[platano69]

Hi all,

I was referred to this web site by a friend after I mentioned to him that I was having trouble with my computer. Posible Malware.

The main symptoms are:
-Every time I open Google chrome or internet explorer, the search engine have a weird looking name like Websearch or Mywebsearch.
-When I use the search engine the results are always some weird websites and then the correct ones.
-There are a lot of advertisement, more than usual and a lot of pop ups, usually about winning an Iphone 5.
-Very slow internet browsing and very slow computer.
-Difficulties creating PDFs and especially when I send them on an email, the receiver is not able to open them. I guess is because I am sending a virus.
-Very slow Itunes.



OTL logfile created on: 18/02/2013 06:45:09 p.m. - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Alejandro\Documents\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 0000200A | Country: Venezuela | Language: ESV | Date Format: dd/MM/yyyy

3,00 Gb Total Physical Memory | 1,60 Gb Available Physical Memory | 53,24% Memory free
6,22 Gb Paging File | 4,01 Gb Available in Paging File | 64,48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 169,93 Gb Total Space | 22,61 Gb Free Space | 13,31% Space Free | Partition Type: NTFS
Drive D: | 58,19 Gb Total Space | 58,00 Gb Free Space | 99,67% Space Free | Partition Type: NTFS

Computer Name: SOFIA | User Name: Alejandro | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/18 18:44:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Alejandro\Documents\Desktop\OTL.exe
PRC - [2013/02/08 16:32:23 | 000,699,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_5_502_149_ActiveX.exe
PRC - [2013/01/20 19:29:18 | 028,539,272 | ---- | M] (Dropbox, Inc.) -- C:\Users\Alejandro\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/01/10 06:26:46 | 000,308,368 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2012/11/27 13:48:08 | 000,069,120 | ---- | M] () -- C:\Program Files\Canon\ImageBrowser EX\MFManager.exe
PRC - [2012/10/30 22:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/30 22:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/08/27 20:32:54 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2012/06/11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE
PRC - [2011/03/14 15:27:28 | 000,271,712 | ---- | M] () -- C:\ProgramData\DatacardService\HWDeviceService.exe
PRC - [2011/03/14 15:27:28 | 000,236,384 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\ProgramData\DatacardService\DCSHelper.exe
PRC - [2008/10/29 06:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/18 22:33:06 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2007/02/06 16:45:26 | 000,109,344 | ---- | M] (Logitech Inc.) -- c:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2006/11/02 09:57:29 | 000,069,632 | ---- | M] (Creative Labs) -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
PRC - [2006/07/06 07:14:30 | 000,090,112 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe


========== Modules (No Company Name) ==========

MOD - [2012/11/27 13:48:08 | 000,069,120 | ---- | M] () -- C:\Program Files\Canon\ImageBrowser EX\MFManager.exe
MOD - [2012/11/27 13:38:36 | 000,112,128 | ---- | M] () -- C:\Program Files\Canon\ImageBrowser EX\MFMFileSystemWatcher.dll
MOD - [2012/01/22 03:09:05 | 000,770,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\1419704737b7f46a48bc854aa2f5597d\System.Runtime.Remoting.ni.dll
MOD - [2011/09/27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/06/20 02:15:45 | 013,137,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f3e016a2e799cfe233b13d88e90c0e0b\System.Windows.Forms.ni.dll
MOD - [2011/06/20 02:15:33 | 001,652,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\53591520988a6ee49924e1efc911df30\System.Drawing.ni.dll
MOD - [2011/06/20 02:15:12 | 005,618,176 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\7cc17b90932adaad5651ceb526cade44\System.Xml.ni.dll
MOD - [2011/06/20 02:14:57 | 000,980,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\618e6d3cd8824d6d72ae1767acaa1078\System.Configuration.ni.dll
MOD - [2011/06/20 02:14:55 | 009,085,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\5a8bf6ab1a6ba60e7355fa4cc61fd0c5\System.ni.dll
MOD - [2011/06/20 02:09:26 | 014,407,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\74353039393f68f4c068cc37f759e5be\mscorlib.ni.dll
MOD - [2008/06/03 02:35:18 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2006/10/26 15:21:22 | 000,056,056 | ---- | M] () -- C:\Windows\System32\DLAAPI_W.DLL


