Jump to content

Possible KeyLoger


Recommended Posts

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 12:51:21, on 26/04/2013

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe

C:\Users\Chifo\Local Settings\Apps\F.lux\flux.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\SysWOW64\DllHost.exe

C:\Program Files\Keylogger Detector\antispy.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\SoftwareDistribution\Download\Install\v credist_x86.exe

C:\Windows\SysWOW64\msiexec.exe

C:\Windows\syswow64\MsiExec.exe

O:\PROGRAMAS\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchya.com/?f=1&a=Searc...1156591296&ir=

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchya.com/?f=1&a=Searc...1156591296&ir=

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Ironsource LTD Helper Object - {25927741-5E5B-4D27-8D8B-9188FE64373F} - C:\Program Files (x86)\SearchYa!\1.5.25.0\bh\searchya.dll

O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: SearchYa Toolbar - {33AA308B-B565-4376-AC66-59EE9B6AD13E} - C:\Program Files (x86)\SearchYa!\1.5.25.0\searchyaTlbr.dll

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe C:\Windows\system32\advpack.dll,DelNodeRunDLL32 "C:\Users\Chifo\AppData\Local\Temp\IXP000.TMP\ "

O4 - HKCU\..\Run: [F.lux] "C:\Users\Chifo\Local Settings\Apps\F.lux\flux.exe" /noshow

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVICIO LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVICIO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'Servicio de red')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'Servicio de red')

O4 - HKUS\S-1-5-21-4124905758-2900846308-498442788-1004\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'postgres')

O4 - HKUS\S-1-5-21-4124905758-2900846308-498442788-1004\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'postgres')

O4 - Global Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe

O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll

O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) -http://download.gigabyte.com.tw/object/Dldrv.ocx

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)

O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: @%SystemRoot%\system32\aelupsvc.dll,-1 (AeLookupSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: AMD FUEL Service - Unknown owner - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

O23 - Service: @%systemroot%\system32\appidsvc.dll,-100 (AppIDSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\appinfo.dll,-100 (Appinfo) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe (file missing)

O23 - Service: @appmgmts.dll,-3250 (AppMgmt) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-204 (AudioEndpointBuilder) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\audiosrv.dll,-200 (AudioSrv) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\AxInstSV.dll,-103 (AxInstSV) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\bdesvc.dll,-100 (BDESVC) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\bfe.dll,-1001 (BFE) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\qmgr.dll,-1000 (BITS) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\browser.dll,-100 (Browser) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\bthserv.dll,-101 (bthserv) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\certprop.dll,-11 (CertPropSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\cryptsvc.dll,-1001 (CryptSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\cscsvc.dll,-200 (CscService) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @oleres.dll,-5012 (DcomLaunch) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\dhcpcore.dll,-100 (Dhcp) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\dnsapi.dll,-101 (Dnscache) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\dot3svc.dll,-1102 (dot3svc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\dps.dll,-500 (DPS) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\eapsvc.dll,-1 (EapHost) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\ehome\ehrecvr.exe,-101 (ehRecvr) - Unknown owner - C:\Windows\ehome\ehRecvr.exe

O23 - Service: @%SystemRoot%\ehome\ehsched.exe,-101 (ehSched) - Unknown owner - C:\Windows\ehome\ehsched.exe

O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE

O23 - Service: @%SystemRoot%\system32\wevtsvc.dll,-200 (eventlog) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @comres.dll,-2450 (EventSystem) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\fdPHost.dll,-100 (fdPHost) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\fdrespub.dll,-100 (FDResPub) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\FntCache.dll,-100 (FontCache) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @gpapi.dll,-112 (gpsvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Servicio de actualización de Google (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Servicio (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: @%SystemRoot%\System32\hidserv.dll,-101 (hidserv) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\kmsvc.dll,-6 (hkmsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\ListSvc.dll,-100 (HomeGroupListener) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\provsvc.dll,-100 (HomeGroupProvider) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\ikeext.dll,-501 (IKEEXT) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\IPBusEnum.dll,-102 (IPBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\iphlpsvc.dll,-500 (iphlpsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @comres.dll,-2946 (KtmRm) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\srvsvc.dll,-100 (LanmanServer) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\wkssvc.dll,-100 (LanmanWorkstation) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\lltdres.dll,-1 (lltdsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\lmhsvc.dll,-101 (lmhosts) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: @%systemroot%\system32\mmcss.dll,-100 (MMCSS) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @%SystemRoot%\system32\FirewallAPI.dll,-23090 (MpsSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\iscsidsc.dll,-5000 (MSiSCSI) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\msimsg.dll,-27 (msiserver) - Unknown owner - C:\Windows\system32\msiexec.exe

O23 - Service: @%SystemRoot%\system32\qagentrt.dll,-6 (napagent) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\netman.dll,-109 (Netman) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\netprofm.dll,-202 (netprofm) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\nlasvc.dll,-1 (NlaSvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\nsisvc.dll,-200 (nsi) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8004 (p2pimsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\p2psvc.dll,-8006 (p2psvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\pcasvc.dll,-1 (PcaSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\peerdistsvc.dll,-9000 (PeerDistSvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\sysWow64\perfhost.exe,-2 (PerfHost) - Unknown owner - C:\Windows\SysWow64\perfhost.exe

O23 - Service: @%systemroot%\system32\pla.dll,-500 (pla) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\umpnpmgr.dll,-100 (PlugPlay) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\pnrpauto.dll,-8002 (PNRPAutoReg) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\pnrpsvc.dll,-8000 (PNRPsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\polstore.dll,-5010 (PolicyAgent) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: postgresql-8.4 - PostgreSQL Server 8.4 (postgresql-8.4) - PostgreSQL Global Development Group - C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe

O23 - Service: @%SystemRoot%\system32\umpo.dll,-100 (Power) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\profsvc.dll,-300 (ProfSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\rasauto.dll,-200 (RasAuto) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%Systemroot%\system32\rasmans.dll,-200 (RasMan) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @regsvc.dll,-1 (RemoteRegistry) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%windir%\system32\RpcEpMap.dll,-1001 (RpcEptMapper) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @oleres.dll,-5010 (RpcSs) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: SafeBox - Bitdefender - C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\System32\SCardSvr.dll,-1 (SCardSvr) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\schedsvc.dll,-100 (Schedule) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\certprop.dll,-13 (SCPolicySvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe

O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe

O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe

O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\Sens.dll,-200 (SENS) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\sensrsvc.dll,-1000 (SensrSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\SessEnv.dll,-1026 (SessionEnv) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\shsvcs.dll,-12288 (ShellHWDetection) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppuinotify.dll,-103 (sppuinotify) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\ssdpsrv.dll,-100 (SSDPSRV) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\sstpsvc.dll,-200 (SstpSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wiaservc.dll,-9 (stisvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\swprv.dll,-103 (swprv) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\TabSvc.dll,-100 (TabletInputService) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\tapisrv.dll,-10100 (TapiSrv) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\tbssvc.dll,-100 (TBS) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\termsrv.dll,-268 (TermService) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\themeservice.dll,-8192 (Themes) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\mmcss.dll,-102 (THREADORDER) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\trkwks.dll,-1 (TrkWks) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\umrdp.dll,-1000 (UmRdpService) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: Bitdefender Desktop Update Service (UPDATESRV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe

O23 - Service: @%systemroot%\system32\upnphost.dll,-213 (upnphost) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\dwm.exe,-2000 (UxSms) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: Bitdefender Virus Shield (VSSERV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe

O23 - Service: @%SystemRoot%\system32\w32time.dll,-200 (W32Time) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%systemroot%\system32\wbiosrvc.dll,-100 (WbioSrvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wcncsvc.dll,-3 (wcncsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\WcsPlugInService.dll,-200 (WcsPlugInService) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%systemroot%\system32\wdi.dll,-502 (WdiServiceHost) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\wdi.dll,-500 (WdiSystemHost) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%systemroot%\system32\webclnt.dll,-100 (WebClient) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wecsvc.dll,-200 (Wecsvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\wercplsupport.dll,-101 (wercplsupport) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\wersvc.dll,-100 (WerSvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%ProgramFiles%\Windows Defender\MsMpRes.dll,-103 (WinDefend) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\system32\winhttp.dll,-100 (WinHttpAutoProxySvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\wbem\wmisvc.dll,-205 (Winmgmt) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\wsmsvc.dll,-101 (WinRM) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: @%SystemRoot%\System32\wlansvc.dll,-257 (Wlansvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

O23 - Service: @%SystemRoot%\system32\wpcsvc.dll,-100 (WPCSvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wpdbusenum.dll,-100 (WPDBusEnum) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\wscsvc.dll,-200 (wscsvc) - Unknown owner - C:\Windows\System32\svchost.exe

O23 - Service: Windows Update (wuauserv) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\system32\wudfsvc.dll,-1000 (wudfsvc) - Unknown owner - C:\Windows\system32\svchost.exe

O23 - Service: @%SystemRoot%\System32\wwansvc.dll,-257 (WwanSvc) - Unknown owner - C:\Windows\system32\svchost.exe

--

End of file - 24783 bytes

Link to post
Share on other sites

Welcome to the forum, please start at the link below:

http://forums.malwar...?showtopic=9573

Post back the 2 logs here.....DDS.txt and Attach.txt

(please don't put logs in code or quotes)

P2P Warning:

If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

<====><====><====><====><====><====><====><====>

Next................

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes)

MrC

Note:

Make sure you're subscribed to this topic:
Click on the
Follow This Topic Button
(at the top right of this page), make sure that the
Receive notification
box is checked and that it is set to
Instantly

Removing malware can be unpredictable
...things can go very wrong!
Backup
any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>
Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>
Please stick with me until I give you the "all clear".

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 06/04/2013 19:17:48

System Uptime: 26/04/2013 14:03:26 (4 hours ago)

.

Motherboard: Gigabyte Technology Co., Ltd. | | GA-870A-USB3

Processor: AMD Phenom II X4 B60 Processor | Socket M2 | 3400/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 119 GiB total, 95,792 GiB free.

D: is CDROM ()

E: is Removable

O: is FIXED (NTFS) - 149 GiB total, 119,717 GiB free.

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

Adobe Reader XI (11.0.02) - Español

Adobe Shockwave Player 11.6

AMD Accelerated Video Transcoding

AMD APP SDK Runtime

AMD Catalyst Install Manager

AMD Drag and Drop Transcoding

AMD Fuel

AMD Media Foundation Decoders

AMD VISION Engine Control Center

Anti keylogger Packages

Aplicación para detectar Winamp

Bitdefender Total Security 2013

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-utility64

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

CCleaner

Compresor WinRAR

CrystalDiskMark 3.0.2e

DAEMON Tools Pro

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

DivX Setup

Dropbox

EasySaver B9.1214.1

ESET Online Scanner v3

Etron USB3.0 Host Controller

F.lux

Flopzilla

forteManager

fortePivot

Geeks3D.com FurMark 1.10.6

Google Chrome

Google Update Helper

Holdem Manager

ImageBooster

ImgBurn

Java 7 Update 21

Java Auto Updater

K-Lite Codec Pack 5.4.4 (Full)

Keylogger Detector

Malwarebytes Anti-Malware versión 1.75.0.1300

MediaInfo 0.7.62

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Client Profile ESN Language Pack

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office Office 64-bit Components 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared 64-bit MUI (English) 2010

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

MKVcleaver

MKVToolNix 6.1.0

Mozilla Firefox 20.0.1 (x86 en-US)

Mozilla Maintenance Service

NoteCaddy 2

ON_OFF Charge B11.0110.1

Paint.NET v3.36

Paquete de idioma de Microsoft .NET Framework 4 Client Profile ESN

PokerStars

PokerStrategy.com Equilab

PostgreSQL 8.4

Rainmeter

Realtek Ethernet Controller Driver

Realtek High Definition Audio Driver

Samsung Magician

Samsung_MonSetup

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Skype™ 6.3

SpeedFan (remove only)

Spybot - Search & Destroy

SUPERAntiSpyware

swMSM

TableNinja

TableScan Turbo v1.0.3

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition

VC80CRTRedist - 8.0.50727.6195

VLC media player 2.0.6

Winamp

.

==== Event Viewer Messages From Past Week ========

.

26/04/2013 14:10:32, Error: Microsoft-Windows-WindowsUpdateClient [20] - Error de instalación: error de Windows al instalar la siguiente actualización, error 0x80242016: Actualización para la lista de Vista de compatibilidad de Internet Explorer 8 para Windows 7 para sistemas basados en x64 (KB2598845).

26/04/2013 14:04:13, Error: Service Control Manager [7023] -

26/04/2013 14:03:08, Error: Service Control Manager [7031] - El servicio Spybot-S&D 2 Updating Service terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 60000 milisegundos: Reiniciar el servicio.

26/04/2013 14:03:08, Error: Service Control Manager [7031] - El servicio Spybot-S&D 2 Security Center Service terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 60000 milisegundos: Reiniciar el servicio.

26/04/2013 14:03:07, Error: Service Control Manager [7034] - El servicio Skype Updater se terminó de manera inesperada. Esto ha sucedido 1 veces.

26/04/2013 14:03:07, Error: Service Control Manager [7034] - El servicio postgresql-8.4 - PostgreSQL Server 8.4 se terminó de manera inesperada. Esto ha sucedido 1 veces.

26/04/2013 14:03:07, Error: Service Control Manager [7034] - El servicio MBAMScheduler se terminó de manera inesperada. Esto ha sucedido 1 veces.

26/04/2013 14:03:07, Error: Service Control Manager [7031] - El servicio Spybot-S&D 2 Scanner Service terminó inesperadamente. Esto se ha repetido 1 veces. Se realizará la siguiente acción correctora en 60000 milisegundos: Reiniciar el servicio.

26/04/2013 14:03:06, Error: Service Control Manager [7034] - El servicio ES lite Service for program management. se terminó de manera inesperada. Esto ha sucedido 1 veces.

26/04/2013 14:03:06, Error: Service Control Manager [7034] - El servicio Adobe Acrobat Update Service se terminó de manera inesperada. Esto ha sucedido 1 veces.

26/04/2013 14:00:56, Error: Service Control Manager [7011] - Se agotó el tiempo de espera (30000 ms) para la respuesta de transacción del servicio VSSERV.

26/04/2013 14:00:25, Error: Service Control Manager [7043] - El servicio Instalador de módulos de Windows no se cerró correctamente después de recibir un control de aviso de apagado.

26/04/2013 12:54:05, Error: Microsoft-Windows-WindowsUpdateClient [20] - Error de instalación: error de Windows al instalar la siguiente actualización, error 0x80070643: Actualización de seguridad para el Paquete redistribuible de Microsoft Visual C++ 2008 Service Pack 1 (KB2538243).

21/04/2013 22:02:07, Error: Disk [11] - El controlador detectó un error de controladora en \Device\Harddisk2\DR4.

21/04/2013 22:02:06, Error: Disk [11] - El controlador detectó un error de controladora en \Device\Harddisk2\DR4.

21/04/2013 22:02:05, Error: Disk [11] - El controlador detectó un error de controladora en \Device\Harddisk2\DR4.

21/04/2013 22:01:14, Error: Disk [11] - El controlador detectó un error de controladora en \Device\Harddisk2\DR3.

21/04/2013 22:01:06, Error: Disk [11] - El controlador detectó un error de controladora en \Device\Harddisk2\DR2.

21/04/2013 21:58:06, Error: Disk [11] - El controlador detectó un error de controladora en \Device\Harddisk2\DR5.

21/04/2013 21:57:30, Error: Disk [11] - El controlador detectó un error de controladora en \Device\Harddisk2\DR5.

21/04/2013 21:57:30, Error: Disk [11] - El controlador detectó un error de controladora en \Device\Harddisk2\DR5.

21/04/2013 21:57:29, Error: Disk [11] - El controlador detectó un error de controladora en \Device\Harddisk2\DR5.

21/04/2013 21:57:28, Error: Disk [11] - El controlador detectó un error de controladora en \Device\Harddisk2\DR5.

21/04/2013 21:57:27, Error: Disk [11] - El controlador detectó un error de controladora en \Device\Harddisk2\DR5.

21/04/2013 21:57:26, Error: Disk [11] - El controlador detectó un error de controladora en \Device\Harddisk2\DR5.

21/04/2013 21:57:25, Error: Disk [11] - El controlador detectó un error de controladora en \Device\Harddisk2\DR5.

21/04/2013 21:57:25, Error: Disk [11] - El controlador detectó un error de controladora en \Device\Harddisk2\DR5.

21/04/2013 21:57:24, Error: Disk [11] - El controlador detectó un error de controladora en \Device\Harddisk2\DR5.

21/04/2013 21:57:24, Error: Disk [11] - El controlador detectó un error de controladora en \Device\Harddisk2\DR5.

21/04/2013 21:57:24, Error: Disk [11] - El controlador detectó un error de controladora en \Device\Harddisk2\DR5.

21/04/2013 21:57:21, Error: Application Popup [56] - El controlador USB ha devuelto un Id. no válido para un dispositivo secundario (6C626DBEDDAFEBC16000550F).

21/04/2013 21:57:21, Error: Application Popup [56] - El controlador USB ha devuelto un Id. no válido para un dispositivo secundario (6C626DBEDDAFEBC16000550F).

21/04/2013 21:55:13, Error: Disk [11] - El controlador detectó un error de controladora en \Device\Harddisk2\DR4.

21/04/2013 21:54:36, Error: Disk [11] - El controlador detectó un error de controladora en \Device\Harddisk2\DR3.

21/04/2013 21:52:33, Error: Disk [11] - El controlador detectó un error de controladora en \Device\Harddisk2\DR2.

20/04/2013 20:31:21, Error: Application Popup [56] - El controlador USB ha devuelto un Id. no válido para un dispositivo secundario (6C626DBEDDAFEBC16000550F).

20/04/2013 20:31:20, Error: Application Popup [56] - El controlador USB ha devuelto un Id. no válido para un dispositivo secundario (6C626DBEDDAFEBC16000550F).

.

==== End Of File ===========================

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16476 BrowserJavaVersion: 10.21.2

Run by Chifo at 18:28:07 on 2013-04-26

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.3082.18.4094.1810 [GMT -3:00]

.

AV: Bitdefender Antivirus *Enabled/Updated* {9B5F5313-CAF9-DD97-C460-E778420237B4}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

SP: Bitdefender Antispyware *Enabled/Updated* {203EB2F7-ECC3-D219-FED0-DC0A39857D09}

FW: Bitdefender Cortafuegos *Enabled* {A364D236-8096-DCCF-EF3F-4E4DBCD170CF}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe

C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe

C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe

C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe

C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe

C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe

C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe

C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe

C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe

C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\LogonUI.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskhost.exe

C:\Windows\Explorer.EXE

C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe

C:\Users\Chifo\Local Settings\Apps\F.lux\flux.exe

C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe

C:\Program Files\Rainmeter\Rainmeter.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe

C:\Windows\System32\osk.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\system32\sppsvc.exe

C:\Windows\System32\WUDFHost.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\Chifo\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.searchya.com/?f=1&a=SearchooD&cd=2XzuyEtN2Y1L1QzuyDtD0EyDyEzytA0BtAyC0ByB0AyEyB0DtN0D0Tzu0CyEzztCtN1L2XzutBtFtBtFtCtFyEtAtBtN1L1Czu0U1E0T1F0D1F2W1G1V0A1G2Z1L&cr=1156591296&ir=

mStart Page = hxxp://www.searchya.com/?f=1&a=SearchooD&cd=2XzuyEtN2Y1L1QzuyDtD0EyDyEzytA0BtAyC0ByB0AyEyB0DtN0D0Tzu0CyEzztCtN1L2XzutBtFtBtFtCtFyEtAtBtN1L1Czu0U1E0T1F0D1F2W1G1V0A1G2Z1L&cr=1156591296&ir=

mWinlogon: Userinit = userinit.exe

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Ironsource LTD Helper Object: {25927741-5E5B-4D27-8D8B-9188FE64373F} - C:\Program Files (x86)\SearchYa!\1.5.25.0\bh\searchya.dll

BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

TB: SearchYa Toolbar: {33AA308B-B565-4376-AC66-59EE9B6AD13E} - C:\Program Files (x86)\SearchYa!\1.5.25.0\searchyaTlbr.dll

uRun: [F.lux] "C:\Users\Chifo\Local Settings\Apps\F.lux\flux.exe" /noshow

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

StartupFolder: C:\Users\Chifo\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Chifo\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\RAINME~1.LNK - C:\Program Files\Rainmeter\Rainmeter.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

.

INFO: HKLM has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} - hxxp://download.gigabyte.com.tw/object/Dldrv.ocx

TCP: NameServer = 200.42.4.207 200.49.130.44

TCP: Interfaces\{0A4F6844-01A8-406A-822B-FD5C228EAF3E} : DHCPNameServer = 200.42.4.207 200.49.130.44

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Notify: SDWinLogon - SDWinLogon.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-mStart Page = hxxp://www.searchya.com/?f=1&a=SearchooD&cd=2XzuyEtN2Y1L1QzuyDtD0EyDyEzytA0BtAyC0ByB0AyEyB0DtN0D0Tzu0CyEzztCtN1L2XzutBtFtBtFtCtFyEtAtBtN1L1Czu0U1E0T1F0D1F2W1G1V0A1G2Z1L&cr=1156591296&ir=

x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-Run: [bdagent] C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

.

INFO: x64-HKLM has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Chifo\AppData\Roaming\Mozilla\Firefox\Profiles\vgfk2t5q.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.ar/

FF - component: C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{91c612bf-2a7a-48b8-8c8c-6de28589b7a0}\components\libstutils.dll

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

FF - ExtSQL: 2013-04-19 19:40; {23fcfd51-4958-4f00-80a3-ae97e717ed8b}; C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5

.

============= SERVICES / DRIVERS ===============

.

R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2012-4-10 82560]

R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2012-4-10 42624]

R0 avc3;avc3;C:\Windows\System32\drivers\avc3.sys [2013-4-6 707528]

R0 gzflt;gzflt;C:\Windows\System32\drivers\gzflt.sys [2013-4-6 147232]

R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2013-4-6 21104]

R1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys [2013-4-6 93160]

R1 bdfwfpf;bdfwfpf;C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [2013-4-6 103504]

R1 BDVEDISK;BDVEDISK;C:\Windows\System32\drivers\bdvedisk.sys [2013-4-6 76944]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-4-17 240640]

R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-12-19 361984]

R2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472]

R2 ES lite Service;ES lite Service for program management.;C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe [2013-4-6 68136]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-4-6 418376]

R2 postgresql-8.4;postgresql-8.4 - PostgreSQL Server 8.4;C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "C:/Program Files (x86)/PostgreSQL/8.4/data" -w --> C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 [?]

R2 SafeBox;SafeBox;C:\Program Files\Bitdefender\Bitdefender Safebox\safeboxservice.exe [2013-4-6 95184]

R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2013-4-6 1103392]

R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2013-4-6 1369624]

R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2013-4-6 168384]

R2 UPDATESRV;Bitdefender Desktop Update Service;C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe [2013-4-6 68856]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-4-17 96256]

R3 avchv;avchv Function Driver;C:\Windows\System32\drivers\avchv.sys [2013-4-6 261056]

R3 avckf;avckf;C:\Windows\System32\drivers\avckf.sys [2013-4-6 589000]

R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-4-6 283200]

R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2011-1-26 39808]

R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2011-1-26 64256]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-4-6 25928]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-4-6 413800]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-4-6 701512]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]

S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]

S3 BDSandBox;BDSandBox;C:\Windows\System32\drivers\bdsandbox.sys [2013-4-6 82384]

S3 LGDDCDevice;LGDDCDevice;C:\Program Files (x86)\LG Soft India\forteManager\bin\I2CDriver.sys [2013-4-13 14336]

S3 LGII2CDevice;LGII2CDevice;C:\Program Files (x86)\LG Soft India\forteManager\bin\PII2CDriver.sys [2013-4-13 18432]

S3 WatAdminSvc;Servicio de tecnologías de activación de Windows;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-4-26 1255736]

S4 BdDesktopParental;Bitdefender Desktop Parental Control;C:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe [2013-4-6 69392]

.

=============== Created Last 30 ================

.

2013-04-26 17:49:08 -------- d-----w- C:\Program Files (x86)\ESET

2013-04-26 17:02:28 -------- d-----w- C:\Windows\SysWow64\wbem\en-US

2013-04-26 17:02:27 -------- d-----w- C:\Windows\System32\wbem\en-US

2013-04-26 17:02:25 -------- d-----w- C:\Windows\SysWow64\Wat

2013-04-26 17:02:25 -------- d-----w- C:\Windows\System32\Wat

2013-04-26 16:25:49 46080 ----a-w- C:\Windows\System32\atmlib.dll

2013-04-26 16:25:49 367616 ----a-w- C:\Windows\System32\atmfd.dll

2013-04-26 16:25:49 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2013-04-26 16:25:49 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll

2013-04-26 16:19:48 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys

2013-04-26 16:19:48 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll

2013-04-26 16:19:48 744448 ----a-w- C:\Windows\System32\WUDFx.dll

2013-04-26 16:19:48 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll

2013-04-26 16:19:48 229888 ----a-w- C:\Windows\System32\WUDFHost.exe

2013-04-26 16:19:48 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys

2013-04-26 16:19:48 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll

2013-04-26 16:18:54 2560 ----a-w- C:\Windows\System32\drivers\es-ES\wdf01000.sys.mui

2013-04-26 16:18:53 9728 ----a-w- C:\Windows\System32\Wdfres.dll

2013-04-26 16:18:53 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys

2013-04-26 16:18:53 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys

2013-04-26 15:54:31 80896 ----a-w- C:\Windows\System32\imagehlp.dll

2013-04-26 15:54:31 22896 ----a-w- C:\Windows\System32\drivers\fs_rec.sys

2013-04-26 15:54:31 158720 ----a-w- C:\Windows\SysWow64\imagehlp.dll

2013-04-26 15:54:30 5120 ----a-w- C:\Windows\SysWow64\wmi.dll

2013-04-26 15:54:30 5120 ----a-w- C:\Windows\System32\wmi.dll

2013-04-26 15:25:48 -------- d-----w- C:\ProgramData\Keylogger Detector

2013-04-26 15:25:13 -------- d-----w- C:\Program Files\Keylogger Detector

2013-04-26 15:24:01 367104 ----a-w- C:\Windows\System32\wcncsvc.dll

2013-04-26 15:24:01 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll

2013-04-26 15:21:58 243712 ----a-w- C:\Windows\System32\drivers\ks.sys

2013-04-26 15:20:51 311808 ----a-w- C:\Windows\System32\msv1_0.dll

2013-04-26 15:20:51 257024 ----a-w- C:\Windows\SysWow64\msv1_0.dll

2013-04-26 15:13:41 1653096 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2013-04-26 15:11:06 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys

2013-04-26 15:09:04 801280 ----a-w- C:\Windows\System32\usp10.dll

2013-04-26 15:09:04 627712 ----a-w- C:\Windows\SysWow64\usp10.dll

2013-04-26 15:06:54 2001408 ----a-w- C:\Windows\System32\msxml6.dll

2013-04-26 15:06:54 1880064 ----a-w- C:\Windows\System32\msxml3.dll

2013-04-26 15:06:54 1388544 ----a-w- C:\Windows\SysWow64\msxml6.dll

2013-04-26 15:06:54 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

2013-04-26 15:06:42 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2013-04-26 15:06:42 2048 ----a-w- C:\Windows\System32\tzres.dll

2013-04-26 15:05:31 478208 ----a-w- C:\Windows\System32\dpnet.dll

2013-04-26 15:05:31 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll

2013-04-26 15:05:28 295792 ----a-w- C:\Windows\System32\drivers\volsnap.sys

2013-04-26 15:05:09 95744 ----a-w- C:\Windows\System32\synceng.dll

2013-04-26 15:05:09 78336 ----a-w- C:\Windows\SysWow64\synceng.dll

2013-04-26 15:01:58 220160 ----a-w- C:\Windows\System32\wintrust.dll

2013-04-26 15:00:58 3213824 ----a-w- C:\Windows\System32\msi.dll

2013-04-26 15:00:58 2342400 ----a-w- C:\Windows\SysWow64\msi.dll

2013-04-26 15:00:50 75632 ----a-w- C:\Windows\System32\drivers\partmgr.sys

2013-04-26 15:00:33 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll

2013-04-26 15:00:33 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll

2013-04-26 14:57:43 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll

2013-04-26 14:57:42 902656 ----a-w- C:\Windows\System32\d2d1.dll

2013-04-26 14:57:42 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll

2013-04-26 14:57:42 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll

2013-04-26 14:57:42 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll

2013-04-26 14:57:42 197120 ----a-w- C:\Windows\System32\d3d10_1.dll

2013-04-26 14:57:42 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll

2013-04-26 14:57:42 1541120 ----a-w- C:\Windows\System32\DWrite.dll

2013-04-26 14:57:42 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll

2013-04-26 14:57:42 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll

2013-04-26 14:51:44 723456 ----a-w- C:\Windows\System32\EncDec.dll

2013-04-26 14:48:30 -------- d-----w- C:\Users\Chifo\AppData\Roaming\0U1E0T1F0D1F2W1G

2013-04-26 14:48:22 -------- d-----w- C:\Program Files (x86)\SearchYa!

2013-04-26 14:46:58 142336 ----a-w- C:\Windows\System32\poqexec.exe

2013-04-26 14:45:29 4068864 ----a-w- C:\Windows\System32\mf.dll

2013-04-26 14:44:55 148992 ----a-w- C:\Windows\System32\t2embed.dll

2013-04-26 14:43:58 552960 ----a-w- C:\Windows\System32\msdri.dll

2013-04-26 14:42:50 85504 ----a-w- C:\Windows\SysWow64\secproc_ssp_isv.dll

2013-04-24 23:09:19 -------- d-----w- C:\Users\Chifo\SystemRequirementsLab

2013-04-24 15:38:24 -------- d-----w- C:\Program Files (x86)\VideoLAN

2013-04-24 15:04:08 -------- d-----w- C:\Users\Chifo\AppData\Roaming\postgresql

2013-04-22 18:38:59 -------- d-----w- C:\Users\Chifo\AppData\Roaming\TeamViewer

2013-04-20 22:06:27 -------- d-----w- C:\Users\Chifo\AppData\Roaming\mkvtoolnix

2013-04-20 22:02:59 -------- d-----w- C:\Users\Chifo\MKVCleaver

2013-04-20 02:29:03 -------- d-----w- C:\Users\Chifo\AppData\Roaming\Yamb

2013-04-20 02:27:26 -------- d-----w- C:\Program Files (x86)\MKVcleaver

2013-04-20 02:25:11 -------- d-----w- C:\Program Files (x86)\MKVToolNix

2013-04-20 02:22:10 -------- d-----w- C:\Program Files\MediaInfo

2013-04-19 22:42:29 -------- d-----w- C:\Users\Chifo\AppData\Local\DDMSettings

2013-04-19 22:40:26 -------- d-----w- C:\Program Files\DivX

2013-04-19 22:40:23 -------- d-----w- C:\Program Files (x86)\Common Files\DivX Shared

2013-04-19 22:38:13 -------- d-----w- C:\Program Files (x86)\DivX

2013-04-19 22:37:19 -------- d-----w- C:\ProgramData\DivX

2013-04-17 14:13:58 -------- d-----w- C:\Users\Chifo\AppData\Local\AMD

2013-04-17 14:12:34 -------- d-----w- C:\Program Files (x86)\AMD AVT

2013-04-17 14:12:33 -------- d-----w- C:\Program Files (x86)\AMD APP

2013-04-17 14:12:31 -------- d-----w- C:\Program Files\Common Files\ATI Technologies

2013-04-17 14:12:31 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies

2013-04-17 14:12:15 -------- d-----w- C:\ProgramData\AMD

2013-04-17 01:15:11 -------- d-----w- C:\Program Files (x86)\NoteCaddy 2

2013-04-17 00:55:22 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll

2013-04-17 00:55:22 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll

2013-04-17 00:55:22 48960 ----a-w- C:\Windows\System32\netfxperf.dll

2013-04-17 00:55:22 444752 ----a-w- C:\Windows\System32\mscoree.dll

2013-04-17 00:55:22 320352 ----a-w- C:\Windows\System32\PresentationHost.exe

2013-04-17 00:55:22 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll

2013-04-17 00:55:22 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe

2013-04-17 00:55:22 1942856 ----a-w- C:\Windows\System32\dfshim.dll

2013-04-17 00:55:22 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll

2013-04-17 00:55:22 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll

2013-04-14 18:49:26 -------- d-----w- C:\Program Files (x86)\Geeks3D

2013-04-13 18:38:56 -------- d-----w- C:\Program Files (x86)\MonitorDriver

2013-04-13 18:29:55 98304 ----a-w- C:\Windows\SysWow64\LGMonitorDDCCISDK.dll

2013-04-13 18:29:55 94208 ----a-w- C:\Windows\SysWow64\LGErrorHandler.dll

2013-04-13 18:29:55 73728 ----a-w- C:\Windows\SysWow64\LGProtocolEngine.dll

2013-04-13 18:29:55 557056 ----a-w- C:\Windows\SysWow64\LGDeviceManager.dll

2013-04-13 18:29:54 53248 ----a-r- C:\Windows\SysWow64\ATIDDC.DLL

2013-04-13 18:29:54 20992 ----a-w- C:\Windows\SysWow64\LGUmdl.dll

2013-04-13 18:29:54 19968 ----a-w- C:\Windows\SysWow64\LGPII2CDriver.sys

2013-04-13 18:29:54 16384 ----a-w- C:\Windows\SysWow64\LGI2CDriver.sys

2013-04-13 18:26:06 65792 ----a-w- C:\Windows\SysWow64\LGDispDrv.dll

2013-04-13 18:26:06 3456 ----a-r- C:\Windows\SysWow64\LgExport.dll

2013-04-13 18:26:01 69632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe

2013-04-13 18:26:01 61440 ----a-w- C:\Windows\SysWow64\ISUSPM.cpl

2013-04-13 18:26:01 385024 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\_ispmres.dll

2013-04-13 18:26:01 368640 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\_isusres.dll

2013-04-13 18:26:01 204800 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISDM.exe

2013-04-13 18:26:01 196608 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe

2013-04-13 18:26:01 -------- d-----w- C:\Program Files (x86)\LG Soft India

2013-04-13 18:26:00 446464 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\agent.exe

2013-04-13 18:25:53 733184 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iKernel.dll

2013-04-13 18:25:53 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\ctor.dll

2013-04-13 18:25:53 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\DotNetInstaller.exe

2013-04-13 18:25:53 266240 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iscript.dll

2013-04-13 18:25:53 172032 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iuser.dll

2013-04-13 18:25:43 303236 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\setup.dll

2013-04-13 18:25:43 180356 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\10\00\Intel32\iGdi.dll

2013-04-09 23:09:56 13008 ----a-w- C:\Windows\System32\drivers\pstrip64.sys

2013-04-07 16:05:22 -------- d-----w- C:\Users\Chifo\AppData\Local\ElevatedDiagnostics

2013-04-07 14:15:16 -------- d-----w- C:\Users\Chifo\AppData\Local\Equilab

2013-04-07 13:38:49 77312 ----a-w- C:\Windows\System32\packager.dll

2013-04-07 13:38:49 67072 ----a-w- C:\Windows\SysWow64\packager.dll

2013-04-07 01:21:44 139264 ----a-w- C:\Windows\System32\cabview.dll

2013-04-07 01:21:44 132608 ----a-w- C:\Windows\SysWow64\cabview.dll

2013-04-07 01:21:42 826368 ----a-w- C:\Windows\SysWow64\rdpcore.dll

2013-04-07 01:21:42 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys

2013-04-07 01:21:42 1031680 ----a-w- C:\Windows\System32\rdpcore.dll

2013-04-07 01:12:33 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2013-04-07 01:12:31 99840 ----a-w- C:\Windows\System32\wudriver.dll

2013-04-07 01:12:30 36864 ----a-w- C:\Windows\System32\wuapp.exe

2013-04-07 01:12:30 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2013-04-07 01:08:55 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services

2013-04-07 01:08:42 -------- d-----w- C:\Windows\PCHEALTH

2013-04-07 01:08:42 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition

2013-04-07 01:07:42 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8

2013-04-07 01:07:30 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services

2013-04-07 01:07:26 -------- d-----w- C:\Users\Chifo\AppData\Local\Microsoft Help

2013-04-07 00:57:47 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys

2013-04-07 00:57:45 -------- d-----w- C:\Users\Chifo\AppData\Roaming\DAEMON Tools Pro

2013-04-07 00:57:41 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Pro

2013-04-07 00:56:59 -------- d-----w- C:\ProgramData\DAEMON Tools Pro

2013-04-06 23:51:58 -------- d-----r- C:\Users\Chifo\Dropbox

2013-04-06 23:51:23 -------- d-----w- C:\Program Files\CrystalDiskMark

2013-04-06 23:50:32 -------- d-----w- C:\Program Files\CCleaner

2013-04-06 23:49:59 -------- d-----w- C:\Users\Chifo\AppData\Roaming\Dropbox

2013-04-06 23:48:18 -------- d-----w- C:\Program Files (x86)\PokerStrategy.com

2013-04-06 23:48:04 -------- d-----w- C:\Program Files (x86)\Flopzilla

2013-04-06 23:48:00 -------- d-----w- C:\Users\Chifo\AppData\Local\Downloaded Installations

2013-04-06 23:46:51 -------- d-----w- C:\Program Files (x86)\SpeedFan

2013-04-06 23:46:22 -------- d-----w- C:\Users\Chifo\AppData\Roaming\Malwarebytes

2013-04-06 23:46:19 -------- d-----w- C:\ProgramData\Malwarebytes

2013-04-06 23:46:18 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-04-06 23:46:18 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-04-06 23:45:53 178176 ----a-w- C:\Windows\SysWow64\unrar.dll

2013-04-06 23:45:52 881664 ----a-w- C:\Windows\SysWow64\xvidcore.dll

2013-04-06 23:45:52 839680 ----a-w- C:\Windows\SysWow64\lameACM.acm

2013-04-06 23:45:52 217088 ----a-w- C:\Windows\SysWow64\yv12vfw.dll

2013-04-06 23:45:52 205824 ----a-w- C:\Windows\SysWow64\xvidvfw.dll

2013-04-06 23:45:52 118784 ----a-w- C:\Windows\SysWow64\ac3acm.acm

2013-04-06 23:45:51 85504 ----a-w- C:\Windows\SysWow64\ff_vfw.dll

2013-04-06 23:45:50 -------- d-----w- C:\Program Files (x86)\K-Lite Codec Pack

2013-04-06 23:44:16 1599039 ----a-w- C:\ProgramData\1365288073.bdinstall.bin

2013-04-06 23:43:49 -------- d-----w- C:\Program Files\Paint.NET

2013-04-06 23:43:39 -------- d-----w- C:\Users\Chifo\AppData\Local\Paint.NET

2013-04-06 23:43:30 -------- d-----w- C:\ProgramData\BDLogging

2013-04-06 23:43:18 -------- d-----w- C:\Users\Chifo\AppData\Local\PokerStars

2013-04-06 23:43:15 -------- d-----w- C:\Program Files (x86)\PokerStars

2013-04-06 23:42:53 76944 ----a-w- C:\Windows\System32\drivers\bdvedisk.sys

2013-04-06 23:42:14 -------- d-----w- C:\Users\Chifo\AppData\Roaming\Rainmeter

2013-04-06 23:42:13 -------- d-----w- C:\Program Files\Rainmeter

2013-04-06 23:41:50 93160 ----a-w- C:\Windows\System32\drivers\BdfNdisf6.sys

2013-04-06 23:41:50 82384 ----a-w- C:\Windows\System32\drivers\bdsandbox.sys

2013-04-06 23:41:50 511328 ----a-w- C:\Windows\capicom.dll

2013-04-06 23:41:49 1721576 ----a-w- C:\Windows\System32\WdfCoInstaller01009.dll

2013-04-06 23:41:47 707528 ----a-w- C:\Windows\System32\drivers\avc3.sys

2013-04-06 23:41:47 589000 ----a-w- C:\Windows\System32\drivers\avckf.sys

2013-04-06 23:41:47 261056 ----a-w- C:\Windows\System32\drivers\avchv.sys

2013-04-06 23:41:03 -------- d-----w- C:\Windows\SysWow64\Adobe

2013-04-06 23:41:01 -------- d-----r- C:\Program Files (x86)\Skype

2013-04-06 23:38:35 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy

2013-04-06 23:38:31 17272 ----a-w- C:\Windows\System32\sdnclean64.exe

2013-04-06 23:38:28 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2

2013-04-06 23:38:02 -------- d-----w- C:\Users\Chifo\AppData\Local\Programs

2013-04-06 23:37:46 -------- d-----w- C:\Users\Chifo\AppData\Roaming\SUPERAntiSpyware.com

2013-04-06 23:37:46 -------- d-----w- C:\Users\Chifo\AppData\Local\Google

2013-04-06 23:37:44 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com

2013-04-06 23:37:44 -------- d-----w- C:\Program Files\SUPERAntiSpyware

2013-04-06 23:29:38 -------- d-----w- C:\Program Files (x86)\TableNinja

2013-04-06 23:29:02 -------- d-----w- C:\Program Files (x86)\TableScan Turbo

2013-04-06 23:17:44 -------- d-----w- C:\Users\Chifo\AppData\Local\Adobe

2013-04-06 23:17:27 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service

2013-04-06 23:17:04 25640 ----a-w- C:\Windows\gdrv.sys

2013-04-06 23:16:23 -------- d-----w- C:\Windows\GBD

2013-04-06 23:13:32 -------- d-----w- C:\Users\Chifo\AppData\Local\Mozilla

2013-04-06 22:57:01 -------- d-----w- C:\Samsung

2013-04-06 22:56:57 2414360 ----a-w- C:\Windows\SysWow64\d3dx9_31.dll

2013-04-06 22:56:57 1892184 ----a-w- C:\Windows\SysWow64\D3DX9_42.dll

2013-04-06 22:56:48 -------- d-----w- C:\Program Files (x86)\Winamp Detect

2013-04-06 22:56:46 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine

2013-04-06 22:50:31 -------- d-----w- C:\Users\Chifo\AppData\Roaming\Bitdefender

2013-04-06 22:50:29 -------- d-----w- C:\ProgramData\Bitdefender

2013-04-06 22:49:59 -------- d-----w- C:\Users\Chifo\AppData\Roaming\QuickScan

2013-04-06 22:48:42 9162192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{21A06872-F0F0-46ED-B5F9-61D6A33D72BD}\mpengine.dll

2013-04-06 22:48:42 273840 ------w- C:\Windows\System32\MpSigStub.exe

2013-04-06 22:41:33 350160 ----a-w- C:\Windows\System32\drivers\trufos.sys

2013-04-06 22:41:33 147232 ----a-w- C:\Windows\System32\drivers\gzflt.sys

2013-04-06 22:41:33 -------- d-----w- C:\Program Files\Bitdefender

2013-04-06 22:39:25 -------- d-----w- C:\Program Files\Common Files\Bitdefender

2013-04-06 22:29:15 31272 ----a-w- C:\Windows\System32\AppleChargerSrv.exe

2013-04-06 22:29:15 21104 ----a-w- C:\Windows\System32\drivers\AppleCharger.sys

2013-04-06 22:29:15 -------- d-----w- C:\Program Files\GIGABYTE

2013-04-06 22:28:54 -------- d-----w- C:\Program Files (x86)\Etron Technology

2013-04-06 22:27:26 413800 ----a-w- C:\Windows\System32\drivers\Rt64win7.sys

2013-04-06 22:27:25 74272 ----a-w- C:\Windows\System32\RtNicProp64.dll

2013-04-06 22:27:25 107552 ----a-w- C:\Windows\System32\RTNUninst64.dll

2013-04-06 22:26:46 -------- d-----w- C:\ProgramData\Splashtop

2013-04-06 22:26:09 -------- d-----w- C:\Windows\SysWow64\RTCOM

2013-04-06 22:26:09 -------- d-----w- C:\Program Files\Realtek

2013-04-06 22:26:00 518896 ----a-w- C:\Windows\System32\SRSTSX64.dll

2013-04-06 22:26:00 2580824 ----a-w- C:\Windows\System32\WavesGUILib.dll

2013-04-06 22:26:00 211184 ----a-w- C:\Windows\System32\SRSTSH64.dll

2013-04-06 22:26:00 198896 ----a-w- C:\Windows\System32\SRSHP64.dll

2013-04-06 22:26:00 155888 ----a-w- C:\Windows\System32\SRSWOW64.dll

2013-04-06 22:24:44 -------- d-----w- C:\Program Files (x86)\Gigabyte

2013-04-06 22:24:38 753664 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll

2013-04-06 22:24:38 69714 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll

2013-04-06 22:24:38 63488 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe

2013-04-06 22:24:38 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe

2013-04-06 22:24:38 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll

2013-04-06 22:24:38 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll

2013-04-06 22:24:38 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll

2013-04-06 22:24:38 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll

2013-04-06 22:24:38 184320 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll

2013-04-06 22:20:33 -------- d-----w- C:\W7LEB3.EXE

2013-04-06 21:49:49 -------- d-----w- C:\Users\Chifo\AppData\Local\fedesx

2013-04-06 15:06:02 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2013-04-06 15:06:02 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2013-04-06 15:06:00 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-04-06 13:03:47 0 ----a-w- C:\Windows\ativpsrm.bin

2013-04-06 05:02:27 -------- d-----w- C:\Windows\Panther

2013-04-06 02:19:20 -------- d-----w- C:\Users\Chifo\AppData\Roaming\Hard Disk Sentinel

2013-04-06 02:19:13 -------- d-----w- C:\Program Files (x86)\Hard Disk Sentinel

2013-04-06 02:14:37 -------- d-----w- C:\ProgramData\Samsung

2013-04-06 02:14:37 -------- d-----w- C:\Program Files (x86)\Samsung Magician

2013-04-06 01:30:14 -------- d-----w- C:\Users\Chifo\AppData\Local\In The Money

2013-04-06 01:30:14 -------- d-----w- C:\HMArchive

2013-04-06 01:22:41 -------- d-----w- C:\Users\Chifo\AppData\Local\ATI

2013-04-06 01:20:15 -------- d-----w- C:\ATI

2013-04-06 01:05:44 -------- d-----w- C:\Program Files\ATI

2013-04-06 01:05:10 -------- d-----w- C:\AMD

2013-04-06 00:55:03 -------- d-----w- C:\ProgramData\XHEO INC

2013-04-06 00:54:30 -------- d-----w- C:\Users\Chifo\AppData\Local\IsolatedStorage

2013-04-06 00:54:29 -------- d-----w- C:\Users\Chifo\AppData\Roaming\HEM Data

2013-04-06 00:52:10 -------- d-----w- C:\Program Files (x86)\PostgreSQL

2013-04-06 00:51:46 -------- d-----w- C:\Program Files (x86)\RVG Software

2013-04-06 00:51:39 -------- d-----w- C:\Program Files (x86)\PSQLINSTALL

2013-04-06 00:41:53 -------- d-----w- C:\Windows\pss

2013-04-06 00:33:37 -------- d-----w- C:\Users\Chifo\AppData\Local\CrystalDiskMark

.

==================== Find3M ====================

.

2013-03-23 01:09:28 354656 ----a-w- C:\Windows\SysWow64\DivXControlPanelApplet.cpl

2013-03-19 06:19:35 5497688 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-03-19 05:54:37 43520 ----a-w- C:\Windows\System32\csrsrv.dll

2013-03-19 05:06:09 3958120 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-03-19 05:06:09 3902312 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-03-19 04:53:45 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll

2013-03-19 03:19:03 112640 ----a-w- C:\Windows\System32\smss.exe

2013-03-01 03:32:29 3150848 ----a-w- C:\Windows\System32\win32k.sys

2013-02-12 15:42:13 44032 ----a-w- C:\Windows\System32\tsgqec.dll

2013-02-12 15:37:30 3138048 ----a-w- C:\Windows\System32\mstscax.dll

2013-02-12 15:31:40 158208 ----a-w- C:\Windows\System32\aaclient.dll

2013-02-12 15:13:55 2691072 ----a-w- C:\Windows\SysWow64\mstscax.dll

2013-02-12 15:07:48 131072 ----a-w- C:\Windows\SysWow64\aaclient.dll

2013-02-12 13:59:49 36864 ----a-w- C:\Windows\SysWow64\tsgqec.dll

.

============= FINISH: 18:28:35,49 ===============

Link to post
Share on other sites

RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7600 ) 64 bits version

Started in : Normal mode

User : Chifo [Admin rights]

Mode : Scan -- Date : 04/26/2013 18:31:52

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤

[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

127.0.0.1 www.0scan.com

127.0.0.1 0scan.com

127.0.0.1 www.1000gratisproben.com

127.0.0.1 1000gratisproben.com

127.0.0.1 1001namen.com

127.0.0.1 www.1001namen.com

127.0.0.1 100888290cs.com

127.0.0.1 www.100888290cs.com

127.0.0.1 www.100sexlinks.com

127.0.0.1 100sexlinks.com

[...]

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD16 00JS-00NCB1 SATA Disk Device +++++

--- User ---

[MBR] 3ddbcf3d9f5316430e1764bc1955f457

[bSP] 6123c2e2a0ee2911ac23ddf19e9412a5 : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 152625 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: SAMSUNG SSD 830 Series SATA Disk Device +++++

--- User ---

[MBR] f18b9ae4f7432d3e2d2bbd9f4b6f9e62

[bSP] 57e5048068170fbe7c5ee760645d3b1a : Windows 7/8 MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 122102 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1]_S_04262013_02d1831.txt >>

RKreport[1]_S_04262013_02d1831.txt

Link to post
Share on other sites

Take a look in this folder and see if there's an uninstaller inside to uninstall SearchYa (which is spyware/adware):

C:\Program Files (x86)\SearchYa!

----------------------

Next.......

Download aswMBR to your desktop.

http://public.avast....erek/aswMBR.exe

Double click the aswMBR.exe to run it.

If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".

Click the "Scan" button to start scan.

On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

MrC

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.