Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Computer infected, cannot start regular or in safe mode

Started by mario90028 , Aug 19 2013 08:49 AM

  • This topic is locked This topic is locked

#1
mario90028
Posted 19 August 2013 - 08:49 AM

mario90028

    New Member

  • Member
  • Pip
  • 2 posts
Dear Geeks,

I am a newbie of this forum. I don't know if it is correct to post here. Pls correct me.

My computer is infected with moneypak virus, and the only way to do a scan was

I was able to run OTLPEStd.exe. and here is my OTL.txt log
Can you please tell me what to remove. HERE is My LOG

OTL logfile created on: 8/19/2013 7:36:08 AM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 60.00 Gb Total Space | 3.53 Gb Free Space | 5.89% Space Free | Partition Type: NTFS
Drive D: | 172.76 Gb Total Space | 12.80 Gb Free Space | 7.41% Space Free | Partition Type: NTFS
Drive F: | 3.74 Gb Total Space | 3.52 Gb Free Space | 94.25% Space Free | Partition Type: FAT32
Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet003

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled] -- -- (HidServ)
SRV - File not found [On_Demand] -- -- (getPlus® Helper) getPlus®
SRV - File not found [Auto] -- -- (AviraUpgradeService)
SRV - [2013/07/15 16:12:11 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/04/02 06:01:48 | 000,240,264 | ---- | M] (Microsoft Corporation.) [On_Demand] -- C:\Program Files\Microsoft\BingBar\7.2.233.0\SeaPort.exe -- (BBUpdate)
SRV - [2013/04/02 06:01:48 | 000,193,672 | ---- | M] (Microsoft Corporation.) [Auto] -- C:\Program Files\Microsoft\BingBar\7.2.233.0\BBSvc.exe -- (BBSvc)
SRV - [2013/02/05 11:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2012/06/22 18:34:12 | 001,118,680 | ---- | M] (PC Tools) [On_Demand] -- C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2012/06/22 17:21:50 | 000,402,368 | ---- | M] (PC Tools) [On_Demand] -- C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2012/06/22 14:38:46 | 000,575,448 | ---- | M] (Threat Expert Ltd.) [Auto] -- C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2011/08/20 02:49:48 | 000,045,056 | ---- | M] (Intuit) [Auto] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2011/08/20 00:31:14 | 001,248,256 | ---- | M] (Intuit Inc.) [Auto] -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS)
SRV - [2011/08/20 00:30:58 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2004/09/22 18:27:34 | 000,061,440 | ---- | M] () [Auto] -- C:\Program Files\Onyx Graphics\AutoUpdate\OnxUpdtService.exe -- (OnyxUpdaterService)
SRV - [2000/05/24 19:20:36 | 000,015,360 | ---- | M] (Adobe Systems Incorporated) [Disabled] -- C:\WINDOWS\system32\ATMsrvc.exe -- (ATMsrvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - [2013/03/06 21:32:25 | 000,031,360 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | System] -- C:\WINDOWS\system32\drivers\kxhekyc.sys -- (kxhekyc)
DRV - [2013/01/03 16:49:42 | 000,033,512 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2012/06/22 18:34:52 | 000,203,120 | ---- | M] (PC Tools) [Kernel | System] -- C:\WINDOWS\system32\drivers\PCTSD.sys -- (PCTSD)
DRV - [2012/06/22 14:39:14 | 000,070,768 | ---- | M] (PC Tools) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\PCTBD.sys -- (PCTBD)
DRV - [2012/04/23 15:36:50 | 000,383,368 | ---- | M] (PC Tools) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2012/02/28 14:43:00 | 000,342,168 | ---- | M] (PC Tools) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pctDS.sys -- (pctDS)
DRV - [2010/05/19 13:53:13 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2010/02/11 08:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2008/04/13 14:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 14:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2007/07/23 15:05:20 | 000,009,104 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DLADResM.SYS -- (DLADResM)
DRV - [2007/07/23 15:04:58 | 000,037,360 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2007/07/23 15:04:56 | 000,098,448 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2007/07/23 15:04:56 | 000,093,552 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2007/07/23 15:04:54 | 000,027,216 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2007/07/23 15:04:52 | 000,032,848 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2007/07/23 15:04:52 | 000,016,304 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2007/07/23 15:04:50 | 000,108,752 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007/07/23 14:49:44 | 000,030,064 | ---- | M] (Roxio) [File_System | System] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/07/23 14:49:44 | 000,014,576 | ---- | M] (Roxio) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2007/06/13 20:41:44 | 004,403,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/03/01 10:34:22 | 000,028,352 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2004/08/04 06:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/04 06:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004/07/14 15:54:42 | 000,676,864 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2004/05/11 22:11:02 | 000,099,968 | ---- | M] (Aladdin Knowledge Systems) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\aksusb.sys -- (aksusb)
DRV - [2004/04/28 13:03:08 | 000,328,448 | ---- | M] (Aladdin Knowledge Systems) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\akshasp.sys -- (akshasp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?...=OIE8HP&PC=UP62


IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=1080613
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://partnerpage.g...smb&ibd=1080613
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Search,CustomSearch =
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\HelpAssistant_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://news.yahoo.com/ [binary data]
IE - HKU\HelpAssistant_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\HelpAssistant_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\HelpAssistant_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\HelpAssistant_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\HelpAssistant_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\HelpAssistant_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


IE - HKU\mixael_padilla_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\mixael_padilla_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKU\mixael_padilla_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\mixael_padilla_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\mixael_padilla_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\mixael_padilla_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKU\mixael_padilla_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6092



FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMSS.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\mixael padilla\Application Data\Move Networks\plugins\npqmp071705000014.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@rayv.com/rayvplugin: C:\Program Files\RayV\RayV\plugins\nprayvplugin.dll (RayV)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\PC Tools\PC Tools Security\BDT\Firefox\ [2012/09/26 17:27:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/10/05 18:40:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/05/27 13:35:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/05/27 13:36:14 | 000,000,000 | ---D | M]

[2013/06/11 14:50:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/28 17:51:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2011/04/14 12:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/28 17:51:12 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old
[2012/04/02 19:15:08 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml

O1 HOSTS File: ([2013/08/12 11:17:25 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files\Microsoft\BingBar\7.2.233.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Bucksbee Loyalty Plugin - 100815) - {E5C2A1FE-86DB-87B4-11F0-1AA2579E81DD} - C:\Program Files\Bucksbee Loyalty Plugin - 100815\BucksBee Loyalty Plugin.dll (Freecause Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files\Microsoft\BingBar\7.2.233.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\HelpAssistant_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\HelpAssistant_ON_C\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\mixael_padilla_ON_C\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKU\mixael_padilla_ON_C\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [comwis] C:\Documents and Settings\mixael padilla\Application Data\ypjvdod.exe (Spanish Airline Ticketing)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (rootkit-scan)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NrHXADuRdm.exe] C:\Documents and Settings\mixael padilla\Local Settings\Application Data\8EVvll6gC\NrHXADuRdm.exe (Zdxdt Garyc Oqclkshzfbb)
O4 - HKU\mixael_padilla_ON_C..\Run: [Adobe Acrobat Synchronizer] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe (Adobe Systems Incorporated)
O4 - HKU\mixael_padilla_ON_C..\Run: [HP Officejet Pro 8600 (NET)] C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKU\mixael_padilla_ON_C..\Run: [NrHXADuRdm.exe] C:\Documents and Settings\mixael padilla\Local Settings\Application Data\8EVvll6gC\NrHXADuRdm.exe (Zdxdt Garyc Oqclkshzfbb)
O4 - HKU\mixael_padilla_ON_C..\Run: [Octoshape Streaming Services] C:\Documents and Settings\mixael padilla\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Intuit Data Protect.lnk = C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks US Plugin.lnk = C:\Program Files\PayPal Payment Request Wizard\QB US edition\OEHook.exe (A-1 Technology, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk = C:\Program Files\Intuit\QuickBooks 2005\QBW32.EXE (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\mixael padilla\Start Menu\Programs\Startup\Dropbox.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon: DisableCAD = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Administrator_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\HelpAssistant_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\HelpAssistant_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\HelpAssistant_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\HelpAssistant_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\HelpAssistant_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalUser\Software\Microsoft\Windows\CurrentVersion\Policies\System: DisableTaskMgr = 1
O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\mixael_padilla_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\mixael_padilla_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\mixael_padilla_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\mixael_padilla_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\mixael_padilla_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalUser\Software\Microsoft\Windows\CurrentVersion\Policies\System: DisableTaskMgr = 1