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\ProgramData\ResultBar\resultbar113.exe C:\Program Files\ResultBar\resultbar.dll xukivavukum -- (ResultBar Service)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Belkin\F5D7051\WLService.exe -- (Belkin High-Speed Mode Wireless G USB Network Adapter Service)
SRV - File not found [Disabled | Unknown] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV - [2013/02/08 16:32:24 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/10/30 22:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/06/11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/06/11 16:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.EXE -- (BBSvc)
SRV - [2012/01/20 16:21:16 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/03/14 15:27:28 | 000,271,712 | ---- | M] () [Auto | Running] -- C:\ProgramData\DatacardService\HWDeviceService.exe -- (HWDeviceService.exe)
SRV - [2010/01/29 21:17:14 | 000,292,944 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/02/01 13:09:07 | 000,085,096 | ---- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2008/01/18 22:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/02/06 16:47:12 | 000,105,248 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Logishrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher)
SRV - [2007/02/06 16:45:26 | 000,109,344 | ---- | M] (Logitech Inc.) [Auto | Running] -- c:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2006/11/02 10:02:14 | 000,822,424 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2006/11/02 09:57:29 | 000,069,632 | ---- | M] (Creative Labs) [Auto | Running] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe -- (Creative Labs Licensing Service)
SRV - [2006/07/06 07:14:30 | 000,090,112 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Boot | Stopped] -- -- (TPkd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\stwrt.sys -- (STHDA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_jubusenum.sys -- (huawei_enumerator)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbnet.sys -- (ewusbnet)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012/10/30 22:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/10/30 22:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/10/30 22:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/10/30 22:51:58 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012/10/30 22:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/10/30 22:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/08/21 09:13:14 | 000,018,544 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswKbd.sys -- (aswKbd)
DRV - [2009/11/10 11:55:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2009/11/10 11:55:08 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009/11/10 11:54:52 | 000,035,984 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008/06/03 05:22:56 | 003,695,104 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2008/06/03 05:22:56 | 003,695,104 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/01/18 20:56:10 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usb8023.sys -- (USB_RNDIS)
DRV - [2008/01/09 09:22:26 | 000,110,464 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgmcmdm.sys -- (lgmcmdm)
DRV - [2008/01/09 09:22:26 | 000,109,952 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgmcunic.sys -- (lgmcunic)
DRV - [2008/01/09 09:22:26 | 000,104,448 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgmcmgmt.sys -- (lgmcmgmt)
DRV - [2008/01/09 09:22:26 | 000,100,480 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgmcobex.sys -- (lgmcobex)
DRV - [2008/01/09 09:22:26 | 000,025,344 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgmcnd5.sys -- (lgmcnd5)
DRV - [2008/01/09 09:22:26 | 000,014,976 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgmcmdfl.sys -- (lgmcmdfl)
DRV - [2008/01/09 09:22:24 | 000,083,584 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgmcbus.sys -- (lgmcbus)
DRV - [2007/08/30 09:45:24 | 000,217,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express)
DRV - [2007/06/25 09:43:38 | 000,098,344 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s117obex.sys -- (s117obex)
DRV - [2007/06/25 09:43:36 | 000,108,456 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s117mdm.sys -- (s117mdm)
DRV - [2007/06/25 09:43:36 | 000,100,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s117mgmt.sys -- (s117mgmt)
DRV - [2007/06/25 09:43:36 | 000,098,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s117unic.sys -- (s117unic)
DRV - [2007/06/25 09:43:36 | 000,022,952 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s117nd5.sys -- (s117nd5)
DRV - [2007/06/25 09:43:26 | 000,014,888 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s117mdfl.sys -- (s117mdfl)
DRV - [2007/06/25 09:43:22 | 000,082,984 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s117bus.sys -- (s117bus)
DRV - [2007/02/08 22:05:30 | 000,012,856 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2007/02/06 16:45:04 | 000,025,632 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2007/02/06 16:44:36 | 001,964,064 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVMVdrv.sys -- (LVMVDrv)
DRV - [2007/02/06 16:42:40 | 001,691,808 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Lvckap.sys -- (LVcKap)
DRV - [2007/02/06 12:27:04 | 000,185,728 | ---- | M] (Hauppauge Computer Works, Inc.) [23|25|26]xxx) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hcwPP2.sys -- (hcwPP2)
DRV - [2007/01/08 22:52:00 | 000,040,352 | R--- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2006/11/12 18:07:45 | 000,002,368 | ---- | M] (AntiCracking) [Kernel | Auto | Running] -- C:\Windows\System32\STEC3.sys -- (STEC3)
DRV - [2006/11/02 10:02:14 | 000,004,608 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006/11/02 10:00:42 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2006/10/26 15:22:02 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/10/26 15:21:34 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/10/26 15:21:34 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/10/26 15:21:32 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/10/26 15:21:30 | 000,026,296 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/10/26 15:21:28 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/10/26 15:21:26 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/10/26 15:21:24 | 000,104,536 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\Windows\System32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/11 09:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\Windows\System32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2006/06/05 03:39:56 | 000,024,064 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iqvw32.sys -- (NAL)
DRV - [2006/01/10 12:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/01/04 07:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\monfilt.sys -- (monfilt)
DRV - [2005/08/17 07:46:26 | 000,093,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2005/08/17 07:46:20 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2005/08/17 07:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus)
DRV - [2004/05/21 19:16:14 | 000,471,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvcm.sys -- (QCMerced)
DRV - [2003/12/08 11:53:48 | 000,053,600 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\alcan5wn.sys -- (alcan5wn)
DRV - [2003/12/08 11:53:46 | 000,070,688 | ---- | M] (THOMSON) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\alcaudsl.sys -- (alcaudsl)
DRV - [1999/09/10 11:06:00 | 000,025,244 | R--- | M] (Adaptec) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ASPI32.sys -- (Aspi32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim....2-0019D10222D7}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=6061102
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.co.uk/ig/dell?hl=en&client=dell-usuk&channel=uk&ibd=6061102
IE - HKLM\..\URLSearchHook: {ad06fb5f-fef7-4a84-8c58-dca34f8e3d36} - C:\Program Files\BittorrentBar_ES\prxtbBitt.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2849812
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweeti...2-0019D10222D7}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SE...S01?FORM=TOOLBR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SE...S01?FORM=TOOLBR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://latino.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = es-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B9 9C F6 52 AA 9A CD 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {00A6FAF6-072E-44cf-8957-5838F569A31D} - SOFTWARE\Classes\CLSID\{00A6FAF6-072E-44cf-8957-5838F569A31D}\InprocServer32 File not found
IE - HKCU\..\URLSearchHook: {ad06fb5f-fef7-4a84-8c58-dca34f8e3d36} - C:\Program Files\BittorrentBar_ES\prxtbBitt.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {09DEE7E9-BFF2-440B-8088-17E60682B9A9}
IE - HKCU\..\SearchScopes\{09495EB8-F269-4EF6-920E-5B57FD92AC3D}: "URL" = http://uk.search.yah...p={SearchTerms}
IE - HKCU\..\SearchScopes\{09DEE7E9-BFF2-440B-8088-17E60682B9A9}: "URL" = http://search.softon...rce=4&cc=&r=211
IE - HKCU\..\SearchScopes\{20CD8DB9-BEF0-450B-AEA5-82AE36AD5C1D}: "URL" = http://www.bing.com/...ferrer:source?}
IE - HKCU\..\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0}: "URL" = http://search.mywebs...r={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{6E12984A-F9AF-488A-9712-2D6C9BD17BB6}: "URL" = http://www.google.es...1I7ADRA_enGB391
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2849812
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweeti...2-0019D10222D7}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;*.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@mywebsearch.com/Plugin: C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\Alejandro\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll File not found
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Alejandro\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Alejandro\AppData\Local\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Alejandro\AppData\Local\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\MyWebSearch\bar\1.bin [2012/09/26 09:30:08 | 000,000,000 | ---D | M]

[2012/09/25 10:36:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Alejandro\AppData\Roaming\mozilla\Firefox\extensions
[2012/09/25 10:37:03 | 000,000,000 | ---D | M] (BittorrentBar_ES) -- C:\Users\Alejandro\AppData\Roaming\mozilla\Firefox\extensions\{ad06fb5f-fef7-4a84-8c58-dca34f8e3d36}
[2013/02/08 10:30:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

========== Chrome ==========

CHR - homepage: http://home.sweetim....2-0019D10222D7}
CHR - default_search_provider: Search the web (Softonic) ()
CHR - default_search_provider: search_url = http://search.softon...chSource=49&cc=
CHR - default_search_provider: suggest_url =
CHR - homepage: http://home.sweetim....2-0019D10222D7}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Alejandro\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Alejandro\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Alejandro\AppData\Local\Google\Chrome\Application\24.0.1312.57\gcswf32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: NPCIG.dll (Enabled) = C:\PROGRA~1\Canon\ZOOMBR~1\Program\NPCIG.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: My Web Search Plugin Stub (Enabled) = C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll
CHR - plugin: D'Fusion Web (2.00.7293) (Enabled) = C:\Program Files\Total Immersion\DFusionWeb\nptidfusionplugin.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: Windows Live Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Alejandro\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
CHR - plugin: Facebook Plugin (Enabled) = C:\Users\Alejandro\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~1\mcafee\msc\npmcsn~1.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Softonic Chrome Toolbar = C:\Users\Alejandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\elchiiiejkobdbblfejjkbphbddgmljf\1.0_0\
CHR - Extension: Produtools Translator = C:\Users\Alejandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcldppcbobjjnmnlinmglomdkonmkmbh\10.14.251.3_0\
CHR - Extension: Produtools Translator = C:\Users\Alejandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcldppcbobjjnmnlinmglomdkonmkmbh\10.14.40.128_0\
CHR - Extension: Giant Savings Extension = C:\Users\Alejandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\halffneccaebicfdfajnbfgpglahfgoe\1.20.13_0\crossrider
CHR - Extension: Giant Savings Extension = C:\Users\Alejandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\halffneccaebicfdfajnbfgpglahfgoe\1.20.13_0\
CHR - Extension: avast! WebRep = C:\Users\Alejandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
CHR - Extension: BittorrentBar_ES = C:\Users\Alejandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhpgolofjlpnkdafbgejgnclbjnpgfee\2.3.18.20_0\
CHR - Extension: BittorrentBar_ES = C:\Users\Alejandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhpgolofjlpnkdafbgejgnclbjnpgfee\2.3.19.11_0\
CHR - Extension: PricePeep = C:\Users\Alejandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb\2.1.355.0_0\

O1 HOSTS File: ([2006/09/18 21:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O2 - BHO: (Aplicación auxiliar de vínculos de Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Giant Savings Extension) - {11111111-1111-1111-1111-110211181110} - C:\Program Files\Giant Savings Extension\Giant Savings Extension.dll (215 Apps)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (BittorrentBar_ES Toolbar) - {ad06fb5f-fef7-4a84-8c58-dca34f8e3d36} - C:\Program Files\BittorrentBar_ES\prxtbBitt.dll (Conduit Ltd.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Softonic Helper Object) - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files\Softonic\Softonic\1.8.8.11\bh\Softonic.dll (Softonic.com)
O2 - BHO: (PricePeep) - {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} - C:\Program Files\PricePeep\pricepeep.dll (PricePeep)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files\Softonic\Softonic\1.8.8.11\SoftonicTlbr.dll (Softonic.com)
O3 - HKLM\..\Toolbar: (Wanadoo) - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\Program Files\Wanadoo\WSBar\WSBar.dll ()
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (BittorrentBar_ES Toolbar) - {ad06fb5f-fef7-4a84-8c58-dca34f8e3d36} - C:\Program Files\BittorrentBar_ES\prxtbBitt.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (My Web Search) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (BittorrentBar_ES Toolbar) - {AD06FB5F-FEF7-4A84-8C58-DCA34F8E3D36} - C:\Program Files\BittorrentBar_ES\prxtbBitt.dll (Conduit Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKCU..\Run: [BitTorrent] C:\Program Files\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; Sky Broadband; FunWebProducts; GTB7.2; SLCC1; .NET CLR 2.0.50727; Media Center PC 5.0; .NET CLR 1.1.4322; InfoPath.1; OfficeLiveConnector.1.3; OfficeLivePatch.0.0; .NET CLR 3.5.30729; .NET CLR 3.0.30618; .NET4.0C; FunWebProducts; .NET4.0E)" -"http://www.bbc.co.uk...bers/ch2.shtml" File not found
O4 - Startup: C:\Users\Alejandro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Alejandro\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\NPJPI150_10.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.updat...b?1223507802498 (MUCatalogWebControl Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{323C09E0-E905-4A34-AD79-33B8A013D052}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0e38fb23-4c60-11e1-aa40-0019d10222d7}\Shell - "" = AutoRun
O33 - MountPoints2\{0e38fb23-4c60-11e1-aa40-0019d10222d7}\Shell\AutoRun\command - "" = F:\unlock.exe autoplay=true
O33 - MountPoints2\{240f6f2f-f6ef-11df-9251-0019d10222d7}\Shell - "" = AutoRun
O33 - MountPoints2\{240f6f2f-f6ef-11df-9251-0019d10222d7}\Shell\AutoRun\command - "" = "J:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{34f96057-e1b2-11e1-be65-0019d10222d7}\Shell - "" = AutoRun
O33 - MountPoints2\{34f96057-e1b2-11e1-be65-0019d10222d7}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{3da04794-e2df-11e1-a55b-001e101fe5e1}\Shell - "" = AutoRun
O33 - MountPoints2\{3da04794-e2df-11e1-a55b-001e101fe5e1}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{683a66c3-ef5d-11e1-b399-001e101f24f1}\Shell - "" = AutoRun
O33 - MountPoints2\{683a66c3-ef5d-11e1-b399-001e101f24f1}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{683a6721-ef5d-11e1-b399-001e101fa75c}\Shell - "" = AutoRun
O33 - MountPoints2\{683a6721-ef5d-11e1-b399-001e101fa75c}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{eeb9a943-00ca-11de-8a8d-0019d10222d7}\Shell\AutoRun\command - "" = E:\setupSNK.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/18 18:44:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Alejandro\Documents\Desktop\OTL.exe
[2013/02/08 10:30:12 | 000,000,000 | ---D | C] -- C:\Program Files\Softonic
[2013/02/08 10:30:09 | 000,000,000 | ---D | C] -- C:\Users\Alejandro\AppData\Roaming\Softonic
[2013/02/08 10:25:12 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx
[2013/01/30 16:29:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Basic PAYE Tools 2012
[2013/01/30 16:29:17 | 000,000,000 | ---D | C] -- C:\Program Files\HMRC
[2013/01/29 19:42:21 | 000,000,000 | ---D | C] -- C:\Users\Alejandro\Documents\Tax return
[2011/02/13 15:20:18 | 000,598,016 | ---- | C] (Syncrosoft Hard- und Software GmbH) -- C:\Program Files\SYNSOPOS.exe
[2011/02/13 15:20:18 | 000,311,296 | ---- | C] (Syncrosoft Hard- und Software GmbH) -- C:\Program Files\SynsoNos.dll
[2009/04/01 21:20:48 | 000,726,008 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Users\Alejandro\gotomypc_438.exe
[9 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/02/18 18:50:20 | 000,000,426 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A2BE518F-DB06-4137-AC4D-A52855CDC78A}.job
[2013/02/18 18:44:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Alejandro\Documents\Desktop\OTL.exe
[2013/02/18 18:32:03 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/18 18:32:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/02/18 18:29:03 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3103703894-3887957399-953870246-1005UA.job
[2013/02/18 17:58:09 | 000,002,864 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/02/18 17:58:09 | 000,002,864 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/02/18 17:58:08 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/02/18 15:32:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/17 20:29:00 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3103703894-3887957399-953870246-1005Core.job
[2013/02/14 15:42:12 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2013/02/14 15:41:46 | 3219,050,496 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/13 22:01:42 | 285,355,627 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/02/13 16:27:14 | 000,000,215 | -H-- | M] () -- C:\Users\Alejandro\Documents\Desktop\Carrisbrook House01.dwl2
[2013/02/13 16:27:14 | 000,000,064 | -H-- | M] () -- C:\Users\Alejandro\Documents\Desktop\Carrisbrook House01.dwl
[2013/02/13 16:26:01 | 000,180,133 | ---- | M] () -- C:\Users\Alejandro\Documents\Desktop\Carrisbrook House01.dwg
[2013/02/13 16:23:53 | 003,510,784 | ---- | M] () -- C:\Users\Alejandro\Documents\Desktop\Carrisbrook House01.dgn
[2013/02/13 16:23:53 | 003,510,784 | ---- | M] () -- C:\Users\Alejandro\Documents\Desktop\Carrisbrook House.dgn
[2013/02/03 11:32:37 | 000,002,068 | ---- | M] () -- C:\Users\Alejandro\Documents\Desktop\Google Chrome.lnk
[2013/02/03 11:32:37 | 000,002,064 | ---- | M] () -- C:\Users\Alejandro\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/01/31 09:23:54 | 000,000,955 | ---- | M] () -- C:\Users\Alejandro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/01/30 16:29:57 | 000,001,803 | ---- | M] () -- C:\Users\Public\Desktop\Basic PAYE Tools 2012.lnk
[2013/01/22 23:26:15 | 000,672,310 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/01/22 23:26:15 | 000,130,582 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/01/21 15:14:39 | 000,299,539 | ---- | M] () -- C:\Users\Alejandro\Documents\Desktop\test.dwg
[2013/01/21 15:14:16 | 005,570,468 | ---- | M] () -- C:\Users\Alejandro\Documents\Desktop\test.bak
[9 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/02/13 16:27:14 | 000,000,215 | -H-- | C] () -- C:\Users\Alejandro\Documents\Desktop\Carrisbrook House01.dwl2
[2013/02/13 16:27:14 | 000,000,064 | -H-- | C] () -- C:\Users\Alejandro\Documents\Desktop\Carrisbrook House01.dwl
[2013/02/13 16:25:58 | 000,180,133 | ---- | C] () -- C:\Users\Alejandro\Documents\Desktop\Carrisbrook House01.dwg
[2013/02/13 16:25:41 | 003,510,784 | ---- | C] () -- C:\Users\Alejandro\Documents\Desktop\Carrisbrook House01.dgn
[2013/02/13 16:23:42 | 003,510,784 | ---- | C] () -- C:\Users\Alejandro\Documents\Desktop\Carrisbrook House.dgn
[2013/01/30 16:29:57 | 000,001,803 | ---- | C] () -- C:\Users\Public\Desktop\Basic PAYE Tools 2012.lnk
[2013/01/21 15:13:34 | 005,570,468 | ---- | C] () -- C:\Users\Alejandro\Documents\Desktop\test.bak
[2013/01/21 15:13:34 | 000,299,539 | ---- | C] () -- C:\Users\Alejandro\Documents\Desktop\test.dwg
[2012/01/20 16:24:12 | 000,000,147 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011/02/13 15:20:19 | 000,001,276 | ---- | C] () -- C:\Program Files\ISO_Install.nfo
[2011/02/13 15:20:19 | 000,000,024 | ---- | C] () -- C:\Program Files\synsopos.ini
[2011/02/13 15:20:19 | 000,000,000 | ---- | C] () -- C:\Program Files\synsopos.soj
[2011/02/13 15:20:18 | 000,213,504 | ---- | C] () -- C:\Program Files\SYNSOACC.dll
[2011/02/13 15:20:17 | 008,415,015 | ---- | C] () -- C:\Program Files\Steinberg.bnf
[2010/02/21 23:06:52 | 000,000,097 | ---- | C] () -- C:\Users\Alejandro\AppData\Local\fusioncache.dat
[2010/01/26 16:24:22 | 000,000,375 | ---- | C] () -- C:\Users\Alejandro\Documents - Shortcut.lnk
[2009/07/13 16:05:45 | 020,157,784 | ---- | C] () -- C:\Users\Alejandro\Cumpleanios Alexandra.AVI
[2007/11/07 00:04:58 | 000,001,356 | ---- | C] () -- C:\Users\Alejandro\AppData\Local\d3d9caps.dat
[2007/04/01 22:12:51 | 000,166,400 | ---- | C] () -- C:\Users\Alejandro\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/11/07 19:46:48 | 000,007,168 | ---- | C] () -- C:\Users\Alejandro\AppData\Roaming\dvd.bmk
[2006/11/06 21:23:26 | 000,492,786 | ---- | C] () -- C:\Users\Alejandro\TRANSFORMS=1033.mst

========== ZeroAccess Check ==========

[2006/11/02 12:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011/01/21 15:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/03/03 04:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/01/18 22:36:50 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/03/18 20:27:02 | 000,000,000 | ---D | M] -- C:\Users\Alejandro\AppData\Roaming\Autodesk
[2008/11/11 22:42:14 | 000,000,000 | ---D | M] -- C:\Users\Alejandro\AppData\Roaming\Bentley
[2013/02/17 21:34:24 | 000,000,000 | ---D | M] -- C:\Users\Alejandro\AppData\Roaming\BitTorrent
[2013/01/07 17:08:53 | 000,000,000 | ---D | M] -- C:\Users\Alejandro\AppData\Roaming\Canon
[2013/01/07 17:13:22 | 000,000,000 | ---D | M] -- C:\Users\Alejandro\AppData\Roaming\Canon_Inc_IC
[2013/02/14 15:46:52 | 000,000,000 | ---D | M] -- C:\Users\Alejandro\AppData\Roaming\Dropbox
[2007/09/18 21:55:52 | 000,000,000 | ---D | M] -- C:\Users\Alejandro\AppData\Roaming\Flickr
[2007/04/01 20:24:55 | 000,000,000 | ---D | M] -- C:\Users\Alejandro\AppData\Roaming\Leadertech
[2009/06/15 10:20:18 | 000,000,000 | ---D | M] -- C:\Users\Alejandro\AppData\Roaming\LG Electronics
[2010/07/25 10:27:33 | 000,000,000 | ---D | M] -- C:\Users\Alejandro\AppData\Roaming\Nemetschek
[2012/08/30 10:30:24 | 000,000,000 | ---D | M] -- C:\Users\Alejandro\AppData\Roaming\PCCUStubInstaller
[2010/06/28 09:05:15 | 000,000,000 | ---D | M] -- C:\Users\Alejandro\AppData\Roaming\Research In Motion
[2013/02/08 10:30:09 | 000,000,000 | ---D | M] -- C:\Users\Alejandro\AppData\Roaming\Softonic
[2012/09/24 23:02:44 | 000,000,000 | ---D | M] -- C:\Users\Alejandro\AppData\Roaming\Sony
[2012/06/29 12:38:54 | 000,000,000 | ---D | M] -- C:\Users\Alejandro\AppData\Roaming\Spotify
[2012/08/10 11:54:43 | 000,000,000 | ---D | M] -- C:\Users\Alejandro\AppData\Roaming\Telefónica
[2012/08/10 11:54:42 | 000,000,000 | ---D | M] -- C:\Users\Alejandro\AppData\Roaming\TGCMLog
[2012/09/25 10:34:40 | 000,000,000 | ---D | M] -- C:\Users\Alejandro\AppData\Roaming\WinZip

========== Purity Check ==========



< End of report >


Please can someone help me get rid of this problem?

Edited by platano69, 18 February 2013 - 02:02 PM.

[Advertisements]

Hello platano69

Welcome to The Forums!!

Around here they call me Gringo and I'll be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

• Please do not run any tools unless instructed to do so.
  
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
• Please do not attach logs or use code boxes, just copy and paste the text.
  
  • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
• Please read every post completely before doing anything.
  
  • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
• Please provide feedback about your experience as we go.
  
  • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

• Download Security Check by screen317 from here.
• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

• Please download AdwCleaner by Xplode onto your desktop.
  
• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
• Click on Delete.
• Confirm each time with Ok.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile with your next answer.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

• Download & SAVE to your Desktop RogueKiller or from here
  
• Quit all programs that you may have started.
• Please disconnect any USB or external drives from the computer before you run this scan!
• For Vista or Windows 7, right-click and select "Run as Administrator to start"
• For Windows XP, double-click to start.
• Wait until Prescan has finished ...
• Then Click on "Scan" button
• Wait until the Status box shows "Scan Finished"
• click on "delete"
• Wait until the Status box shows "Deleting Finished"
• Click on "Report" and copy/paste the content of the Notepad into your next reply.
• The log should be found in RKreport[1].txt on your Desktop
• Exit/Close RogueKiller+

Gringo

[gringo_pr]

Hello platano69

Welcome to The Forums!!

Around here they call me Gringo and I'll be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

• Please do not run any tools unless instructed to do so.
  
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
• Please do not attach logs or use code boxes, just copy and paste the text.
  
  • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
• Please read every post completely before doing anything.
  
  • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
• Please provide feedback about your experience as we go.
  
  • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.

NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

• Download Security Check by screen317 from here.
• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

• Please download AdwCleaner by Xplode onto your desktop.
  
• Close all open programs and internet browsers.
• Double click on AdwCleaner.exe to run the tool.
• Click on Delete.
• Confirm each time with Ok.
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile with your next answer.
• You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

• Download & SAVE to your Desktop RogueKiller or from here
  
• Quit all programs that you may have started.
• Please disconnect any USB or external drives from the computer before you run this scan!
• For Vista or Windows 7, right-click and select "Run as Administrator to start"
• For Windows XP, double-click to start.
• Wait until Prescan has finished ...
• Then Click on "Scan" button
• Wait until the Status box shows "Scan Finished"
• click on "delete"
• Wait until the Status box shows "Deleting Finished"
• Click on "Report" and copy/paste the content of the Notepad into your next reply.
• The log should be found in RKreport[1].txt on your Desktop
• Exit/Close RogueKiller+

Gringo

[gringo_pr]

Hello

48 Hour bump

It has been more than 48 hours since my last post.

• do you still need help with this?
• do you need more time?
• are you having problems following my instructions?
  
• if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo

[gringo_pr]

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.