Jump to content

Frizinker

Members
  • Posts

    14
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Sorry for the delay! I have run Malwarebytes Anti-Rootkit. After the scan, it says: "Congratulations, no cleanup is required!". I guess it is therefore that I only can finde the system-log.txt file in the MBAR folder, but not the mbar-log.txt file. Thanks a lot for your time FriZin system-log.txt: ---------------------------------------Malwarebytes Anti-Rootkit BETA 1.07.0.1009 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFSDisk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXEDCPU speed: 2.394000 GHzMemory total: 6351798272, free: 4882042880 ======================================= ---------------------------------------Malwarebytes Anti-Rootkit BETA 1.07.0.1009 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFSDisk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXEDCPU speed: 2.394000 GHzMemory total: 6351798272, free: 4892184576 Downloaded database version: v2014.02.24.03Downloaded database version: v2014.02.20.01=======================================Initializing...------------ Kernel report ------------ 02/24/2014 12:55:28------------ Loaded modules -----------\SystemRoot\system32\ntoskrnl.exe\SystemRoot\system32\hal.dll\SystemRoot\system32\kdcom.dll\SystemRoot\system32\mcupdate_GenuineIntel.dll\SystemRoot\system32\PSHED.dll\SystemRoot\system32\CLFS.SYS\SystemRoot\system32\CI.dll\SystemRoot\system32\drivers\Wdf01000.sys\SystemRoot\system32\drivers\WDFLDR.SYS\SystemRoot\system32\drivers\ACPI.sys\SystemRoot\system32\drivers\WMILIB.SYS\SystemRoot\system32\drivers\msisadrv.sys\SystemRoot\system32\drivers\pci.sys\SystemRoot\system32\drivers\vdrvroot.sys\SystemRoot\System32\drivers\partmgr.sys\SystemRoot\system32\DRIVERS\compbatt.sys\SystemRoot\system32\DRIVERS\BATTC.SYS\SystemRoot\system32\drivers\volmgr.sys\SystemRoot\System32\drivers\volmgrx.sys\SystemRoot\System32\drivers\mountmgr.sys\SystemRoot\system32\DRIVERS\iaStor.sys\SystemRoot\system32\drivers\atapi.sys\SystemRoot\system32\drivers\ataport.SYS\SystemRoot\system32\drivers\msahci.sys\SystemRoot\system32\drivers\PCIIDEX.SYS\SystemRoot\system32\drivers\amdxata.sys\SystemRoot\system32\drivers\fltmgr.sys\SystemRoot\system32\drivers\fileinfo.sys\SystemRoot\System32\Drivers\Ntfs.sys\SystemRoot\System32\Drivers\msrpc.sys\SystemRoot\System32\Drivers\ksecdd.sys\SystemRoot\System32\Drivers\cng.sys\SystemRoot\System32\drivers\pcw.sys\SystemRoot\System32\Drivers\Fs_Rec.sys\SystemRoot\system32\drivers\ndis.sys\SystemRoot\system32\drivers\NETIO.SYS\SystemRoot\System32\Drivers\ksecpkg.sys\SystemRoot\System32\drivers\tcpip.sys\SystemRoot\System32\drivers\fwpkclnt.sys\SystemRoot\system32\drivers\volsnap.sys\SystemRoot\System32\Drivers\spldr.sys\SystemRoot\System32\drivers\rdyboost.sys\SystemRoot\system32\DRIVERS\nvpciflt.sys\SystemRoot\System32\Drivers\mup.sys\SystemRoot\System32\drivers\hwpolicy.sys\SystemRoot\System32\DRIVERS\fvevol.sys\SystemRoot\system32\drivers\disk.sys\SystemRoot\system32\drivers\CLASSPNP.SYS\SystemRoot\system32\DRIVERS\cdrom.sys\SystemRoot\system32\DRIVERS\eamonm.sys\SystemRoot\System32\Drivers\Null.SYS\SystemRoot\System32\Drivers\Beep.SYS\SystemRoot\system32\DRIVERS\ehdrv.sysC:\Program Files\ESET\ESET NOD32 Antivirus\em006_64.datC:\Program Files\ESET\ESET NOD32 Antivirus\em018_64.dat\SystemRoot\System32\drivers\vga.sys\SystemRoot\System32\drivers\VIDEOPRT.SYS\SystemRoot\System32\drivers\watchdog.sys\SystemRoot\System32\DRIVERS\RDPCDD.sys\SystemRoot\system32\drivers\rdpencdd.sys\SystemRoot\system32\drivers\rdprefmp.sys\SystemRoot\System32\Drivers\Msfs.SYS\SystemRoot\System32\Drivers\Npfs.SYS\SystemRoot\system32\DRIVERS\tdx.sys\SystemRoot\system32\DRIVERS\TDI.SYS\SystemRoot\system32\drivers\afd.sys\SystemRoot\System32\DRIVERS\netbt.sys\SystemRoot\system32\drivers\ws2ifsl.sys\SystemRoot\system32\DRIVERS\wfplwf.sys\SystemRoot\system32\DRIVERS\pacer.sys\SystemRoot\system32\DRIVERS\vwififlt.sys\SystemRoot\system32\DRIVERS\netbios.sys\SystemRoot\system32\DRIVERS\wanarp.sys\SystemRoot\system32\DRIVERS\termdd.sys\??\C:\windows\system32\Drivers\SABI.sys\SystemRoot\system32\DRIVERS\rdbss.sys\SystemRoot\system32\drivers\nsiproxy.sys\SystemRoot\system32\DRIVERS\mssmbios.sys\SystemRoot\System32\drivers\discache.sys\SystemRoot\System32\Drivers\dfsc.sys\SystemRoot\system32\DRIVERS\blbdrive.sys\SystemRoot\system32\DRIVERS\tunnel.sys\SystemRoot\system32\DRIVERS\nvlddmkm.sys\SystemRoot\System32\Drivers\nvBridge.kmd\SystemRoot\System32\drivers\dxgkrnl.sys\SystemRoot\System32\drivers\dxgmms1.sys\SystemRoot\system32\DRIVERS\igdkmd64.sys\SystemRoot\system32\DRIVERS\HECIx64.sys\SystemRoot\system32\drivers\usbehci.sys\SystemRoot\system32\drivers\USBPORT.SYS\SystemRoot\system32\DRIVERS\HDAudBus.sys\SystemRoot\system32\DRIVERS\NETwNs64.sys\SystemRoot\system32\DRIVERS\vwifibus.sys\SystemRoot\system32\DRIVERS\Rt64win7.sys\SystemRoot\system32\DRIVERS\CmBatt.sys\SystemRoot\system32\DRIVERS\i8042prt.sys\SystemRoot\system32\DRIVERS\kbdclass.sys\SystemRoot\system32\DRIVERS\ETD.sys\SystemRoot\system32\DRIVERS\mouclass.sys\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys\SystemRoot\system32\DRIVERS\intelppm.sys\SystemRoot\system32\DRIVERS\AMPPAL.sys\SystemRoot\system32\DRIVERS\CompositeBus.sys\SystemRoot\system32\DRIVERS\clwvd.sys\SystemRoot\system32\DRIVERS\ks.sys\SystemRoot\system32\drivers\ksthunk.sys\SystemRoot\System32\Drivers\RootMdm.sys\SystemRoot\system32\drivers\modem.sys\SystemRoot\system32\DRIVERS\AgileVpn.sys\SystemRoot\system32\DRIVERS\rasl2tp.sys\SystemRoot\system32\DRIVERS\ndistapi.sys\SystemRoot\system32\DRIVERS\ndiswan.sys\SystemRoot\system32\DRIVERS\raspppoe.sys\SystemRoot\system32\DRIVERS\raspptp.sys\SystemRoot\system32\DRIVERS\rassstp.sys\SystemRoot\system32\DRIVERS\RimSerial_AMD64.sys\SystemRoot\system32\DRIVERS\swenum.sys\SystemRoot\system32\DRIVERS\SGdrv64.sys\SystemRoot\system32\DRIVERS\circlass.sys\SystemRoot\system32\DRIVERS\umbus.sys\SystemRoot\system32\DRIVERS\usbhub.sys\SystemRoot\System32\Drivers\NDProxy.SYS\SystemRoot\system32\drivers\RTKVHD64.sys\SystemRoot\system32\drivers\portcls.sys\SystemRoot\system32\drivers\drmk.sys\SystemRoot\system32\DRIVERS\IntcDAud.sys\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\Dxapi.sys\SystemRoot\System32\Drivers\crashdmp.sys\SystemRoot\System32\Drivers\dump_iaStor.sys\SystemRoot\System32\Drivers\dump_dumpfve.sys\SystemRoot\system32\DRIVERS\usbccgp.sys\SystemRoot\system32\DRIVERS\USBD.SYS\SystemRoot\System32\Drivers\usbvideo.sys\SystemRoot\system32\DRIVERS\monitor.sys\SystemRoot\system32\DRIVERS\iBtFltCoex.sys\SystemRoot\system32\DRIVERS\btmhsf.sys\SystemRoot\System32\Drivers\BTHUSB.sys\SystemRoot\System32\Drivers\bthport.sys\SystemRoot\System32\TSDDD.dll\SystemRoot\System32\cdd.dll\SystemRoot\system32\DRIVERS\rfcomm.sys\SystemRoot\system32\drivers\BthEnum.sys\SystemRoot\system32\DRIVERS\bthpan.sys\SystemRoot\system32\DRIVERS\btmaux.sys\SystemRoot\system32\drivers\luafv.sys\SystemRoot\system32\drivers\WudfPf.sys\SystemRoot\system32\DRIVERS\lltdio.sys\SystemRoot\system32\DRIVERS\nwifi.sys\SystemRoot\system32\DRIVERS\ndisuio.sys\SystemRoot\system32\DRIVERS\rspndr.sys\SystemRoot\system32\drivers\HTTP.sys\SystemRoot\system32\DRIVERS\bowser.sys\SystemRoot\System32\drivers\mpsdrv.sys\SystemRoot\system32\DRIVERS\mrxsmb.sys\SystemRoot\system32\DRIVERS\mrxsmb10.sys\SystemRoot\system32\DRIVERS\mrxsmb20.sys\SystemRoot\system32\DRIVERS\vwifimp.sys\SystemRoot\system32\DRIVERS\epfwwfpr.sys\SystemRoot\system32\drivers\peauth.sys\SystemRoot\System32\Drivers\secdrv.SYS\SystemRoot\System32\DRIVERS\srvnet.sys\SystemRoot\System32\drivers\tcpipreg.sys\SystemRoot\System32\DRIVERS\srv2.sys\SystemRoot\System32\DRIVERS\srv.sys\SystemRoot\system32\DRIVERS\hidusb.sys\SystemRoot\system32\DRIVERS\HIDCLASS.SYS\SystemRoot\system32\DRIVERS\HIDPARSE.SYS\SystemRoot\system32\DRIVERS\mouhid.sys\??\C:\windows\system32\drivers\mbamchameleon.sys\??\C:\windows\system32\drivers\MBAMSwissArmy.sys\Windows\System32\ntdll.dll\Windows\System32\smss.exe\Windows\System32\apisetschema.dll\Windows\System32\autochk.exe\Windows\System32\imm32.dll\Windows\System32\msctf.dll\Windows\System32\wininet.dll\Windows\System32\advapi32.dll\Windows\System32\iertutil.dll\Windows\System32\shlwapi.dll\Windows\System32\shell32.dll\Windows\System32\user32.dll\Windows\System32\msvcrt.dll\Windows\System32\ole32.dll\Windows\System32\clbcatq.dll\Windows\System32\comdlg32.dll\Windows\System32\lpk.dll\Windows\System32\difxapi.dll\Windows\System32\oleaut32.dll\Windows\System32\gdi32.dll\Windows\System32\ws2_32.dll\Windows\System32\nsi.dll\Windows\System32\normaliz.dll\Windows\System32\Wldap32.dll\Windows\System32\usp10.dll\Windows\System32\urlmon.dll\Windows\System32\rpcrt4.dll\Windows\System32\kernel32.dll\Windows\System32\sechost.dll\Windows\System32\setupapi.dll\Windows\System32\imagehlp.dll\Windows\System32\psapi.dll\Windows\System32\comctl32.dll\Windows\System32\wintrust.dll\Windows\System32\cfgmgr32.dll\Windows\System32\devobj.dll\Windows\System32\KernelBase.dll\Windows\System32\crypt32.dll\Windows\System32\msasn1.dll\Windows\SysWOW64\normaliz.dll----------- End -----------Done!<<<1>>>Upper Device Name: \Device\Harddisk0\DR0Upper Device Object: 0xfffffa800815a060Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\Ide\IAAStorageDevice-1\Lower Device Object: 0xfffffa8006edb050Lower Device Driver Name: \Driver\iaStor\<<<2>>>Physical Sector Size: 512Drive: 0, DevicePointer: 0xfffffa800815a060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa8007fdb9e0, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa800815a060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa8006edb050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\------------ End ----------Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesScanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesDone!Drive 0Scanning MBR on drive 0...Inspecting partition table:MBR Signature: 55AADisk Signature: 3C977812 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 204800 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 206848 Numsec = 169869312 Partition 2 type is Extended with LBA (0xf) Partition is NOT ACTIVE. Partition starts at LBA: 170076160 Numsec = 1247318016 Partition 3 type is Other (0x27) Partition is NOT ACTIVE. Partition starts at LBA: 1417394176 Numsec = 47753216 Disk Size: 750156374016 bytesSector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1465129168-1465149168)...Done!Scan finished======================================= Removal queue found; removal startedRemoving C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...Removal finished
  2. aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software Run date: 2014-02-14 14:31:47-----------------------------14:31:47.682 OS Version: Windows x64 6.1.7601 Service Pack 114:31:47.697 Number of processors: 4 586 0x2A0714:31:47.697 ComputerName: PALOMA-PC UserName: Paloma14:31:48.196 Initialize success14:34:01.590 AVAST engine defs: 1402140114:34:10.170 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-114:34:10.186 Disk 0 Vendor: SAMSUNG_ 2AR1 Size: 715404MB BusType: 314:34:10.311 Disk 0 MBR read successfully14:34:10.311 Disk 0 MBR scan14:34:10.326 Disk 0 unknown MBR code14:34:10.357 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 204814:34:10.373 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 82944 MB offset 20684814:34:10.389 Disk 0 Partition - 00 0F Extended LBA 609042 MB offset 17007616014:34:10.420 Disk 0 Partition 3 00 27 Hidden NTFS WinRE NTFS 23317 MB offset 141739417614:34:10.498 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 609041 MB offset 17007820814:34:10.638 Disk 0 scanning C:\windows\system32\drivers14:34:50.418 Service scanning14:35:52.694 Modules scanning14:35:53.224 Disk 0 trace - called modules:14:35:53.240 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 14:35:53.255 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800813d060]14:35:53.271 3 CLASSPNP.SYS[fffff8800120143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80062c2050]14:35:53.739 AVAST engine scan C:\windows14:36:04.175 AVAST engine scan C:\windows\system3214:45:01.109 AVAST engine scan C:\windows\system32\drivers14:45:19.814 AVAST engine scan C:\Users\Paloma14:48:54.252 AVAST engine scan C:\ProgramData14:53:33.791 Scan finished successfully15:05:27.167 Disk 0 MBR has been saved successfully to "C:\Users\Paloma\Desktop\MBR.dat"15:05:27.167 The log file has been saved successfully to "C:\Users\Paloma\Desktop\aswMBR.txt" FriZin PD: is there any way of changing my username from "Frizinkerq" to "Frizinker"?
