Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Patched.HN, Trojan.Dropper.PE4 et al; mediashifting.com tabs; possible

Started by Daniel Tasayco , Dec 21 2011 02:22 PM

  • This topic is locked This topic is locked

#31
Render
Posted 05 January 2012 - 02:13 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
OK. Then something is still there. Do the following steps please:

Step 1

Please download DeFogger to your desktop.

Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • Defogger will now ask to reboot the machine - click OK
IMPORTANT! If you receive an error message while running Defogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.

Step 2

Delete old aswMBR.exe.

  • Please download aswMBR.exe to your desktop.
  • Double click the aswMBR.exe to run it.

    Posted Image
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click the Scan button to start scan.

    Posted Image
  • On completion of the scan click Save log, save it to your desktop and post in your next reply.
  • Also on Desktop there should be a file called MBR.dat after that, zip it and then attach it here

How to add an attachment to a new topic or reply
  • 0

Advertisements

#32
Daniel Tasayco
Posted 05 January 2012 - 04:33 PM

Daniel Tasayco

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Explain which file has indicated you the use of Defogger. I ask this because I use CD emulation programs like UltraISO
  • 0

#33
Render
Posted 05 January 2012 - 04:40 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
C:\Windows\System32\Drivers\sptd.sys
  • 0

#34
Daniel Tasayco
Posted 05 January 2012 - 05:22 PM

Daniel Tasayco

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
aswMBR version 0.9.9.1156 Copyright© 2011 AVAST Software
Run date: 2012-01-05 17:52:49
-----------------------------
17:52:49.060 OS Version: Windows 6.1.7600
17:52:49.060 Number of processors: 2 586 0x1706
17:52:49.075 ComputerName: PC UserName:
17:52:59.871 Initialize success
17:57:07.393 AVAST engine defs: 12010501
18:05:10.506 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
18:05:10.508 Disk 0 Vendor: ST3802110A 3.AAJ Size: 76318MB BusType: 3
18:05:10.511 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP5T0L0-6
18:05:10.513 Disk 1 Vendor: ST3160813AS CC2F Size: 152626MB BusType: 3
18:05:10.519 Disk 0 MBR read successfully
18:05:10.522 Disk 0 MBR scan
18:05:10.526 Disk 0 Windows 7 default MBR code
18:05:10.529 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 39997 MB offset 63
18:05:10.535 Disk 0 Partition - 00 0F Extended LBA 36310 MB offset 81915435
18:05:10.556 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 36310 MB offset 81915498
18:05:10.578 Disk 0 scanning sectors +156280320
18:05:10.663 Disk 0 scanning C:\Windows\system32\drivers
18:05:28.600 Service scanning
18:05:31.030 Modules scanning
18:05:49.868 Disk 0 trace - called modules:
18:05:49.892 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll pciide.sys PCIIDEX.SYS atapi.sys dxgkrnl.sys atikmpag.sys atikmdag.sys dxgmms1.sys HDAudBus.sys watchdog.sys
18:05:49.897 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86236460]
18:05:49.902 3 CLASSPNP.SYS[8958659e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x86134680]
18:05:50.571 AVAST engine scan C:\Windows
18:05:55.718 AVAST engine scan C:\Windows\system32
18:08:12.270 AVAST engine scan C:\Windows\system32\drivers
18:08:28.944 AVAST engine scan C:\Users\Skippan
18:14:54.284 AVAST engine scan C:\ProgramData
18:16:12.518 Scan finished successfully
18:16:29.942 Disk 0 MBR has been saved successfully to "C:\Users\Skippan\Desktop\MBR.dat"
18:16:29.948 The log file has been saved successfully to "C:\Users\Skippan\Desktop\aswMBR.txt"


Attached File  mbr.zip   559bytes   75 downloads
  • 0

#35
Render
Posted 05 January 2012 - 05:49 PM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
MBR seems OK. Do the following please:

  • Please open Firefox.
  • Click on the "Tools" menu in Mozilla Firefox and then click on "Options."
  • Click on the "Advanced" tab in the options dialog box.
  • Click on the "Network" tab and then click on the "Settings" button.
  • Select the "Auto-detect proxy settings for this network" option.
  • Click on the "OK" button.

NEXT...

Posted Image OTL Custom Scan

  • Double click on the Posted Image icon to run it.
  • Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top, make sure Stadard output is selected.
  • Select Scan all users
  • Under the Extra Registry section, check Use SafeList
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scans/Fixes box copy and paste this in:

    netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
  • Click the Posted Image button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

  • 0

#36
Daniel Tasayco
Posted 05 January 2012 - 06:34 PM

Daniel Tasayco

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
OTL logfile created on: 05/01/2012 19:21:10 - Run 7
OTL by OldTimer - Version 3.2.31.0 Folder = G:\Instaladores\Portatiles
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 0000280A | Country: Perú | Language: ESR | Date Format: dd/MM/yyyy

1,96 Gb Total Physical Memory | 0,54 Gb Available Physical Memory | 27,71% Memory free
3,93 Gb Paging File | 1,91 Gb Available in Paging File | 48,66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 39,06 Gb Total Space | 8,46 Gb Free Space | 21,65% Space Free | Partition Type: NTFS
Drive D: | 35,46 Gb Total Space | 15,81 Gb Free Space | 44,60% Space Free | Partition Type: NTFS
Drive G: | 149,05 Gb Total Space | 17,92 Gb Free Space | 12,02% Space Free | Partition Type: NTFS

Computer Name: PC | User Name: Skippan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/12/24 11:51:35 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox 3.6 Beta 1\firefox.exe
PRC - [2011/12/24 11:51:34 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox 3.6 Beta 1\plugin-container.exe
PRC - [2011/12/21 13:34:39 | 000,584,192 | ---- | M] (OldTimer Tools) -- G:\Instaladores\Portatiles\OTL.exe
PRC - [2011/10/25 21:01:18 | 000,417,792 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011/10/25 21:00:46 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011/08/01 23:45:51 | 001,242,448 | ---- | M] (Valve Corporation) -- G:\Steam1\steam.exe
PRC - [2011/05/24 11:02:16 | 000,929,792 | ---- | M] (Ray Adams) -- C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe
PRC - [2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/09 15:08:58 | 000,146,000 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
PRC - [2010/10/28 18:32:48 | 001,352,272 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
PRC - [2009/08/29 01:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Skippan\Local Settings\Apps\F.lux\flux.exe
PRC - [2009/07/13 20:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/02/06 14:23:36 | 000,727,720 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2009/02/06 14:23:12 | 002,021,400 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe


========== Modules (No Company Name) ==========

MOD - [2012/01/05 14:42:21 | 014,410,024 | ---- | M] () -- G:\Steam1\bin\libcef.dll
MOD - [2012/01/05 14:42:18 | 000,194,344 | ---- | M] () -- G:\Steam1\bin\chromehtml.dll
MOD - [2012/01/05 14:42:16 | 000,091,432 | ---- | M] () -- G:\Steam1\bin\avutil-50.dll
MOD - [2012/01/05 14:42:13 | 000,155,432 | ---- | M] () -- G:\Steam1\bin\avformat-52.dll
MOD - [2012/01/05 14:42:11 | 000,914,216 | ---- | M] () -- G:\Steam1\bin\avcodec-52.dll
MOD - [2011/12/24 11:51:34 | 002,124,760 | ---- | M] () -- C:\Program Files\Mozilla Firefox 3.6 Beta 1\mozjs.dll
MOD - [2011/11/17 17:59:15 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2011/11/04 09:54:16 | 000,930,304 | ---- | M] () -- C:\Users\Skippan\AppData\Roaming\Mozilla\Firefox\Profiles\2351liaf.default\extensions\[email protected]\platform\WINNT_x86-msvc\components\lpxpcom.dll
MOD - [2011/10/14 09:14:17 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\ae9d0d1289e64e7bf042108e547251ac\Microsoft.VisualBasic.ni.dll
MOD - [2011/10/14 08:36:43 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\275680f2b9db0501d53c50ea7d7a43f0\System.Xml.ni.dll
MOD - [2011/10/14 08:36:39 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e9ebeb7959f1c916ebf6fca8f7077d6c\System.Configuration.ni.dll
MOD - [2011/10/14 08:36:38 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\95b9866ab6e4437ef5dc5855ebab4e33\System.ni.dll
MOD - [2011/10/14 08:36:31 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll
MOD - [2011/02/19 16:14:48 | 000,187,904 | ---- | M] () -- C:\Program Files\Ray Adams\ATI Tray Tools\raphook.dll
MOD - [2009/08/29 01:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Skippan\Local Settings\Apps\F.lux\flux.exe
MOD - [2009/08/16 17:06:02 | 000,141,312 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2008/04/11 11:33:18 | 000,020,480 | ---- | M] () -- C:\Program Files\Ray Adams\ATI Tray Tools\plugins\mg_intelcpu.dll
MOD - [2008/04/09 11:08:46 | 000,016,896 | ---- | M] () -- C:\Program Files\Ray Adams\ATI Tray Tools\plugins\mg_amdcore.dll
MOD - [2007/09/14 10:35:34 | 000,020,480 | ---- | M] () -- C:\Program Files\Ray Adams\ATI Tray Tools\plugins\mg_cpuload.dll
MOD - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
MOD - [2007/09/02 13:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.dll
MOD - [2007/03/07 07:26:34 | 000,077,824 | ---- | M] () -- C:\Program Files\Ray Adams\ATI Tray Tools\support.dll
MOD - [2007/03/07 07:25:26 | 000,024,576 | ---- | M] () -- C:\Program Files\Ray Adams\ATI Tray Tools\kbdhook.dll
MOD - [2007/01/03 15:09:46 | 000,017,408 | ---- | M] () -- C:\Program Files\Ray Adams\ATI Tray Tools\plugins\mg_xvlt.dll
MOD - [2006/12/26 12:53:28 | 000,019,456 | ---- | M] () -- C:\Program Files\Ray Adams\ATI Tray Tools\plugins\mg_hdddtemp.dll
MOD - [2006/12/25 04:02:24 | 000,024,576 | ---- | M] () -- C:\Program Files\Ray Adams\ATI Tray Tools\plugins\mongraphsexample.dll
MOD - [2005/11/29 12:38:20 | 000,023,552 | ---- | M] () -- C:\Program Files\Ray Adams\ATI Tray Tools\plugins\hddtemp.dll
MOD - [2005/11/29 12:34:38 | 000,028,672 | ---- | M] () -- C:\Program Files\Ray Adams\ATI Tray Tools\plugins\pciset.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/12/14 15:26:36 | 003,316,000 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_b427739.dll -- (Akamai)
SRV - [2011/10/25 21:00:46 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011/08/02 09:29:32 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- D:\Project\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/10/28 05:13:30 | 000,293,456 | ---- | M] (Logitech, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/02/06 14:27:06 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/02/06 14:23:36 | 000,727,720 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)


========== Driver Services (SafeList) ==========

DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/10/25 22:03:48 | 008,853,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011/10/25 20:21:36 | 000,264,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2011/03/27 05:35:12 | 000,020,384 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys -- (atitray)
DRV - [2010/11/20 17:27:45 | 000,420,920 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/09/14 14:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)) WsAudio_DeviceS(5)
DRV - [2010/09/14 14:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)) WsAudio_DeviceS(4)
DRV - [2010/09/14 14:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)) WsAudio_DeviceS(3)
DRV - [2010/09/14 14:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)) WsAudio_DeviceS(2)
DRV - [2010/09/14 14:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)) WsAudio_DeviceS(1)
DRV - [2010/09/11 08:14:02 | 000,023,608 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DrmRAudio.sys -- (DrmRAudio)
DRV - [2010/08/24 12:31:18 | 000,028,624 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2010/08/24 12:31:02 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2010/08/24 12:30:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2010/02/03 15:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/09/28 20:57:28 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/09/28 19:34:48 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2009/07/13 18:53:40 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST)
DRV - [2009/07/13 18:53:36 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\loop.sys -- (msloop)
DRV - [2009/07/13 18:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 17:02:52 | 000,214,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1y6032.sys -- (e1yexpress) Controlador de conexiones de red Gigabit Intel®
DRV - [2009/06/17 11:56:24 | 000,079,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2009/06/17 11:55:26 | 000,063,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2009/06/17 11:55:18 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2009/06/10 16:19:48 | 009,853,248 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/02/06 14:24:26 | 000,092,800 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV - [2009/02/06 14:23:18 | 000,106,208 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/02/06 14:19:52 | 000,113,448 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamon.sys -- (eamon)
DRV - [2008/08/11 12:41:00 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1163170254-3979645759-394990546-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = es-pe
IE - HKU\S-1-5-21-1163170254-3979645759-394990546-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FA BA 3A E8 79 5A CA 01 [binary data]
IE - HKU\S-1-5-21-1163170254-3979645759-394990546-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1163170254-3979645759-394990546-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.12
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.2
FF - prefs.js..extensions.enabledItems: [email protected]:7.2.2
FF - prefs.js..extensions.enabledItems: {c33c5b47-69c8-45a4-a5e0-af85bbe628dd}:1.6.1.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.70.0
FF - prefs.js..extensions.enabledItems: {0fa2149e-bb2c-4ac2-a8d3-479599819475}:2.0.1
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 50929
FF - prefs.js..network.proxy.type: 4


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\Project\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\Project\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox 3.6 Beta 1\components [2011/12/24 11:51:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox 3.6 Beta 1\plugins [2011/11/02 20:54:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2009/10/31 19:05:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\Skippan\AppData\Roaming\IDM\idmmzcc5

[2011/02/24 15:52:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Skippan\AppData\Roaming\mozilla\Extensions
[2011/12/12 07:17:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Skippan\AppData\Roaming\mozilla\Firefox\Profiles\2351liaf.default\extensions
[2011/12/12 07:17:34 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Skippan\AppData\Roaming\mozilla\Firefox\Profiles\2351liaf.default\extensions\[email protected]
[2010/08/02 20:04:18 | 000,002,388 | ---- | M] () -- C:\Users\Skippan\AppData\Roaming\Mozilla\Firefox\Profiles\2351liaf.default\searchplugins\google-images-album-art-300x300.xml
[2010/08/02 20:03:24 | 000,002,686 | ---- | M] () -- C:\Users\Skippan\AppData\Roaming\Mozilla\Firefox\Profiles\2351liaf.default\searchplugins\google-imgenes.xml
[2009/05/25 18:53:21 | 000,002,996 | ---- | M] () -- C:\Users\Skippan\AppData\Roaming\Mozilla\Firefox\Profiles\2351liaf.default\searchplugins\imdb.xml
[2010/03/21 13:44:33 | 000,004,859 | ---- | M] () -- C:\Users\Skippan\AppData\Roaming\Mozilla\Firefox\Profiles\2351liaf.default\searchplugins\isohunt--bt-search.xml
[2011/12/04 15:14:13 | 000,000,727 | ---- | M] () -- C:\Users\Skippan\AppData\Roaming\Mozilla\Firefox\Profiles\2351liaf.default\searchplugins\podnapisinet.xml
[2009/07/20 21:39:58 | 000,002,305 | ---- | M] () -- C:\Users\Skippan\AppData\Roaming\Mozilla\Firefox\Profiles\2351liaf.default\searchplugins\rae---dle-aproximacin.xml
[2009/04/21 19:08:09 | 000,001,330 | ---- | M] () -- C:\Users\Skippan\AppData\Roaming\Mozilla\Firefox\Profiles\2351liaf.default\searchplugins\wikipedia-en.xml
[2009/11/11 14:37:26 | 000,001,348 | ---- | M] () -- C:\Users\Skippan\AppData\Roaming\Mozilla\Firefox\Profiles\2351liaf.default\searchplugins\wikipedia-es.xml
[2011/12/07 07:45:22 | 000,001,997 | ---- | M] () -- C:\Users\Skippan\AppData\Roaming\Mozilla\Firefox\Profiles\2351liaf.default\searchplugins\wolframalpha.xml
[2009/04/20 16:27:00 | 000,001,546 | ---- | M] () -- C:\Users\Skippan\AppData\Roaming\Mozilla\Firefox\Profiles\2351liaf.default\searchplugins\wowhead.xml
[2009/04/20 15:46:21 | 000,001,905 | ---- | M] () -- C:\Users\Skippan\AppData\Roaming\Mozilla\Firefox\Profiles\2351liaf.default\searchplugins\wowwiki-en.xml
[2009/04/20 15:20:23 | 000,002,379 | ---- | M] () -- C:\Users\Skippan\AppData\Roaming\Mozilla\Firefox\Profiles\2351liaf.default\searchplugins\wr-english-spanish.xml
[2009/05/25 18:53:21 | 000,002,431 | ---- | M] () -- C:\Users\Skippan\AppData\Roaming\Mozilla\Firefox\Profiles\2351liaf.default\searchplugins\youtube.xml
() (No name found) -- C:\USERS\SKIPPAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2351LIAF.DEFAULT\EXTENSIONS\{097D3191-E6FA-4728-9826-B533D755359D}.XPI
() (No name found) -- C:\USERS\SKIPPAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2351LIAF.DEFAULT\EXTENSIONS\{C33C5B47-69C8-45A4-A5E0-AF85BBE628DD}.XPI
() (No name found) -- C:\USERS\SKIPPAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2351LIAF.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\SKIPPAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2351LIAF.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
() (No name found) -- C:\USERS\SKIPPAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2351LIAF.DEFAULT\EXTENSIONS\{EF4E370E-D9F0-4E00-B93E-A4F274CFDD5A}.XPI
() (No name found) -- C:\USERS\SKIPPAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2351LIAF.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\SKIPPAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2351LIAF.DEFAULT\EXTENSIONS\[email protected]

O1 HOSTS File: ([2012/01/03 23:30:36 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Project\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKU\S-1-5-21-1163170254-3979645759-394990546-1000\..\Toolbar\WebBrowser: (no name) - {B760D5A4-8D24-4CB6-942E-D6BB540AD88C} - No CLSID value found.
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-21-1163170254-3979645759-394990546-1000..\Run: [AtiTrayTools] C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe (Ray Adams)
O4 - HKU\S-1-5-21-1163170254-3979645759-394990546-1000..\Run: [F.lux] C:\Users\Skippan\Local Settings\Apps\F.lux\flux.exe ()
O4 - HKU\S-1-5-21-1163170254-3979645759-394990546-1000..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - Startup: C:\Users\Skippan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ATI Tray Tools.lnk = C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe (Ray Adams)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1163170254-3979645759-394990546-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1163170254-3979645759-394990546-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKU\S-1-5-21-1163170254-3979645759-394990546-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1163170254-3979645759-394990546-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xportar a Microsoft Excel - D:\Project\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Open with &LoadScout... - C:\Program Files\SoftLogica\LoadScout 3.0\LoadScout.exe ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-1163170254-3979645759-394990546-1000\..Trusted Ranges: Range1979 ([http] in Sitios de confianza)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.222.222 208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{14D39336-A29D-4F0F-85A3-B1877CBDEA6A}: DhcpNameServer = 208.67.222.222 208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{14D39336-A29D-4F0F-85A3-B1877CBDEA6A}: NameServer = 8.8.8.8,8.8.8.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B5FAC8AF-9297-40D3-94EF-BDB2CC4BCE6D}: DhcpNameServer = 208.67.222.222 208.67.220.220
O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found
O18 - Protocol\Handler\AutorunsDisabled\skype4com - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\AutorunsDisabled: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop Components:0 (Mi página de inicio actual) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/01/05 17:45:50 | 004,704,768 | ---- | C] (AVAST Software) -- C:\Users\Skippan\Desktop\aswMBR.exe
[2012/01/01 14:37:05 | 000,000,000 | ---D | C] -- C:\Users\Skippan\AppData\Local\{68BFD988-A01E-4F3A-B128-CB656EF051DE}
[2011/12/29 16:45:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/12/28 10:15:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/28 10:15:07 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/12/28 10:15:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/12/28 10:08:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/12/25 17:30:42 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/12/25 17:30:42 | 000,000,000 | ---D | C] -- C:\Users\Skippan\AppData\Local\temp
[2011/12/25 17:24:15 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/12/25 16:52:10 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/12/25 16:52:10 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/12/25 16:52:10 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/12/25 16:52:02 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/12/25 16:49:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/25 15:26:50 | 000,000,000 | ---D | C] -- C:\Users\Skippan\AppData\Roaming\AtomZombieData
[2011/12/25 14:59:25 | 000,000,000 | ---D | C] -- C:\Users\Skippan\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/12/24 13:15:28 | 000,000,000 | ---D | C] -- C:\Users\Skippan\AppData\Roaming\Broken Rules
[2011/12/24 10:47:52 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx
[2011/12/24 10:47:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft XNA
[2011/12/23 19:34:39 | 000,000,000 | ---D | C] -- C:\Users\Skippan\Documents\23-12-2011
[2011/12/23 19:33:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/12/23 19:33:26 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/12/23 17:35:52 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/12/23 17:35:52 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/12/23 17:35:52 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/12/21 13:16:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes-BackupByMalwarebytesPortable
[2011/12/21 13:16:02 | 000,000,000 | ---D | C] -- C:\Users\Skippan\AppData\Roaming\Malwarebytes
[2011/12/18 21:48:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Steam
[2011/12/18 21:47:36 | 000,000,000 | ---D | C] -- C:\ProgramData\PopCap Games
[2011/12/15 07:59:46 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/12/15 07:59:45 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/12/15 07:59:43 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/12/15 07:59:43 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/12/15 07:59:43 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/12/15 07:59:42 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/12/15 07:59:41 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/12/15 07:59:38 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/12/15 07:59:37 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/12/15 07:59:36 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/12/15 07:59:36 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/12/15 07:59:36 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/12/15 07:59:27 | 002,340,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/12/15 07:59:07 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/12/15 07:58:41 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/12/15 07:58:31 | 003,957,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/12/15 07:58:30 | 003,901,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/12/15 07:58:23 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011/12/13 16:01:15 | 000,102,400 | ---- | C] (Blizzard Entertainment) -- C:\Windows\DIIUnin.exe
[2011/12/13 16:01:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo II
[2011/12/11 19:25:48 | 000,000,000 | ---D | C] -- C:\Users\Skippan\AppData\Local\{52AF3B7A-6DCB-434D-AA54-64B91158BA46}
[2011/12/11 19:25:34 | 000,000,000 | ---D | C] -- C:\Users\Skippan\AppData\Local\{DCC9C6D0-1E4A-4936-93CF-2A5DAA2C39F9}
[2011/12/11 14:09:35 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2011/12/11 14:08:42 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2011/12/09 13:32:56 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2011/12/09 13:25:21 | 000,000,000 | ---D | C] -- C:\Program Files\CA580
[2011/12/09 13:24:40 | 000,000,000 | ---D | C] -- C:\Users\Skippan\AppData\Roaming\125CA
[2011/12/08 11:06:16 | 000,000,000 | ---D | C] -- C:\Users\Skippan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ornamentum

========== Files - Modified Within 30 Days ==========

[2012/01/05 18:22:33 | 000,000,559 | ---- | M] () -- C:\Users\Skippan\Desktop\mbr.zip
[2012/01/05 17:58:02 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/05 17:58:02 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/05 17:50:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/05 17:50:28 | 1582,206,976 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/05 17:47:55 | 000,000,020 | ---- | M] () -- C:\Users\Skippan\defogger_reenable
[2012/01/05 17:46:50 | 000,050,477 | ---- | M] () -- C:\Users\Skippan\Desktop\Defogger.exe
[2012/01/05 17:46:20 | 004,704,768 | ---- | M] (AVAST Software) -- C:\Users\Skippan\Desktop\aswMBR.exe
[2012/01/05 12:11:04 | 000,703,602 | ---- | M] () -- C:\Windows\System32\perfh00A.dat
[2012/01/05 12:11:04 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/05 12:11:04 | 000,137,600 | ---- | M] () -- C:\Windows\System32\perfc00A.dat
[2012/01/05 12:11:04 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/01/04 00:04:47 | 000,007,614 | ---- | M] () -- C:\Users\Skippan\AppData\Local\Resmon.ResmonCfg
[2012/01/03 23:30:36 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/12/28 09:53:00 | 000,176,764 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat
[2011/12/25 15:19:06 | 000,000,132 | ---- | M] () -- C:\Users\Skippan\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/12/23 17:35:10 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011/12/23 17:35:09 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011/12/23 17:35:08 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011/12/23 17:35:04 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2011/12/17 11:11:50 | 000,000,285 | ---- | M] () -- C:\Users\Skippan\AppData\Roaming\Network Meter_Settings.ini
[2011/12/15 14:52:24 | 003,772,248 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/13 16:01:16 | 000,013,107 | ---- | M] () -- C:\Windows\DIIUnin.dat
[2011/12/13 16:01:15 | 000,102,400 | ---- | M] (Blizzard Entertainment) -- C:\Windows\DIIUnin.exe
[2011/12/13 16:01:15 | 000,002,829 | ---- | M] () -- C:\Windows\DIIUnin.pif
[2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2012/01/05 18:22:20 | 000,000,559 | ---- | C] () -- C:\Users\Skippan\Desktop\mbr.zip
[2012/01/05 17:47:25 | 000,000,020 | ---- | C] () -- C:\Users\Skippan\defogger_reenable
[2012/01/05 17:46:49 | 000,050,477 | ---- | C] () -- C:\Users\Skippan\Desktop\Defogger.exe
[2011/12/25 16:52:10 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/25 16:52:10 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/25 16:52:10 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/25 16:52:10 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/25 16:52:10 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/13 16:01:16 | 000,013,107 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2011/12/13 16:01:15 | 000,002,829 | ---- | C] () -- C:\Windows\DIIUnin.pif
[2011/10/25 20:31:36 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat
[2011/10/25 20:31:36 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/09/12 17:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011/08/30 09:33:12 | 000,239,869 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011/07/27 17:49:34 | 000,000,285 | ---- | C] () -- C:\Users\Skippan\AppData\Roaming\Network Meter_Settings.ini
[2011/07/08 22:36:24 | 003,772,248 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/05/24 23:44:26 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011/03/26 14:15:58 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/02/12 15:58:50 | 000,155,090 | ---- | C] () -- C:\Windows\HPHins15.dat
[2011/02/01 23:19:07 | 000,055,808 | ---- | C] () -- C:\Windows\System32\zlib1.dll
[2010/12/20 07:46:36 | 000,000,132 | ---- | C] () -- C:\Users\Skippan\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/12/19 14:15:11 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010/12/15 22:38:37 | 000,001,456 | ---- | C] () -- C:\Users\Skippan\AppData\Local\Adobe Guardar para Web 12.0 Prefs
[2010/09/14 20:09:58 | 000,140,496 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010/06/03 21:06:44 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/06/02 18:55:25 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/04/27 19:08:03 | 000,000,305 | ---- | C] () -- C:\Windows\game.ini
[2010/04/04 22:30:51 | 000,303,104 | ---- | C] () -- C:\Windows\System32\CmiInstallResAll.dll
[2010/04/04 22:30:51 | 000,002,678 | ---- | C] () -- C:\Windows\cmudax3.ini
[2010/03/02 16:55:36 | 000,022,328 | ---- | C] () -- C:\Users\Skippan\AppData\Roaming\PnkBstrK.sys
[2010/02/20 22:32:22 | 000,280,736 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010/02/20 22:31:58 | 000,090,112 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010/02/15 09:25:06 | 000,176,764 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010/01/07 12:49:13 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2009/12/23 20:24:52 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/11/09 14:44:23 | 000,000,088 | RHS- | C] () -- C:\ProgramData\95DBFB04A2.sys
[2009/11/09 14:44:22 | 000,002,984 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2009/10/31 18:46:58 | 000,146,432 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2009/10/31 18:46:58 | 000,072,704 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2009/10/31 18:05:53 | 000,007,614 | ---- | C] () -- C:\Users\Skippan\AppData\Local\Resmon.ResmonCfg
[2009/07/14 03:48:37 | 000,703,602 | ---- | C] () -- C:\Windows\System32\perfh00A.dat
[2009/07/14 03:48:37 | 000,341,432 | ---- | C] () -- C:\Windows\System32\perfi00A.dat
[2009/07/14 03:48:37 | 000,137,600 | ---- | C] () -- C:\Windows\System32\perfc00A.dat
[2009/07/14 03:48:37 | 000,041,390 | ---- | C] () -- C:\Windows\System32\perfd00A.dat
[2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:05:48 | 000,615,810 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 21:05:48 | 000,106,190 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 19:55:09 | 001,332,736 | ---- | C] () -- C:\Windows\System32\hpotiop1.dll
[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/04/20 14:08:13 | 009,226,664 | ---- | C] () -- C:\Users\Skippan\AppData\Local\IconCache (1).db
[2009/04/19 20:07:16 | 000,034,816 | ---- | C] () -- C:\Users\Skippan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/19 20:03:15 | 000,072,744 | ---- | C] () -- C:\Users\Skippan\AppData\Local\GDIPFONTCACHEV1 (1).DAT
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007/08/28 01:45:15 | 000,002,828 | ---- | C] () -- C:\Windows\hphmdl15.dat
[2007/02/04 13:16:10 | 000,074,240 | ---- | C] () -- C:\Windows\ogg.exe

========== LOP Check ==========

[2010/05/01 17:32:45 | 000,000,000 | ---D | M] -- C:\Users\floppyc\AppData\Roaming\bitolithic
[2010/08/16 16:20:31 | 000,000,000 | ---D | M] -- C:\Users\floppyc\AppData\Roaming\DAEMON Tools Lite
[2010/11/20 17:34:49 | 000,000,000 | ---D | M] -- C:\Users\floppyc\AppData\Roaming\DAEMON Tools Pro
[2011/12/23 17:22:37 | 000,000,000 | ---D | M] -- C:\Users\floppyc\AppData\Roaming\DMCache
[2010/01/29 23:01:28 | 000,000,000 | ---D | M] -- C:\Users\floppyc\AppData\Roaming\fofix
[2012/01/04 10:42:39 | 000,000,000 | ---D | M] -- C:\Users\floppyc\AppData\Roaming\Foxit Software
[2011/09/23 21:25:11 | 000,000,000 | ---D | M] -- C:\Users\floppyc\AppData\Roaming\GarenaMessenger
[2012/01/05 13:38:24 | 000,000,000 | ---D | M] -- C:\Users\floppyc\AppData\Roaming\GarenaPlus
[2011/12/15 18:40:51 | 000,000,000 | ---D | M] -- C:\Users\floppyc\AppData\Roaming\IDM
[2010/11/22 15:53:15 | 000,000,000 | ---D | M] -- C:\Users\floppyc\AppData\Roaming\LoadScout
[2011/06/04 22:05:04 | 000,000,000 | ---D | M] -- C:\Users\floppyc\AppData\Roaming\LolClient
[2011/06/01 13:09:35 | 000,000,000 | ---D | M] -- C:\Users\floppyc\AppData\Roaming\My Battle for Middle-earth™ II Files
[2010/08/01 15:21:34 | 000,000,000 | ---D | M] -- C:\Users\floppyc\AppData\Roaming\TeraCopy
[2010/06/02 18:50:14 | 000,000,000 | ---D | M] -- C:\Users\floppyc\AppData\Roaming\TS3Client
[2009/11/15 01:27:08 | 000,000,000 | ---D | M] -- C:\Users\floppyc\AppData\Roaming\TuneUp Software
[2011/12/15 18:40:51 | 000,000,000 | ---D | M] -- C:\Users\floppyc\AppData\Roaming\uTorrent
[2011/12/09 16:20:28 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\125CA
[2011/04/25 23:52:16 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Amazon
[2011/12/28 16:42:05 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\AtomZombieData
[2010/05/01 14:45:37 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\bitolithic
[2010/12/06 23:05:44 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\BitTorrent
[2011/12/01 19:49:04 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Braid
[2011/12/24 13:15:28 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Broken Rules
[2011/07/21 00:29:07 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\calibre
[2010/11/27 09:02:04 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Canneverbe Limited
[2010/09/19 17:00:37 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/10/31 18:26:27 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Criterion Games
[2011/12/11 14:52:58 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\DMCache
[2011/02/07 18:52:03 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\fofix
[2009/10/31 19:12:08 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Foxit
[2011/06/14 23:53:28 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Foxit Software
[2011/01/26 21:59:52 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Leadertech
[2010/08/17 15:12:33 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\LG Electronics
[2010/11/21 19:32:36 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\LoadScout
[2011/02/24 14:10:23 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Logia
[2011/11/01 22:29:40 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\MinMaxGames
[2011/03/07 22:13:56 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\mkvtoolnix
[2010/11/28 13:46:28 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Mount&Blade Warband
[2011/07/22 15:18:34 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\My Battle for Middle-earth™ II Files
[2009/12/23 20:32:15 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Opera
[2010/12/23 12:09:22 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Polynomial
[2011/07/26 11:33:18 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Rainmeter
[2010/08/16 16:21:15 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Red Alert 3
[2011/12/25 14:59:25 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/02/07 13:21:10 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\TeraCopy
[2009/10/31 18:26:30 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\The Creative Assembly
[2009/11/14 22:12:59 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\TuneUp Software
[2010/04/23 23:31:23 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Ubisoft
[2012/01/05 17:48:03 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\uTorrent
[2011/08/08 17:50:32 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Watchtower
[2011/11/30 20:01:34 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Windows Live Writer
[2009/11/01 11:29:04 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\WUU
[2010/06/17 00:07:29 | 000,000,000 | ---D | M] -- C:\Users\Thymaris\AppData\Roaming\Facebook
[2011/08/31 18:48:10 | 000,000,000 | ---D | M] -- C:\Users\Thymaris\AppData\Roaming\Foxit Software
[2010/08/16 16:21:53 | 000,000,000 | ---D | M] -- C:\Users\Thymaris\AppData\Roaming\IDM
[2009/11/16 10:09:11 | 000,000,000 | ---D | M] -- C:\Users\Thymaris\AppData\Roaming\TuneUp Software
[2011/02/24 14:10:55 | 000,000,000 | ---D | M] -- C:\Users\vencer\AppData\Roaming\calibre
[2010/09/18 15:27:25 | 000,000,000 | ---D | M] -- C:\Users\vencer\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011/12/23 08:47:07 | 000,000,000 | ---D | M] -- C:\Users\vencer\AppData\Roaming\DMCache
[2011/06/12 17:13:46 | 000,000,000 | ---D | M] -- C:\Users\vencer\AppData\Roaming\Foxit Software
[2011/12/10 11:46:27 | 000,000,000 | ---D | M] -- C:\Users\vencer\AppData\Roaming\IDM
[2011/08/01 22:13:37 | 000,000,000 | ---D | M] -- C:\Users\vencer\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/08/04 13:41:20 | 000,000,000 | ---D | M] -- C:\Users\vencer\AppData\Roaming\TeraCopy
[2009/11/16 06:40:34 | 000,000,000 | ---D | M] -- C:\Users\vencer\AppData\Roaming\TuneUp Software
[2011/04/05 08:02:42 | 000,000,000 | ---D | M] -- C:\Users\vencer\AppData\Roaming\Watchtower
[2011/12/02 15:27:39 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009/07/13 20:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011/02/26 00:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\ERDNT\cache\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\explorer.exe
[2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009/08/03 00:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009/08/03 00:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009/10/31 01:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: SVCHOST.EXE >
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\ERDNT\cache\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009/07/13 20:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\ERDNT\cache\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe
[2009/07/13 20:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009/10/28 01:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\ERDNT\cache\winlogon.exe
[2009/10/28 01:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\System32\winlogon.exe
[2009/10/28 01:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 00:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2009/07/13 20:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

< %systemroot%\*. /mp /s >

< End of report >ç

OTL Extras logfile created on: 05/01/2012 19:21:10 - Run 7
OTL by OldTimer - Version 3.2.31.0 Folder = G:\Instaladores\Portatiles
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 0000280A | Country: Perú | Language: ESR | Date Format: dd/MM/yyyy

1,96 Gb Total Physical Memory | 0,54 Gb Available Physical Memory | 27,71% Memory free
3,93 Gb Paging File | 1,91 Gb Available in Paging File | 48,66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 39,06 Gb Total Space | 8,46 Gb Free Space | 21,65% Space Free | Partition Type: NTFS
Drive D: | 35,46 Gb Total Space | 15,81 Gb Free Space | 44,60% Space Free | Partition Type: NTFS
Drive G: | 149,05 Gb Total Space | 17,92 Gb Free Space | 12,02% Space Free | Partition Type: NTFS

Computer Name: PC | User Name: Skippan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox 3.6 Beta 1\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-1163170254-3979645759-394990546-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox 3.6 Beta 1\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- D:\Program Files\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- Reg Error: Value error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"6112:UDP" = 6112:UDP:*:Enabled:war udp
"6112:TCP" = 6112:TCP:*:Enabled:war tcp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{51DD370C-6690-424E-9674-5F14468B323F}" = Corel Graphics - Windows Shell Extension
"_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW® Graphics Suite X5
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{03E66394-42F0-4745-85F7-0A2F8F35C09F}" = HP Deskjet Printer Driver Software 9.0
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{064DC64E-7A2F-4FDF-B598-E3C0747BBB9C}" = Call of Duty® - World at War™ 1.6 Patch
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B7BA3EE-D7AC-494E-999D-DA58D6D01DAC}" = LG PC Suite
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp
"{153C7D89-9CF4-4719-A551-C5BF45236DB5}" = redist
"{15C70064-2463-49dd-9A88-B700F75BB428}" = dj_sf_ProductContext
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery
"{24D9A3E0-D086-4B62-AF93-63CF6B05CB48}" = CorelDRAW Graphics Suite X5 - Custom Data
"{260ED378-2B8C-4831-ADAE-D0712D119AC5}" = CorelDRAW Graphics Suite X5 - VSTA
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java™ 6 Update 30
"{29FA38B4-0AE4-4D0D-8A51-6165BB990BB0}" = WebReg
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BC74395-9275-427B-8A5B-05C14DE7A1C2}" = calibre
"{2BF0AE92-C3BC-4112-9066-1546342B1FAE}" = Call of Duty® - World at War™ 1.2 Patch
"{2F467E6E-F7D2-43cc-91B9-4FCC105AE30D}" = D2400
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{3472C84E-2FD0-439F-B27F-C290C1E4CD8B}" = CorelDRAW Graphics Suite X5 - Filters
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{45FE5100-6C09-4B34-AC2F-92D8B3864546}" = LiveUpload to Facebook
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{51DD370C-6690-424E-9674-5F14468B323F}" = Corel Graphics - Windows Shell Extension
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport
"{54B8F4A1-02B0-4D32-8F37-925526C0EEC6}" = CorelDRAW Graphics Suite X5 - Connect
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57400C1E-BC51-4ECE-AD2A-A6096204DDEC}" = CorelDRAW Graphics Suite X5 - VBA
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{59123CCF-FED2-46FF-9293-D1DC80042219}" = CorelDRAW Graphics Suite X5 - Redist
"{5AB36A6C-27A8-4CB1-89A1-9D05F3F16625}" = Mobile Mouse Server
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{6072EF5D-2EBB-4FBA-8BE5-1C2BA21E8CFA}" = Watchtower Library 2009 - español
"{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}" = CorelDRAW Graphics Suite X5 - Draw
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68EE5C41-2F79-4F36-BE85-22A814F55AF7}" = CorelDRAW Graphics Suite X5 - ES
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71929EC1-FDB2-4A67-AAAD-936E4539FA84}_is1" = Driver Sweeper 2.1.0
"{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone
"{750C87B8-AF19-4C3C-B791-50D9C83AE572}" = Call of Duty® - World at War™ 1.7 Patch
"{75C22B40-6D12-4439-80DC-CAB3313EADA5}" = dj_sf_software_req
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{78BA3E3A-31D5-4F58-95B4-180392026E38}" = LG PC Suite
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DA9D7E6-8F69-4171-9007-81B0A84C83F6}" = CDisplay
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{90120000-00B2-0C0A-0000-0000000FF1CE}" = Complemento Guardar como PDF o XPS de Microsoft para programas de Microsoft Office 2007
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0C0A-0000-0000000FF1CE}" = Microsoft Office Access MUI (Spanish) 2010
"{90140000-0016-0C0A-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Spanish) 2010
"{90140000-0018-0C0A-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Spanish) 2010
"{90140000-0019-0C0A-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Spanish) 2010
"{90140000-001A-0C0A-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Spanish) 2010
"{90140000-001B-0C0A-0000-0000000FF1CE}" = Microsoft Office Word MUI (Spanish) 2010
"{90140000-001F-0403-0000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2010
"{90140000-001F-042D-0000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2010
"{90140000-001F-0456-0000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing (Spanish) 2010
"{90140000-0044-0C0A-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Spanish) 2010
"{90140000-006E-0C0A-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Spanish) 2010
"{90140000-00A1-0C0A-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Spanish) 2010
"{90140000-00BA-0C0A-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Spanish) 2010
"{914DD274-9C5D-44CA-9AC7-12B8D2D4DA08}" = Windows Live Sync
"{9244E956-5939-4B88-930C-0699D4AB2B95}" = CorelDRAW Graphics Suite X5 - WT
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9521B818-19CE-4d28-8200-DD26133E19E6}" = D2400_Help
"{983F7145-CABF-4EDD-9F3D-E06B2F024BD3}" = CorelDRAW Graphics Suite X5 - FontNav
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F01A67B-7D67-482F-9D4F-D5980A440FD4}" = Call of Duty® - World at War™ 1.4 Patch
"{A1B04B6B-25BB-48AD-8BD9-D31A86E89F3E}" = CorelDRAW Graphics Suite X5 - PHOTO-PAINT
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{B399C91E-96F2-4265-9884-1C9A10E9FCF4}" = CorelDRAW Graphics Suite X5
"{B639110D-747F-40DC-9682-95D94EF73790}" = dj_sf_software
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{C15D6939-280D-39A6-41B5-253D2A935525}" = AMD Catalyst Install Manager
"{C3DC2DF5-EFAC-4055-9010-31F7C545DD9E}" = Call of Duty® - World at War™ 1.5 Patch
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C59CF2CE-B302-4833-AA35-E0E07D8EBC52}_is1" = SRWare Iron 11.0.700.3
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CA3861BA-1D96-4D66-B577-318E1602C4F3}" = CorelDRAW Graphics Suite X5 - Common
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CDF97135-7FD2-4289-96B8-DD4505267ACD}" = ESET NOD32 Antivirus
"{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW Graphics Suite X5 - Setup Files
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D642FF8D-438D-4545-A1D5-2EDB4BCAE3BA}" = CorelDRAW Graphics Suite X5 - Photozoom Plugin
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DE6CBC04-8673-4DBA-BA81-07F1639CEB5F}" = CorelDRAW Graphics Suite X5 - IPM
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EDB98D5A-A6FB-425C-BFB7-51A0924B762D}" = CorelDRAW Graphics Suite X5 - Capture
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE4B83DE-85CF-4DE5-90CE-A2735A0E1F21}" = CorelDRAW Graphics Suite X5 - VideoBrowser
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Akamai" = Akamai NetSession Interface Service
"Badaboom" = Badaboom 1.2.1.74
"Diablo II" = Diablo II
"DivX Tech Preview - MKV on Windows 7" = DivX Tech Preview: MKV on Windows 7
"DjVuLibre+DjView" = DjVuLibre+DjView
"ERUNT_is1" = ERUNT 1.1j
"Foxit Reader_is1" = Foxit Reader 5.1
"Fraps" = Fraps (remove only)
"Game Booster_is1" = Game Booster 3
"HP Imaging Device Functions" = HP Imaging Device Functions 9.0
"im" = Garena Plus
"JDownloader" = JDownloader
"Kid-Key-Lock_is1" = Kid-Key-Lock 1.6.1.0
"LoadScout 3.0" = LoadScout 3.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"OpenAL" = OpenAL
"quicktime_lite_is1" = QT Lite 4.1.0
"rayatitray" = Ray Adams ATI Tray Tools
"RocketDock_is1" = RocketDock 1.3.5
"RS Somnífero" = RS Somnífero
"sp6" = Logitech SetPoint 6.20
"Steam App 12210" = Grand Theft Auto IV
"Steam App 41100" = Hammerfight
"Steam App 440" = Team Fortress 2
"Steam App 4700" = Medieval II: Total War
"Steam App 4780" = Medieval II: Total War Kingdoms
"Steam App 550" = Left 4 Dead 2
"THOMSON mp3PRO Audio Player" = THOMSON mp3PRO Audio Player
"uTorrent" = µTorrent
"VideoPad" = VideoPad Video Editor
"VLC media player" = VLC media player 1.1.10
"WinLiveSuite" = Windows Live Essentials
"WinRAR 4.00" = WinRAR 4.00
"WinRAR archiver" = Compresor WinRAR

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1163170254-3979645759-394990546-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Flux" = F.lux
"Ornamentum" = Ornamentum

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
  • 0

#37
Render
Posted 06 January 2012 - 08:46 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Let's try this now:
  • Please open Firefox.
  • Click on the "Tools" menu in Mozilla Firefox and then click on "Options."
  • Click on the "Advanced" tab in the options dialog box.
  • Click on the "Network" tab and then click on the "Settings" button.
  • Select the "No proxy" option.
  • Click on the "OK" button.
Restart your computer.


Run OTL.exe and make a quick scan then post produced log.



  • 0

#38
Daniel Tasayco
Posted 06 January 2012 - 03:46 PM

Daniel Tasayco

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
OTL logfile created on: 06/01/2012 16:41:06 - Run 8
OTL by OldTimer - Version 3.2.31.0 Folder = G:\Instaladores\Portatiles
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 0000280A | Country: Perú | Language: ESR | Date Format: dd/MM/yyyy

1,96 Gb Total Physical Memory | 1,34 Gb Available Physical Memory | 68,39% Memory free
3,93 Gb Paging File | 2,85 Gb Available in Paging File | 72,65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 39,06 Gb Total Space | 8,12 Gb Free Space | 20,79% Space Free | Partition Type: NTFS
Drive D: | 35,46 Gb Total Space | 15,81 Gb Free Space | 44,60% Space Free | Partition Type: NTFS
Drive G: | 149,05 Gb Total Space | 17,90 Gb Free Space | 12,01% Space Free | Partition Type: NTFS

Computer Name: PC | User Name: Skippan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/12/21 13:34:39 | 000,584,192 | ---- | M] (OldTimer Tools) -- G:\Instaladores\Portatiles\OTL.exe
PRC - [2011/10/25 21:01:18 | 000,417,792 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011/10/25 21:00:46 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011/05/24 11:02:16 | 000,929,792 | ---- | M] (Ray Adams) -- C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe
PRC - [2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/09 15:08:58 | 000,146,000 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
PRC - [2010/10/28 18:32:48 | 001,352,272 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
PRC - [2009/08/29 01:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Skippan\Local Settings\Apps\F.lux\flux.exe
PRC - [2009/07/13 20:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/02/06 14:23:36 | 000,727,720 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2009/02/06 14:23:12 | 002,021,400 | ---- | M] (ESET) -- C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/14 09:14:17 | 001,670,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\ae9d0d1289e64e7bf042108e547251ac\Microsoft.VisualBasic.ni.dll
MOD - [2011/10/14 08:36:43 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\275680f2b9db0501d53c50ea7d7a43f0\System.Xml.ni.dll
MOD - [2011/10/14 08:36:39 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e9ebeb7959f1c916ebf6fca8f7077d6c\System.Configuration.ni.dll
MOD - [2011/10/14 08:36:38 | 007,949,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\95b9866ab6e4437ef5dc5855ebab4e33\System.ni.dll
MOD - [2011/10/14 08:36:31 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll
MOD - [2011/02/19 16:14:48 | 000,187,904 | ---- | M] () -- C:\Program Files\Ray Adams\ATI Tray Tools\raphook.dll
MOD - [2009/08/29 01:00:12 | 000,966,656 | ---- | M] () -- C:\Users\Skippan\Local Settings\Apps\F.lux\flux.exe
MOD - [2008/04/11 11:33:18 | 000,020,480 | ---- | M] () -- C:\Program Files\Ray Adams\ATI Tray Tools\plugins\mg_intelcpu.dll
MOD - [2008/04/09 11:08:46 | 000,016,896 | ---- | M] () -- C:\Program Files\Ray Adams\ATI Tray Tools\plugins\mg_amdcore.dll
MOD - [2007/09/14 10:35:34 | 000,020,480 | ---- | M] () -- C:\Program Files\Ray Adams\ATI Tray Tools\plugins\mg_cpuload.dll
MOD - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.exe
MOD - [2007/09/02 13:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files\RocketDock\RocketDock.dll
MOD - [2007/03/07 07:26:34 | 000,077,824 | ---- | M] () -- C:\Program Files\Ray Adams\ATI Tray Tools\support.dll
MOD - [2007/03/07 07:25:26 | 000,024,576 | ---- | M] () -- C:\Program Files\Ray Adams\ATI Tray Tools\kbdhook.dll
MOD - [2007/01/03 15:09:46 | 000,017,408 | ---- | M] () -- C:\Program Files\Ray Adams\ATI Tray Tools\plugins\mg_xvlt.dll
MOD - [2006/12/26 12:53:28 | 000,019,456 | ---- | M] () -- C:\Program Files\Ray Adams\ATI Tray Tools\plugins\mg_hdddtemp.dll
MOD - [2006/12/25 04:02:24 | 000,024,576 | ---- | M] () -- C:\Program Files\Ray Adams\ATI Tray Tools\plugins\mongraphsexample.dll
MOD - [2005/11/29 12:38:20 | 000,023,552 | ---- | M] () -- C:\Program Files\Ray Adams\ATI Tray Tools\plugins\hddtemp.dll
MOD - [2005/11/29 12:34:38 | 000,028,672 | ---- | M] () -- C:\Program Files\Ray Adams\ATI Tray Tools\plugins\pciset.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/12/14 15:26:36 | 003,316,000 | ---- | M] () [Auto | Running] -- c:\program files\common files\akamai/netsession_win_b427739.dll -- (Akamai)
SRV - [2011/10/25 21:00:46 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2011/08/02 09:29:32 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- D:\Project\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010/10/28 05:13:30 | 000,293,456 | ---- | M] (Logitech, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/02/06 14:27:06 | 000,020,680 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2009/02/06 14:23:36 | 000,727,720 | ---- | M] (ESET) [Auto | Running] -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)


========== Driver Services (SafeList) ==========

DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/10/25 22:03:48 | 008,853,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011/10/25 20:21:36 | 000,264,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2011/03/27 05:35:12 | 000,020,384 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys -- (atitray)
DRV - [2010/11/20 17:27:45 | 000,420,920 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/09/14 14:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)) WsAudio_DeviceS(5)
DRV - [2010/09/14 14:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)) WsAudio_DeviceS(4)
DRV - [2010/09/14 14:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)) WsAudio_DeviceS(3)
DRV - [2010/09/14 14:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)) WsAudio_DeviceS(2)
DRV - [2010/09/14 14:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)) WsAudio_DeviceS(1)
DRV - [2010/09/11 08:14:02 | 000,023,608 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DrmRAudio.sys -- (DrmRAudio)
DRV - [2010/08/24 12:31:18 | 000,028,624 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2010/08/24 12:31:02 | 000,037,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2010/08/24 12:30:52 | 000,038,864 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2010/02/03 15:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/09/28 20:57:28 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009/09/28 19:34:48 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2009/07/13 18:53:40 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST)
DRV - [2009/07/13 18:53:36 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\loop.sys -- (msloop)
DRV - [2009/07/13 18:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 17:02:52 | 000,214,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1y6032.sys -- (e1yexpress) Controlador de conexiones de red Gigabit Intel®
DRV - [2009/06/17 11:56:24 | 000,079,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2009/06/17 11:55:26 | 000,063,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2009/06/17 11:55:18 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2009/06/10 16:19:48 | 009,853,248 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/02/06 14:24:26 | 000,092,800 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV - [2009/02/06 14:23:18 | 000,106,208 | ---- | M] (ESET) [Kernel | System | Running] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2009/02/06 14:19:52 | 000,113,448 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\Windows\System32\drivers\eamon.sys -- (eamon)
DRV - [2008/08/11 12:41:00 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = es-pe
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FA BA 3A E8 79 5A CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {097d3191-e6fa-4728-9826-b533d755359d}:0.7.12
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.7.2
FF - prefs.js..extensions.enabledItems: [email protected]:7.2.2
FF - prefs.js..extensions.enabledItems: {c33c5b47-69c8-45a4-a5e0-af85bbe628dd}:1.6.1.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.5
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}:1.4.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.70.0
FF - prefs.js..extensions.enabledItems: {0fa2149e-bb2c-4ac2-a8d3-479599819475}:2.0.1
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 50929
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\Project\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\Project\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox 3.6 Beta 1\components [2011/12/24 11:51:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox 3.6 Beta 1\plugins [2011/11/02 20:54:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\[email protected]: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2009/10/31 19:05:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Users\Skippan\AppData\Roaming\IDM\idmmzcc5

[2011/02/24 15:52:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Skippan\AppData\Roaming\mozilla\Extensions
[2011/12/12 07:17:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Skippan\AppData\Roaming\mozilla\Firefox\Profiles\2351liaf.default\extensions
[2011/12/12 07:17:34 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\Skippan\AppData\Roaming\mozilla\Firefox\Profiles\2351liaf.default\extensions\[email protected]
[2010/08/02 20:04:18 | 000,002,388 | ---- | M] () -- C:\Users\Skippan\AppData\Roaming\Mozilla\Firefox\Profiles\2351liaf.default\searchplugins\google-images-album-art-300x300.xml
[2010/08/02 20:03:24 | 000,002,686 | ---- | M] () -- C:\Users\Skippan\AppData\Roaming\Mozilla\Firefox\Profiles\2351liaf.default\searchplugins\google-imgenes.xml
[2009/05/25 18:53:21 | 000,002,996 | ---- | M] () -- C:\Users\Skippan\AppData\Roaming\Mozilla\Firefox\Profiles\2351liaf.default\searchplugins\imdb.xml
[2010/03/21 13:44:33 | 000,004,859 | ---- | M] () -- C:\Users\Skippan\AppData\Roaming\Mozilla\Firefox\Profiles\2351liaf.default\searchplugins\isohunt--bt-search.xml
[2011/12/04 15:14:13 | 000,000,727 | ---- | M] () -- C:\Users\Skippan\AppData\Roaming\Mozilla\Firefox\Profiles\2351liaf.default\searchplugins\podnapisinet.xml
[2009/07/20 21:39:58 | 000,002,305 | ---- | M] () -- C:\Users\Skippan\AppData\Roaming\Mozilla\Firefox\Profiles\2351liaf.default\searchplugins\rae---dle-aproximacin.xml
[2009/04/21 19:08:09 | 000,001,330 | ---- | M] () -- C:\Users\Skippan\AppData\Roaming\Mozilla\Firefox\Profiles\2351liaf.default\searchplugins\wikipedia-en.xml
[2009/11/11 14:37:26 | 000,001,348 | ---- | M] () -- C:\Users\Skippan\AppData\Roaming\Mozilla\Firefox\Profiles\2351liaf.default\searchplugins\wikipedia-es.xml
[2011/12/07 07:45:22 | 000,001,997 | ---- | M] () -- C:\Users\Skippan\AppData\Roaming\Mozilla\Firefox\Profiles\2351liaf.default\searchplugins\wolframalpha.xml
[2009/04/20 16:27:00 | 000,001,546 | ---- | M] () -- C:\Users\Skippan\AppData\Roaming\Mozilla\Firefox\Profiles\2351liaf.default\searchplugins\wowhead.xml
[2009/04/20 15:46:21 | 000,001,905 | ---- | M] () -- C:\Users\Skippan\AppData\Roaming\Mozilla\Firefox\Profiles\2351liaf.default\searchplugins\wowwiki-en.xml
[2009/04/20 15:20:23 | 000,002,379 | ---- | M] () -- C:\Users\Skippan\AppData\Roaming\Mozilla\Firefox\Profiles\2351liaf.default\searchplugins\wr-english-spanish.xml
[2009/05/25 18:53:21 | 000,002,431 | ---- | M] () -- C:\Users\Skippan\AppData\Roaming\Mozilla\Firefox\Profiles\2351liaf.default\searchplugins\youtube.xml
() (No name found) -- C:\USERS\SKIPPAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2351LIAF.DEFAULT\EXTENSIONS\{097D3191-E6FA-4728-9826-B533D755359D}.XPI
() (No name found) -- C:\USERS\SKIPPAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2351LIAF.DEFAULT\EXTENSIONS\{C33C5B47-69C8-45A4-A5E0-AF85BBE628DD}.XPI
() (No name found) -- C:\USERS\SKIPPAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2351LIAF.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\SKIPPAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2351LIAF.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
() (No name found) -- C:\USERS\SKIPPAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2351LIAF.DEFAULT\EXTENSIONS\{EF4E370E-D9F0-4E00-B93E-A4F274CFDD5A}.XPI
() (No name found) -- C:\USERS\SKIPPAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2351LIAF.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\USERS\SKIPPAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2351LIAF.DEFAULT\EXTENSIONS\[email protected]

O1 HOSTS File: ([2012/01/03 23:30:36 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Project\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {B760D5A4-8D24-4CB6-942E-D6BB540AD88C} - No CLSID value found.
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [AtiTrayTools] C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe (Ray Adams)
O4 - HKCU..\Run: [F.lux] C:\Users\Skippan\Local Settings\Apps\F.lux\flux.exe ()
O4 - HKCU..\Run: [RocketDock] C:\Program Files\RocketDock\RocketDock.exe ()
O4 - Startup: C:\Users\Skippan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ATI Tray Tools.lnk = C:\Program Files\Ray Adams\ATI Tray Tools\atitray.exe (Ray Adams)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xportar a Microsoft Excel - D:\Project\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Open with &LoadScout... - C:\Program Files\SoftLogica\LoadScout 3.0\LoadScout.exe ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Ranges: Range1979 ([http] in Sitios de confianza)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.222.222 208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{14D39336-A29D-4F0F-85A3-B1877CBDEA6A}: DhcpNameServer = 208.67.222.222 208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{14D39336-A29D-4F0F-85A3-B1877CBDEA6A}: NameServer = 8.8.8.8,8.8.8.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B5FAC8AF-9297-40D3-94EF-BDB2CC4BCE6D}: DhcpNameServer = 208.67.222.222 208.67.220.220
O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found
O18 - Protocol\Handler\AutorunsDisabled\skype4com - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\AutorunsDisabled: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop Components:0 (Mi página de inicio actual) - About:Home
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/06 08:24:42 | 000,000,000 | ---D | C] -- C:\Users\Skippan\AppData\Local\Frameworkx.com
[2012/01/06 08:18:42 | 000,000,000 | ---D | C] -- C:\Users\Skippan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Frameworkx
[2012/01/06 08:18:42 | 000,000,000 | ---D | C] -- C:\Program Files\Frameworkx
[2012/01/01 14:37:05 | 000,000,000 | ---D | C] -- C:\Users\Skippan\AppData\Local\{68BFD988-A01E-4F3A-B128-CB656EF051DE}
[2011/12/29 16:45:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/12/28 10:15:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/28 10:15:07 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/12/28 10:15:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/12/28 10:08:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/12/25 17:30:42 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/12/25 17:30:42 | 000,000,000 | ---D | C] -- C:\Users\Skippan\AppData\Local\temp
[2011/12/25 17:24:15 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/12/25 16:52:10 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/12/25 16:52:10 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/12/25 16:52:10 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/12/25 16:52:02 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/12/25 16:49:49 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/25 15:26:50 | 000,000,000 | ---D | C] -- C:\Users\Skippan\AppData\Roaming\AtomZombieData
[2011/12/25 14:59:25 | 000,000,000 | ---D | C] -- C:\Users\Skippan\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2011/12/24 13:15:28 | 000,000,000 | ---D | C] -- C:\Users\Skippan\AppData\Roaming\Broken Rules
[2011/12/24 10:47:52 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx
[2011/12/24 10:47:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft XNA
[2011/12/23 19:34:39 | 000,000,000 | ---D | C] -- C:\Users\Skippan\Documents\23-12-2011
[2011/12/23 19:33:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2011/12/23 19:33:26 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/12/21 13:16:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes-BackupByMalwarebytesPortable
[2011/12/21 13:16:02 | 000,000,000 | ---D | C] -- C:\Users\Skippan\AppData\Roaming\Malwarebytes
[2011/12/18 21:48:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Steam
[2011/12/18 21:47:36 | 000,000,000 | ---D | C] -- C:\ProgramData\PopCap Games
[2011/12/13 16:01:15 | 000,102,400 | ---- | C] (Blizzard Entertainment) -- C:\Windows\DIIUnin.exe
[2011/12/13 16:01:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo II
[2011/12/11 19:25:48 | 000,000,000 | ---D | C] -- C:\Users\Skippan\AppData\Local\{52AF3B7A-6DCB-434D-AA54-64B91158BA46}
[2011/12/11 19:25:34 | 000,000,000 | ---D | C] -- C:\Users\Skippan\AppData\Local\{DCC9C6D0-1E4A-4936-93CF-2A5DAA2C39F9}
[2011/12/11 14:09:35 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2011/12/11 14:08:42 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2011/12/09 13:32:56 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2011/12/09 13:25:21 | 000,000,000 | ---D | C] -- C:\Program Files\CA580
[2011/12/09 13:24:40 | 000,000,000 | ---D | C] -- C:\Users\Skippan\AppData\Roaming\125CA
[2011/12/08 11:06:16 | 000,000,000 | ---D | C] -- C:\Users\Skippan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ornamentum

========== Files - Modified Within 30 Days ==========

[2012/01/06 09:28:16 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/06 09:28:16 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/06 09:27:25 | 000,000,285 | ---- | M] () -- C:\Users\Skippan\AppData\Roaming\Network Meter_Settings.ini
[2012/01/06 09:20:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/06 09:20:53 | 1582,206,976 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/05 17:47:55 | 000,000,020 | ---- | M] () -- C:\Users\Skippan\defogger_reenable
[2012/01/05 12:11:04 | 000,703,602 | ---- | M] () -- C:\Windows\System32\perfh00A.dat
[2012/01/05 12:11:04 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/05 12:11:04 | 000,137,600 | ---- | M] () -- C:\Windows\System32\perfc00A.dat
[2012/01/05 12:11:04 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/01/04 00:04:47 | 000,007,614 | ---- | M] () -- C:\Users\Skippan\AppData\Local\Resmon.ResmonCfg
[2012/01/03 23:30:36 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/12/28 09:53:00 | 000,176,764 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat
[2011/12/25 15:19:06 | 000,000,132 | ---- | M] () -- C:\Users\Skippan\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2011/12/15 14:52:24 | 003,772,248 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/12/13 16:01:16 | 000,013,107 | ---- | M] () -- C:\Windows\DIIUnin.dat
[2011/12/13 16:01:15 | 000,102,400 | ---- | M] (Blizzard Entertainment) -- C:\Windows\DIIUnin.exe
[2011/12/13 16:01:15 | 000,002,829 | ---- | M] () -- C:\Windows\DIIUnin.pif
[2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2012/01/05 17:47:25 | 000,000,020 | ---- | C] () -- C:\Users\Skippan\defogger_reenable
[2011/12/25 16:52:10 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/25 16:52:10 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/25 16:52:10 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/25 16:52:10 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/25 16:52:10 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/13 16:01:16 | 000,013,107 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2011/12/13 16:01:15 | 000,002,829 | ---- | C] () -- C:\Windows\DIIUnin.pif
[2011/10/25 20:31:36 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat
[2011/10/25 20:31:36 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2011/09/12 17:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011/08/30 09:33:12 | 000,239,869 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011/07/27 17:49:34 | 000,000,285 | ---- | C] () -- C:\Users\Skippan\AppData\Roaming\Network Meter_Settings.ini
[2011/07/08 22:36:24 | 003,772,248 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/05/24 23:44:26 | 000,059,904 | ---- | C] () -- C:\Windows\System32\OVDecode.dll
[2011/03/26 14:15:58 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/02/12 15:58:50 | 000,155,090 | ---- | C] () -- C:\Windows\HPHins15.dat
[2011/02/01 23:19:07 | 000,055,808 | ---- | C] () -- C:\Windows\System32\zlib1.dll
[2010/12/20 07:46:36 | 000,000,132 | ---- | C] () -- C:\Users\Skippan\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010/12/19 14:15:11 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010/12/15 22:38:37 | 000,001,456 | ---- | C] () -- C:\Users\Skippan\AppData\Local\Adobe Guardar para Web 12.0 Prefs
[2010/09/14 20:09:58 | 000,140,496 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010/06/03 21:06:44 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2010/06/02 18:55:25 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/04/27 19:08:03 | 000,000,305 | ---- | C] () -- C:\Windows\game.ini
[2010/04/04 22:30:51 | 000,303,104 | ---- | C] () -- C:\Windows\System32\CmiInstallResAll.dll
[2010/04/04 22:30:51 | 000,002,678 | ---- | C] () -- C:\Windows\cmudax3.ini
[2010/03/02 16:55:36 | 000,022,328 | ---- | C] () -- C:\Users\Skippan\AppData\Roaming\PnkBstrK.sys
[2010/02/20 22:32:22 | 000,280,736 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2010/02/20 22:31:58 | 000,090,112 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2010/02/15 09:25:06 | 000,176,764 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2010/01/07 12:49:13 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2009/12/23 20:24:52 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/11/09 14:44:23 | 000,000,088 | RHS- | C] () -- C:\ProgramData\95DBFB04A2.sys
[2009/11/09 14:44:22 | 000,002,984 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2009/10/31 18:46:58 | 000,146,432 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2009/10/31 18:46:58 | 000,072,704 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2009/10/31 18:05:53 | 000,007,614 | ---- | C] () -- C:\Users\Skippan\AppData\Local\Resmon.ResmonCfg
[2009/07/14 03:48:37 | 000,703,602 | ---- | C] () -- C:\Windows\System32\perfh00A.dat
[2009/07/14 03:48:37 | 000,341,432 | ---- | C] () -- C:\Windows\System32\perfi00A.dat
[2009/07/14 03:48:37 | 000,137,600 | ---- | C] () -- C:\Windows\System32\perfc00A.dat
[2009/07/14 03:48:37 | 000,041,390 | ---- | C] () -- C:\Windows\System32\perfd00A.dat
[2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 21:05:48 | 000,615,810 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2009/07/13 21:05:48 | 000,106,190 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2009/07/13 19:55:09 | 001,332,736 | ---- | C] () -- C:\Windows\System32\hpotiop1.dll
[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2009/04/20 14:08:13 | 009,226,664 | ---- | C] () -- C:\Users\Skippan\AppData\Local\IconCache (1).db
[2009/04/19 20:07:16 | 000,034,816 | ---- | C] () -- C:\Users\Skippan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/19 20:03:15 | 000,072,744 | ---- | C] () -- C:\Users\Skippan\AppData\Local\GDIPFONTCACHEV1 (1).DAT
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2007/08/28 01:45:15 | 000,002,828 | ---- | C] () -- C:\Windows\hphmdl15.dat
[2007/02/04 13:16:10 | 000,074,240 | ---- | C] () -- C:\Windows\ogg.exe

========== LOP Check ==========

[2011/12/09 16:20:28 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\125CA
[2011/04/25 23:52:16 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Amazon
[2011/12/28 16:42:05 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\AtomZombieData
[2010/05/01 14:45:37 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\bitolithic
[2010/12/06 23:05:44 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\BitTorrent
[2011/12/01 19:49:04 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Braid
[2011/12/24 13:15:28 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Broken Rules
[2011/07/21 00:29:07 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\calibre
[2010/11/27 09:02:04 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Canneverbe Limited
[2010/09/19 17:00:37 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/10/31 18:26:27 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Criterion Games
[2011/12/11 14:52:58 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\DMCache
[2011/02/07 18:52:03 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\fofix
[2009/10/31 19:12:08 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Foxit
[2011/06/14 23:53:28 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Foxit Software
[2011/01/26 21:59:52 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Leadertech
[2010/08/17 15:12:33 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\LG Electronics
[2010/11/21 19:32:36 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\LoadScout
[2011/02/24 14:10:23 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Logia
[2011/11/01 22:29:40 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\MinMaxGames
[2011/03/07 22:13:56 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\mkvtoolnix
[2010/11/28 13:46:28 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Mount&Blade Warband
[2011/07/22 15:18:34 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\My Battle for Middle-earth™ II Files
[2009/12/23 20:32:15 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Opera
[2010/12/23 12:09:22 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Polynomial
[2011/07/26 11:33:18 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Rainmeter
[2010/08/16 16:21:15 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Red Alert 3
[2011/12/25 14:59:25 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/02/07 13:21:10 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\TeraCopy
[2009/10/31 18:26:30 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\The Creative Assembly
[2009/11/14 22:12:59 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\TuneUp Software
[2010/04/23 23:31:23 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Ubisoft
[2012/01/05 17:48:03 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\uTorrent
[2011/08/08 17:50:32 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Watchtower
[2011/11/30 20:01:34 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\Windows Live Writer
[2009/11/01 11:29:04 | 000,000,000 | ---D | M] -- C:\Users\Skippan\AppData\Roaming\WUU
[2011/12/02 15:27:39 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

#39
Render
Posted 07 January 2012 - 09:56 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
  • Open Firefox in Safe Mode by typing “firefox -safe-mode” in Start->Run.

    Posted Image
  • Choose what you want to be brought back to its original settings by checking the following options:

    Posted Image
  • Reset toolbars and controls: Removes any made toolbar customization.
  • Reset all user preferences to Firefox defaults: Restores the default Options and preference settings and resets the default theme. It also changes back to default all the entries in the about:config page.
  • Restore default search engines: Adds back all of the default search engines (Google, Yahoo, eBay, Creative Commons, Answers.com, and Amazon.com) , without removing any added search engines.
  • Click on Make Changes and Restart.

Then run OTL quick scan and post a log.
  • 0

#40
Daniel Tasayco
Posted 07 January 2012 - 02:04 PM

Daniel Tasayco

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Sorry, cant do that. Thanks for all your help.
  • 0

Advertisements

#41
Render
Posted 08 January 2012 - 10:18 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
OK. So how is your computer running now? Any problems?
  • 0

#42
Render
Posted 30 January 2012 - 09:24 AM

Render

    Trusted Helper

  • Malware Removal
  • 4,195 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP