\Roaming\mozilla\Firefox\Profiles\2351liaf.default\extensions\[email protected]
[2010/08/02 20:04:18 | 000,002,388 | ---- | M] () -- C:\Users\Skippan\AppData\Roaming\Mozilla\Firefox\Profiles\2351liaf.default\searchplugins\google-images-album-art-300x300.xml
[2010/08/02 20:03:24 | 000,002,686 | ---- | M] () -- C:\Users\Skippan\AppData\Roaming\Mozilla\Firefox\Profiles\2351liaf.default\searchplugins\google-imgenes.xml
[2009/05/25 18:53:21 | 000,002,996 | ---- | M] () -- C:\Users\Skippan\AppData\Roaming\Mozilla\Firefox\Profiles\2351liaf.default\searchplugins\imdb.xml
[2010/03/21 13:44:33 | 000,004,859 | ---- | M] () -- C:\Users\Skippan\AppData\Roaming\Mozilla\Firefox\Profiles\2351liaf.default\searchplugins\isohunt--bt-search.xml
[2011/12/04 15:14:13 | 000,000,727 | ---- | M] () -- C:\Users\Skippan\AppData\Roaming\Mozilla\Firefox\Profiles\2351liaf.default\searchplugins\podnapisinet.xml
[2009/07/20 21:39:58 | 000,002,305 | ---- | M] () -- C:\Users\Skippan\AppData\Roaming\Mozilla\Firefox\Profiles\2351liaf.default\searchplugins\rae---dle-aproximacin.xml
[2009/04/21 19:08:09 | 000,001,330 | ---- | M] () -- C:\Users\Skippan\AppData\Roaming\Mozilla\Firefox\Profiles\2351liaf.default\searchplugins\wikipedia-en.xml
[2009/11/11 14:37:26 | 000,001,348 | ---- | M] () -- C:\Users\Skippan\AppData\Roaming\Mozilla\Firefox\Profiles\2351liaf.default\searchplugins\wikipedia-es.xml
[2011/12/07 07:45:22 | 000,001,997 | ---- | M] () -- C:\Users\Skippan\AppData\Roaming\Mozilla\Firefox\Profiles\2351liaf.default\searchplugins\wolframalpha.xml
[2009/04/20 16:27:00 | 000,001,546 | ---- | M] () -- C:\Users\Skippan\AppData\Roaming\Mozilla\Firefox\Profiles\2351liaf.default\searchplugins\wowhead.xml
[2009/04/20 15:46:21 | 000,001,905 | ---- | M] () -- C:\Users\Skippan\AppData\Roaming\Mozilla\Firefox\Profiles\2351liaf.default\searchplugins\wowwiki-en.xml
[2009/04/20 15:20:23 | 000,002,379 | ---- | M] () -- C:\Users\Skippan\AppData\Roaming\Mozilla\Firefox\Profiles\2351liaf.default\searchplugins\wr-english-spanish.xml
[2009/05/25 18:53:21 | 000,002,431 | ---- | M] () -- C:\Users\Skippan\AppData\Roaming\Mozilla\Firefox\Profiles\2351liaf.default\searchplugins\youtube.xml
() (No name found) -- C:\USERS\SKIPPAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2351LIAF.DEFAULT\EXTENSIONS\{097D3191-E6FA-4728-9826-B533D755359D}.XPI
() (No name found) -- C:\USERS\SKIPPAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2351LIAF.DEFAULT\EXTENSIONS\{C33C5B47-69C8-45A4-A5E0-AF85BBE628DD}.XPI
() (No name found) -- C:\USERS\SKIPPAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2351LIAF.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\SKIPPAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2351LIAF.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
() (No name found) -- C:\USERS\SKIPPAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2351LIAF.DEFAULT\EXTENSIONS\{EF4E370E-D9F0-4E00-B93E-A4F274CFDD5A}.XPI
() (No name found) -- C:\USERS\SKIPPAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2351LIAF.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\SKIPPAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2351LIAF.DEFAULT\EXTENSIONS\[email protected]

O1 HOSTS File: ([2012/01/03 23:30:36 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Project\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {B760D5A4-8D24-4CB6-942E-D6BB540AD88C} - No CLSID value found.
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [AtiTrayTools] C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe (Ray Adams)
O4 - HKCU..\Run: [F.lux] C:\Users\Skippan\Local Settings\Apps\F.lux\flux.exe ()
O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - Startup: C:\Users\Skippan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ATI Tray Tools.lnk = C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe (Ray Adams)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xportar a Microsoft Excel - D:\Project\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Open with &LoadScout... - C:\Program Files\SoftLogica\LoadScout 3.0\LoadScout.exe ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Ranges: Range1979 ([http] in Sitios de confianza)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{14D39336-A29D-4F0F-85A3-B1877CBDEA6A}: DhcpNameServer = 208.67.222.222 208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{14D39336-A29D-4F0F-85A3-B1877CBDEA6A}: NameServer = 8.8.8.8,8.8.8.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B5FAC8AF-9297-40D3-94EF-BDB2CC4BCE6D}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found
O18 - Protocol\Handler\AutorunsDisabled\skype4com - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\AutorunsDisabled: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop Components:0 (Mi página de inicio actual) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/01 14:37:05 | 000,000,000 | ---D | C] -- C:\Users\Skippan\AppData\Local\{68BFD988-A01E-4F3A-B128-CB656EF051DE}
[2011/12/29 16:45:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/12/28 10:15:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/28 10:15:07 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/12/28 10:15:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/12/28 10:08:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/12/25 17:30:42 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/12/25 17:30:42 | 000,000,000 | ---D | C] -- C:\Users\Skippan\AppData\Local\temp
[2011/12/25 17:24:15 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/12/25 16:52:10 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/12/25 16:52:10 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/12/25 16:52:10 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/12/25 16:52:02 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/12/25 16:49:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/25 15:26:50 | 000,000,000 | ---D | C] -- C:\Users\Skippan\AppData\Roaming\AtomZombieData
[2011/12/25 14:59:25 | 000,000,000 | ---D | C] -- C:\Users\Skippan\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/12/24 13:15:28 | 000,000,000 | ---D | C] -- C:\Users\Skippan\AppData\Roaming\Broken Rules
[2011/12/24 10:47:52 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx
[2011/12/24 10:47:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft XNA
[2011/12/23 19:34:39 | 000,000,000 | ---D | C] -- C:\Users\Skippan\Documents\23-12-2011
[2011/12/23 19:33:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/12/23 19:33:26 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/12/21 13:16:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes-BackupByMalwarebytesPortable
[2011/12/21 13:16:02 | 000,000,000 | ---D | C] -- C:\Users\Skippan\AppData\Roaming\Malwarebytes
[2011/12/18 21:48:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Steam
[2011/12/18 21:47:36 | 000,000,000 | ---D | C] -- C:\ProgramData\PopCap Games
[2011/12/13 16:01:15 | 000,102,400 | ---- | C] (Blizzard Entertainment) -- C:\Windows\DIIUnin.exe
[2011/12/13 16:01:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo II
[2011/12/11 19:25:48 | 000,000,000 | ---D | C] -- C:\Users\Skippan\AppData\Local\{52AF3B7A-6DCB-434D-AA54-64B91158BA46}
[2011/12/11 19:25:34 | 000,000,000 | ---D | C] -- C:\Users\Skippan\AppData\Local\{DCC9C6D0-1E4A-4936-93CF-2A5DAA2C39F9}
[2011/12/11 14:09:35 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2011/12/11 14:08:42 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2011/12/09 13:32:56 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2011/12/09 13:25:21 | 000,000,000 | ---D | C] -- C:\Program Files\CA580
[2011/12/09 13:24:40 | 000,000,000 | ---D | C] -- C:\Users\Skippan\AppData\Roaming\125CA
[2011/12/08 11:06:16 | 000,000,000 | ---D | C] -- C:\Users\Skippan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ornamentum

========== Files - Modified Within 30 Days ==========

[2012/01/04 18:08:25 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/04 18:08:25 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/04 18:01:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/04 18:01:02 | 1582,206,976 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/04 00:04:47 | 000,007,614 | ---- | M] () -- C:\Users\Skippan\AppData\Local\Resmon.ResmonCfg
[2012/01/03 23:30:36 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2012/01/01 14:38:42 | 000,703,602 | ---- | M] () -- C:\Windows\System32\perfh00A.dat
[2012/01/01 14:38:42 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/01 14:38:42 | 000,137,600 | ---- | M] () -- C:\Windows\System32\perfc00A.dat
[2012/01/01 14:38:42 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/12/28 09:53:00 | 000,176,764 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat
[2011/12/25 15:19:06 | 000,000,132 | ---- | M] () -- C:\Users\Skippan\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/12/17 11:11:50 | 000,000,285 | ---- | M] () -- C:\Users\Skippan\AppData\Roaming\Network Meter_Settings.ini
[2011/12/15 14:52:24 | 003,772,248 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/13 16:01:16 | 000,013,107 | ---- | M] () -- C:\Windows\DIIUnin.dat
[2011/12/13 16:01:15 | 000,102,400 | ---- | M] (Blizzard Entertainment) -- C:\Windows\DIIUnin.exe
[2011/12/13 16:01:15 | 000,002,829 | ---- | M] () -- C:\Windows\DIIUnin.pif
[2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2011/12/25 16:52:10 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/25 16:52:10 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/25 16:52:10 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/25 16:52:10 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/25 16:52:10 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/13 16:01:16 | 000,013,107 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2011/12/13 16:01:15 | 000,002,829 | ---- | C] () -- C:\Windows\DIIUnin.pif
[2011/10/25 20:31:36 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat
[2011/10/25 20:31:36 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/09/12 17:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011/08/30 09:33:12 | 000,239,869 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011/07/27 17:49:34 | 000,000,285 | ---- | C] () -- C:\Users\Skippan\AppData\Roaming\Network Meter_Settings.ini
[2011/07/08 22:36:24 | 003,772,248 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/05/24 23:44:26 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011/03/26 14:15:58 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/02/12 15:58:50 | 000,155,090 | ---- | C] () -- C:\Windows\HPHins15.dat
[2011/02/01 23:19:07 | 000,055,808 | ---- | C] () -- C:\Windows\System32\zlib1.dll
[2010/12/20 07:46:36 | 000,000,132 | ---- | C] () -- C:\Users\Skippan\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/12/19 14:15:11 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010/12/15 22:38:37 | 000,001,456 | ---- | C] () -- C:\Users\Skippan\AppData\Local\Adobe Guardar para Web 12.0 Prefs
[2010/09/14 20:09:58 | 000,140,496 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010/06/03 21:06:44 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/06/02 18:55:25 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/04/27 19:08:03 | 000,000,305 | ---- | C] () -- C:\Windows\game.ini
[2010/04/04 22:30:51 | 000,303,104 | ---- | C] () -- C:\Windows\System32\CmiInstallResAll.dll
[2010/04/04 22:30:51 | 000,002,678 | ---- | C] () -- C:\Windows\cmudax3.ini
[2010/03/02 16:55:36 | 000,022,328 | ---- | C] () -- C:\Users\Skippan\AppData\Roaming\PnkBstrK.sys
[2010/02/20 22:32:22 | 000,280,736 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010/02/20 22:31:58 | 000,090,112 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010/02/15 09:25:06 | 000,176,764 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010/01/07 12:49:13 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2009/12/23 20:24:52 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/11/09 14:44:23 | 000,000,088 | RHS- | C] () -- C:\ProgramData\95DBFB04A2.sys
[2009/11/09 14:44:22 | 000,002,984 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2009/10/31 18:46:58 | 000,146,432 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2009/10/31 18:46:58 | 000,072,704 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2009/10/31 18:05:53 | 000,007,614 | ---- | C] () -- C:\Users\Skippan\AppData\Local\Resmon.ResmonCfg
[2009/07/14 03:48:37 | 000,703,602 | ---- | C] () -- C:\Windows\System32\perfh00A.dat
[2009/07/14 03:48:37 | 000,341,432 | ---- | C] () -- C:\Windows\System32\perfi00A.dat
[2009/07/14 03:48:37 | 000,137,600 | ---- | C] () -- C:\Windows\System32\perfc00A.dat
[2009/07/14 03:48:37 | 000,041,390 | ---- | C] () -- C:\Windows\System32\perfd00A.dat
[2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:05:48 | 000,615,810 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 21:05:48 | 000,106,190 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 19:55:09 | 001,332,736 | ---- | C] () -- C:\Windows\System32\hpotiop1.dll
[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/04/20 14:08:13 | 009,226,664 | ---- | C] () -- C:\Users\Skippan\AppData\Local\IconCache (1).db
[2009/04/19 20:07:16 | 000,034,816 | ---- | C] () -- C:\Users\Skippan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/19 20:03:15 | 000,072,744 | ---- | C] () -- C:\Users\Skippan\AppData\Local\GDIPFONTCACHEV1 (1).DAT
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007/08/28 01:45:15 | 000,002,828 | ---- | C] () -- C:\Windows\hphmdl15.dat
[2007/02/04 13:16:10 | 000,074,240 | ---- | C] () -- C:\Windows\ogg.exe

========== LOP Check ==========

[2011/12/09 16:20:28 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\125CA
[2011/04/25 23:52:16 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Amazon
[2011/12/28 16:42:05 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\AtomZombieData
[2010/05/01 14:45:37 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\bitolithic
[2010/12/06 23:05:44 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\BitTorrent
[2011/12/01 19:49:04 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Braid
[2011/12/24 13:15:28 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Broken Rules
[2011/07/21 00:29:07 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\calibre
[2010/11/27 09:02:04 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Canneverbe Limited
[2010/09/19 17:00:37 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/10/31 18:26:27 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Criterion Games
[2011/12/11 14:52:58 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\DMCache
[2011/02/07 18:52:03 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\fofix
[2009/10/31 19:12:08 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Foxit
[2011/06/14 23:53:28 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Foxit Software
[2011/01/26 21:59:52 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Leadertech
[2010/08/17 15:12:33 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\LG Electronics
[2010/11/21 19:32:36 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\LoadScout
[2011/02/24 14:10:23 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Logia
[2011/11/01 22:29:40 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\MinMaxGames
[2011/03/07 22:13:56 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\mkvtoolnix
[2010/11/28 13:46:28 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Mount&Blade Warband
[2011/07/22 15:18:34 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\My Battle for Middle-earth™ II Files
[2009/12/23 20:32:15 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Opera
[2010/12/23 12:09:22 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Polynomial
[2011/07/26 11:33:18 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Rainmeter
[2010/08/16 16:21:15 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Red Alert 3
[2011/12/25 14:59:25 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/02/07 13:21:10 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\TeraCopy
[2009/10/31 18:26:30 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\The Creative Assembly
[2009/11/14 22:12:59 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\TuneUp Software
[2010/04/23 23:31:23 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Ubisoft
[2011/12/30 15:38:19 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\uTorrent
[2011/08/08 17:50:32 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Watchtower
[2011/11/30 20:01:34 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Windows Live Writer
[2009/11/01 11:29:04 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\WUU
[2011/12/02 15:27:39 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

[Render]

I don't see from where these proxy is keep coming back:

FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 50929

Can you browse with FireFox normally?

[Daniel Tasayco]

That is the manual proxy configuration, I changed to use no proxy so I can browse normally

[Render]

And why is this good?

[Daniel Tasayco]

I dont understand the goodness involved. Im explaining in steps:
Virus changed the browser to use a proxy.
Proxy settings were changed to use 127.0.0.1: that means it changed from 'No proxy' to 'Manual configuration proxy'
I noticed that and changed the browser to use no proxy.
The manual settings are still there, but greyed out

Edited by Daniel Tasayco, 05 January 2012 - 01:54 PM.