  3. I couldn't... Could this program help? http://www.dependencywalker.com/ Of course, I don't know how to use it... Thanks! FriZin
  4. I have updated my flash to version 12.0.0.44, but the run-time error keeps popping up (image attached). I cannot run MBAM. I have done some research and found out that this error may be related with a dll-file-chaos in my computer, but I am unable to concrete what dll files are causing the problem: https://forums.malwarebytes.org/index.php?showtopic=104494 Thanks for your help. FriZin
  5. Thank you, Ron! FriZin Results of screen317's Security Check version 0.99.79 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` ESET NOD32 Antivirus 7.0 Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Java 7 Update 51 Adobe Flash Player 12.0.0.43 Flash Player out of Date! Adobe Reader XI Google Chrome 32.0.1700.102 Google Chrome 32.0.1700.107 ````````Process Check: objlist.exe by Laurent```````` ESET NOD32 Antivirus egui.exe ESET NOD32 Antivirus ekrn.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 2% ````````````````````End of Log`````````````````````` Results of screen317's Security Check version 0.99.79 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` ESET NOD32 Antivirus 7.0 Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Java 7 Update 51 Adobe Flash Player 12.0.0.43 Flash Player out of Date! Adobe Reader XI Google Chrome 32.0.1700.102 Google Chrome 32.0.1700.107 ````````Process Check: objlist.exe by Laurent```````` ESET NOD32 Antivirus egui.exe ESET NOD32 Antivirus ekrn.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 2% ````````````````````End of Log``````````````````````
  6. I have followed your instructions, but I have made a mistake. I have accidentally deleted the Fixlog.txt (I thought I was the fixlist.txt that I didn't need anymore...). Thus, I have run FRST64 again. Here is the log to that second running: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-02-2014Ran by Paloma at 2014-02-07 08:35:02 Run:2Running from C:\Users\Paloma\DesktopBoot Mode: Normal============================================== Content of fixlist:*****************KCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearchHKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://es.msn.com/?p...kyp&ocid=skydhpHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://samsung.msn.comBHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)C:\ProgramData\pclunst.exeC:\Users\Paloma\AppData\Local\Temp\ntdll_dump.dllC:\Users\Paloma\AppData\Local\Temp\Quarantine.exe ***************** HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key not found.HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => Key not found.HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key not found.HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9} => Key not found."C:\ProgramData\pclunst.exe" => File/Directory not found."C:\Users\Paloma\AppData\Local\Temp\ntdll_dump.dll" => File/Directory not found."C:\Users\Paloma\AppData\Local\Temp\Quarantine.exe" => File/Directory not found. ==== End of Fixlog ====
  7. Here is the log (FRST.txt) of the Farbar Recovery Scan Tool. The tool did not generate the Addition.txt... Thanks! FriZin Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-02-2014Ran by Paloma (administrator) on PALOMA-PC on 06-02-2014 20:43:55Running from C:\Users\Paloma\DesktopWindows 7 Home Premium Service Pack 1 (X64) OS Language: Spanish Modern SortInternet Explorer Version 9Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: Download link for 64-Bit Version: Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe(Dropbox, Inc.) C:\Users\Paloma\AppData\Roaming\Dropbox\bin\Dropbox.exe(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Samsung) C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe(Samsung Electronics) C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe(Intel Corporation) C:\Windows\System32\igfxext.exe(Intel Corporation) C:\Windows\System32\igfxsrvc.exe(Google Inc.) C:\Users\Paloma\AppData\Local\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Users\Paloma\AppData\Local\Google\Chrome\Application\chrome.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(Google Inc.) C:\Users\Paloma\AppData\Local\Google\Chrome\Application\chrome.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe(SEC) C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(SAMSUNG Electronics) C:\Program Files (x86)\Samsung\Easy Support Center\SSCKbdHk.exe(Google Inc.) C:\Users\Paloma\AppData\Local\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe(Google Inc.) C:\Users\Paloma\AppData\Local\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12558440 2011-07-12] (Realtek Semiconductor)HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2721576 2011-06-17] (ELAN Microelectronics Corp.)HKLM\...\Run: [egui] - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5618456 2013-09-12] (ESET)HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-01-20] (Apple Inc.)HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-01-20] (Apple Inc.)Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)Startup: C:\Users\Paloma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnkShortcutTarget: Dropbox.lnk -> C:\Users\Paloma\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://es.msn.com/?pc=skyp&ocid=skydhpHKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://samsung.msn.comStartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exeBHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Chrome: =======CHR Plugin: (Remoting Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Users\Paloma\AppData\Local\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll ()CHR Plugin: (Chrome PDF Viewer) - C:\Users\Paloma\AppData\Local\Google\Chrome\Application\32.0.1700.107\pdf.dll ()CHR Plugin: (Shockwave Flash) - C:\Users\Paloma\AppData\Local\Google\Chrome\Application\32.0.1700.107\gcswf32.dll No FileCHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No FileCHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)CHR Plugin: (RIM Handheld Application Loader) - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No FileCHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()CHR Plugin: (Google Update) - C:\Users\Paloma\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No FileCHR Extension: (AdBlock) - C:\Users\Paloma\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-12-13]CHR Extension: (Google Wallet) - C:\Users\Paloma\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23] ==================== Services (Whitelisted) ================= R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1337752 2013-09-12] (ESET)R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-12-01] () ==================== Drivers (Whitelisted) ==================== R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET)R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET)R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [157432 2013-09-17] (ESET)S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [74752 2011-07-25] (Research In Motion Limited)R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd)S3 rtport; C:\windows\SysWOW64\drivers\rtport.sys [15144 2011-10-22] (Windows ® 2003 DDK 3790 provider)R2 SGDrv; C:\Windows\System32\DRIVERS\SGdrv64.sys [7680 2011-04-11] (Phoenix Technologies Ltd.)U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2011-03-01] (Microsoft Corporation)S3 catchme; \??\C:\ComboFix\catchme.sys [X]U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [239296 2013-09-17] (ESET) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-02-06 20:43 - 2014-02-06 20:43 - 00010173 _____ () C:\Users\Paloma\Desktop\FRST.txt2014-02-06 20:43 - 2014-02-06 20:43 - 00000000 ____D () C:\Users\Paloma\Desktop\FRST-OlderVersion2014-02-06 19:19 - 2014-02-06 20:43 - 02079744 _____ (Farbar) C:\Users\Paloma\Desktop\FRST64.exe2014-02-06 19:17 - 2014-02-06 19:17 - 00000000 ____D () C:\Program Files (x86)\ESET2014-02-06 07:20 - 2014-02-06 07:23 - 02347384 _____ (ESET) C:\Users\Paloma\Desktop\esetsmartinstaller_enu.exe2014-02-06 07:14 - 2014-02-06 07:14 - 00001061 _____ () C:\Users\Paloma\Desktop\AdwCleaner[s3].txt2014-02-06 07:07 - 2014-02-06 07:11 - 00000000 ____D () C:\AdwCleaner2014-02-06 01:59 - 2014-02-06 01:59 - 00011264 _____ () C:\Users\Paloma\Desktop\JRT.txt2014-02-06 00:59 - 2014-02-06 01:40 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)2014-02-06 00:59 - 2014-02-06 01:22 - 00119000 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys2014-02-06 00:56 - 2014-02-06 00:57 - 01166132 _____ () C:\Users\Paloma\Desktop\AdwCleaner.exe2014-02-06 00:54 - 2014-02-06 00:55 - 01037530 _____ (Thisisu) C:\Users\Paloma\Desktop\JRT.exe2014-02-06 00:53 - 2014-02-06 01:22 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys2014-02-06 00:51 - 2014-02-06 01:40 - 00000000 ____D () C:\Users\Paloma\Desktop\mbar2014-02-06 00:49 - 2014-02-06 00:50 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Paloma\Desktop\mbar-1.07.0.1009.exe2014-02-05 22:33 - 2014-02-06 15:27 - 00000000 ____D () C:\Users\Paloma\Downloads\Imprimir2014-02-05 00:46 - 2014-02-05 00:46 - 00002094 _____ () C:\Users\Paloma\Desktop\RKreport[0]_S_02052014_004657.txt2014-02-05 00:42 - 2014-02-05 00:47 - 00000000 ____D () C:\Users\Paloma\Desktop\RK_Quarantine2014-02-05 00:41 - 2014-02-05 00:42 - 04380160 _____ () C:\Users\Paloma\Desktop\RogueKillerX64.exe2014-02-05 00:35 - 2014-02-05 00:35 - 00000902 _____ () C:\Users\Paloma\Desktop\NTREGOPT.lnk2014-02-05 00:35 - 2014-02-05 00:35 - 00000883 _____ () C:\Users\Paloma\Desktop\ERUNT.lnk2014-02-05 00:33 - 2014-02-05 00:33 - 00000000 ____D () C:\Program Files (x86)\ERUNT2014-02-05 00:28 - 2014-02-05 00:28 - 00791393 _____ (Lars Hederer ) C:\Users\Paloma\Desktop\erunt-setup.exe2014-02-05 00:27 - 2014-02-05 00:30 - 00002122 _____ () C:\Users\Paloma\Desktop\Rkill.txt2014-02-05 00:26 - 2014-02-05 00:27 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Paloma\Desktop\rkill.exe2014-02-04 23:41 - 2014-02-04 23:42 - 00000000 ____D () C:\Users\Paloma\Downloads\Nueva carpeta2014-02-03 21:47 - 2014-02-03 21:47 - 00113928 _____ () C:\Users\Paloma\AppData\Local\GDIPFONTCACHEV1.DAT2014-02-03 21:03 - 2014-02-06 19:12 - 00000448 _____ () C:\windows\setupact.log2014-02-03 21:03 - 2014-02-03 21:03 - 00422896 _____ () C:\windows\system32\FNTCACHE.DAT2014-02-03 21:03 - 2014-02-03 21:03 - 00000000 _____ () C:\windows\setuperr.log2014-02-01 18:17 - 2014-02-01 18:17 - 00000000 ____D () C:\Users\Paloma\AppData\Roaming\Malwarebytes2014-02-01 18:16 - 2014-02-01 18:16 - 00001069 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-02-01 18:16 - 2014-02-01 18:16 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-02-01 18:16 - 2014-02-01 18:16 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware2014-02-01 18:16 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys2014-02-01 10:31 - 2014-02-01 10:31 - 00001743 _____ () C:\Users\Public\Desktop\iTunes.lnk2014-02-01 10:24 - 2014-02-01 10:24 - 00000000 ____D () C:\Users\Paloma\Desktop\Windows Repair2014-02-01 10:22 - 2014-02-01 10:23 - 00000077 _____ () C:\Users\Paloma\AppData\Roaming\Rim.Desktop.Exception.log2014-02-01 10:22 - 2014-02-01 10:22 - 00000077 _____ () C:\Users\Paloma\AppData\Roaming\Rim.DesktopHelper.Exception.log2014-02-01 10:18 - 2014-02-01 10:18 - 00000000 ____D () C:\Users\Paloma\Desktop\Skype2014-02-01 10:18 - 2014-02-01 10:18 - 00000000 ____D () C:\Users\Paloma\Desktop\Internet2014-02-01 10:18 - 2014-02-01 10:18 - 00000000 ____D () C:\Users\Paloma\Desktop\FRST642014-02-01 10:13 - 2014-02-06 20:43 - 00000000 ____D () C:\FRST2014-01-31 18:20 - 2014-01-31 18:20 - 00000021 _____ () C:\Users\Paloma\AppData\Roaming\mbam.context.scan2014-01-31 18:12 - 2014-01-31 18:12 - 00000000 ____D () C:\c01583f13b0614665f2014-01-31 17:47 - 2014-01-31 17:51 - 00002224 _____ () C:\windows\system32\ASOROSet.bin2014-01-31 17:46 - 2014-01-31 17:47 - 00000000 ____D () C:\windows\system32\config\RCCBakup2014-01-31 15:30 - 2014-01-31 15:30 - 00096208 _____ () C:\windows\SysWOW64\vcomctl32.dll2014-01-31 15:29 - 2014-01-31 15:29 - 00051200 _____ () C:\windows\SysWOW64\vkernel32.dll2014-01-31 15:29 - 2014-01-31 15:29 - 00035328 _____ () C:\windows\SysWOW64\vuser32.dll2014-01-31 15:23 - 2014-01-31 15:23 - 00000000 ____D () C:\Users\Paloma\Documents\Visual Studio 20052014-01-31 00:54 - 2014-01-31 00:54 - 00000000 ____D () C:\63d26f454ba3a54ec38dc7872014-01-30 23:51 - 2014-01-30 23:51 - 00000000 ____D () C:\ProgramData\ESET2014-01-30 23:51 - 2014-01-30 23:51 - 00000000 ____D () C:\Program Files\ESET2014-01-30 20:13 - 2014-01-30 20:13 - 00000000 ____D () C:\Program Files (x86)\ESET NOD322014-01-29 10:58 - 2011-10-11 11:30 - 00174640 _____ (Symantec Corporation) C:\windows\system32\Drivers\SYMEVENT64x86.SYS2014-01-29 10:58 - 2011-10-11 11:30 - 00007440 _____ () C:\windows\system32\Drivers\SYMEVENT64x86.CAT2014-01-29 10:58 - 2008-11-08 23:09 - 00428544 _____ (Samsung Electronics) C:\windows\AutoReseal.exe2014-01-29 10:58 - 2007-11-15 02:13 - 00423936 _____ (TODO: <Company name>) C:\windows\Reseal64.exe2014-01-29 04:00 - 2011-06-26 07:45 - 00256000 _____ () C:\windows\PEV.exe2014-01-29 04:00 - 2010-11-07 18:20 - 00208896 _____ () C:\windows\MBR.exe2014-01-29 04:00 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe2014-01-29 04:00 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe2014-01-29 04:00 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe2014-01-29 04:00 - 2000-08-31 01:00 - 00098816 _____ () C:\windows\sed.exe2014-01-29 04:00 - 2000-08-31 01:00 - 00080412 _____ () C:\windows\grep.exe2014-01-29 04:00 - 2000-08-31 01:00 - 00068096 _____ () C:\windows\zip.exe2014-01-29 03:59 - 2014-01-30 19:53 - 00000000 ____D () C:\Qoobox2014-01-29 03:58 - 2014-02-05 00:34 - 00000000 ____D () C:\windows\erdnt2014-01-29 03:26 - 2014-01-29 03:37 - 00000000 ____D () C:\ProgramData\Package Cache2014-01-29 02:57 - 2014-01-29 02:57 - 00003276 _____ () C:\windows\System32\Tasks\{EA1A2A69-2609-4E55-ABAB-C698B64C2F24}2014-01-29 00:03 - 2009-07-14 02:15 - 00027136 _____ (Microsoft Corporation) C:\windows\system32\ctl3d32.dll2014-01-28 23:52 - 2014-01-29 10:31 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\comcat.dll2014-01-28 21:42 - 2014-02-06 19:21 - 00000000 ____D () C:\Users\Paloma\AppData\Local\CrashDumps2014-01-28 20:24 - 2014-01-28 20:24 - 00832872 _____ (Macromedia, Inc.) C:\windows\system32\flash.ocx2014-01-28 20:24 - 2014-01-28 20:24 - 00608448 _____ (Microsoft Corporation) C:\windows\system32\comctl32.ocx2014-01-28 20:12 - 2014-01-28 20:20 - 00198656 _____ (Microsoft Corporation) C:\windows\comdlg32.ocx2014-01-28 20:12 - 2012-05-22 17:05 - 00046416 _____ (vbAccelerator) C:\windows\SSubTmr6.dll2014-01-28 19:59 - 2014-01-28 19:59 - 03223152 _____ (VMware, Inc.) C:\windows\SysWOW64\vm3dgl.dll2014-01-28 19:59 - 2014-01-28 19:59 - 00219248 _____ (VMware, Inc.) C:\windows\SysWOW64\vm3dum.dll2014-01-28 19:58 - 2014-01-28 19:58 - 01060864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfc71.dll2014-01-28 19:58 - 2014-01-28 19:58 - 01047552 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfc71u.dll2014-01-28 19:56 - 2014-01-28 20:12 - 00063088 _____ (VMware, Inc.) C:\windows\SysWOW64\vsocklib.dll2014-01-28 19:56 - 2014-01-28 20:11 - 00606208 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstime.dll2014-01-28 19:56 - 2014-01-28 20:11 - 00053360 _____ (VMware, Inc.) C:\windows\SysWOW64\vmGuestLib.dll2014-01-28 19:56 - 2014-01-28 20:11 - 00050800 _____ (VMware, Inc.) C:\windows\SysWOW64\vmhgfs.dll2014-01-28 19:56 - 2014-01-28 20:11 - 00034416 _____ (VMware, Inc.) C:\windows\SysWOW64\vmGuestLibJava.dll2014-01-28 19:56 - 2014-01-28 20:11 - 00018432 _____ (Microsoft Corporation) C:\windows\SysWOW64\corpol.dll2014-01-28 19:35 - 2014-01-28 19:35 - 00000000 ____D () C:\ProgramData\Weskysoft2014-01-28 19:28 - 2014-01-28 19:28 - 00000000 ____D () C:\Program Files (x86)\DLLSuite2014-01-28 18:45 - 2014-01-28 18:45 - 00000000 ____D () C:\windows\ERUNT2014-01-28 18:40 - 2014-01-28 18:40 - 00102912 _____ (Microsoft Corporation) C:\windows\SysWOW64\vb6stkit.dll2014-01-28 18:38 - 2014-01-28 18:38 - 01355776 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvbvm50.dll2014-01-28 18:33 - 2014-01-28 18:33 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe2014-01-28 18:33 - 2014-01-28 18:33 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe2014-01-28 18:33 - 2014-01-28 18:33 - 00174504 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe2014-01-28 18:33 - 2014-01-28 18:33 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll2014-01-28 18:33 - 2014-01-28 18:33 - 00000000 ____D () C:\Program Files (x86)\Java2014-01-28 18:22 - 2014-01-28 18:22 - 00002986 _____ () C:\windows\System32\Tasks\{45CB59DC-D832-4782-846C-F3EB176B2537}2014-01-28 18:21 - 2014-01-28 18:21 - 00002986 _____ () C:\windows\System32\Tasks\{3289EEA8-1FD0-4B6B-9F07-8C2D94F3A841}2014-01-28 18:20 - 2014-01-28 18:20 - 00002986 _____ () C:\windows\System32\Tasks\{B11F8FFC-F73B-4D0D-BEFD-5DE92E89C2C7}2014-01-28 17:25 - 2013-04-05 11:21 - 05067472 _____ (PC Cleaners) C:\windows\uninst.exe2014-01-15 16:54 - 2014-01-15 17:06 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe2014-01-15 16:54 - 2014-01-15 17:06 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl2014-01-15 16:54 - 2014-01-15 16:56 - 00000000 ____D () C:\Program Files (x86)\McAfee Security Scan2014-01-15 16:54 - 2014-01-15 16:54 - 00000000 ____D () C:\windows\system32\Macromed2014-01-15 16:54 - 2014-01-15 16:54 - 00000000 ____D () C:\ProgramData\McAfee2014-01-15 16:42 - 2014-01-15 16:42 - 00000000 ____D () C:\ProgramData\PC Drivers Headquarters2014-01-15 16:12 - 2014-01-15 16:12 - 00003128 _____ () C:\windows\System32\Tasks\{E0E2DC5D-BFD0-459E-B1AC-C8C2A563DC50}2014-01-15 15:57 - 2014-01-15 15:57 - 00000000 ____D () C:\ProgramData\Sun2014-01-15 15:57 - 2014-01-15 15:57 - 00000000 ____D () C:\ProgramData\Oracle2014-01-15 15:34 - 2014-01-15 16:40 - 00000000 ____D () C:\Users\Paloma\AppData\Local\Downloaded Installations2014-01-15 14:25 - 2014-01-15 14:24 - 06345936 _____ (PC Cleaners) C:\ProgramData\pclunst.exe2014-01-15 13:38 - 2014-01-15 13:38 - 00002774 _____ () C:\windows\System32\Tasks\CCleanerSkipUAC ==================== One Month Modified Files and Folders ======= 2014-02-06 20:44 - 2014-02-06 20:43 - 00010173 _____ () C:\Users\Paloma\Desktop\FRST.txt2014-02-06 20:43 - 2014-02-06 20:43 - 00000000 ____D () C:\Users\Paloma\Desktop\FRST-OlderVersion2014-02-06 20:43 - 2014-02-06 19:19 - 02079744 _____ (Farbar) C:\Users\Paloma\Desktop\FRST64.exe2014-02-06 20:43 - 2014-02-01 10:13 - 00000000 ____D () C:\FRST2014-02-06 20:30 - 2012-01-21 21:10 - 00001114 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1771593470-3012635902-189330645-1001UA.job2014-02-06 19:21 - 2014-01-28 21:42 - 00000000 ____D () C:\Users\Paloma\AppData\Local\CrashDumps2014-02-06 19:20 - 2009-07-14 05:45 - 00021200 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-02-06 19:20 - 2009-07-14 05:45 - 00021200 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-02-06 19:17 - 2014-02-06 19:17 - 00000000 ____D () C:\Program Files (x86)\ESET2014-02-06 19:17 - 2011-10-12 02:49 - 00145300 _____ () C:\windows\system32\perfc00A.dat2014-02-06 19:17 - 2011-10-12 02:49 - 00019236 _____ () C:\windows\system32\perfh00A.dat2014-02-06 19:17 - 2009-07-14 06:13 - 00889912 _____ () C:\windows\system32\PerfStringBackup.INI2014-02-06 19:16 - 2012-09-16 16:30 - 00000000 ____D () C:\Users\Paloma\AppData\Roaming\Dropbox2014-02-06 19:15 - 2012-09-16 16:34 - 00000000 ___RD () C:\Users\Paloma\Dropbox2014-02-06 19:12 - 2014-02-03 21:03 - 00000448 _____ () C:\windows\setupact.log2014-02-06 19:12 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT2014-02-06 15:27 - 2014-02-05 22:33 - 00000000 ____D () C:\Users\Paloma\Downloads\Imprimir2014-02-06 07:23 - 2014-02-06 07:20 - 02347384 _____ (ESET) C:\Users\Paloma\Desktop\esetsmartinstaller_enu.exe2014-02-06 07:14 - 2014-02-06 07:14 - 00001061 _____ () C:\Users\Paloma\Desktop\AdwCleaner[s3].txt2014-02-06 07:12 - 2011-12-26 19:28 - 01887751 _____ () C:\windows\WindowsUpdate.log2014-02-06 07:11 - 2014-02-06 07:07 - 00000000 ____D () C:\AdwCleaner2014-02-06 01:59 - 2014-02-06 01:59 - 00011264 _____ () C:\Users\Paloma\Desktop\JRT.txt2014-02-06 01:40 - 2014-02-06 00:59 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)2014-02-06 01:40 - 2014-02-06 00:51 - 00000000 ____D () C:\Users\Paloma\Desktop\mbar2014-02-06 01:22 - 2014-02-06 00:59 - 00119000 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys2014-02-06 01:22 - 2014-02-06 00:53 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys2014-02-06 00:57 - 2014-02-06 00:56 - 01166132 _____ () C:\Users\Paloma\Desktop\AdwCleaner.exe2014-02-06 00:55 - 2014-02-06 00:54 - 01037530 _____ (Thisisu) C:\Users\Paloma\Desktop\JRT.exe2014-02-06 00:50 - 2014-02-06 00:49 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Paloma\Desktop\mbar-1.07.0.1009.exe2014-02-05 22:30 - 2012-01-21 21:10 - 00001062 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1771593470-3012635902-189330645-1001Core.job2014-02-05 00:47 - 2014-02-05 00:42 - 00000000 ____D () C:\Users\Paloma\Desktop\RK_Quarantine2014-02-05 00:46 - 2014-02-05 00:46 - 00002094 _____ () C:\Users\Paloma\Desktop\RKreport[0]_S_02052014_004657.txt2014-02-05 00:42 - 2014-02-05 00:41 - 04380160 _____ () C:\Users\Paloma\Desktop\RogueKillerX64.exe2014-02-05 00:35 - 2014-02-05 00:35 - 00000902 _____ () C:\Users\Paloma\Desktop\NTREGOPT.lnk2014-02-05 00:35 - 2014-02-05 00:35 - 00000883 _____ () C:\Users\Paloma\Desktop\ERUNT.lnk2014-02-05 00:34 - 2014-01-29 03:58 - 00000000 ____D () C:\windows\erdnt2014-02-05 00:33 - 2014-02-05 00:33 - 00000000 ____D () C:\Program Files (x86)\ERUNT2014-02-05 00:30 - 2014-02-05 00:27 - 00002122 _____ () C:\Users\Paloma\Desktop\Rkill.txt2014-02-05 00:28 - 2014-02-05 00:28 - 00791393 _____ (Lars Hederer ) C:\Users\Paloma\Desktop\erunt-setup.exe2014-02-05 00:27 - 2014-02-05 00:26 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Paloma\Desktop\rkill.exe2014-02-04 23:56 - 2013-12-13 19:39 - 00000000 ____D () C:\Users\Paloma\AppData\Roaming\uTorrent2014-02-04 23:42 - 2014-02-04 23:41 - 00000000 ____D () C:\Users\Paloma\Downloads\Nueva carpeta2014-02-04 22:47 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\system32\NDF2014-02-04 20:41 - 2012-01-21 21:10 - 00002390 _____ () C:\Users\Paloma\Desktop\Google Chrome.lnk2014-02-04 00:16 - 2011-12-28 22:22 - 00000000 ____D () C:\Users\Paloma\AppData\Roaming\Skype2014-02-03 21:47 - 2014-02-03 21:47 - 00113928 _____ () C:\Users\Paloma\AppData\Local\GDIPFONTCACHEV1.DAT2014-02-03 21:03 - 2014-02-03 21:03 - 00422896 _____ () C:\windows\system32\FNTCACHE.DAT2014-02-03 21:03 - 2014-02-03 21:03 - 00000000 _____ () C:\windows\setuperr.log2014-02-01 18:17 - 2014-02-01 18:17 - 00000000 ____D () C:\Users\Paloma\AppData\Roaming\Malwarebytes2014-02-01 18:16 - 2014-02-01 18:16 - 00001069 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-02-01 18:16 - 2014-02-01 18:16 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-02-01 18:16 - 2014-02-01 18:16 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware2014-02-01 10:31 - 2014-02-01 10:31 - 00001743 _____ () C:\Users\Public\Desktop\iTunes.lnk2014-02-01 10:31 - 2013-12-14 10:10 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692014-02-01 10:31 - 2013-12-14 10:10 - 00000000 ____D () C:\Program Files\iTunes2014-02-01 10:31 - 2013-12-14 10:10 - 00000000 ____D () C:\Program Files (x86)\iTunes2014-02-01 10:30 - 2013-12-14 10:10 - 00000000 ____D () C:\Program Files\iPod2014-02-01 10:24 - 2014-02-01 10:24 - 00000000 ____D () C:\Users\Paloma\Desktop\Windows Repair2014-02-01 10:23 - 2014-02-01 10:22 - 00000077 _____ () C:\Users\Paloma\AppData\Roaming\Rim.Desktop.Exception.log2014-02-01 10:22 - 2014-02-01 10:22 - 00000077 _____ () C:\Users\Paloma\AppData\Roaming\Rim.DesktopHelper.Exception.log2014-02-01 10:18 - 2014-02-01 10:18 - 00000000 ____D () C:\Users\Paloma\Desktop\Skype2014-02-01 10:18 - 2014-02-01 10:18 - 00000000 ____D () C:\Users\Paloma\Desktop\Internet2014-02-01 10:18 - 2014-02-01 10:18 - 00000000 ____D () C:\Users\Paloma\Desktop\FRST642014-02-01 10:04 - 2011-12-26 19:05 - 00000000 ____D () C:\ProgramData\Apple2014-01-31 18:20 - 2014-01-31 18:20 - 00000021 _____ () C:\Users\Paloma\AppData\Roaming\mbam.context.scan2014-01-31 18:12 - 2014-01-31 18:12 - 00000000 ____D () C:\c01583f13b0614665f2014-01-31 17:52 - 2011-12-27 00:03 - 00000000 ____D () C:\Users\Paloma2014-01-31 17:51 - 2014-01-31 17:47 - 00002224 _____ () C:\windows\system32\ASOROSet.bin2014-01-31 17:51 - 2009-07-14 03:34 - 76021760 _____ () C:\windows\system32\config\SOFTWARE.bak2014-01-31 17:51 - 2009-07-14 03:34 - 22544384 _____ () C:\windows\system32\config\SYSTEM.bak2014-01-31 17:51 - 2009-07-14 03:34 - 00262144 _____ () C:\windows\system32\config\SECURITY.bak2014-01-31 17:48 - 2009-07-14 03:34 - 00262144 _____ () C:\windows\system32\config\SAM.bak2014-01-31 17:47 - 2014-01-31 17:46 - 00000000 ____D () C:\windows\system32\config\RCCBakup2014-01-31 17:21 - 2012-11-01 17:22 - 00194048 _____ (Microsoft Corporation) C:\windows\SysWOW64\IEShims.dll2014-01-31 17:21 - 2012-11-01 17:22 - 00194048 _____ (Microsoft Corporation) C:\windows\system32\IEShims.dll2014-01-31 15:33 - 2012-10-10 14:40 - 00004608 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll2014-01-31 15:33 - 2012-10-10 14:40 - 00002560 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll2014-01-31 15:32 - 2012-10-10 14:40 - 00003072 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll2014-01-31 15:32 - 2012-10-10 14:40 - 00003072 _____ (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll2014-01-31 15:30 - 2014-01-31 15:30 - 00096208 _____ () C:\windows\SysWOW64\vcomctl32.dll2014-01-31 15:29 - 2014-01-31 15:29 - 00051200 _____ () C:\windows\SysWOW64\vkernel32.dll2014-01-31 15:29 - 2014-01-31 15:29 - 00035328 _____ () C:\windows\SysWOW64\vuser32.dll2014-01-31 15:23 - 2014-01-31 15:23 - 00000000 ____D () C:\Users\Paloma\Documents\Visual Studio 20052014-01-31 14:07 - 2011-12-27 00:35 - 00000000 ____D () C:\ProgramData\Microsoft Help2014-01-31 01:04 - 2011-10-11 11:46 - 00407040 _____ (Samsung Electronics) C:\windows\HotfixChecker.exe2014-01-31 01:04 - 2011-10-11 11:36 - 00003324 _____ () C:\windows\HotFixList.ini2014-01-31 01:03 - 2011-10-11 11:36 - 00345600 _____ (Samsung Electronics Co., Ltd.) C:\windows\SetLCDStretchMode.exe2014-01-31 00:54 - 2014-01-31 00:54 - 00000000 ____D () C:\63d26f454ba3a54ec38dc7872014-01-30 23:51 - 2014-01-30 23:51 - 00000000 ____D () C:\ProgramData\ESET2014-01-30 23:51 - 2014-01-30 23:51 - 00000000 ____D () C:\Program Files\ESET2014-01-30 20:13 - 2014-01-30 20:13 - 00000000 ____D () C:\Program Files (x86)\ESET NOD322014-01-30 19:53 - 2014-01-29 03:59 - 00000000 ____D () C:\Qoobox2014-01-30 19:36 - 2009-07-14 06:08 - 00032640 _____ () C:\windows\Tasks\SCHEDLGU.TXT2014-01-29 11:01 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\SysWOW64\com2014-01-29 11:00 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\system32\oobe2014-01-29 11:00 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\system32\com2014-01-29 10:59 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\IME2014-01-29 10:31 - 2014-01-28 23:52 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\comcat.dll2014-01-29 10:27 - 2010-11-21 04:23 - 03860992 _____ (Microsoft Corporation) C:\windows\system32\UIRibbon.dll2014-01-29 04:32 - 2012-01-22 16:22 - 00000000 ____D () C:\found.0002014-01-29 04:19 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default2014-01-29 04:11 - 2009-07-14 03:34 - 00000215 _____ () C:\windows\system.ini2014-01-29 03:37 - 2014-01-29 03:26 - 00000000 ____D () C:\ProgramData\Package Cache2014-01-29 02:57 - 2014-01-29 02:57 - 00003276 _____ () C:\windows\System32\Tasks\{EA1A2A69-2609-4E55-ABAB-C698B64C2F24}2014-01-29 02:46 - 2012-01-21 21:10 - 00000000 ____D () C:\Users\Paloma\AppData\Local\Deployment2014-01-28 20:24 - 2014-01-28 20:24 - 00832872 _____ (Macromedia, Inc.) C:\windows\system32\flash.ocx2014-01-28 20:24 - 2014-01-28 20:24 - 00608448 _____ (Microsoft Corporation) C:\windows\system32\comctl32.ocx2014-01-28 20:20 - 2014-01-28 20:12 - 00198656 _____ (Microsoft Corporation) C:\windows\comdlg32.ocx2014-01-28 20:20 - 2001-05-21 11:46 - 00198656 _____ (Microsoft Corporation) C:\windows\system32\Comdlg32.ocx2014-01-28 20:12 - 2014-01-28 19:56 - 00063088 _____ (VMware, Inc.) C:\windows\SysWOW64\vsocklib.dll2014-01-28 20:11 - 2014-01-28 19:56 - 00606208 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstime.dll2014-01-28 20:11 - 2014-01-28 19:56 - 00053360 _____ (VMware, Inc.) C:\windows\SysWOW64\vmGuestLib.dll2014-01-28 20:11 - 2014-01-28 19:56 - 00050800 _____ (VMware, Inc.) C:\windows\SysWOW64\vmhgfs.dll2014-01-28 20:11 - 2014-01-28 19:56 - 00034416 _____ (VMware, Inc.) C:\windows\SysWOW64\vmGuestLibJava.dll2014-01-28 20:11 - 2014-01-28 19:56 - 00018432 _____ (Microsoft Corporation) C:\windows\SysWOW64\corpol.dll2014-01-28 19:59 - 2014-01-28 19:59 - 03223152 _____ (VMware, Inc.) C:\windows\SysWOW64\vm3dgl.dll2014-01-28 19:59 - 2014-01-28 19:59 - 00219248 _____ (VMware, Inc.) C:\windows\SysWOW64\vm3dum.dll2014-01-28 19:58 - 2014-01-28 19:58 - 01060864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfc71.dll2014-01-28 19:58 - 2014-01-28 19:58 - 01047552 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfc71u.dll2014-01-28 19:35 - 2014-01-28 19:35 - 00000000 ____D () C:\ProgramData\Weskysoft2014-01-28 19:28 - 2014-01-28 19:28 - 00000000 ____D () C:\Program Files (x86)\DLLSuite2014-01-28 19:17 - 2011-12-26 19:09 - 00000000 ____D () C:\Users\Paloma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR2014-01-28 19:17 - 2011-10-12 02:28 - 00000000 ____D () C:\windows\MSetup2014-01-28 19:17 - 2011-02-11 20:57 - 00000000 ____D () C:\windows\Panther2014-01-28 18:45 - 2014-01-28 18:45 - 00000000 ____D () C:\windows\ERUNT2014-01-28 18:40 - 2014-01-28 18:40 - 00102912 _____ (Microsoft Corporation) C:\windows\SysWOW64\vb6stkit.dll2014-01-28 18:38 - 2014-01-28 18:38 - 01355776 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvbvm50.dll2014-01-28 18:33 - 2014-01-28 18:33 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe2014-01-28 18:33 - 2014-01-28 18:33 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe2014-01-28 18:33 - 2014-01-28 18:33 - 00174504 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe2014-01-28 18:33 - 2014-01-28 18:33 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll2014-01-28 18:33 - 2014-01-28 18:33 - 00000000 ____D () C:\Program Files (x86)\Java2014-01-28 18:24 - 2012-01-02 16:37 - 00000000 ____D () C:\Users\Paloma\AppData\Local\Adobe2014-01-28 18:22 - 2014-01-28 18:22 - 00002986 _____ () C:\windows\System32\Tasks\{45CB59DC-D832-4782-846C-F3EB176B2537}2014-01-28 18:21 - 2014-01-28 18:21 - 00002986 _____ () C:\windows\System32\Tasks\{3289EEA8-1FD0-4B6B-9F07-8C2D94F3A841}2014-01-28 18:20 - 2014-01-28 18:20 - 00002986 _____ () C:\windows\System32\Tasks\{B11F8FFC-F73B-4D0D-BEFD-5DE92E89C2C7}2014-01-28 18:16 - 2011-02-11 20:56 - 00000000 ____D () C:\windows\Sec2014-01-28 18:16 - 2005-04-08 03:16 - 00000000 ___HD () C:\Users\Paloma\AppData\Roaming\501BB70B2014-01-28 17:36 - 2012-09-16 16:31 - 00000000 ____D () C:\Users\Paloma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox2014-01-28 17:31 - 2011-12-26 18:08 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk2014-01-28 17:31 - 2011-12-26 18:08 - 00000000 ____D () C:\Program Files\CCleaner2014-01-20 15:16 - 2012-01-13 18:55 - 00000000 ____D () C:\Users\Public\CyberLink2014-01-16 14:33 - 2012-02-18 18:38 - 00000000 ___HD () C:\Users\Paloma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup2014-01-16 14:32 - 2012-09-16 16:34 - 00001021 _____ () C:\Users\Paloma\Desktop\Dropbox.lnk2014-01-15 17:06 - 2014-01-15 16:54 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe2014-01-15 17:06 - 2014-01-15 16:54 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl2014-01-15 17:04 - 2012-01-21 21:44 - 00000000 ____D () C:\Users\Paloma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Adobe2014-01-15 17:02 - 2011-12-26 18:45 - 00000000 ____D () C:\Program Files (x86)\Adobe2014-01-15 16:56 - 2014-01-15 16:54 - 00000000 ____D () C:\Program Files (x86)\McAfee Security Scan2014-01-15 16:54 - 2014-01-15 16:54 - 00000000 ____D () C:\windows\system32\Macromed2014-01-15 16:54 - 2014-01-15 16:54 - 00000000 ____D () C:\ProgramData\McAfee2014-01-15 16:52 - 2011-10-11 11:13 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information2014-01-15 16:42 - 2014-01-15 16:42 - 00000000 ____D () C:\ProgramData\PC Drivers Headquarters2014-01-15 16:40 - 2014-01-15 15:34 - 00000000 ____D () C:\Users\Paloma\AppData\Local\Downloaded Installations2014-01-15 16:12 - 2014-01-15 16:12 - 00003128 _____ () C:\windows\System32\Tasks\{E0E2DC5D-BFD0-459E-B1AC-C8C2A563DC50}2014-01-15 16:11 - 2011-12-27 00:04 - 00000000 ____D () C:\Users\Paloma\AppData\Local\VirtualStore2014-01-15 15:57 - 2014-01-15 15:57 - 00000000 ____D () C:\ProgramData\Sun2014-01-15 15:57 - 2014-01-15 15:57 - 00000000 ____D () C:\ProgramData\Oracle2014-01-15 14:24 - 2014-01-15 14:25 - 06345936 _____ (PC Cleaners) C:\ProgramData\pclunst.exe2014-01-15 14:02 - 2011-12-26 18:47 - 00001026 _____ () C:\Users\Public\Desktop\VLC media player.lnk2014-01-15 13:58 - 2012-01-21 21:46 - 00000000 ____D () C:\Users\Paloma\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Apple2014-01-15 13:41 - 2011-12-26 18:09 - 00001724 _____ () C:\Users\Public\Desktop\Defraggler.lnk2014-01-15 13:41 - 2011-12-26 18:09 - 00000000 ____D () C:\Program Files\Defraggler2014-01-15 13:38 - 2014-01-15 13:38 - 00002774 _____ () C:\windows\System32\Tasks\CCleanerSkipUAC Files to move or delete:====================C:\ProgramData\pclunst.exe Some content of TEMP:====================C:\Users\Paloma\AppData\Local\Temp\ntdll_dump.dllC:\Users\Paloma\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\rpcss.dll => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-01-31 22:07 ==================== End Of Log ============================
  8. Hello! I could follow steps 3, 4 and 5, but I couldn't follow this one: Once again, when I try to run Malwarebytes, a window pops up saying: Run-time error 50003: Unexpected error I have done some research and come to the conclusion that there is probably a .dll file conflict. Is that possible? Steps 6 and 7 I haven't tried... Thanks for your help! FriZin PD: here are the logs of steps 3, 4 and 5: mbar-log (1) Malwarebytes Anti-Rootkit BETA 1.07.0.1009www.malwarebytes.org Database version: v2014.02.05.10 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 9.0.8112.16421Paloma :: PALOMA-PC [administrator] 06/02/2014 0:59:48mbar-log-2014-02-06 (00-59-48).txt Scan type: Quick scanScan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/ShurikenScan options disabled: Objects scanned: 269105Time elapsed: 19 minute(s), 2 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 1C:\Users\Paloma\AppData\Roaming\Paloma-wchelper.dll (Trojan.Agent.Gen) -> Delete on reboot. Physical Sectors Detected: 0(No malicious items detected) (end) mbar-log (2) Malwarebytes Anti-Rootkit BETA 1.07.0.1009www.malwarebytes.org Database version: v2014.02.05.10 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 9.0.8112.16421Paloma :: PALOMA-PC [administrator] 06/02/2014 1:22:54mbar-log-2014-02-06 (01-22-54).txt Scan type: Quick scanScan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/ShurikenScan options disabled: Objects scanned: 268905Time elapsed: 17 minute(s), 8 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) Physical Sectors Detected: 0(No malicious items detected) (end) system-log ---------------------------------------Malwarebytes Anti-Rootkit BETA 1.07.0.1009 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFSDisk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXEDCPU speed: 2.394000 GHzMemory total: 6351798272, free: 5023084544 Downloaded database version: v2014.02.05.10Downloaded database version: v2013.12.18.01=======================================Initializing...------------ Kernel report ------------ 02/06/2014 00:59:37------------ Loaded modules -----------\SystemRoot\system32\ntoskrnl.exe\SystemRoot\system32\hal.dll\SystemRoot\system32\kdcom.dll\SystemRoot\system32\mcupdate_GenuineIntel.dll\SystemRoot\system32\PSHED.dll\SystemRoot\system32\CLFS.SYS\SystemRoot\system32\CI.dll\SystemRoot\system32\drivers\Wdf01000.sys\SystemRoot\system32\drivers\WDFLDR.SYS\SystemRoot\system32\drivers\ACPI.sys\SystemRoot\system32\drivers\WMILIB.SYS\SystemRoot\system32\drivers\msisadrv.sys\SystemRoot\system32\drivers\pci.sys\SystemRoot\system32\drivers\vdrvroot.sys\SystemRoot\System32\drivers\partmgr.sys\SystemRoot\system32\DRIVERS\compbatt.sys\SystemRoot\system32\DRIVERS\BATTC.SYS\SystemRoot\system32\drivers\volmgr.sys\SystemRoot\System32\drivers\volmgrx.sys\SystemRoot\System32\drivers\mountmgr.sys\SystemRoot\system32\DRIVERS\iaStor.sys\SystemRoot\system32\drivers\atapi.sys\SystemRoot\system32\drivers\ataport.SYS\SystemRoot\system32\drivers\msahci.sys\SystemRoot\system32\drivers\PCIIDEX.SYS\SystemRoot\system32\drivers\amdxata.sys\SystemRoot\system32\drivers\fltmgr.sys\SystemRoot\system32\drivers\fileinfo.sys\SystemRoot\System32\Drivers\Ntfs.sys\SystemRoot\System32\Drivers\msrpc.sys\SystemRoot\System32\Drivers\ksecdd.sys\SystemRoot\System32\Drivers\cng.sys\SystemRoot\System32\drivers\pcw.sys\SystemRoot\System32\Drivers\Fs_Rec.sys\SystemRoot\system32\drivers\ndis.sys\SystemRoot\system32\drivers\NETIO.SYS\SystemRoot\System32\Drivers\ksecpkg.sys\SystemRoot\System32\drivers\tcpip.sys\SystemRoot\System32\drivers\fwpkclnt.sys\SystemRoot\system32\drivers\volsnap.sys\SystemRoot\System32\Drivers\spldr.sys\SystemRoot\System32\drivers\rdyboost.sys\SystemRoot\system32\DRIVERS\nvpciflt.sys\SystemRoot\System32\Drivers\mup.sys\SystemRoot\System32\drivers\hwpolicy.sys\SystemRoot\System32\DRIVERS\fvevol.sys\SystemRoot\system32\drivers\disk.sys\SystemRoot\system32\drivers\CLASSPNP.SYS\SystemRoot\system32\DRIVERS\cdrom.sys\SystemRoot\system32\DRIVERS\eamonm.sys\SystemRoot\System32\Drivers\Null.SYS\SystemRoot\System32\Drivers\Beep.SYS\SystemRoot\system32\DRIVERS\ehdrv.sysC:\Program Files\ESET\ESET NOD32 Antivirus\em006_64.datC:\Program Files\ESET\ESET NOD32 Antivirus\em018_64.dat\SystemRoot\System32\drivers\vga.sys\SystemRoot\System32\drivers\VIDEOPRT.SYS\SystemRoot\System32\drivers\watchdog.sys\SystemRoot\System32\DRIVERS\RDPCDD.sys\SystemRoot\system32\drivers\rdpencdd.sys\SystemRoot\system32\drivers\rdprefmp.sys\SystemRoot\System32\Drivers\Msfs.SYS\SystemRoot\System32\Drivers\Npfs.SYS\SystemRoot\system32\DRIVERS\tdx.sys\SystemRoot\system32\DRIVERS\TDI.SYS\SystemRoot\system32\drivers\afd.sys\SystemRoot\System32\DRIVERS\netbt.sys\SystemRoot\system32\drivers\ws2ifsl.sys\SystemRoot\system32\DRIVERS\wfplwf.sys\SystemRoot\system32\DRIVERS\pacer.sys\SystemRoot\system32\DRIVERS\vwififlt.sys\SystemRoot\system32\DRIVERS\netbios.sys\SystemRoot\system32\DRIVERS\wanarp.sys\SystemRoot\system32\DRIVERS\termdd.sys\??\C:\windows\system32\Drivers\SABI.sys\SystemRoot\system32\DRIVERS\rdbss.sys\SystemRoot\system32\drivers\nsiproxy.sys\SystemRoot\system32\DRIVERS\mssmbios.sys\SystemRoot\System32\drivers\discache.sys\SystemRoot\System32\Drivers\dfsc.sys\SystemRoot\system32\DRIVERS\blbdrive.sys\SystemRoot\system32\DRIVERS\tunnel.sys\SystemRoot\system32\DRIVERS\nvlddmkm.sys\SystemRoot\System32\Drivers\nvBridge.kmd\SystemRoot\System32\drivers\dxgkrnl.sys\SystemRoot\System32\drivers\dxgmms1.sys\SystemRoot\system32\DRIVERS\igdkmd64.sys\SystemRoot\system32\DRIVERS\HECIx64.sys\SystemRoot\system32\drivers\usbehci.sys\SystemRoot\system32\drivers\USBPORT.SYS\SystemRoot\system32\DRIVERS\HDAudBus.sys\SystemRoot\system32\DRIVERS\NETwNs64.sys\SystemRoot\system32\DRIVERS\vwifibus.sys\SystemRoot\system32\DRIVERS\Rt64win7.sys\SystemRoot\system32\DRIVERS\CmBatt.sys\SystemRoot\system32\DRIVERS\i8042prt.sys\SystemRoot\system32\DRIVERS\kbdclass.sys\SystemRoot\system32\DRIVERS\ETD.sys\SystemRoot\system32\DRIVERS\mouclass.sys\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys\SystemRoot\system32\DRIVERS\intelppm.sys\SystemRoot\system32\DRIVERS\AMPPAL.sys\SystemRoot\system32\DRIVERS\CompositeBus.sys\SystemRoot\system32\DRIVERS\clwvd.sys\SystemRoot\system32\DRIVERS\ks.sys\SystemRoot\system32\drivers\ksthunk.sys\SystemRoot\System32\Drivers\RootMdm.sys\SystemRoot\system32\drivers\modem.sys\SystemRoot\system32\DRIVERS\AgileVpn.sys\SystemRoot\system32\DRIVERS\rasl2tp.sys\SystemRoot\system32\DRIVERS\ndistapi.sys\SystemRoot\system32\DRIVERS\ndiswan.sys\SystemRoot\system32\DRIVERS\raspppoe.sys\SystemRoot\system32\DRIVERS\raspptp.sys\SystemRoot\system32\DRIVERS\rassstp.sys\SystemRoot\system32\DRIVERS\RimSerial_AMD64.sys\SystemRoot\system32\DRIVERS\swenum.sys\SystemRoot\system32\DRIVERS\SGdrv64.sys\SystemRoot\system32\DRIVERS\circlass.sys\SystemRoot\system32\DRIVERS\umbus.sys\SystemRoot\system32\DRIVERS\usbhub.sys\SystemRoot\System32\Drivers\NDProxy.SYS\SystemRoot\system32\drivers\RTKVHD64.sys\SystemRoot\system32\drivers\portcls.sys\SystemRoot\system32\drivers\drmk.sys\SystemRoot\system32\DRIVERS\IntcDAud.sys\SystemRoot\System32\Drivers\crashdmp.sys\SystemRoot\System32\Drivers\dump_iaStor.sys\SystemRoot\System32\Drivers\dump_dumpfve.sys\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\Dxapi.sys\SystemRoot\system32\DRIVERS\usbccgp.sys\SystemRoot\system32\DRIVERS\USBD.SYS\SystemRoot\System32\Drivers\usbvideo.sys\SystemRoot\system32\DRIVERS\iBtFltCoex.sys\SystemRoot\system32\DRIVERS\btmhsf.sys\SystemRoot\System32\Drivers\BTHUSB.sys\SystemRoot\System32\Drivers\bthport.sys\SystemRoot\system32\DRIVERS\HIDPARSE.SYS\SystemRoot\system32\DRIVERS\rfcomm.sys\SystemRoot\system32\drivers\BthEnum.sys\SystemRoot\system32\DRIVERS\bthpan.sys\SystemRoot\system32\DRIVERS\btmaux.sys\SystemRoot\System32\TSDDD.dll\SystemRoot\System32\cdd.dll\SystemRoot\system32\drivers\luafv.sys\SystemRoot\system32\drivers\WudfPf.sys\SystemRoot\system32\DRIVERS\lltdio.sys\SystemRoot\system32\DRIVERS\nwifi.sys\SystemRoot\system32\DRIVERS\ndisuio.sys\SystemRoot\system32\DRIVERS\rspndr.sys\SystemRoot\system32\drivers\HTTP.sys\SystemRoot\system32\DRIVERS\vwifimp.sys\SystemRoot\system32\DRIVERS\bowser.sys\SystemRoot\System32\drivers\mpsdrv.sys\SystemRoot\system32\DRIVERS\mrxsmb.sys\SystemRoot\system32\DRIVERS\mrxsmb10.sys\SystemRoot\system32\DRIVERS\mrxsmb20.sys\SystemRoot\system32\DRIVERS\epfwwfpr.sys\SystemRoot\system32\drivers\peauth.sys\SystemRoot\System32\Drivers\secdrv.SYS\SystemRoot\System32\DRIVERS\srvnet.sys\SystemRoot\System32\drivers\tcpipreg.sys\SystemRoot\System32\DRIVERS\srv2.sys\SystemRoot\System32\DRIVERS\srv.sys\SystemRoot\System32\ATMFD.DLL\SystemRoot\system32\DRIVERS\monitor.sys\??\C:\windows\system32\drivers\mbamchameleon.sys\??\C:\windows\system32\drivers\MBAMSwissArmy.sys\Windows\System32\ntdll.dll\Windows\System32\smss.exe\Windows\System32\apisetschema.dll\Windows\System32\autochk.exe\Windows\System32\sechost.dll\Windows\System32\msctf.dll\Windows\System32\imm32.dll\Windows\System32\msvcrt.dll\Windows\System32\normaliz.dll\Windows\System32\usp10.dll\Windows\System32\lpk.dll\Windows\System32\clbcatq.dll\Windows\System32\oleaut32.dll\Windows\System32\setupapi.dll\Windows\System32\shell32.dll\Windows\System32\rpcrt4.dll\Windows\System32\ws2_32.dll\Windows\System32\shlwapi.dll\Windows\System32\imagehlp.dll\Windows\System32\psapi.dll\Windows\System32\kernel32.dll\Windows\System32\wininet.dll\Windows\System32\advapi32.dll\Windows\System32\nsi.dll\Windows\System32\comdlg32.dll\Windows\System32\user32.dll\Windows\System32\urlmon.dll\Windows\System32\Wldap32.dll\Windows\System32\gdi32.dll\Windows\System32\ole32.dll\Windows\System32\iertutil.dll\Windows\System32\difxapi.dll\Windows\System32\cfgmgr32.dll\Windows\System32\wintrust.dll\Windows\System32\devobj.dll\Windows\System32\KernelBase.dll\Windows\System32\crypt32.dll\Windows\System32\comctl32.dll\Windows\System32\msasn1.dll----------- End -----------Done!<<<1>>>Upper Device Name: \Device\Harddisk0\DR0Upper Device Object: 0xfffffa800815c060Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\Ide\IAAStorageDevice-1\Lower Device Object: 0xfffffa800621e050Lower Device Driver Name: \Driver\iaStor\<<<2>>>Physical Sector Size: 512Drive: 0, DevicePointer: 0xfffffa800815c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa8007fd59d0, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa800815c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa800621e050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\------------ End ----------Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesScanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesDone!Drive 0Scanning MBR on drive 0...Inspecting partition table:MBR Signature: 55AADisk Signature: 3C977812 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 204800 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 206848 Numsec = 169869312 Partition 2 type is Extended with LBA (0xf) Partition is NOT ACTIVE. Partition starts at LBA: 170076160 Numsec = 1247318016 Partition 3 type is Other (0x27) Partition is NOT ACTIVE. Partition starts at LBA: 1417394176 Numsec = 47753216 Disk Size: 750156374016 bytesSector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1465129168-1465149168)...Done!Infected: C:\Users\Paloma\AppData\Roaming\Paloma-wchelper.dll --> [Trojan.Agent.Gen]Scan finishedCreating System Restore point...Cleaning up...Removal successful. No system shutdown is required.======================================= Removal queue found; removal startedRemoving C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...Removal finished---------------------------------------Malwarebytes Anti-Rootkit BETA 1.07.0.1009 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFSDisk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXEDCPU speed: 2.394000 GHzMemory total: 6351798272, free: 4675203072 ---------------------------------------Malwarebytes Anti-Rootkit BETA 1.07.0.1009 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 File system is: NTFSDisk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXEDCPU speed: 2.394000 GHzMemory total: 6351798272, free: 4674560000 =======================================Initializing...------------ Kernel report ------------ 02/06/2014 01:22:45------------ Loaded modules -----------\SystemRoot\system32\ntoskrnl.exe\SystemRoot\system32\hal.dll\SystemRoot\system32\kdcom.dll\SystemRoot\system32\mcupdate_GenuineIntel.dll\SystemRoot\system32\PSHED.dll\SystemRoot\system32\CLFS.SYS\SystemRoot\system32\CI.dll\SystemRoot\system32\drivers\Wdf01000.sys\SystemRoot\system32\drivers\WDFLDR.SYS\SystemRoot\system32\drivers\ACPI.sys\SystemRoot\system32\drivers\WMILIB.SYS\SystemRoot\system32\drivers\msisadrv.sys\SystemRoot\system32\drivers\pci.sys\SystemRoot\system32\drivers\vdrvroot.sys\SystemRoot\System32\drivers\partmgr.sys\SystemRoot\system32\DRIVERS\compbatt.sys\SystemRoot\system32\DRIVERS\BATTC.SYS\SystemRoot\system32\drivers\volmgr.sys\SystemRoot\System32\drivers\volmgrx.sys\SystemRoot\System32\drivers\mountmgr.sys\SystemRoot\system32\DRIVERS\iaStor.sys\SystemRoot\system32\drivers\atapi.sys\SystemRoot\system32\drivers\ataport.SYS\SystemRoot\system32\drivers\msahci.sys\SystemRoot\system32\drivers\PCIIDEX.SYS\SystemRoot\system32\drivers\amdxata.sys\SystemRoot\system32\drivers\fltmgr.sys\SystemRoot\system32\drivers\fileinfo.sys\SystemRoot\System32\Drivers\Ntfs.sys\SystemRoot\System32\Drivers\msrpc.sys\SystemRoot\System32\Drivers\ksecdd.sys\SystemRoot\System32\Drivers\cng.sys\SystemRoot\System32\drivers\pcw.sys\SystemRoot\System32\Drivers\Fs_Rec.sys\SystemRoot\system32\drivers\ndis.sys\SystemRoot\system32\drivers\NETIO.SYS\SystemRoot\System32\Drivers\ksecpkg.sys\SystemRoot\System32\drivers\tcpip.sys\SystemRoot\System32\drivers\fwpkclnt.sys\SystemRoot\system32\drivers\volsnap.sys\SystemRoot\System32\Drivers\spldr.sys\SystemRoot\System32\drivers\rdyboost.sys\SystemRoot\system32\DRIVERS\nvpciflt.sys\SystemRoot\System32\Drivers\mup.sys\SystemRoot\System32\drivers\hwpolicy.sys\SystemRoot\System32\DRIVERS\fvevol.sys\SystemRoot\system32\drivers\disk.sys\SystemRoot\system32\drivers\CLASSPNP.SYS\SystemRoot\system32\DRIVERS\cdrom.sys\SystemRoot\system32\DRIVERS\eamonm.sys\SystemRoot\System32\Drivers\Null.SYS\SystemRoot\System32\Drivers\Beep.SYS\SystemRoot\system32\DRIVERS\ehdrv.sysC:\Program Files\ESET\ESET NOD32 Antivirus\em006_64.datC:\Program Files\ESET\ESET NOD32 Antivirus\em018_64.dat\SystemRoot\System32\drivers\vga.sys\SystemRoot\System32\drivers\VIDEOPRT.SYS\SystemRoot\System32\drivers\watchdog.sys\SystemRoot\System32\DRIVERS\RDPCDD.sys\SystemRoot\system32\drivers\rdpencdd.sys\SystemRoot\system32\drivers\rdprefmp.sys\SystemRoot\System32\Drivers\Msfs.SYS\SystemRoot\System32\Drivers\Npfs.SYS\SystemRoot\system32\DRIVERS\tdx.sys\SystemRoot\system32\DRIVERS\TDI.SYS\SystemRoot\system32\drivers\afd.sys\SystemRoot\System32\DRIVERS\netbt.sys\SystemRoot\system32\drivers\ws2ifsl.sys\SystemRoot\system32\DRIVERS\wfplwf.sys\SystemRoot\system32\DRIVERS\pacer.sys\SystemRoot\system32\DRIVERS\vwififlt.sys\SystemRoot\system32\DRIVERS\netbios.sys\SystemRoot\system32\DRIVERS\wanarp.sys\SystemRoot\system32\DRIVERS\termdd.sys\??\C:\windows\system32\Drivers\SABI.sys\SystemRoot\system32\DRIVERS\rdbss.sys\SystemRoot\system32\drivers\nsiproxy.sys\SystemRoot\system32\DRIVERS\mssmbios.sys\SystemRoot\System32\drivers\discache.sys\SystemRoot\System32\Drivers\dfsc.sys\SystemRoot\system32\DRIVERS\blbdrive.sys\SystemRoot\system32\DRIVERS\tunnel.sys\SystemRoot\system32\DRIVERS\nvlddmkm.sys\SystemRoot\System32\Drivers\nvBridge.kmd\SystemRoot\System32\drivers\dxgkrnl.sys\SystemRoot\System32\drivers\dxgmms1.sys\SystemRoot\system32\DRIVERS\igdkmd64.sys\SystemRoot\system32\DRIVERS\HECIx64.sys\SystemRoot\system32\drivers\usbehci.sys\SystemRoot\system32\drivers\USBPORT.SYS\SystemRoot\system32\DRIVERS\HDAudBus.sys\SystemRoot\system32\DRIVERS\NETwNs64.sys\SystemRoot\system32\DRIVERS\vwifibus.sys\SystemRoot\system32\DRIVERS\Rt64win7.sys\SystemRoot\system32\DRIVERS\CmBatt.sys\SystemRoot\system32\DRIVERS\i8042prt.sys\SystemRoot\system32\DRIVERS\kbdclass.sys\SystemRoot\system32\DRIVERS\ETD.sys\SystemRoot\system32\DRIVERS\mouclass.sys\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys\SystemRoot\system32\DRIVERS\intelppm.sys\SystemRoot\system32\DRIVERS\AMPPAL.sys\SystemRoot\system32\DRIVERS\CompositeBus.sys\SystemRoot\system32\DRIVERS\clwvd.sys\SystemRoot\system32\DRIVERS\ks.sys\SystemRoot\system32\drivers\ksthunk.sys\SystemRoot\System32\Drivers\RootMdm.sys\SystemRoot\system32\drivers\modem.sys\SystemRoot\system32\DRIVERS\AgileVpn.sys\SystemRoot\system32\DRIVERS\rasl2tp.sys\SystemRoot\system32\DRIVERS\ndistapi.sys\SystemRoot\system32\DRIVERS\ndiswan.sys\SystemRoot\system32\DRIVERS\raspppoe.sys\SystemRoot\system32\DRIVERS\raspptp.sys\SystemRoot\system32\DRIVERS\rassstp.sys\SystemRoot\system32\DRIVERS\RimSerial_AMD64.sys\SystemRoot\system32\DRIVERS\swenum.sys\SystemRoot\system32\DRIVERS\SGdrv64.sys\SystemRoot\system32\DRIVERS\circlass.sys\SystemRoot\system32\DRIVERS\umbus.sys\SystemRoot\system32\DRIVERS\usbhub.sys\SystemRoot\System32\Drivers\NDProxy.SYS\SystemRoot\system32\drivers\RTKVHD64.sys\SystemRoot\system32\drivers\portcls.sys\SystemRoot\system32\drivers\drmk.sys\SystemRoot\system32\DRIVERS\IntcDAud.sys\SystemRoot\System32\Drivers\crashdmp.sys\SystemRoot\System32\Drivers\dump_iaStor.sys\SystemRoot\System32\Drivers\dump_dumpfve.sys\SystemRoot\System32\win32k.sys\SystemRoot\System32\drivers\Dxapi.sys\SystemRoot\system32\DRIVERS\usbccgp.sys\SystemRoot\system32\DRIVERS\USBD.SYS\SystemRoot\System32\Drivers\usbvideo.sys\SystemRoot\system32\DRIVERS\iBtFltCoex.sys\SystemRoot\system32\DRIVERS\btmhsf.sys\SystemRoot\System32\Drivers\BTHUSB.sys\SystemRoot\System32\Drivers\bthport.sys\SystemRoot\system32\DRIVERS\HIDPARSE.SYS\SystemRoot\system32\DRIVERS\rfcomm.sys\SystemRoot\system32\drivers\BthEnum.sys\SystemRoot\system32\DRIVERS\bthpan.sys\SystemRoot\system32\DRIVERS\btmaux.sys\SystemRoot\System32\TSDDD.dll\SystemRoot\System32\cdd.dll\SystemRoot\system32\drivers\luafv.sys\SystemRoot\system32\drivers\WudfPf.sys\SystemRoot\system32\DRIVERS\lltdio.sys\SystemRoot\system32\DRIVERS\nwifi.sys\SystemRoot\system32\DRIVERS\ndisuio.sys\SystemRoot\system32\DRIVERS\rspndr.sys\SystemRoot\system32\drivers\HTTP.sys\SystemRoot\system32\DRIVERS\vwifimp.sys\SystemRoot\system32\DRIVERS\bowser.sys\SystemRoot\System32\drivers\mpsdrv.sys\SystemRoot\system32\DRIVERS\mrxsmb.sys\SystemRoot\system32\DRIVERS\mrxsmb10.sys\SystemRoot\system32\DRIVERS\mrxsmb20.sys\SystemRoot\system32\DRIVERS\epfwwfpr.sys\SystemRoot\system32\drivers\peauth.sys\SystemRoot\System32\Drivers\secdrv.SYS\SystemRoot\System32\DRIVERS\srvnet.sys\SystemRoot\System32\drivers\tcpipreg.sys\SystemRoot\System32\DRIVERS\srv2.sys\SystemRoot\System32\DRIVERS\srv.sys\SystemRoot\System32\ATMFD.DLL\SystemRoot\system32\DRIVERS\monitor.sys\??\C:\windows\system32\drivers\mbamchameleon.sys\??\C:\windows\system32\drivers\MBAMSwissArmy.sys\Windows\System32\ntdll.dll\Windows\System32\smss.exe\Windows\System32\apisetschema.dll\Windows\System32\autochk.exe\Windows\System32\sechost.dll\Windows\System32\msctf.dll\Windows\System32\imm32.dll\Windows\System32\msvcrt.dll\Windows\System32\normaliz.dll\Windows\System32\usp10.dll\Windows\System32\lpk.dll\Windows\System32\clbcatq.dll\Windows\System32\oleaut32.dll\Windows\System32\setupapi.dll\Windows\System32\shell32.dll\Windows\System32\rpcrt4.dll\Windows\System32\ws2_32.dll\Windows\System32\shlwapi.dll\Windows\System32\imagehlp.dll\Windows\System32\psapi.dll\Windows\System32\kernel32.dll\Windows\System32\wininet.dll\Windows\System32\advapi32.dll\Windows\System32\nsi.dll\Windows\System32\comdlg32.dll\Windows\System32\user32.dll\Windows\System32\urlmon.dll\Windows\System32\Wldap32.dll\Windows\System32\gdi32.dll\Windows\System32\ole32.dll\Windows\System32\iertutil.dll\Windows\System32\difxapi.dll\Windows\System32\cfgmgr32.dll\Windows\System32\wintrust.dll\Windows\System32\devobj.dll\Windows\System32\KernelBase.dll\Windows\System32\crypt32.dll\Windows\System32\comctl32.dll\Windows\System32\msasn1.dll----------- End -----------Done!<<<1>>>Upper Device Name: \Device\Harddisk0\DR0Upper Device Object: 0xfffffa800815c060Upper Device Driver Name: \Driver\Disk\Lower Device Name: \Device\Ide\IAAStorageDevice-1\Lower Device Object: 0xfffffa800621e050Lower Device Driver Name: \Driver\iaStor\<<<2>>>Physical Sector Size: 512Drive: 0, DevicePointer: 0xfffffa800815c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\--------- Disk Stack ------DevicePointer: 0xfffffa8007fd59d0, DeviceName: Unknown, DriverName: \Driver\partmgr\DevicePointer: 0xfffffa800815c060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\DevicePointer: 0xfffffa800621e050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\------------ End ----------Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\Upper DeviceData: 0x0, 0x0, 0x0Lower DeviceData: 0x0, 0x0, 0x0<<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesScanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...<<<2>>><<<3>>>Volume: C:File system type: NTFSSectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytesDone!Drive 0Scanning MBR on drive 0...Inspecting partition table:MBR Signature: 55AADisk Signature: 3C977812 Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 204800 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 206848 Numsec = 169869312 Partition 2 type is Extended with LBA (0xf) Partition is NOT ACTIVE. Partition starts at LBA: 170076160 Numsec = 1247318016 Partition 3 type is Other (0x27) Partition is NOT ACTIVE. Partition starts at LBA: 1417394176 Numsec = 47753216 Disk Size: 750156374016 bytesSector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1465129168-1465149168)...Done!Scan finished======================================= Removal queue found; removal startedRemoving C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...Removal finished JRT.txt ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by ThisisuVersion: 6.1.1 (02.04.2014:1)OS: Windows 7 Home Premium x64Ran by Paloma on 06/02/2014 at 1:44:51,68~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonicSuccessfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\systweakSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweakSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_para_unlocker_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_para_unlocker_RASMANCSSuccessfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_para_unlocker_RASAPI32Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_para_unlocker_RASMANCS ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\pc1data"Successfully deleted: [Folder] "C:\ProgramData\speedypc software"Successfully deleted: [Folder] "C:\Users\Paloma\AppData\Roaming\drivercure"Successfully deleted: [Folder] "C:\Users\Paloma\AppData\Roaming\speedypc software"Successfully deleted: [Folder] "C:\Users\Paloma\AppData\Roaming\systweak"Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{0144C472-A983-4A1A-88BF-6900D2535256}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{0246C126-DB92-402F-ACB9-764669804EF1}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{024B0AED-E9AE-4982-8CAE-83CB882EFC58}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{09A21E5C-9B37-49F7-B78A-97CF1E53444A}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{09B3BEC3-A315-467C-AE01-B3FB1CE92E1B}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{0EADD068-1EB9-4338-AAD3-01A67A332C2B}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{0F77ECBA-D1A2-4CCF-A226-3F81DE8EA04F}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{0FF2759D-E187-4469-B788-61B537F5FFE1}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{117CCE8C-6E41-4E09-8331-42A83C69C604}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{1321CACC-FF1B-4078-ADDF-7D10F25422F6}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{13D3B3FD-DBB4-48E5-87CC-C63878F8186E}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{14FB862F-C90E-45CF-AC42-10762C9B4B15}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{15CDDEDA-B3EA-4514-A2C3-8CA355AA22A4}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{15E23D3B-5CB2-4C30-AF05-0EC82EC089F3}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{1671E0D1-BFD7-46B0-84F4-1DED5CD58FFB}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{16C9E32C-ED39-427D-A974-0EF1731BD581}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{16D4390B-5BF2-45C9-A43A-6EE685B193F5}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{17F20DA6-663B-4728-A5F3-7C69556DC613}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{17FB98BB-0301-4CED-B9E8-C27816D7F26C}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{183776F9-1395-41D8-B401-0F7FFFD3DCC8}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{18DF1DA3-0AD6-4059-B26A-01F380FDC302}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{1B114862-858C-40F1-901B-3306CF74568F}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{1DCFDDC9-09CD-4A6B-97B1-E25A70F09C05}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{1F3D0234-7A6E-4914-9AE2-FF461463835B}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{21DB7ED2-DD19-45F3-995C-737BCB8F004C}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{225A722D-6971-45B0-B165-9752811E35AF}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{22827EEB-4BD4-43DB-A437-257715B8C9EB}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{26D1A887-6142-4610-9E5C-41508EF2D1C2}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{2BDB424D-EC84-4215-B526-566A84ECB1CE}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{2C974C5C-230E-4D5F-BCDB-27DDBD17A82B}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{32112F48-68DD-4AC1-97D7-22A8A932FD44}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{33E87114-8E1D-4FE1-B2B3-3B48B187BBF0}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{342CCD5E-1800-475C-875E-AD9E85D28CF4}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{3B334A8D-6F60-412D-8BB7-D859C72E713F}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{3C52A13B-B88D-4357-A387-C04361F0FAF9}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{4ABE686F-F2B9-480C-81BD-0E2E0EDD8547}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{4E594D40-0FFF-41E4-BF39-2E3FC3246AD2}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{4FEF50B1-34B9-4B58-96CD-1A0C3E26CE09}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{51CA2985-14B9-4BC0-B3CB-3DD2DEE79089}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{53A3853D-CB01-48C6-A73C-B5D240327CB4}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{5B224349-6BF4-4D0F-BC15-84653DB91E0C}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{5B89678A-9D6D-4627-B53E-6B10D9F29E4D}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{6242F0BC-4B41-4982-8251-BAC383E3C38C}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{6829388B-DFCE-4CEB-B0E0-F1A2A1EABDC3}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{6BD46E3A-6B22-47A7-B230-725D1DF7ABCF}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{6E9BA5F9-67EA-49AA-8F99-DDB2ECE0D8A6}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{6F5DD0F5-6B55-47D4-A535-FB1ECF253EF1}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{75448E5C-C7D1-4051-B5AA-512762F4571C}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{792D9FA3-6EE9-4405-B970-F34F8417050B}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{82925DD7-60CA-42A5-B3C5-8833D3CF787A}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{82EBFB42-06CC-497A-88A2-9E56CF8BF941}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{8E4BA94D-96EF-4571-BA60-ACD1CC7B64B4}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{8EC6E596-BB83-4852-AB3A-24B717B01F23}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{904B6AE6-E7C1-40AD-AFBE-AD1AE3D6AFE5}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{934847AF-E237-4A34-9A51-DC74FF86F600}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{940513B3-C32B-46E6-A7FF-A94888FCD634}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{96E20FF4-083F-46A4-A498-CB84D90DBD67}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{994B7B37-C3A3-43F0-917B-685B1AEAE467}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{9C269EAF-CA8D-4D51-BADB-351D88B880E6}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{9E05571F-25D6-4E8A-B819-3F6FB943BC8D}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{A42CC830-641E-4DF2-B005-FAD0DB79316F}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{A6547E03-2C35-449F-ACA3-B36A8580B619}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{A7CF4C00-3DD8-4CCA-91AD-8883EA4DAB55}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{B1183F42-E330-46C4-8AB4-8115DC79B563}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{B15C0BA4-6075-4F06-9BEF-0A4A8F39B378}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{B4F37436-A265-41C2-A240-B4BD3167C351}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{B7434E2F-9128-4B38-8720-C38DA05B8F5C}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{BDC65DF5-B81C-431E-9FB4-71C13C8DDBC3}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{C1650236-F267-4098-8ACE-037E47462C03}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{C491DA0C-DC9F-4452-BE01-4D9A493F89B3}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{CA2A6187-BB96-4D99-AD11-909D4A458F3C}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{D0750E24-FB55-4D08-B2EA-DE76651B5BCB}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{D3C69B58-228B-4FE9-A05D-D683898381F7}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{D6E7ACFF-9ACA-4E43-9A25-CA30FFC49786}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{D92F7788-36DC-4707-878C-8E7C9A5F17E7}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{DDCF5FC7-B5F0-4E4F-AC8F-2496776D1296}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{E0F132D2-51BB-46FD-93FA-5FB52D7B0ED3}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{E2B82323-EE6B-4849-BE79-0620FA8A2A26}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{E7EEEDA1-B2C1-45B9-AF5D-5D323C33758F}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{E8DF7AEE-A3A3-4983-BDD5-B825F19C0815}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{E99D4C07-A442-4122-8566-5AB8A32C4FA8}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{EFB88BEE-3D7C-48A3-B477-E64483054DA5}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{F1D925A9-3EF6-450A-B9C7-F8ADF08F663B}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{F2B2244D-CA4C-4AA7-8F1D-E325F4134B1E}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{F2DB2C41-85BD-4987-A4AC-575506950712}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{F381DF12-DE2E-49E3-8087-F525D9AD8A96}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{F8D4CF1B-1066-4855-A4D1-24ABFC729F05}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{FF3D1DD2-B5A8-48AB-9D5A-7DBA2D32B102}Successfully deleted: [Empty Folder] C:\Users\Paloma\appdata\local\{FFAE0B55-35E5-438F-8F13-0099EB269F32} ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on 06/02/2014 at 1:59:05,82End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ AdwCleaner[s3].txt # AdwCleaner v3.018 - Reporte Creado 06/02/2014 en 07:11:22# Actualizado 28/01/2014 por Xplode# Sistema Operativo : Windows 7 Home Premium Service Pack 1 (64 bits)# Nombre de usuario : Paloma - PALOMA-PC# Ejecutado desde : C:\Users\Paloma\Desktop\AdwCleaner.exe# Opción : Limpiar ***** [ Servicios ] ***** ***** [ Archivos / Carpetas ] ***** Carpeta Borrar : C:\ProgramData\ParetoLogicCarpeta Borrar : C:\Program Files (x86)\ParetoLogicCarpeta Borrar : C:\Users\Paloma\AppData\Roaming\ParetoLogicArchivo Borrar : C:\windows\System32\roboot64.exe ***** [ Accesos directos ] ***** ***** [ Registro ] ***** ***** [ Navegadores ] ***** -\\ Internet Explorer v9.0.8112.16450 -\\ Google Chrome v [ Archivo : C:\Users\Paloma\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R3].txt - [1012 octets] - [06/02/2014 07:07:31]AdwCleaner[s3].txt - [923 octets] - [06/02/2014 07:11:22] ########## EOF - C:\AdwCleaner\AdwCleaner[s3].txt - [982 octets] ##########
  9. Hi AdvancedSetup: First of all, thanks a lot for your answer and sorry for having opened two topics. I just thought that the first one had gone unnoticed. I have carefully followed the different steps. The only problem I had was that I couldn't download RogueKill (64) from the link you indicated, so I had to download it from this one: http://www.adlice.com/softwares/roguekiller/ I hope that's ok... Here is the result: RKill log Rkill 2.6.5 by Lawrence Abrams (Grinler)http://www.bleepingcomputer.com/Copyright 2008-2014 BleepingComputer.comMore Information about Rkill can be found at this link: http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 02/05/2014 12:27:56 AM in x64 mode.Windows Version: Windows 7 Home Premium Service Pack 1 Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * No malware processes found to kill. Checking Registry for malware related settings: * No issues found in the Registry. Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * No issues found. Checking Windows Service Integrity: * No issues found. Searching for Missing Digital Signatures: * No issues found. Checking HOSTS File: * HOSTS file entries found: 127.0.0.1 localhost Program finished at: 02/05/2014 12:30:21 AMExecution time: 0 hours(s), 2 minute(s), and 25 seconds(s) RogueKill log RogueKiller V8.8.3 _x64_ [Jan 24 2014] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.adlice.com/forum/Website : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser : Paloma [Admin rights]Mode : Scan -- Date : 02/05/2014 00:46:57| ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 6 ¤¤¤[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND[HJ POL][PUM] HKLM\[...]\Wow6432Node\[...]\System : DisableRegistryTools (0) -> FOUND[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK][PUM] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ DESK][PUM] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Browser Addons : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤--> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) SAMSUNG HN-M750MBB +++++--- User ---[MBR] ee4483c8735edbf4e377026458a82e49[bSP] 0de15382bf5a7dd7db113f8bb40a784c : KIWI Image system MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 82944 Mo2 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 170076160 | Size: 609042 Mo3 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 1417394176 | Size: 23317 MoUser = LL1 ... OK!User = LL2 ... OK! Finished : << RKreport[0]_S_02052014_004657.txt >> Thanks! FriZin
  10. Hi everybody! I am having the following problem: each time I try to run MBAM (free), a window pops up saying: Run-time error '50003' Unexpected error I have already cleanly reinstalled MBAM following the MBAM Clean Removal Process, but the error message keeps popping up, so I cannot use my MBAM. The computer is probably infected, since I have experienced other problems as well: - Windows Update does not work: it is unable of downloading (and installing) any updates - I cannot update Internet Explorer (from IE 9 to IE 11) My OS is Windows 7 Home Premium SP 1. I have run the DDS scan (logs are attached). Any help is appreciated. Thank you! FriZin attach.txt dds.txt
  11. Thanks a lot for your answer. I have opened a new topic under "Malware Removal Help". FriZin
  12. Hi everyone: When I try to launch my Malwarebytes Anti-Malware, an error message pops up saying: "Run-time error '50003' Unexpected error". I have already cleanly reinstalled Malwarebytes Anti-Malware following the MBAM Clean Removal Process, but the message keeps popping up. I have also run the DDS scan (logs are attached). According to Firefox (trusted advisor), there is much more going on than just a problem with MBAM, probably a malware infection. This makes sense to me, since I have also been experiencing the following problems: - Windows Update does not work properly: although warning of new updates, it is unable to download (and install) those updates - I cannot update Internet Explorer 9 to Internet Explorer 11 My OS is Windows 7 Home Premium SP 1. I am running the free version of MBAM. Thanks! FriZin PD: is there any way of changing my MBAM user name from "Frizinkerq" to "Frizinker" (the q was a typo)? attach.txt dds.txt attach.txt dds.txt
  13. Hello daledoc1: Thanks for your prompt response! I am running the free version. The clean reinstall with the MBAM Clean Removal Process did not work (the error window keeps popping up), so I ran the dds scan. Please find the logs attached. By the way, is there any way of changing my user name? I would like to slightly change it from "Frizinkerq" to "Frizinker" (the q is a typo). Thank you! FriZin attach.txt dds.txt
  14. Hi everybody! When I try to launch my Malwarebytes Anti-Malware, an error message pops up saying: "Run-time error '50003' Unexptected error". My OS is Windows 7 Home Premium SP 1. Anybody knowing a solution to this error? Thanks! FriZin
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.