O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra 'Tools' menuitem : Yahoo! Search Protection - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\cashproxy.dll (Cash Ventures Corp)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\cashproxy.dll (Cash Ventures Corp)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\WINDOWS\System32\cashproxy.dll (Cash Ventures Corp)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...tes/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1231789307234 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.7.254
O18 - Protocol\Handler\intu-help-qb5 {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files\Intuit\QuickBooks 2005\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20 - HKLM Winlogon: Shell - (cmd.exe) - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O20 - HKU\mixael_padilla_ON_C Winlogon: Shell - (cmd.exe) - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\.DEFAULT\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2013/08/15 18:59:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mixael padilla\Local Settings\Application Data\8EVvll6gC
[2013/08/14 15:18:48 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\mixael padilla\Recent
[2013/08/13 04:29:16 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\NetworkService\Cookies
[2013/08/12 12:15:28 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/08/12 11:27:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2013/08/12 11:19:48 | 000,110,080 | ---- | C] (Mozilla Foundation) -- C:\Documents and Settings\mixael padilla\Application Data\ssl3.dll
[2013/08/12 11:19:48 | 000,104,960 | ---- | C] (Mozilla Foundation) -- C:\Documents and Settings\mixael padilla\Application Data\softokn3.dll
[2013/08/12 11:19:48 | 000,064,512 | ---- | C] (Mozilla Foundation) -- C:\Documents and Settings\mixael padilla\Application Data\smime3.dll
[2013/08/12 11:19:47 | 000,109,056 | ---- | C] (Cash Ventures Corp) -- C:\Documents and Settings\mixael padilla\Application Data\RegisterLSP.exe
[2013/08/12 11:19:46 | 000,319,488 | ---- | C] (Mozilla Foundation) -- C:\Documents and Settings\mixael padilla\Application Data\nss3.dll
[2013/08/12 11:19:46 | 000,187,392 | ---- | C] (Mozilla Foundation) -- C:\Documents and Settings\mixael padilla\Application Data\nssckbi.dll
[2013/08/12 11:19:46 | 000,140,288 | ---- | C] (Mozilla Foundation) -- C:\Documents and Settings\mixael padilla\Application Data\libnspr4.dll
[2013/08/12 11:19:46 | 000,078,848 | ---- | C] (Mozilla Foundation) -- C:\Documents and Settings\mixael padilla\Application Data\nssdbm3.dll
[2013/08/12 11:19:46 | 000,063,488 | ---- | C] (Mozilla Foundation) -- C:\Documents and Settings\mixael padilla\Application Data\nssutil3.dll
[2013/08/12 11:19:46 | 000,025,088 | ---- | C] (Mozilla Foundation) -- C:\Documents and Settings\mixael padilla\Application Data\libplc4.dll
[2013/08/12 11:19:46 | 000,024,064 | ---- | C] (Mozilla Foundation) -- C:\Documents and Settings\mixael padilla\Application Data\libplds4.dll
[2013/08/12 11:19:45 | 001,024,000 | ---- | C] (Cash Ventures Corp) -- C:\Documents and Settings\mixael padilla\Application Data\cashproxy.exe
[2013/08/12 11:19:45 | 000,133,120 | ---- | C] (Mozilla Foundation) -- C:\Documents and Settings\mixael padilla\Application Data\freebl3.dll
[2013/08/12 11:19:45 | 000,128,512 | ---- | C] (Cash Ventures Corp) -- C:\Documents and Settings\mixael padilla\Application Data\cashproxy.dll
[2013/08/12 11:19:44 | 000,054,784 | ---- | C] (Cash Ventures Corp) -- C:\Documents and Settings\mixael padilla\Application Data\cashcert.dll
[2013/08/12 11:19:29 | 003,095,040 | ---- | C] (Microsoft) -- C:\Documents and Settings\mixael padilla\Application Data\cxjhsjj.exe
[2013/08/12 11:01:48 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013/08/12 11:00:55 | 005,102,975 | R--- | C] (Swearware) -- C:\Documents and Settings\mixael padilla\Desktop\ComboFix.exe
[2013/08/09 15:45:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickBooks
[2013/08/09 15:42:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2013/08/09 15:33:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2013/08/08 17:29:03 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2013/08/08 17:29:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2013/08/07 16:19:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mixael padilla\Application Data\ParetoLogic
[2013/08/07 16:19:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2013/08/06 13:43:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mixael padilla\Desktop\yuri 8-6-2013
[2013/07/27 13:57:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2013/07/01 14:51:00 | 000,380,928 | ---- | C] (Cash Ventures Corp) -- C:\Documents and Settings\mixael padilla\Application Data\RegisterLSP64.exe
[2013/04/15 16:59:31 | 257,257,457 | ---- | C] (Spanish Airline Ticketing) -- C:\Documents and Settings\mixael padilla\Application Data\ypjvdod.exe
[2013/03/07 16:57:46 | 000,107,008 | ---- | C] (Mpuiejng) -- C:\Documents and Settings\All Users\Application Data\wxbxpvfr.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\mixael padilla\Desktop\*.tmp files -> C:\Documents and Settings\mixael padilla\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\mixael padilla\Desktop\*.tmp files -> C:\Documents and Settings\mixael padilla\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/08/19 09:24:00 | 000,000,440 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{1B7E6FF3-37EB-45DA-A7B1-D7430E9A3610}.job
[2013/08/19 09:21:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/08/19 08:55:00 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/08/18 23:40:00 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2013/08/18 17:00:00 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2013/08/18 16:45:00 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2013/08/18 13:55:00 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/08/18 13:10:00 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2013/08/17 22:29:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/08/16 20:30:00 | 000,000,532 | -H-- | M] () -- C:\WINDOWS\tasks\EXHIBIT GRAPHICS, INC 1215562252.job
[2013/08/16 13:47:54 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2013/08/16 13:47:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/08/16 02:54:36 | 000,000,435 | RHS- | M] () -- C:\boot.ini
[2013/08/15 18:59:23 | 000,182,272 | ---- | M] () -- C:\Documents and Settings\mixael padilla\Local Settings\Application Data\vpLNhumSDQ
[2013/08/15 18:59:23 | 000,182,272 | ---- | M] () -- C:\Documents and Settings\mixael padilla\Application Data\UiQFgXec
[2013/08/15 18:59:23 | 000,182,272 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\DZvBvHC6p
[2013/08/15 12:48:08 | 000,030,272 | ---- | M] () -- C:\Documents and Settings\mixael padilla\Application Data\123cook.dat
[2013/08/15 07:01:29 | 001,282,640 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/08/15 06:42:52 | 000,566,432 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/08/15 06:42:52 | 000,114,926 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/08/15 06:39:10 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/08/15 06:06:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2013/08/14 15:18:27 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2013/08/14 14:06:37 | 000,013,762 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/08/12 11:20:02 | 000,004,974 | ---- | M] () -- C:\Documents and Settings\mixael padilla\Application Data\dll.ini
[2013/08/12 11:20:00 | 000,002,040 | ---- | M] () -- C:\WINDOWS\System32\CashProxyOff.ini
[2013/08/12 11:19:59 | 000,003,696 | ---- | M] () -- C:\WINDOWS\System32\CashProxy.ini
[2013/08/12 11:19:48 | 000,229,888 | ---- | M] () -- C:\Documents and Settings\mixael padilla\Application Data\sqlite3.dll
[2013/08/12 11:19:48 | 000,110,080 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\mixael padilla\Application Data\ssl3.dll
[2013/08/12 11:19:48 | 000,104,960 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\mixael padilla\Application Data\softokn3.dll
[2013/08/12 11:19:48 | 000,064,512 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\mixael padilla\Application Data\smime3.dll
[2013/08/12 11:19:48 | 000,000,086 | ---- | M] () -- C:\Documents and Settings\mixael padilla\Application Data\registerlsp.ini
[2013/08/12 11:19:47 | 000,380,928 | ---- | M] (Cash Ventures Corp) -- C:\Documents and Settings\mixael padilla\Application Data\RegisterLSP64.exe
[2013/08/12 11:19:47 | 000,109,056 | ---- | M] (Cash Ventures Corp) -- C:\Documents and Settings\mixael padilla\Application Data\RegisterLSP.exe
[2013/08/12 11:19:46 | 000,319,488 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\mixael padilla\Application Data\nss3.dll
[2013/08/12 11:19:46 | 000,187,392 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\mixael padilla\Application Data\nssckbi.dll
[2013/08/12 11:19:46 | 000,140,288 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\mixael padilla\Application Data\libnspr4.dll
[2013/08/12 11:19:46 | 000,133,120 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\mixael padilla\Application Data\freebl3.dll
[2013/08/12 11:19:46 | 000,090,624 | ---- | M] () -- C:\Documents and Settings\mixael padilla\Application Data\PCProxyDLL.dll
[2013/08/12 11:19:46 | 000,078,848 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\mixael padilla\Application Data\nssdbm3.dll
[2013/08/12 11:19:46 | 000,063,488 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\mixael padilla\Application Data\nssutil3.dll
[2013/08/12 11:19:46 | 000,025,088 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\mixael padilla\Application Data\libplc4.dll
[2013/08/12 11:19:46 | 000,024,064 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\mixael padilla\Application Data\libplds4.dll
[2013/08/12 11:19:45 | 001,024,000 | ---- | M] (Cash Ventures Corp) -- C:\Documents and Settings\mixael padilla\Application Data\cashproxy.exe
[2013/08/12 11:19:45 | 000,128,512 | ---- | M] (Cash Ventures Corp) -- C:\Documents and Settings\mixael padilla\Application Data\cashproxy.dll
[2013/08/12 11:19:45 | 000,054,784 | ---- | M] (Cash Ventures Corp) -- C:\Documents and Settings\mixael padilla\Application Data\cashcert.dll
[2013/08/12 11:19:36 | 003,095,040 | ---- | M] (Microsoft) -- C:\Documents and Settings\mixael padilla\Application Data\cxjhsjj.exe
[2013/08/12 11:17:25 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/08/12 11:16:19 | 000,511,362 | ---- | M] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2013/08/12 11:01:03 | 005,102,975 | R--- | M] (Swearware) -- C:\Documents and Settings\mixael padilla\Desktop\ComboFix.exe
[2013/08/09 15:45:55 | 000,000,095 | ---- | M] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2013/08/09 15:45:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickBooks
[2013/08/09 15:45:37 | 000,002,109 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
[2013/08/09 15:45:37 | 000,001,930 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Intuit Data Protect.lnk
[2013/08/09 15:45:37 | 000,001,836 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickBooks Pro 2012.lnk
[2013/08/09 15:45:37 | 000,001,761 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
[2013/08/09 15:45:37 | 000,000,000 | R--D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
[2013/08/08 17:29:16 | 000,001,051 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Free YouTube to MP3 Converter.lnk
[2013/08/08 17:29:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\DVDVideoSoft
[2013/08/08 11:09:40 | 000,000,580 | ---- | M] () -- C:\Documents and Settings\mixael padilla\Desktop\QBFS_test.qwc
[2013/08/07 16:16:08 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/08/06 11:04:15 | 000,002,489 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk
[2013/07/31 17:58:30 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013/07/29 15:15:03 | 000,093,664 | ---- | M] () -- C:\Documents and Settings\mixael padilla\Desktop\5676.pdf
[2013/07/27 13:57:18 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2013/07/27 13:57:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2013/07/26 00:23:02 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
[2013/07/26 00:23:02 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
[2013/07/25 22:47:17 | 001,215,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2013/07/25 22:47:17 | 000,920,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2013/07/25 22:47:17 | 000,759,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vgx.dll
[2013/07/25 22:47:17 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2013/07/25 22:47:17 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll
[2013/07/25 22:47:17 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll
[2013/07/25 22:47:16 | 006,017,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2013/07/25 22:47:16 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll
[2013/07/25 22:47:16 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2013/07/25 22:47:16 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2013/07/25 22:47:14 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2013/07/25 22:47:14 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2013/07/25 22:47:14 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2013/07/25 22:47:14 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2013/07/25 22:47:13 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2013/07/25 22:47:13 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\licmgr10.dll
[2013/07/25 22:47:13 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\licmgr10.dll
[2013/07/25 22:47:13 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2013/07/25 22:47:13 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2013/07/25 22:47:12 | 002,005,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2013/07/25 22:47:12 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
[2013/07/25 22:47:12 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2013/07/25 22:47:11 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2013/07/25 22:47:11 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2013/07/25 22:47:10 | 011,113,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2013/07/25 22:47:06 | 000,743,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2013/07/25 22:47:06 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
[2013/07/25 22:47:06 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2013/07/25 11:52:59 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec
[2013/07/24 15:16:25 | 010,196,528 | ---- | M] () -- C:\Documents and Settings\mixael padilla\Desktop\200707172CM_1632.jpg
[2013/07/24 15:00:55 | 000,042,715 | ---- | M] () -- C:\Documents and Settings\mixael padilla\Desktop\IMG_3172.jpg
[2013/07/23 18:13:17 | 000,055,155 | ---- | M] () -- C:\Documents and Settings\mixael padilla\Desktop\Intuit.pdf
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\mixael padilla\Desktop\*.tmp files -> C:\Documents and Settings\mixael padilla\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\mixael padilla\Desktop\*.tmp files -> C:\Documents and Settings\mixael padilla\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/08/15 18:59:33 | 000,182,272 | ---- | C] () -- C:\Documents and Settings\mixael padilla\Local Settings\Application Data\vpLNhumSDQ
[2013/08/15 18:59:33 | 000,182,272 | ---- | C] () -- C:\Documents and Settings\mixael padilla\Application Data\UiQFgXec
[2013/08/15 18:59:33 | 000,182,272 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DZvBvHC6p
[2013/08/15 12:48:08 | 000,030,272 | ---- | C] () -- C:\Documents and Settings\mixael padilla\Application Data\123cook.dat
[2013/08/15 07:01:29 | 001,282,640 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/08/15 06:13:36 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2013/08/12 11:19:48 | 000,229,888 | ---- | C] () -- C:\Documents and Settings\mixael padilla\Application Data\sqlite3.dll
[2013/08/12 11:19:46 | 000,090,624 | ---- | C] () -- C:\Documents and Settings\mixael padilla\Application Data\PCProxyDLL.dll
[2013/08/12 11:16:19 | 000,511,362 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2013/08/09 15:45:37 | 000,002,109 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
[2013/08/09 15:45:37 | 000,001,930 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Intuit Data Protect.lnk
[2013/08/09 15:45:37 | 000,001,836 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickBooks Pro 2012.lnk
[2013/08/09 15:45:37 | 000,001,761 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
[2013/08/08 17:29:16 | 000,001,051 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Free YouTube to MP3 Converter.lnk
[2013/08/08 11:09:52 | 000,000,580 | ---- | C] () -- C:\Documents and Settings\mixael padilla\Desktop\QBFS_test.qwc
[2013/07/29 15:15:01 | 000,093,664 | ---- | C] () -- C:\Documents and Settings\mixael padilla\Desktop\5676.pdf
[2013/07/27 13:57:18 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2013/07/24 15:16:16 | 010,196,528 | ---- | C] () -- C:\Documents and Settings\mixael padilla\Desktop\200707172CM_1632.jpg
[2013/07/24 15:01:00 | 000,042,715 | ---- | C] () -- C:\Documents and Settings\mixael padilla\Desktop\IMG_3172.jpg
[2013/07/23 18:13:17 | 000,055,155 | ---- | C] () -- C:\Documents and Settings\mixael padilla\Desktop\Intuit.pdf
[2013/07/15 16:17:10 | 000,558,133 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2013/07/01 14:51:20 | 000,004,974 | ---- | C] () -- C:\Documents and Settings\mixael padilla\Application Data\dll.ini
[2013/07/01 14:51:18 | 000,003,696 | ---- | C] () -- C:\WINDOWS\System32\CashProxy.ini
[2013/07/01 14:51:18 | 000,002,040 | ---- | C] () -- C:\WINDOWS\System32\CashProxyOff.ini
[2013/07/01 14:51:00 | 000,000,086 | ---- | C] () -- C:\Documents and Settings\mixael padilla\Application Data\registerlsp.ini
[2013/07/01 14:50:38 | 000,018,496 | ---- | C] () -- C:\Documents and Settings\mixael padilla\Application Data\kod666.dat
[2013/06/19 20:06:59 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\mixael padilla\Application Data\a8fanb
[2013/06/18 15:31:22 | 000,000,049 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2013/04/15 16:59:41 | 000,003,352 | ---- | C] () -- C:\Documents and Settings\mixael padilla\Application Data\lyjsb
[2013/04/15 16:59:37 | 000,010,304 | ---- | C] () -- C:\Documents and Settings\mixael padilla\Application Data\amz888.dat
[2013/04/15 16:59:36 | 000,060,992 | ---- | C] () -- C:\Documents and Settings\mixael padilla\Application Data\mjks588.dat
[2013/03/07 16:57:39 | 000,108,300 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\kszoernywisvjuj
[2012/09/26 17:27:25 | 000,767,960 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2012/09/26 11:32:29 | 000,088,064 | ---- | C] () -- C:\WINDOWS\zedjydxb.exe
[2012/09/26 11:32:18 | 000,097,633 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\lnnwfrdmfsmkwao
[2012/07/12 11:11:05 | 000,384,844 | ---- | C] () -- C:\Documents and Settings\mixael padilla\Local Settings\Application Data\funmoods-speeddial.crx
[2012/02/15 23:59:16 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/14 17:43:30 | 000,000,057 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Ament.ini
[2011/06/01 14:02:19 | 000,000,095 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2010/06/01 10:56:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/05/19 14:03:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\jawsnt.INI
[2010/05/19 13:53:13 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2010/03/01 19:52:24 | 000,011,456 | -HS- | C] () -- C:\Documents and Settings\mixael padilla\Local Settings\Application Data\MYhtd
[2009/12/10 10:42:16 | 000,010,240 | ---- | C] () -- C:\Documents and Settings\mixael padilla\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/19 19:43:45 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/11/02 17:08:08 | 000,162,164 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/10/27 16:28:29 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/10/27 16:28:29 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009/10/27 16:28:29 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/10/27 16:28:29 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/10/27 16:28:29 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2008/12/08 17:31:16 | 000,479,580 | ---- | C] () -- C:\Documents and Settings\mixael padilla\forms.ps
[2008/06/27 14:37:04 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\FileOps.exe
[2008/06/23 12:11:38 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2008/06/23 12:09:00 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/06/20 20:13:59 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\mixael padilla\Local Settings\Application Data\fusioncache.dat
[2008/06/13 16:34:26 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/06/13 16:30:18 | 000,000,234 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/06/13 16:08:47 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2008/06/13 16:08:40 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4820.dll
[2008/06/13 16:07:26 | 000,001,032 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/03/21 19:48:05 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/21 19:48:05 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/11 17:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 17:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/11 17:12:14 | 000,023,428 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/11 17:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 17:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/11 17:00:28 | 000,566,432 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/11 17:00:28 | 000,114,926 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/11 17:00:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/04 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 06:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

========== LOP Check ==========

[2013/04/12 17:15:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mixael padilla\Application Data\Abfud
[2012/06/07 16:41:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mixael padilla\Application Data\alotappbar
[2012/06/07 16:41:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mixael padilla\Application Data\alotservice
[2010/02/16 15:09:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mixael padilla\Application Data\Canon
[2012/09/26 13:26:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mixael padilla\Application Data\DefaultTab
[2012/09/26 16:52:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mixael padilla\Application Data\DriverCure
[2013/08/15 12:48:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mixael padilla\Application Data\Dropbox
[2013/08/08 17:29:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mixael padilla\Application Data\DVDVideoSoft
[2013/06/28 14:03:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mixael padilla\Application Data\DVDVideoSoftIEHelpers
[2013/05/07 11:16:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mixael padilla\Application Data\Eppuxy
[2012/06/07 16:41:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mixael padilla\Application Data\FCTB000100815
[2012/06/05 11:53:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mixael padilla\Application Data\Octoshape
[2013/06/11 14:23:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mixael padilla\Application Data\OpenCandy
[2013/05/06 18:09:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mixael padilla\Application Data\Othei
[2013/08/07 16:19:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mixael padilla\Application Data\ParetoLogic
[2012/06/26 06:25:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mixael padilla\Application Data\RayV
[2012/04/02 19:15:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mixael padilla\Application Data\searchquband
[2012/09/26 16:52:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mixael padilla\Application Data\SpeedyPC Software
[2012/09/26 17:22:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mixael padilla\Application Data\TestApp
[2011/02/27 11:03:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mixael padilla\Application Data\TP
[2013/06/05 11:18:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mixael padilla\Application Data\Uchyp
[2011/10/27 17:37:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mixael padilla\Application Data\vmntemplate
[2013/05/07 11:16:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mixael padilla\Application Data\y60anta
[2013/06/11 14:45:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Hotspot Shield
[2013/06/11 15:07:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012/04/02 19:15:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2008/06/23 12:00:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/12/07 17:22:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CitrixLogs
[2008/06/20 20:20:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2012/09/26 11:32:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\gjfpksvbhllllvy
[2011/10/27 17:36:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2013/08/09 15:42:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2013/08/08 12:33:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2013/03/07 16:57:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pifxxqvdqxfuohb
[2011/10/27 17:36:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Premium
[2012/10/05 18:47:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2012/09/27 12:07:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedyPC Software
[2011/06/01 14:06:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 11
[2008/06/13 16:32:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2013/08/18 13:58:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/03/16 15:02:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/07/21 12:23:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/05 14:33:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/20 15:44:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2013/08/18 13:10:00 | 000,000,452 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2013/08/18 23:40:00 | 000,000,452 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2013/08/18 16:45:00 | 000,000,452 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2013/08/18 17:00:00 | 000,000,452 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2013/08/16 20:30:00 | 000,000,532 | -H-- | M] () -- C:\WINDOWS\Tasks\EXHIBIT GRAPHICS, INC 1215562252.job
[2013/08/19 09:24:00 | 000,000,440 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{1B7E6FF3-37EB-45DA-A7B1-D7430E9A3610}.job
[2013/08/16 13:47:54 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2004/08/11 17:15:00 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/05/19 13:51:41 | 000,002,572 | ---- | M] () -- C:\A_Card_WinXP.zip
[2009/10/27 16:30:26 | 000,000,281 | ---- | M] () -- C:\Boot.bak
[2013/08/16 02:54:36 | 000,000,435 | RHS- | M] () -- C:\boot.ini
[2004/08/04 02:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2013/08/12 11:24:21 | 000,023,643 | ---- | M] () -- C:\ComboFix.txt
[2004/08/11 17:15:00 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/06/13 16:09:48 | 000,007,205 | RH-- | M] () -- C:\dell.sdr
[2010/05/19 13:40:38 | 003,970,450 | ---- | M] () -- C:\HASP_driver_combo.zip
[2009/01/12 13:09:47 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2012/06/07 16:41:15 | 000,014,576 | ---- | M] () -- C:\INSTALLHELPER.LOG
[2004/08/11 17:15:00 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2004/08/11 17:15:00 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004/08/04 06:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2011/02/27 11:07:22 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2009/01/12 13:31:03 | 000,262,144 | ---- | M] () -- C:\ntuser.dat
[2009/10/27 16:05:06 | 000,001,024 | -H-- | M] () -- C:\ntuser.dat.LOG
[2013/08/16 13:47:48 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys


< MD5 for: EXPLORER.EXE >
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe
[2007/06/13 07:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\i386\explorer.exe
[2004/08/04 06:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: SERVICES.EXE >
[2009/02/06 07:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/13 20:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2008/04/13 20:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\services.exe
[2009/02/06 06:22:21 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=4712531AB7A01B7EE059853CA17D39BD -- C:\WINDOWS\$NtServicePackUninstall$\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\$hf_mig$\KB956572\SP3GDR\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\ERDNT\cache\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
[2004/08/04 05:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\i386\services.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 05:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\i386\userinit.exe
[2004/08/04 06:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 05:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\i386\winlogon.exe
[2004/08/04 06:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2013/04/04 17:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
< End of report >
  • 0

Advertisements

#2
Jasmyne
Posted 19 August 2013 - 09:04 AM

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
Hi! My name is Jasmyne and Welcome to Geeks to Go!

I'm sorry you are having issues with your computer but I will do my best to resolve them as quickly as possible. I know having an infected computer is frustrating because I was once where you are now!

Please be patient with me as I am currently in training, and all of my responses to you have to be reviewed by my instructor before I post them. Just keep in mind that you get the advantage as you have 2 people examining your issue.

  • You may want to print out these instructions, or copy them to a text file so that will have a copy in case you loose your connection to the internet during a removal process.
  • Please make sure to carefully read any instruction that I give you and in perform them in the order they are posted. If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask! Never be afraid to ask questions! :)
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
  • Please note that there is no "Quick & Easy Fix" to most malware infections and we may need to use several different tools to get your system clean.
  • Please stick with me until I tell you that your machine is clean. If you don't see any symptoms it does not mean your system is clear of malware
  • Please don't run any other scans or other software unless I ask you to, as it will make this repair more difficult.
  • Please reply within 3 days. Topics with no reply in 4 days are closed!

I am going over your log and submitting a fix to my instructors. I will post back to you as soon as possible. :)

Jasmyne
  • 0

#3
mario90028
Posted 19 August 2013 - 09:07 AM

mario90028

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
THANK YOU SO MUCH IN ADVANCE :thumbsup:
  • 0

#4
JSntgRvr
Posted 19 August 2013 - 12:27 PM

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,579 posts
Is this the same machine being served at Malwarebytes Forums?
  • 0

#5
Jasmyne
Posted 19 August 2013 - 01:17 PM

Jasmyne

    Trusted Helper

  • Malware Removal
  • 2,010 posts
In taking the time to do the research to help you with your malware issue, it has come to my attention that you are already receiving help here. While our help is free and we enjoy helping others it is both counterproductive and a waste of a volunteer's time when you post to multiple forums. Since you have already started working with the helper on the other forum this topic will be closed.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP