Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan Downloader: Tracur


  • Please log in to reply

#1
jaimech

jaimech

    New Member

  • Member
  • Pip
  • 1 posts
Hello,

I got infected with a malware called "Tracur" I opened a setup.exe file that was sent by a friend supossedly to be a game (stupid me, but the friend is someone I trust).

I use Mocrisift Security Essentials and it inmediately recognized the file as a virus. MSE "Cleaned" the infection and asked me to restar the machine but the problem is everytime it restart Microsoft Security Essentials alerts me again and I have to restar in order to clean but on every restart the virus appears again. Sometimes comes up as "Tracur.p" or "tracur.b" etc...

My computer is really really slow now and some webpages do not work well on IE. Please help me as this is my home/work PC.

Your help is greatly appreciated. Here is my OTL log:

OTL logfile created on: 01/12/2013 12:03:58 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

8.00 Gb Total Physical Memory | 3.53 Gb Available Physical Memory | 44.09% Memory free
16.00 Gb Paging File | 11.55 Gb Available in Paging File | 72.22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 755.52 Gb Free Space | 81.12% Space Free | Partition Type: NTFS
Drive D: | 2794.39 Gb Total Space | 655.97 Gb Free Space | 23.47% Space Free | Partition Type: NTFS
Drive F: | 671.15 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive K: | 7.45 Gb Total Space | 3.45 Gb Free Space | 46.34% Space Free | Partition Type: FAT32

Computer Name: JAIME-PC | User Name: Jaime | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/12/01 11:08:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Desktop\OTL.exe
PRC - [2013/10/23 14:45:36 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\TuneUpMedia\services\jsonrpcbroker\collectionstorage.exe
PRC - [2013/10/23 14:45:35 | 000,024,064 | ---- | M] () -- C:\Program Files (x86)\TuneUpMedia\services\jsonrpcbroker\jsonrpcbroker.exe
PRC - [2013/10/23 14:45:33 | 000,027,648 | ---- | M] () -- C:\Program Files (x86)\TuneUpMedia\services\jsonrpcbroker\itunesimporter.exe
PRC - [2013/10/23 13:46:12 | 005,152,048 | ---- | M] (TuneUp Media, Inc.) -- C:\Program Files (x86)\TuneUpMedia\TuneUpApp.exe
PRC - [2013/10/10 11:23:06 | 000,182,784 | ---- | M] () -- C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe
PRC - [2013/10/09 09:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2013/09/15 13:34:06 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2013/09/14 02:38:54 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2013/09/14 02:27:52 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
PRC - [2013/09/04 15:23:44 | 001,315,144 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
PRC - [2013/08/01 07:13:06 | 002,610,784 | ---- | M] (Disc Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe
PRC - [2013/06/05 11:28:40 | 027,370,808 | ---- | M] (Dropbox, Inc.) -- C:\Users\Jaime\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013/05/11 04:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013/04/21 20:43:52 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2013/01/09 11:24:55 | 005,055,336 | ---- | M] (Joyent, Inc) -- C:\Program Files (x86)\TuneUpMedia\services\nodejs\node.exe
PRC - [2012/12/14 04:33:18 | 000,068,096 | ---- | M] () -- C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\ovpntray.exe
PRC - [2012/12/14 04:33:18 | 000,024,064 | ---- | M] () -- C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\capiws.exe
PRC - [2012/11/13 14:08:12 | 003,487,240 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
PRC - [2009/06/04 16:48:22 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2009/02/23 10:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe


========== Modules (No Company Name) ==========

MOD - [2013/10/23 14:45:36 | 000,721,920 | ---- | M] () -- C:\Program Files (x86)\TuneUpMedia\services\jsonrpcbroker\_ssl.pyd
MOD - [2013/10/23 14:45:36 | 000,678,557 | ---- | M] () -- C:\Program Files (x86)\TuneUpMedia\services\jsonrpcbroker\pysqlite2._sqlite.pyd
MOD - [2013/10/23 14:45:36 | 000,103,424 | ---- | M] () -- C:\Program Files (x86)\TuneUpMedia\services\jsonrpcbroker\pyexpat.pyd
MOD - [2013/10/23 14:45:36 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\TuneUpMedia\services\jsonrpcbroker\_socket.pyd
MOD - [2013/10/23 14:45:36 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\TuneUpMedia\services\jsonrpcbroker\collectionstorage.exe
MOD - [2013/10/23 14:45:36 | 000,023,552 | ---- | M] () -- C:\Program Files (x86)\TuneUpMedia\services\jsonrpcbroker\_multiprocessing.pyd
MOD - [2013/10/23 14:45:36 | 000,009,728 | ---- | M] () -- C:\Program Files (x86)\TuneUpMedia\services\jsonrpcbroker\select.pyd
MOD - [2013/10/23 14:45:35 | 000,024,064 | ---- | M] () -- C:\Program Files (x86)\TuneUpMedia\services\jsonrpcbroker\jsonrpcbroker.exe
MOD - [2013/10/23 14:45:33 | 000,027,648 | ---- | M] () -- C:\Program Files (x86)\TuneUpMedia\services\jsonrpcbroker\itunesimporter.exe
MOD - [2013/10/23 14:45:10 | 000,147,968 | ---- | M] () -- C:\Program Files (x86)\TuneUpMedia\services\node\node_modules\gnsdk\lib\libmpg123.dll
MOD - [2013/10/23 14:45:10 | 000,104,960 | ---- | M] () -- C:\Program Files (x86)\TuneUpMedia\services\node\node_modules\gnsdk\lib\gnsdk.node
MOD - [2013/10/23 14:45:10 | 000,066,048 | ---- | M] () -- C:\Program Files (x86)\TuneUpMedia\services\node\node_modules\itunes\lib\itunes.node
MOD - [2013/10/23 13:46:14 | 001,519,408 | ---- | M] () -- C:\Program Files (x86)\iTunes\Plug-Ins\iTuneUp.dll
MOD - [2013/10/23 13:46:14 | 000,188,720 | ---- | M] () -- C:\Program Files (x86)\TuneUpMedia\AxHost.dll
MOD - [2013/10/23 13:46:14 | 000,102,192 | ---- | M] () -- C:\Program Files (x86)\TuneUpMedia\components\XJR.dll
MOD - [2013/09/14 00:51:02 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
MOD - [2013/09/14 00:50:36 | 001,242,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
MOD - [2013/03/13 14:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Jaime\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2013/01/10 16:45:39 | 001,996,288 | ---- | M] () -- C:\Program Files (x86)\TuneUpMedia\xre\mozjs.dll
MOD - [2012/12/14 04:33:18 | 000,068,096 | ---- | M] () -- C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\ovpntray.exe
MOD - [2012/11/13 17:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Jaime\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2012/11/13 14:06:32 | 000,158,624 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2012/11/13 14:06:30 | 000,108,960 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2012/11/13 14:06:28 | 000,554,400 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
MOD - [2012/11/13 14:06:28 | 000,528,288 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl
MOD - [2012/11/13 14:06:28 | 000,416,160 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2012/09/27 19:47:08 | 000,006,656 | ---- | M] () -- C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\pyovpnc.pyd
MOD - [2012/09/27 19:47:06 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\OpenSSL.crypto.pyd
MOD - [2012/09/27 19:47:06 | 000,039,424 | ---- | M] () -- C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\OpenSSL.SSL.pyd
MOD - [2012/09/27 19:47:06 | 000,010,240 | ---- | M] () -- C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\OpenSSL.rand.pyd
MOD - [2012/09/27 19:46:56 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\twisted.protocols._c_urlarg.pyd
MOD - [2012/09/27 19:46:06 | 000,019,968 | ---- | M] () -- C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\zope.interface._zope_interface_coptimizations.pyd
MOD - [2012/08/27 20:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/08/27 20:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/07/15 09:48:16 | 000,005,632 | ---- | M] () -- C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\ovpntray.dll
MOD - [2012/07/04 15:16:56 | 000,057,344 | ---- | M] () -- \\?\C:\Windows\SysWow64\NETAPI32.DLL
MOD - [2012/02/07 09:16:12 | 000,266,240 | ---- | M] () -- C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\win32com.shell.shell.pyd
MOD - [2012/02/07 09:13:08 | 000,358,912 | ---- | M] () -- C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\pythoncom26.dll
MOD - [2012/02/07 09:11:36 | 000,167,424 | ---- | M] () -- C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\win32gui.pyd
MOD - [2012/02/07 09:11:32 | 000,098,816 | ---- | M] () -- C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\win32api.pyd
MOD - [2012/02/07 09:10:50 | 000,035,840 | ---- | M] () -- C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\win32process.pyd
MOD - [2012/02/07 09:10:20 | 000,018,432 | ---- | M] () -- C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\win32event.pyd
MOD - [2012/02/07 09:09:54 | 000,110,080 | ---- | M] () -- C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\pywintypes26.dll
MOD - [2012/02/07 08:10:40 | 000,024,064 | ---- | M] () -- C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\win32pdh.pyd
MOD - [2010/11/20 06:21:36 | 000,047,104 | ---- | M] () -- \\?\C:\Windows\SysWow64\wkscli.dll
MOD - [2010/11/20 06:21:33 | 000,081,920 | ---- | M] () -- \\?\C:\Windows\SysWow64\USERENV.DLL
MOD - [2010/11/20 06:21:26 | 000,090,112 | ---- | M] () -- \\?\C:\Windows\SysWow64\srvcli.dll
MOD - [2010/11/20 06:20:57 | 002,504,192 | ---- | M] () -- \\?\C:\Windows\SysWow64\wmvcore.dll
MOD - [2010/11/20 06:20:29 | 000,022,528 | ---- | M] () -- \\?\C:\Windows\SysWow64\netutils.dll
MOD - [2010/08/24 16:48:54 | 000,011,776 | ---- | M] () -- C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\select.pyd
MOD - [2010/08/24 16:48:52 | 000,286,208 | ---- | M] () -- C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\_hashlib.pyd
MOD - [2010/08/24 16:48:48 | 000,153,088 | ---- | M] () -- C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\pyexpat.pyd
MOD - [2010/08/24 16:48:16 | 000,073,728 | ---- | M] () -- C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\_ctypes.pyd
MOD - [2010/08/24 16:48:02 | 000,720,896 | ---- | M] () -- C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\_ssl.pyd
MOD - [2010/08/24 16:47:50 | 000,040,448 | ---- | M] () -- C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\_socket.pyd
MOD - [2009/08/26 04:29:28 | 000,150,016 | ---- | M] () -- C:\Windows\SysWOW64\OemSpiE.dll
MOD - [2009/07/13 19:16:19 | 000,237,568 | ---- | M] () -- \\?\C:\Windows\SysWow64\WMASF.DLL
MOD - [2009/07/13 19:16:12 | 000,031,744 | ---- | M] () -- \\?\C:\Windows\SysWow64\profapi.dll
MOD - [2009/03/26 13:46:42 | 000,148,480 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL
MOD - [2009/02/06 17:52:24 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL


========== Services (SafeList) ==========

SRV:64bit: - [2013/11/27 00:11:00 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/10/28 18:02:18 | 002,255,064 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Windows\SysNative\BtwRSupportService.exe -- (BcmBtRSupport)
SRV:64bit: - [2013/10/23 17:14:22 | 000,348,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2013/10/23 17:14:22 | 000,023,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2013/08/30 16:57:54 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2013/05/26 23:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/17 07:31:34 | 004,948,992 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
SRV:64bit: - [2009/06/04 16:48:20 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2013/11/27 10:18:35 | 000,119,408 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/11/13 09:28:50 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/10 11:23:06 | 000,182,784 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Allway Sync\Bin\SyncService.exe -- (BotkindSyncService)
SRV - [2013/10/09 09:58:16 | 003,275,136 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2013/09/11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013/09/05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/11 04:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/12/14 04:33:18 | 000,024,064 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\capiws.exe -- (OpenVPNAccessClient)
SRV - [2012/10/28 12:44:10 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2012/10/28 06:00:36 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2011/03/16 09:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/02/23 10:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2007/02/05 10:11:18 | 000,075,320 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2007/02/05 10:11:16 | 000,112,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SsBeSvc.exe -- (SonicStage Back-End Service)
SRV - [2006/12/14 02:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 02:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 01:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/12/01 11:45:06 | 000,096,856 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SMR410.SYS -- (SMR410)
DRV:64bit: - [2013/10/28 18:02:16 | 000,170,712 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcbtums.sys -- (bcbtums)
DRV:64bit: - [2013/09/27 09:53:06 | 000,134,944 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2013/08/30 18:11:28 | 012,528,640 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013/08/30 16:32:32 | 000,618,496 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013/08/11 10:31:16 | 000,283,064 | ---- | M] (Disc Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2013/08/09 19:02:14 | 000,166,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl)
DRV:64bit: - [2013/07/05 02:40:38 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2013/05/31 00:14:00 | 000,034,136 | ---- | M] (KORG INC.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\KORGUM64.SYS -- (KORGUMDS)
DRV:64bit: - [2013/04/01 09:23:17 | 000,032,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stdriverx64.sys -- (stdriver)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/09/21 13:04:24 | 000,024,608 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvbflt64.sys -- (CompFilter64)
DRV:64bit: - [2012/09/21 13:04:22 | 004,763,680 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUVC64.sys -- (LVUVC64)
DRV:64bit: - [2012/09/21 13:04:22 | 000,351,520 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2012/08/23 08:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 08:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/07/15 10:48:16 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tapoas.sys -- (tapoas)
DRV:64bit: - [2012/03/26 13:50:12 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/12/21 14:47:52 | 000,031,968 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btnetBus.sys -- (btnetBUs)
DRV:64bit: - [2011/12/21 14:47:08 | 000,025,056 | ---- | M] (IVT Corporation.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\BtHidBus.sys -- (BtHidBus)
DRV:64bit: - [2011/06/10 05:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/04/27 15:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2010/04/27 15:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2010/04/27 13:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2010/04/27 13:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2010/04/06 18:32:48 | 000,027,016 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IvtBtBus.sys -- (IvtBtBUs)
DRV:64bit: - [2010/02/03 10:16:50 | 000,196,992 | ---- | M] (Archwave AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pae_1394_x64.sys -- (pae_1394)
DRV:64bit: - [2010/02/03 10:16:50 | 000,072,576 | ---- | M] (Archwave AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pae_avs_x64.sys -- (pae_avs)
DRV:64bit: - [2009/12/30 10:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 18:06:43 | 000,060,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\61883.sys -- (61883)
DRV:64bit: - [2009/07/13 18:06:43 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avc.sys -- (Avc)
DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/14 12:14:16 | 000,097,056 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/05/14 12:14:14 | 000,131,360 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/05/14 12:14:10 | 000,019,872 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/05/06 01:34:52 | 000,639,512 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\t3.sys -- (t3)
DRV:64bit: - [2009/04/07 17:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009/02/17 11:11:25 | 000,031,400 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2008/04/30 03:32:27 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.SYS -- (SSPORT)
DRV:64bit: - [2007/02/15 18:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV:64bit: - [2006/10/18 02:00:00 | 000,052,760 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007/02/15 18:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys -- (ElbyCDFL)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-514206936-2506590917-3201843008-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-514206936-2506590917-3201843008-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-514206936-2506590917-3201843008-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKU\S-1-5-21-514206936-2506590917-3201843008-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/
IE - HKU\S-1-5-21-514206936-2506590917-3201843008-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-CA
IE - HKU\S-1-5-21-514206936-2506590917-3201843008-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D5 46 CD 4A 72 EE CE 01 [binary data]
IE - HKU\S-1-5-21-514206936-2506590917-3201843008-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-514206936-2506590917-3201843008-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-514206936-2506590917-3201843008-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-514206936-2506590917-3201843008-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE11SR
IE - HKU\S-1-5-21-514206936-2506590917-3201843008-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-514206936-2506590917-3201843008-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: web2pdfextension%40web2pdf.adobedotcom:1.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:25.0.1


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Jaime\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013/11/13 22:58:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 25.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/11/21 19:25:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jaime\AppData\Roaming\Mozilla\Extensions
[2013/11/27 09:25:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jaime\AppData\Roaming\Mozilla\Firefox\Profiles\sopll04f.default\extensions
[2013/11/27 10:18:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/11/27 10:18:18 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/11/27 10:18:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/11/27 10:18:18 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/11/27 10:18:35 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/11/13 22:58:20 | 000,000,000 | ---D | M] (Adobe Acrobat - Create PDF) -- C:\PROGRAM FILES (X86)\ADOBE\ACROBAT 10.0\ACROBAT\BROWSER\WCFIREFOXEXTN

O1 HOSTS File: ([2013/11/13 22:21:04 | 000,449,468 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.123fporn.info
O1 - Hosts: 15431 more lines...
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-514206936-2506590917-3201843008-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [SPIRunE] C:\Windows\SysWow64\SpiRunE.dll (Creative Technology Ltd.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-514206936-2506590917-3201843008-1000..\Run: [AppleIEDAV] C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe (Apple Inc.)
O4 - HKU\S-1-5-21-514206936-2506590917-3201843008-1000..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\S-1-5-21-514206936-2506590917-3201843008-1000..\Run: [ares] C:\Program Files (x86)\Ares\Ares.exe (Ares Development Group)
O4 - HKU\S-1-5-21-514206936-2506590917-3201843008-1000..\Run: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe File not found
O4 - HKU\S-1-5-21-514206936-2506590917-3201843008-1000..\Run: [eMuleAutoStart] C:\Program Files (x86)\eMule\emule.exe (http://www.emule-project.net)
O4 - HKU\S-1-5-21-514206936-2506590917-3201843008-1000..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-514206936-2506590917-3201843008-1000..\Run: [Sync2] C:\Program Files\4Team Corporation\Sync2\Sync2.exe (4Team Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Jaime\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Jaime\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Jaime\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-514206936-2506590917-3201843008-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab (QuickTime Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.c...stem/iCloud.cab (iCloud Web App Plugin)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creat...13/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://berklee.webe...br/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creat...015/CTSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creat...21022/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{164BABA0-DE99-4C35-B61A-1D4914D9C32E}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FA3083DA-4C79-438E-BBE4-AC949A013000}: DhcpNameServer = 204.101.237.136 207.164.79.249
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/08/04 18:13:52 | 000,000,110 | -H-- | M] () - K:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{8447620e-2132-11e2-93d4-0021705be692}\Shell - "" = AutoRun
O33 - MountPoints2\{8447620e-2132-11e2-93d4-0021705be692}\Shell\AutoRun\command - "" = E:\Set-up.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (sdnclean64.exe)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/12/01 11:45:56 | 000,000,000 | ---D | C] -- C:\Users\Jaime\AppData\Local\CrashDumps
[2013/12/01 11:45:06 | 000,096,856 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SMR410.SYS
[2013/12/01 11:45:01 | 000,000,000 | ---D | C] -- C:\Users\Jaime\AppData\Local\NPE
[2013/12/01 11:45:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2013/12/01 11:43:57 | 003,053,496 | ---- | C] (Symantec Corporation) -- D:\Desktop\NPE.exe
[2013/12/01 11:08:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- D:\Desktop\OTL.exe
[2013/12/01 10:46:44 | 093,781,264 | ---- | C] (Microsoft Corporation) -- D:\Desktop\msert.exe
[2013/12/01 03:11:12 | 022,791,896 | ---- | C] (Microsoft Corporation) -- D:\Desktop\Windows-KB890830-x64-V5.6.exe
[2013/12/01 02:58:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013/12/01 02:47:21 | 029,390,520 | ---- | C] (Panda Security ) -- D:\Desktop\PandaCloudCleaner.exe
[2013/12/01 02:43:28 | 000,185,800 | ---- | C] (Лаборатория Касперского) -- D:\Desktop\kss12.0.1.117abRU_EN_DE_FR_ES_IT_JA_PT_ZH_5203.exe
[2013/12/01 02:08:10 | 000,000,000 | -HSD | C] -- C:\ProgramData\f5c2d819
[2013/12/01 02:08:10 | 000,000,000 | -HSD | C] -- C:\ProgramData\f5688de6
[2013/12/01 02:08:10 | 000,000,000 | -HSD | C] -- C:\ProgramData\283d05e6
[2013/12/01 02:08:10 | 000,000,000 | ---D | C] -- C:\ProgramData\lang
[2013/11/28 03:11:22 | 000,000,000 | ---D | C] -- C:\Users\Jaime\AppData\Local\GameHouse
[2013/11/28 03:11:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Trymedia
[2013/11/28 03:11:07 | 000,000,000 | ---D | C] -- C:\Users\Jaime\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bejeweled 3
[2013/11/28 03:11:01 | 000,000,000 | ---D | C] -- C:\Program Files\Games-Full.info
[2013/11/27 10:18:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/11/27 01:00:01 | 000,000,000 | ---D | C] -- D:\Desktop\WIS USB
[2013/11/27 00:41:37 | 000,000,000 | ---D | C] -- D:\Desktop\Memoria November 26 2013
[2013/11/27 00:14:11 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2013/11/27 00:12:43 | 000,028,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEUDINIT.EXE
[2013/11/27 00:11:05 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013/11/27 00:11:05 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013/11/27 00:11:03 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll
[2013/11/27 00:11:03 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013/11/27 00:11:03 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013/11/27 00:11:03 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/11/27 00:11:02 | 001,926,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/11/27 00:11:02 | 001,051,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013/11/27 00:11:02 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013/11/27 00:11:02 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013/11/27 00:11:02 | 000,610,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/11/27 00:11:02 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/11/27 00:11:02 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013/11/27 00:11:02 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/11/27 00:11:02 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013/11/27 00:11:02 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013/11/27 00:11:02 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013/11/27 00:11:02 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013/11/27 00:11:02 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/11/27 00:11:02 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013/11/27 00:11:02 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/11/27 00:11:02 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013/11/27 00:11:02 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013/11/27 00:11:02 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2013/11/27 00:11:02 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/11/27 00:11:02 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013/11/27 00:11:02 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2013/11/27 00:11:02 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2013/11/27 00:11:02 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/11/27 00:11:02 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013/11/27 00:11:02 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013/11/27 00:11:01 | 005,765,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/11/27 00:11:01 | 000,942,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll
[2013/11/27 00:11:01 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2013/11/27 00:11:01 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/11/27 00:11:01 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2013/11/27 00:11:01 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013/11/27 00:11:01 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013/11/27 00:11:01 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013/11/27 00:11:01 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013/11/27 00:11:01 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/11/27 00:11:01 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013/11/27 00:11:01 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/11/27 00:11:01 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/11/27 00:11:01 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013/11/27 00:11:01 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013/11/27 00:11:01 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013/11/27 00:11:01 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013/11/27 00:11:00 | 001,993,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/11/27 00:11:00 | 001,228,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013/11/27 00:11:00 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013/11/27 00:11:00 | 000,626,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/11/27 00:11:00 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013/11/27 00:11:00 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/11/27 00:11:00 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013/11/27 00:11:00 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013/11/27 00:11:00 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013/11/27 00:11:00 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/11/27 00:11:00 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/11/27 00:11:00 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013/11/27 00:11:00 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013/11/27 00:11:00 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013/11/27 00:11:00 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/11/27 00:11:00 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2013/11/27 00:11:00 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013/11/27 00:11:00 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/11/27 00:11:00 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013/11/27 00:11:00 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013/11/27 00:11:00 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/11/27 00:11:00 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013/11/27 00:11:00 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2013/11/27 00:11:00 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2013/11/27 00:11:00 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/11/27 00:11:00 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013/11/27 00:11:00 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013/11/27 00:11:00 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2013/11/27 00:10:59 | 000,774,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/11/27 00:10:59 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013/11/27 00:10:59 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2013/11/27 00:10:59 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013/11/23 01:03:13 | 000,000,000 | ---D | C] -- D:\Desktop\PARA LITERATURE REVIEW
[2013/11/22 19:56:06 | 000,000,000 | ---D | C] -- D:\Desktop\PARA LITERATURA 2
[2013/11/17 14:59:04 | 000,000,000 | ---D | C] -- D:\Desktop\PeriodicoDeAyer
[2013/11/17 00:26:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp
[2013/11/17 00:25:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUpMedia
[2013/11/17 00:25:11 | 000,000,000 | ---D | C] -- C:\Users\Jaime\AppData\Roaming\TuneUpMedia
[2013/11/17 00:25:06 | 000,000,000 | ---D | C] -- C:\ProgramData\TuneUpMedia
[2013/11/17 00:21:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/11/17 00:20:26 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/11/17 00:20:25 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/11/17 00:20:25 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/11/16 16:09:43 | 000,000,000 | ---D | C] -- D:\Desktop\USA_M3XP_V205_E1
[2013/11/15 14:28:40 | 000,000,000 | ---D | C] -- C:\Users\Jaime\AppData\Roaming\vlc
[2013/11/13 22:47:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2
[2013/11/13 22:44:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat X Suite
[2013/11/13 22:44:14 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2013/11/13 22:43:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2013/11/13 22:16:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Finale 2014
[2013/11/13 20:08:51 | 000,000,000 | ---D | C] -- D:\Desktop\Finale2014WinFull
[2013/11/13 18:59:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Finale 2014
[2013/11/13 01:19:17 | 000,000,000 | ---D | C] -- C:\Users\Jaime\AppData\Roaming\Foxit Software
[2013/11/13 01:09:07 | 001,474,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013/11/13 01:08:59 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013/11/13 01:08:59 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013/11/13 01:08:59 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\credui.dll
[2013/11/13 01:08:59 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SmartcardCredentialProvider.dll
[2013/11/13 01:08:59 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
[2013/11/13 01:08:55 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2013/11/13 01:08:55 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013/11/13 01:08:55 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2013/11/13 01:08:54 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2013/11/13 01:08:54 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2013/11/13 01:08:53 | 000,404,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
[2013/11/13 01:08:52 | 000,830,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nshwfp.dll
[2013/11/13 01:08:52 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FWPUCLNT.DLL
[2013/11/13 01:08:52 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\FWPUCLNT.DLL
[2013/11/13 01:08:51 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshwfp.dll
[2013/11/12 22:42:28 | 000,000,000 | ---D | C] -- D:\Desktop\Partituras Son Latino IPAD
[2013/11/11 15:28:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Duplicate Music Files Finder
[2013/11/04 11:08:48 | 000,000,000 | ---D | C] -- D:\Documents\Ericka
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 D:\Desktop\*.tmp files -> D:\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/12/01 11:49:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/12/01 11:45:07 | 000,000,020 | ---- | M] () -- C:\Windows\SysNative\drivers\SMR410.dat
[2013/12/01 11:45:06 | 000,096,856 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SMR410.SYS
[2013/12/01 11:45:01 | 003,053,496 | ---- | M] (Symantec Corporation) -- D:\Desktop\NPE.exe
[2013/12/01 11:08:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Desktop\OTL.exe
[2013/12/01 11:07:00 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-514206936-2506590917-3201843008-1000UA.job
[2013/12/01 10:47:18 | 093,781,264 | ---- | M] (Microsoft Corporation) -- D:\Desktop\msert.exe
[2013/12/01 03:11:25 | 022,791,896 | ---- | M] (Microsoft Corporation) -- D:\Desktop\Windows-KB890830-x64-V5.6.exe
[2013/12/01 02:47:39 | 001,061,584 | ---- | M] () -- D:\Desktop\PANDAAP14.exe
[2013/12/01 02:47:22 | 029,390,520 | ---- | M] (Panda Security ) -- D:\Desktop\PandaCloudCleaner.exe
[2013/12/01 02:43:37 | 129,657,024 | ---- | M] () -- D:\Desktop\setup_11.0.1.1245.x01_2013_12_01_11_35.exe
[2013/12/01 02:43:28 | 000,185,800 | ---- | M] (Лаборатория Касперского) -- D:\Desktop\kss12.0.1.117abRU_EN_DE_FR_ES_IT_JA_PT_ZH_5203.exe
[2013/12/01 02:36:20 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/12/01 02:36:20 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/12/01 02:35:00 | 000,786,578 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/12/01 02:35:00 | 000,669,556 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/12/01 02:35:00 | 000,127,172 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/12/01 02:29:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/12/01 02:28:59 | 2146,836,479 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/01 02:08:09 | 000,000,109 | ---- | M] () -- C:\Windows\SysWow64\2020369809
[2013/11/30 20:07:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-514206936-2506590917-3201843008-1000Core.job
[2013/11/30 13:40:13 | 000,001,262 | ---- | M] () -- C:\Users\Jaime\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2013/11/29 17:32:51 | 000,539,940 | ---- | M] () -- D:\Desktop\Poster Coro.jpg
[2013/11/28 03:11:07 | 001,139,484 | ---- | M] () -- C:\Windows\Bejeweled 3 Uninstaller.exe
[2013/11/28 03:11:07 | 000,001,653 | ---- | M] () -- D:\Desktop\Games-Full.lnk
[2013/11/28 03:11:07 | 000,000,895 | ---- | M] () -- D:\Desktop\Bejeweled 3.lnk
[2013/11/27 09:29:07 | 000,005,460 | ---- | M] () -- D:\Desktop\CAA Receipt.pdf
[2013/11/27 00:15:39 | 000,770,444 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/11/27 00:11:05 | 000,940,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013/11/27 00:11:05 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013/11/27 00:11:03 | 000,645,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll
[2013/11/27 00:11:03 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/11/27 00:11:03 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013/11/27 00:11:03 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013/11/27 00:11:03 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/11/27 00:11:02 | 001,926,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/11/27 00:11:02 | 001,051,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013/11/27 00:11:02 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013/11/27 00:11:02 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013/11/27 00:11:02 | 000,610,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/11/27 00:11:02 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013/11/27 00:11:02 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/11/27 00:11:02 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013/11/27 00:11:02 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013/11/27 00:11:02 | 000,127,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013/11/27 00:11:02 | 000,116,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013/11/27 00:11:02 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/11/27 00:11:02 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013/11/27 00:11:02 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/11/27 00:11:02 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013/11/27 00:11:02 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013/11/27 00:11:02 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2013/11/27 00:11:02 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/11/27 00:11:02 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013/11/27 00:11:02 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2013/11/27 00:11:02 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2013/11/27 00:11:02 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/11/27 00:11:02 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013/11/27 00:11:02 | 000,016,284 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/11/27 00:11:02 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013/11/27 00:11:01 | 005,765,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/11/27 00:11:01 | 000,942,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll
[2013/11/27 00:11:01 | 000,708,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2013/11/27 00:11:01 | 000,574,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/11/27 00:11:01 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2013/11/27 00:11:01 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013/11/27 00:11:01 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013/11/27 00:11:01 | 000,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013/11/27 00:11:01 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013/11/27 00:11:01 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/11/27 00:11:01 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013/11/27 00:11:01 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/11/27 00:11:01 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/11/27 00:11:01 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013/11/27 00:11:01 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013/11/27 00:11:01 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013/11/27 00:11:01 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013/11/27 00:11:00 | 001,993,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/11/27 00:11:00 | 001,228,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013/11/27 00:11:00 | 000,817,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013/11/27 00:11:00 | 000,626,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/11/27 00:11:00 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013/11/27 00:11:00 | 000,548,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/11/27 00:11:00 | 000,453,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013/11/27 00:11:00 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013/11/27 00:11:00 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013/11/27 00:11:00 | 000,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/11/27 00:11:00 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/11/27 00:11:00 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013/11/27 00:11:00 | 000,147,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013/11/27 00:11:00 | 000,143,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013/11/27 00:11:00 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/11/27 00:11:00 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2013/11/27 00:11:00 | 000,101,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013/11/27 00:11:00 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/11/27 00:11:00 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013/11/27 00:11:00 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013/11/27 00:11:00 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/11/27 00:11:00 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013/11/27 00:11:00 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2013/11/27 00:11:00 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2013/11/27 00:11:00 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/11/27 00:11:00 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013/11/27 00:11:00 | 000,016,284 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013/11/27 00:11:00 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013/11/27 00:11:00 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2013/11/27 00:10:59 | 000,774,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/11/27 00:10:59 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013/11/27 00:10:59 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2013/11/27 00:10:59 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013/11/21 12:12:45 | 000,215,853 | ---- | M] () -- D:\Desktop\SAMPLE TODO SOBRE NUESTRA COMIDA Y RESTAURANTE FAVORITOS.pdf
[2013/11/19 17:27:27 | 001,154,779 | ---- | M] () -- D:\Desktop\EXAMEN CONVERSATIONAL 8 9.pdf
[2013/11/19 03:00:46 | 000,002,155 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013/11/17 00:26:19 | 000,001,033 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp.lnk
[2013/11/17 00:21:57 | 000,001,118 | ---- | M] () -- C:\Users\Public\Desktop\Allway Sync.lnk
[2013/11/17 00:21:15 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/11/16 23:18:20 | 000,092,875 | ---- | M] () -- D:\Desktop\Untitled1 - Piano.musx
[2013/11/16 19:17:37 | 005,030,728 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/11/16 19:16:15 | 000,000,491 | ---- | M] () -- C:\Users\Jaime\openvpn-connect.json
[2013/11/15 14:28:10 | 000,001,066 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013/11/14 16:42:54 | 000,323,481 | ---- | M] () -- D:\Desktop\Talent-Optimization.pdf
[2013/11/13 22:58:25 | 000,002,026 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
[2013/11/13 20:30:20 | 000,001,003 | ---- | M] () -- C:\Users\Jaime\Application Data\Microsoft\Internet Explorer\Quick Launch\ARIA Player.lnk
[2013/11/13 20:30:19 | 000,000,999 | ---- | M] () -- C:\Users\Public\Desktop\ARIA Player x64.lnk
[2013/11/13 20:30:18 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\ARIA Player.lnk
[2013/11/13 20:27:05 | 000,001,040 | ---- | M] () -- C:\Users\Jaime\Application Data\Microsoft\Internet Explorer\Quick Launch\Finale 2014.lnk
[2013/11/13 20:27:05 | 000,001,016 | ---- | M] () -- C:\Users\Public\Desktop\Finale 2014.lnk
[2013/11/13 20:07:48 | 1685,058,596 | ---- | M] () -- D:\Desktop\Finale2014WinFull.zip
[2013/11/13 19:13:17 | 000,058,701 | ---- | M] () -- D:\Desktop\Finale Receipt 2014.pdf
[2013/11/13 09:28:49 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/11/13 09:28:49 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/11/11 22:57:54 | 000,001,083 | ---- | M] () -- D:\Desktop\AVS Audio Converter.lnk
[2013/11/11 22:47:26 | 000,073,840 | ---- | M] () -- D:\Desktop\recibo Tuneup.pdf
[2013/11/11 22:37:00 | 000,353,952 | ---- | M] () -- D:\Desktop\Constancia Salarial.pdf
[2013/11/06 17:59:11 | 000,001,101 | ---- | M] () -- C:\Users\Jaime\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
[2013/11/05 16:50:20 | 000,732,773 | ---- | M] () -- D:\Desktop\VOCABULARY SPANISH.pdf
[2013/11/05 16:18:34 | 002,398,295 | ---- | M] () -- D:\Desktop\alimentosa1.pdf
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 D:\Desktop\*.tmp files -> D:\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/12/01 11:45:07 | 000,000,020 | ---- | C] () -- C:\Windows\SysNative\drivers\SMR410.dat
[2013/12/01 02:47:39 | 001,061,584 | ---- | C] () -- D:\Desktop\PANDAAP14.exe
[2013/12/01 02:42:35 | 129,657,024 | ---- | C] () -- D:\Desktop\setup_11.0.1.1245.x01_2013_12_01_11_35.exe
[2013/12/01 02:07:03 | 000,000,109 | ---- | C] () -- C:\Windows\SysWow64\2020369809
[2013/11/30 13:40:13 | 000,001,262 | ---- | C] () -- C:\Users\Jaime\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
[2013/11/29 17:32:51 | 000,539,940 | ---- | C] () -- D:\Desktop\Poster Coro.jpg
[2013/11/28 03:11:07 | 001,139,484 | ---- | C] () -- C:\Windows\Bejeweled 3 Uninstaller.exe
[2013/11/28 03:11:07 | 000,001,653 | ---- | C] () -- D:\Desktop\Games-Full.lnk
[2013/11/28 03:11:07 | 000,000,895 | ---- | C] () -- D:\Desktop\Bejeweled 3.lnk
[2013/11/27 09:29:03 | 000,005,460 | ---- | C] () -- D:\Desktop\CAA Receipt.pdf
[2013/11/27 00:11:02 | 000,016,284 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013/11/27 00:11:00 | 000,016,284 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013/11/21 12:12:44 | 000,215,853 | ---- | C] () -- D:\Desktop\SAMPLE TODO SOBRE NUESTRA COMIDA Y RESTAURANTE FAVORITOS.pdf
[2013/11/19 17:27:27 | 001,154,779 | ---- | C] () -- D:\Desktop\EXAMEN CONVERSATIONAL 8 9.pdf
[2013/11/17 00:26:19 | 000,001,033 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp.lnk
[2013/11/17 00:21:15 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/11/16 23:18:20 | 000,092,875 | ---- | C] () -- D:\Desktop\Untitled1 - Piano.musx
[2013/11/14 16:42:54 | 000,323,481 | ---- | C] () -- D:\Desktop\Talent-Optimization.pdf
[2013/11/13 22:47:59 | 000,002,026 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Acrobat X Pro.lnk
[2013/11/13 22:47:57 | 000,002,465 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller X.lnk
[2013/11/13 22:47:57 | 000,002,453 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat X Pro.lnk
[2013/11/13 22:43:32 | 000,001,179 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Captivate Reviewer 2.0.lnk
[2013/11/13 22:43:20 | 000,001,267 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Captivate Quiz Results Analyzer.lnk
[2013/11/13 20:30:20 | 000,001,003 | ---- | C] () -- C:\Users\Jaime\Application Data\Microsoft\Internet Explorer\Quick Launch\ARIA Player.lnk
[2013/11/13 20:30:19 | 000,000,999 | ---- | C] () -- C:\Users\Public\Desktop\ARIA Player x64.lnk
[2013/11/13 20:30:18 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\ARIA Player.lnk
[2013/11/13 20:27:05 | 000,001,040 | ---- | C] () -- C:\Users\Jaime\Application Data\Microsoft\Internet Explorer\Quick Launch\Finale 2014.lnk
[2013/11/13 20:27:05 | 000,001,016 | ---- | C] () -- C:\Users\Public\Desktop\Finale 2014.lnk
[2013/11/13 19:13:15 | 000,058,701 | ---- | C] () -- D:\Desktop\Finale Receipt 2014.pdf
[2013/11/13 19:11:38 | 1685,058,596 | ---- | C] () -- D:\Desktop\Finale2014WinFull.zip
[2013/11/11 22:57:54 | 000,001,083 | ---- | C] () -- D:\Desktop\AVS Audio Converter.lnk
[2013/11/11 22:47:24 | 000,073,840 | ---- | C] () -- D:\Desktop\recibo Tuneup.pdf
[2013/11/11 22:37:00 | 000,353,952 | ---- | C] () -- D:\Desktop\Constancia Salarial.pdf
[2013/11/05 16:50:19 | 000,732,773 | ---- | C] () -- D:\Desktop\VOCABULARY SPANISH.pdf
[2013/11/05 16:18:34 | 002,398,295 | ---- | C] () -- D:\Desktop\alimentosa1.pdf
[2013/09/11 20:16:33 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2013/08/30 18:53:48 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2013/08/30 17:47:50 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2013/08/30 17:47:50 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2013/04/10 00:24:45 | 000,000,832 | ---- | C] () -- C:\Users\Jaime\AppData\Local\recently-used.xbel
[2013/04/08 21:36:55 | 000,000,491 | ---- | C] () -- C:\Users\Jaime\openvpn-connect.json
[2013/01/16 01:43:28 | 000,214,876 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2013/01/01 23:06:23 | 000,532,480 | ---- | C] () -- C:\Windows\SysWow64\CddbPlaylist2Sony.dll
[2012/12/26 15:32:05 | 000,005,632 | ---- | C] () -- C:\Users\Jaime\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/12/12 23:53:29 | 000,722,680 | ---- | C] () -- C:\Program Files (x86)\unins000.exe
[2012/12/12 23:53:29 | 000,300,823 | ---- | C] () -- C:\Program Files (x86)\unins000.dat
[2012/12/12 19:23:39 | 000,014,628 | ---- | C] () -- C:\Windows\wininit.ini
[2012/11/11 17:37:14 | 000,000,032 | ---- | C] () -- C:\Windows\FINMIDI.INI
[2012/11/06 17:04:47 | 000,008,192 | ---- | C] () -- C:\Windows\d3dx.dat
[2012/10/28 15:10:32 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe
[2012/10/28 13:20:08 | 000,770,444 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/10/28 12:46:42 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012/10/28 12:46:42 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012/10/28 12:46:42 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2012/10/28 12:46:40 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/10/28 12:46:38 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012/10/28 05:58:47 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2012/10/28 05:58:47 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2012/10/28 02:25:09 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/10/28 02:21:02 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/10/28 02:21:02 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/10/28 02:21:02 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012/09/21 13:08:36 | 010,919,784 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012/09/21 13:08:36 | 000,338,136 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012/09/21 13:08:36 | 000,103,272 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 20:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 19:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== Alternate Data Streams ==========

@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:ADF211B1

< End of report >
  • 0

Advertisements


#2
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,797 posts
Hi jaimech,

You have asked for help at 2 forums for Malware removal.

This is counter productive and will cause confusion, and tie up two helpers at the same time researching your issue.

http://www.bleepingc...-trojan-tracur/ Posted Today, 01:21 PM

I'd wait for bleeping computer to answer you issue.

Thanks
Joe
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP