Jump to content
Sign in to follow this  
dexter2310

infected with moneypak virus, please help

Recommended Posts

Hello, im not able to access my computer regular or in safe mode.

 

I have run an OTLPEStd.exe scan.

 

Please help me to see what i can scan/fix since i got the C:\OTL.txt

 

Here it is, thank you

 

OTL logfile created on: 8/19/2013 7:36:08 AM - Run
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 60.00 Gb Total Space | 3.53 Gb Free Space | 5.89% Space Free | Partition Type: NTFS
Drive D: | 172.76 Gb Total Space | 12.80 Gb Free Space | 7.41% Space Free | Partition Type: NTFS
Drive F: | 3.74 Gb Total Space | 3.52 Gb Free Space | 94.25% Space Free | Partition Type: FAT32
Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet003
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Disabled] --  -- (HidServ)
SRV - File not found [On_Demand] --  -- (getPlus® Helper) getPlus®
SRV - File not found [Auto] --  -- (AviraUpgradeService)
SRV - [2013/07/15 16:12:11 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/04/02 06:01:48 | 000,240,264 | ---- | M] (Microsoft Corporation.) [On_Demand] -- C:\Program Files\Microsoft\BingBar\7.2.233.0\SeaPort.exe -- (BBUpdate)
SRV - [2013/04/02 06:01:48 | 000,193,672 | ---- | M] (Microsoft Corporation.) [Auto] -- C:\Program Files\Microsoft\BingBar\7.2.233.0\BBSvc.exe -- (BBSvc)
SRV - [2013/02/05 11:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2012/06/22 18:34:12 | 001,118,680 | ---- | M] (PC Tools) [On_Demand] -- C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2012/06/22 17:21:50 | 000,402,368 | ---- | M] (PC Tools) [On_Demand] -- C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2012/06/22 14:38:46 | 000,575,448 | ---- | M] (Threat Expert Ltd.) [Auto] -- C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2011/08/20 02:49:48 | 000,045,056 | ---- | M] (Intuit) [Auto] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2011/08/20 00:31:14 | 001,248,256 | ---- | M] (Intuit Inc.) [Auto] -- C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe -- (QBVSS)
SRV - [2011/08/20 00:30:58 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2008/11/09 16:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2004/09/22 18:27:34 | 000,061,440 | ---- | M] () [Auto] -- C:\Program Files\Onyx Graphics\AutoUpdate\OnxUpdtService.exe -- (OnyxUpdaterService)
SRV - [2000/05/24 19:20:36 | 000,015,360 | ---- | M] (Adobe Systems Incorporated) [Disabled] -- C:\WINDOWS\system32\ATMsrvc.exe -- (ATMsrvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDCOMP)
DRV - File not found [Kernel | System] --  -- (PCIDump)
DRV - File not found [Kernel | System] --  -- (lbrtfdc)
DRV - File not found [Kernel | System] --  -- (Changer)
DRV - File not found [Kernel | On_Demand] --  -- (catchme)
DRV - [2013/03/06 21:32:25 | 000,031,360 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | System] -- C:\WINDOWS\system32\drivers\kxhekyc.sys -- (kxhekyc)
DRV - [2013/01/03 16:49:42 | 000,033,512 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2012/06/22 18:34:52 | 000,203,120 | ---- | M] (PC Tools) [Kernel | System] -- C:\WINDOWS\system32\drivers\PCTSD.sys -- (PCTSD)
DRV - [2012/06/22 14:39:14 | 000,070,768 | ---- | M] (PC Tools) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\PCTBD.sys -- (PCTBD)
DRV - [2012/04/23 15:36:50 | 000,383,368 | ---- | M] (PC Tools) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2012/02/28 14:43:00 | 000,342,168 | ---- | M] (PC Tools) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\pctDS.sys -- (pctDS)
DRV - [2010/05/19 13:53:13 | 000,047,616 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\Haspnt.sys -- (Haspnt)
DRV - [2010/02/11 08:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2008/04/13 14:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 14:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2007/07/23 15:05:20 | 000,009,104 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DLADResM.SYS -- (DLADResM)
DRV - [2007/07/23 15:04:58 | 000,037,360 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2007/07/23 15:04:56 | 000,098,448 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2007/07/23 15:04:56 | 000,093,552 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2007/07/23 15:04:54 | 000,027,216 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2007/07/23 15:04:52 | 000,032,848 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2007/07/23 15:04:52 | 000,016,304 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2007/07/23 15:04:50 | 000,108,752 | ---- | M] (Roxio) [File_System | Auto] -- C:\WINDOWS\system32\drivers\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2007/07/23 14:49:44 | 000,030,064 | ---- | M] (Roxio) [File_System | System] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2007/07/23 14:49:44 | 000,014,576 | ---- | M] (Roxio) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2007/06/13 20:41:44 | 004,403,712 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/03/01 10:34:22 | 000,028,352 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2004/08/04 06:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/04 06:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004/07/14 15:54:42 | 000,676,864 | ---- | M] (Aladdin Knowledge Systems) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock)
DRV - [2004/05/11 22:11:02 | 000,099,968 | ---- | M] (Aladdin Knowledge Systems) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\aksusb.sys -- (aksusb)
DRV - [2004/04/28 13:03:08 | 000,328,448 | ---- | M] (Aladdin Knowledge Systems) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\akshasp.sys -- (akshasp)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data over 100 bytes]
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data over 100 bytes]
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=OIE8HP&PC=UP62
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=1080613
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://partnerpage.google.com/smallbiz.dell.com/en_us?hl=en&client=dell-usuk&channel=us-smb&ibd=1080613
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Search,CustomSearch =
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\HelpAssistant_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://news.yahoo.com/ [binary data]
IE - HKU\HelpAssistant_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\HelpAssistant_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\HelpAssistant_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\HelpAssistant_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\HelpAssistant_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\HelpAssistant_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
IE - HKU\mixael_padilla_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\mixael_padilla_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\mixael_padilla_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\mixael_padilla_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\mixael_padilla_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\mixael_padilla_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKU\mixael_padilla_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:6092
 
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMSS.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\mixael padilla\Application Data\Move Networks\plugins\npqmp071705000014.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@rayv.com/rayvplugin: C:\Program Files\RayV\RayV\plugins\nprayvplugin.dll (RayV)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\PC Tools\PC Tools Security\BDT\Firefox\ [2012/09/26 17:27:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/10/05 18:40:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/05/27 13:35:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/05/27 13:36:14 | 000,000,000 | ---D | M]
 
[2013/06/11 14:50:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/28 17:51:28 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2011/04/14 12:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/28 17:51:12 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml.old
[2012/04/02 19:15:08 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
 
O1 HOSTS File: ([2013/08/12 11:17:25 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files\Microsoft\BingBar\7.2.233.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Bucksbee Loyalty Plugin - 100815) - {E5C2A1FE-86DB-87B4-11F0-1AA2579E81DD} - C:\Program Files\Bucksbee Loyalty Plugin - 100815\BucksBee Loyalty Plugin.dll (Freecause Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files\Microsoft\BingBar\7.2.233.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\HelpAssistant_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\HelpAssistant_ON_C\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKU\mixael_padilla_ON_C\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKU\mixael_padilla_ON_C\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [comwis] C:\Documents and Settings\mixael padilla\Application Data\ypjvdod.exe (Spanish Airline Ticketing)
O4 - HKLM..\Run: [intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (rootkit-scan)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NrHXADuRdm.exe] C:\Documents and Settings\mixael padilla\Local Settings\Application Data\8EVvll6gC\NrHXADuRdm.exe (Zdxdt Garyc Oqclkshzfbb)
O4 - HKU\mixael_padilla_ON_C..\Run: [Adobe Acrobat Synchronizer] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe (Adobe Systems Incorporated)
O4 - HKU\mixael_padilla_ON_C..\Run: [HP Officejet Pro 8600 (NET)] C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKU\mixael_padilla_ON_C..\Run: [NrHXADuRdm.exe] C:\Documents and Settings\mixael padilla\Local Settings\Application Data\8EVvll6gC\NrHXADuRdm.exe (Zdxdt Garyc Oqclkshzfbb)
O4 - HKU\mixael_padilla_ON_C..\Run: [Octoshape Streaming Services] C:\Documents and Settings\mixael padilla\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Intuit Data Protect.lnk = C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks US Plugin.lnk = C:\Program Files\PayPal Payment Request Wizard\QB US edition\OEHook.exe (A-1 Technology, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk = C:\Program Files\Intuit\QuickBooks 2005\QBW32.EXE (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\mixael padilla\Start Menu\Programs\Startup\Dropbox.lnk =  File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon: DisableCAD = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Administrator_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\HelpAssistant_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\HelpAssistant_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\HelpAssistant_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\HelpAssistant_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\HelpAssistant_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalUser\Software\Microsoft\Windows\CurrentVersion\Policies\System: DisableTaskMgr = 1
O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\mixael_padilla_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\mixael_padilla_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\mixael_padilla_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\mixael_padilla_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\mixael_padilla_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\Software\Microsoft\Windows\CurrentVersion\Group Policy Objects\LocalUser\Software\Microsoft\Windows\CurrentVersion\Policies\System: DisableTaskMgr = 1
O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra 'Tools' menuitem : Yahoo! Search Protection - {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - C:\Program Files\Yahoo!\Search Protection\ysp.dll (Yahoo! Inc.)
O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\System32\cashproxy.dll (Cash Ventures Corp)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\cashproxy.dll (Cash Ventures Corp)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\WINDOWS\System32\cashproxy.dll (Cash Ventures Corp)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1231789307234 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.7.254
O18 - Protocol\Handler\intu-help-qb5 {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files\Intuit\QuickBooks 2005\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O20 - HKLM Winlogon: Shell - (cmd.exe) - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O20 - HKU\mixael_padilla_ON_C Winlogon: Shell - (cmd.exe) - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/11 17:15:00 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\.DEFAULT\...exe [@ = exefile] -- Reg Error: Key error. File not found
 
NetSvcs: HidServ -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: Irmon -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/08/15 18:59:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mixael padilla\Local Settings\Application Data\8EVvll6gC
[2013/08/14 15:18:48 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\mixael padilla\Recent
[2013/08/13 04:29:16 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\NetworkService\Cookies
[2013/08/12 12:15:28 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/08/12 11:27:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2013/08/12 11:19:48 | 000,110,080 | ---- | C] (Mozilla Foundation) -- C:\Documents and Settings\mixael padilla\Application Data\ssl3.dll
[2013/08/12 11:19:48 | 000,104,960 | ---- | C] (Mozilla Foundation) -- C:\Documents and Settings\mixael padilla\Application Data\softokn3.dll
[2013/08/12 11:19:48 | 000,064,512 | ---- | C] (Mozilla Foundation) -- C:\Documents and Settings\mixael padilla\Application Data\smime3.dll
[2013/08/12 11:19:47 | 000,109,056 | ---- | C] (Cash Ventures Corp) -- C:\Documents and Settings\mixael padilla\Application Data\RegisterLSP.exe
[2013/08/12 11:19:46 | 000,319,488 | ---- | C] (Mozilla Foundation) -- C:\Documents and Settings\mixael padilla\Application Data\nss3.dll
[2013/08/12 11:19:46 | 000,187,392 | ---- | C] (Mozilla Foundation) -- C:\Documents and Settings\mixael padilla\Application Data\nssckbi.dll
[2013/08/12 11:19:46 | 000,140,288 | ---- | C] (Mozilla Foundation) -- C:\Documents and Settings\mixael padilla\Application Data\libnspr4.dll
[2013/08/12 11:19:46 | 000,078,848 | ---- | C] (Mozilla Foundation) -- C:\Documents and Settings\mixael padilla\Application Data\nssdbm3.dll
[2013/08/12 11:19:46 | 000,063,488 | ---- | C] (Mozilla Foundation) -- C:\Documents and Settings\mixael padilla\Application Data\nssutil3.dll
[2013/08/12 11:19:46 | 000,025,088 | ---- | C] (Mozilla Foundation) -- C:\Documents and Settings\mixael padilla\Application Data\libplc4.dll
[2013/08/12 11:19:46 | 000,024,064 | ---- | C] (Mozilla Foundation) -- C:\Documents and Settings\mixael padilla\Application Data\libplds4.dll
[2013/08/12 11:19:45 | 001,024,000 | ---- | C] (Cash Ventures Corp) -- C:\Documents and Settings\mixael padilla\Application Data\cashproxy.exe
[2013/08/12 11:19:45 | 000,133,120 | ---- | C] (Mozilla Foundation) -- C:\Documents and Settings\mixael padilla\Application Data\freebl3.dll
[2013/08/12 11:19:45 | 000,128,512 | ---- | C] (Cash Ventures Corp) -- C:\Documents and Settings\mixael padilla\Application Data\cashproxy.dll
[2013/08/12 11:19:44 | 000,054,784 | ---- | C] (Cash Ventures Corp) -- C:\Documents and Settings\mixael padilla\Application Data\cashcert.dll
[2013/08/12 11:19:29 | 003,095,040 | ---- | C] (Microsoft) -- C:\Documents and Settings\mixael padilla\Application Data\cxjhsjj.exe
[2013/08/12 11:01:48 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013/08/12 11:00:55 | 005,102,975 | R--- | C] (Swearware) -- C:\Documents and Settings\mixael padilla\Desktop\ComboFix.exe
[2013/08/09 15:45:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickBooks
[2013/08/09 15:42:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2013/08/09 15:33:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2013/08/08 17:29:03 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2013/08/08 17:29:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2013/08/07 16:19:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mixael padilla\Application Data\ParetoLogic
[2013/08/07 16:19:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2013/08/06 13:43:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\mixael padilla\Desktop\yuri 8-6-2013
[2013/07/27 13:57:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2013/07/01 14:51:00 | 000,380,928 | ---- | C] (Cash Ventures Corp) -- C:\Documents and Settings\mixael padilla\Application Data\RegisterLSP64.exe
[2013/04/15 16:59:31 | 257,257,457 | ---- | C] (Spanish Airline Ticketing) -- C:\Documents and Settings\mixael padilla\Application Data\ypjvdod.exe
[2013/03/07 16:57:46 | 000,107,008 | ---- | C] (Mpuiejng) -- C:\Documents and Settings\All Users\Application Data\wxbxpvfr.exe
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\mixael padilla\Desktop\*.tmp files -> C:\Documents and Settings\mixael padilla\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\mixael padilla\Desktop\*.tmp files -> C:\Documents and Settings\mixael padilla\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/08/19 09:24:00 | 000,000,440 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{1B7E6FF3-37EB-45DA-A7B1-D7430E9A3610}.job
[2013/08/19 09:21:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/08/19 08:55:00 | 000,000,902 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/08/18 23:40:00 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2013/08/18 17:00:00 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2013/08/18 16:45:00 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2013/08/18 13:55:00 | 000,000,898 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/08/18 13:10:00 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2013/08/17 22:29:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/08/16 20:30:00 | 000,000,532 | -H-- | M] () -- C:\WINDOWS\tasks\EXHIBIT GRAPHICS, INC 1215562252.job
[2013/08/16 13:47:54 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2013/08/16 13:47:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/08/16 02:54:36 | 000,000,435 | RHS- | M] () -- C:\boot.ini
[2013/08/15 18:59:23 | 000,182,272 | ---- | M] () -- C:\Documents and Settings\mixael padilla\Local Settings\Application Data\vpLNhumSDQ
[2013/08/15 18:59:23 | 000,182,272 | ---- | M] () -- C:\Documents and Settings\mixael padilla\Application Data\UiQFgXec
[2013/08/15 18:59:23 | 000,182,272 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\DZvBvHC6p
[2013/08/15 12:48:08 | 000,030,272 | ---- | M] () -- C:\Documents and Settings\mixael padilla\Application Data\123cook.dat
[2013/08/15 07:01:29 | 001,282,640 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/08/15 06:42:52 | 000,566,432 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/08/15 06:42:52 | 000,114,926 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/08/15 06:39:10 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/08/15 06:06:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2013/08/14 15:18:27 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2013/08/14 14:06:37 | 000,013,762 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/08/12 11:20:02 | 000,004,974 | ---- | M] () -- C:\Documents and Settings\mixael padilla\Application Data\dll.ini
[2013/08/12 11:20:00 | 000,002,040 | ---- | M] () -- C:\WINDOWS\System32\CashProxyOff.ini
[2013/08/12 11:19:59 | 000,003,696 | ---- | M] () -- C:\WINDOWS\System32\CashProxy.ini
[2013/08/12 11:19:48 | 000,229,888 | ---- | M] () -- C:\Documents and Settings\mixael padilla\Application Data\sqlite3.dll
[2013/08/12 11:19:48 | 000,110,080 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\mixael padilla\Application Data\ssl3.dll
[2013/08/12 11:19:48 | 000,104,960 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\mixael padilla\Application Data\softokn3.dll
[2013/08/12 11:19:48 | 000,064,512 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\mixael padilla\Application Data\smime3.dll
[2013/08/12 11:19:48 | 000,000,086 | ---- | M] () -- C:\Documents and Settings\mixael padilla\Application Data\registerlsp.ini
[2013/08/12 11:19:47 | 000,380,928 | ---- | M] (Cash Ventures Corp) -- C:\Documents and Settings\mixael padilla\Application Data\RegisterLSP64.exe
[2013/08/12 11:19:47 | 000,109,056 | ---- | M] (Cash Ventures Corp) -- C:\Documents and Settings\mixael padilla\Application Data\RegisterLSP.exe
[2013/08/12 11:19:46 | 000,319,488 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\mixael padilla\Application Data\nss3.dll
[2013/08/12 11:19:46 | 000,187,392 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\mixael padilla\Application Data\nssckbi.dll
[2013/08/12 11:19:46 | 000,140,288 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\mixael padilla\Application Data\libnspr4.dll
[2013/08/12 11:19:46 | 000,133,120 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\mixael padilla\Application Data\freebl3.dll
[2013/08/12 11:19:46 | 000,090,624 | ---- | M] () -- C:\Documents and Settings\mixael padilla\Application Data\PCProxyDLL.dll
[2013/08/12 11:19:46 | 000,078,848 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\mixael padilla\Application Data\nssdbm3.dll
[2013/08/12 11:19:46 | 000,063,488 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\mixael padilla\Application Data\nssutil3.dll
[2013/08/12 11:19:46 | 000,025,088 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\mixael padilla\Application Data\libplc4.dll
[2013/08/12 11:19:46 | 000,024,064 | ---- | M] (Mozilla Foundation) -- C:\Documents and Settings\mixael padilla\Application Data\libplds4.dll
[2013/08/12 11:19:45 | 001,024,000 | ---- | M] (Cash Ventures Corp) -- C:\Documents and Settings\mixael padilla\Application Data\cashproxy.exe
[2013/08/12 11:19:45 | 000,128,512 | ---- | M] (Cash Ventures Corp) -- C:\Documents and Settings\mixael padilla\Application Data\cashproxy.dll
[2013/08/12 11:19:45 | 000,054,784 | ---- | M] (Cash Ventures Corp) -- C:\Documents and Settings\mixael padilla\Application Data\cashcert.dll
[2013/08/12 11:19:36 | 003,095,040 | ---- | M] (Microsoft) -- C:\Documents and Settings\mixael padilla\Application Data\cxjhsjj.exe
[2013/08/12 11:17:25 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013/08/12 11:16:19 | 000,511,362 | ---- | M] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2013/08/12 11:01:03 | 005,102,975 | R--- | M] (Swearware) -- C:\Documents and Settings\mixael padilla\Desktop\ComboFix.exe
[2013/08/09 15:45:55 | 000,000,095 | ---- | M] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2013/08/09 15:45:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickBooks
[2013/08/09 15:45:37 | 000,002,109 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
[2013/08/09 15:45:37 | 000,001,930 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Intuit Data Protect.lnk
[2013/08/09 15:45:37 | 000,001,836 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickBooks Pro 2012.lnk
[2013/08/09 15:45:37 | 000,001,761 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
[2013/08/09 15:45:37 | 000,000,000 | R--D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
[2013/08/08 17:29:16 | 000,001,051 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Free YouTube to MP3 Converter.lnk
[2013/08/08 17:29:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\DVDVideoSoft
[2013/08/08 11:09:40 | 000,000,580 | ---- | M] () -- C:\Documents and Settings\mixael padilla\Desktop\QBFS_test.qwc
[2013/08/07 16:16:08 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/08/06 11:04:15 | 000,002,489 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk
[2013/07/31 17:58:30 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013/07/29 15:15:03 | 000,093,664 | ---- | M] () -- C:\Documents and Settings\mixael padilla\Desktop\5676.pdf
[2013/07/27 13:57:18 | 000,001,915 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2013/07/27 13:57:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2013/07/26 00:23:02 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ie4uinit.exe
[2013/07/26 00:23:02 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ie4uinit.exe
[2013/07/25 22:47:17 | 001,215,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\urlmon.dll
[2013/07/25 22:47:17 | 000,920,064 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wininet.dll
[2013/07/25 22:47:17 | 000,759,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vgx.dll
[2013/07/25 22:47:17 | 000,206,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\occache.dll
[2013/07/25 22:47:17 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\url.dll
[2013/07/25 22:47:17 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\url.dll
[2013/07/25 22:47:16 | 006,017,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2013/07/25 22:47:16 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mstime.dll
[2013/07/25 22:47:16 | 000,611,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mstime.dll
[2013/07/25 22:47:16 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtmled.dll
[2013/07/25 22:47:14 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeeds.dll
[2013/07/25 22:47:14 | 000,630,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2013/07/25 22:47:14 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msfeedsbs.dll
[2013/07/25 22:47:14 | 000,055,296 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2013/07/25 22:47:13 | 000,522,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2013/07/25 22:47:13 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\licmgr10.dll
[2013/07/25 22:47:13 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\licmgr10.dll
[2013/07/25 22:47:13 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\jsproxy.dll
[2013/07/25 22:47:13 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsproxy.dll
[2013/07/25 22:47:12 | 002,005,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2013/07/25 22:47:12 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\inetcpl.cpl
[2013/07/25 22:47:12 | 001,469,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\inetcpl.cpl
[2013/07/25 22:47:11 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iepeers.dll
[2013/07/25 22:47:11 | 000,184,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iepeers.dll
[2013/07/25 22:47:10 | 011,113,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2013/07/25 22:47:06 | 000,743,424 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2013/07/25 22:47:06 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\iedkcs32.dll
[2013/07/25 22:47:06 | 000,387,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedkcs32.dll
[2013/07/25 11:52:59 | 000,385,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\html.iec
[2013/07/24 15:16:25 | 010,196,528 | ---- | M] () -- C:\Documents and Settings\mixael padilla\Desktop\200707172CM_1632.jpg
[2013/07/24 15:00:55 | 000,042,715 | ---- | M] () -- C:\Documents and Settings\mixael padilla\Desktop\IMG_3172.jpg
[2013/07/23 18:13:17 | 000,055,155 | ---- | M] () -- C:\Documents and Settings\mixael padilla\Desktop\Intuit.pdf
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\mixael padilla\Desktop\*.tmp files -> C:\Documents and Settings\mixael padilla\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\mixael padilla\Desktop\*.tmp files -> C:\Documents and Settings\mixael padilla\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/08/15 18:59:33 | 000,182,272 | ---- | C] () -- C:\Documents and Settings\mixael padilla\Local Settings\Application Data\vpLNhumSDQ
[2013/08/15 18:59:33 | 000,182,272 | ---- | C] () -- C:\Documents and Settings\mixael padilla\Application Data\UiQFgXec
[2013/08/15 18:59:33 | 000,182,272 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DZvBvHC6p
[2013/08/15 12:48:08 | 000,030,272 | ---- | C] () -- C:\Documents and Settings\mixael padilla\Application Data\123cook.dat
[2013/08/15 07:01:29 | 001,282,640 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/08/15 06:13:36 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2013/08/12 11:19:48 | 000,229,888 | ---- | C] () -- C:\Documents and Settings\mixael padilla\Application Data\sqlite3.dll
[2013/08/12 11:19:46 | 000,090,624 | ---- | C] () -- C:\Documents and Settings\mixael padilla\Application Data\PCProxyDLL.dll
[2013/08/12 11:16:19 | 000,511,362 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2013/08/09 15:45:37 | 000,002,109 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
[2013/08/09 15:45:37 | 000,001,930 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Intuit Data Protect.lnk
[2013/08/09 15:45:37 | 000,001,836 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickBooks Pro 2012.lnk
[2013/08/09 15:45:37 | 000,001,761 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
[2013/08/08 17:29:16 | 000,001,051 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Free YouTube to MP3 Converter.lnk
[2013/08/08 11:09:52 | 000,000,580 | ---- | C] () -- C:\Documents and Settings\mixael padilla\Desktop\QBFS_test.qwc
[2013/07/29 15:15:01 | 000,093,664 | ---- | C] () -- C:\Documents and Settings\mixael padilla\Desktop\5676.pdf
[2013/07/27 13:57:18 | 000,001,915 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2013/07/24 15:16:16 | 010,196,528 | ---- | C] () -- C:\Documents and Settings\mixael padilla\Desktop\200707172CM_1632.jpg
[2013/07/24 15:01:00 | 000,042,715 | ---- | C] () -- C:\Documents and Settings\mixael padilla\Desktop\IMG_3172.jpg
[2013/07/23 18:13:17 | 000,055,155 | ---- | C] () -- C:\Documents and Settings\mixael padilla\Desktop\Intuit.pdf
[2013/07/15 16:17:10 | 000,558,133 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2013/07/01 14:51:20 | 000,004,974 | ---- | C] () -- C:\Documents and Settings\mixael padilla\Application Data\dll.ini
[2013/07/01 14:51:18 | 000,003,696 | ---- | C] () -- C:\WINDOWS\System32\CashProxy.ini
[2013/07/01 14:51:18 | 000,002,040 | ---- | C] () -- C:\WINDOWS\System32\CashProxyOff.ini
[2013/07/01 14:51:00 | 000,000,086 | ---- | C] () -- C:\Documents and Settings\mixael padilla\Application Data\registerlsp.ini
[2013/07/01 14:50:38 | 000,018,496 | ---- | C] () -- C:\Documents and Settings\mixael padilla\Application Data\kod666.dat
[2013/06/19 20:06:59 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\mixael padilla\Application Data\a8fanb
[2013/06/18 15:31:22 | 000,000,049 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini
[2013/04/15 16:59:41 | 000,003,352 | ---- | C] () -- C:\Documents and Settings\mixael padilla\Application Data\lyjsb
[2013/04/15 16:59:37 | 000,010,304 | ---- | C] () -- C:\Documents and Settings\mixael padilla\Application Data\amz888.dat
[2013/04/15 16:59:36 | 000,060,992 | ---- | C] () -- C:\Documents and Settings\mixael padilla\Application Data\mjks588.dat
[2013/03/07 16:57:39 | 000,108,300 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\kszoernywisvjuj
[2012/09/26 17:27:25 | 000,767,960 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2012/09/26 11:32:29 | 000,088,064 | ---- | C] () -- C:\WINDOWS\zedjydxb.exe
[2012/09/26 11:32:18 | 000,097,633 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\lnnwfrdmfsmkwao
[2012/07/12 11:11:05 | 000,384,844 | ---- | C] () -- C:\Documents and Settings\mixael padilla\Local Settings\Application Data\funmoods-speeddial.crx
[2012/02/15 23:59:16 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/14 17:43:30 | 000,000,057 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Ament.ini
[2011/06/01 14:02:19 | 000,000,095 | ---- | C] () -- C:\WINDOWS\QBChanUtil_Trigger.ini
[2010/06/01 10:56:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/05/19 14:03:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\jawsnt.INI
[2010/05/19 13:53:13 | 000,000,383 | ---- | C] () -- C:\WINDOWS\System32\haspdos.sys
[2010/03/01 19:52:24 | 000,011,456 | -HS- | C] () -- C:\Documents and Settings\mixael padilla\Local Settings\Application Data\MYhtd
[2009/12/10 10:42:16 | 000,010,240 | ---- | C] () -- C:\Documents and Settings\mixael padilla\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/19 19:43:45 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/11/02 17:08:08 | 000,162,164 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/10/27 16:28:29 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/10/27 16:28:29 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009/10/27 16:28:29 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/10/27 16:28:29 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/10/27 16:28:29 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2008/12/08 17:31:16 | 000,479,580 | ---- | C] () -- C:\Documents and Settings\mixael padilla\forms.ps
[2008/06/27 14:37:04 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\FileOps.exe
[2008/06/23 12:11:38 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\Msvcrt10.dll
[2008/06/23 12:09:00 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/06/20 20:13:59 | 000,000,137 | ---- | C] () -- C:\Documents and Settings\mixael padilla\Local Settings\Application Data\fusioncache.dat
[2008/06/13 16:34:26 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/06/13 16:30:18 | 000,000,234 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/06/13 16:08:47 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2008/06/13 16:08:40 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4820.dll
[2008/06/13 16:07:26 | 000,001,032 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/03/21 19:48:05 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/21 19:48:05 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/11 17:24:19 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/11 17:19:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/11 17:12:14 | 000,023,428 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/11 17:11:31 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/11 17:07:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/11 17:00:28 | 000,566,432 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/11 17:00:28 | 000,114,926 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/11 17:00:24 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/04 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 06:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 06:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
 
========== LOP Check ==========
 
[2013/04/12 17:15:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mixael padilla\Application Data\Abfud
[2012/06/07 16:41:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mixael padilla\Application Data\alotappbar
[2012/06/07 16:41:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mixael padilla\Application Data\alotservice
[2010/02/16 15:09:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mixael padilla\Application Data\Canon
[2012/09/26 13:26:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mixael padilla\Application Data\DefaultTab
[2012/09/26 16:52:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mixael padilla\Application Data\DriverCure
[2013/08/15 12:48:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mixael padilla\Application Data\Dropbox
[2013/08/08 17:29:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mixael padilla\Application Data\DVDVideoSoft
[2013/06/28 14:03:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mixael padilla\Application Data\DVDVideoSoftIEHelpers
[2013/05/07 11:16:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mixael padilla\Application Data\Eppuxy
[2012/06/07 16:41:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mixael padilla\Application Data\FCTB000100815
[2012/06/05 11:53:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mixael padilla\Application Data\Octoshape
[2013/06/11 14:23:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mixael padilla\Application Data\OpenCandy
[2013/05/06 18:09:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mixael padilla\Application Data\Othei
[2013/08/07 16:19:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mixael padilla\Application Data\ParetoLogic
[2012/06/26 06:25:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mixael padilla\Application Data\RayV
[2012/04/02 19:15:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mixael padilla\Application Data\searchquband
[2012/09/26 16:52:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mixael padilla\Application Data\SpeedyPC Software
[2012/09/26 17:22:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mixael padilla\Application Data\TestApp
[2011/02/27 11:03:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mixael padilla\Application Data\TP
[2013/06/05 11:18:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mixael padilla\Application Data\Uchyp
[2011/10/27 17:37:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mixael padilla\Application Data\vmntemplate
[2013/05/07 11:16:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mixael padilla\Application Data\y60anta
[2013/06/11 14:45:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Hotspot Shield
[2013/06/11 15:07:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012/04/02 19:15:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2008/06/23 12:00:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/12/07 17:22:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CitrixLogs
[2008/06/20 20:20:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2012/09/26 11:32:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\gjfpksvbhllllvy
[2011/10/27 17:36:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2013/08/09 15:42:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2013/08/08 12:33:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2013/03/07 16:57:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pifxxqvdqxfuohb
[2011/10/27 17:36:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Premium
[2012/10/05 18:47:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2012/09/27 12:07:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedyPC Software
[2011/06/01 14:06:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SQL Anywhere 11
[2008/06/13 16:32:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2013/08/18 13:58:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/03/16 15:02:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/07/21 12:23:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/05 14:33:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/20 15:44:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2013/08/18 13:10:00 | 000,000,452 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2013/08/18 23:40:00 | 000,000,452 | ---- | M] () -- C:\WINDOWS\Tasks\At2.job
[2013/08/18 16:45:00 | 000,000,452 | ---- | M] () -- C:\WINDOWS\Tasks\At3.job
[2013/08/18 17:00:00 | 000,000,452 | ---- | M] () -- C:\WINDOWS\Tasks\At4.job
[2013/08/16 20:30:00 | 000,000,532 | -H-- | M] () -- C:\WINDOWS\Tasks\EXHIBIT GRAPHICS, INC 1215562252.job
[2013/08/19 09:24:00 | 000,000,440 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{1B7E6FF3-37EB-45DA-A7B1-D7430E9A3610}.job
[2013/08/16 13:47:54 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*.* >
[2004/08/11 17:15:00 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/05/19 13:51:41 | 000,002,572 | ---- | M] () -- C:\A_Card_WinXP.zip
[2009/10/27 16:30:26 | 000,000,281 | ---- | M] () -- C:\Boot.bak
[2013/08/16 02:54:36 | 000,000,435 | RHS- | M] () -- C:\boot.ini
[2004/08/04 02:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2013/08/12 11:24:21 | 000,023,643 | ---- | M] () -- C:\ComboFix.txt
[2004/08/11 17:15:00 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/06/13 16:09:48 | 000,007,205 | RH-- | M] () -- C:\dell.sdr
[2010/05/19 13:40:38 | 003,970,450 | ---- | M] () -- C:\HASP_driver_combo.zip
[2009/01/12 13:09:47 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2012/06/07 16:41:15 | 000,014,576 | ---- | M] () -- C:\INSTALLHELPER.LOG
[2004/08/11 17:15:00 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2004/08/11 17:15:00 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004/08/04 06:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2011/02/27 11:07:22 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2009/01/12 13:31:03 | 000,262,144 | ---- | M] () -- C:\ntuser.dat
[2009/10/27 16:05:06 | 000,001,024 | -H-- | M] () -- C:\ntuser.dat.LOG
[2013/08/16 13:47:48 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
 
 
< MD5 for: EXPLORER.EXE  >
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe
[2007/06/13 07:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\i386\explorer.exe
[2004/08/04 06:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
 
< MD5 for: SERVICES.EXE  >
[2009/02/06 07:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/13 20:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2008/04/13 20:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\services.exe
[2009/02/06 06:22:21 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=4712531AB7A01B7EE059853CA17D39BD -- C:\WINDOWS\$NtServicePackUninstall$\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\$hf_mig$\KB956572\SP3GDR\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\ERDNT\cache\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
[2004/08/04 05:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\i386\services.exe
 
< MD5 for: USERINIT.EXE  >
[2004/08/04 05:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\i386\userinit.exe
[2004/08/04 06:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\dllcache\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2004/08/04 05:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\i386\winlogon.exe
[2004/08/04 06:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2013/04/04 17:50:32 | 000,218,184 | ---- | M] () MD5=B4C6E3889BB310CA7E974A04EC6E46AC -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 147 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
< End of report >
 

Share this post


Link to post
Share on other sites

Welcome to the forum, the use of OTLPE is now prohibited on this and many other forums:
 

OTLPE at this time contains files from Microsoft Windows XP. Microsoft holds the copyrights to those files. Thus making use or distribution illegal.
Providing users information to download and use the tool is also illegal at least in the United States and probably most other Countries.

 


----------------------------------------

If you wish, you can try Kaspersky w/windowsunlocker:

This method may remove the malware:

  • Download Kaspersky Rescue Disk (iso)
  • Burn it to a cd or dvd, if you need a program to burn an ISO...use Active@ ISO Burner
  • Configure your computer to boot from CD/DVD
  • Note : If you do not know how to set your computer to boot from CD/DVD follow the steps here
  • Once you have the cd/DVD created, boot the computer up using it
  • Press any key to enter the menu
  • Select your language
  • Press 1 to accept the End User License Agreement
  • Select Kaspersky Rescue Disk. Graphic Mode
  • Click on the Start button located in the left bottom corner of the screen
  • Run Kaspersky WindowsUnlocker to remove Windows system and registry changes made by Metropolitan Police Virus

    krd5.jpg

    Note: If you can't find Kaspersky WindowsUnlocker, go to Terminal instead > type > windowsunlocker > choose 1 - Unlock Windows > Enter
  • When it's done, click on the Start button and start Kaspersky Rescue Disk utility
  • Click on My Update Center tab and press Start to download the latest update
  • Next, select the Object Scan tab
  • Put a check next to C:\ and any other local drives
  • Then click Start Objects Scan
  • Quarantine any malware found
  • Restart your computer and see if it boots up normally


    MrC

Share this post


Link to post
Share on other sites

Thank You, MrC

 

I was able to use  Kaspersky w/windowsunlocker:

 

I was able to logging to safe mode, and i have run COMBO FIX. this is the log, let me know if you

are able to check if anything wrong with it

 

Thank you in advance

 

ComboFix 13-08-19.01 - mixael padilla 08/19/2013   9:41.19.2 - x86 NETWORK
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3317.2876 [GMT -7:00]
Running from: G:\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\mixael padilla\Application Data\cashcert.dll
c:\documents and settings\mixael padilla\Application Data\cashproxy.dll
c:\documents and settings\mixael padilla\Application Data\cashproxy.exe
c:\documents and settings\mixael padilla\Application Data\cxjhsjj.exe
c:\documents and settings\mixael padilla\Application Data\freebl3.dll
c:\documents and settings\mixael padilla\Application Data\libnspr4.dll
c:\documents and settings\mixael padilla\Application Data\libplc4.dll
c:\documents and settings\mixael padilla\Application Data\libplds4.dll
c:\documents and settings\mixael padilla\Application Data\Microsoft\Windows\.data
c:\documents and settings\mixael padilla\Application Data\Mozilla\Firefox\Profiles\38ogo3dc.default\searchplugins\search.xml
c:\documents and settings\mixael padilla\Application Data\nss3.dll
c:\documents and settings\mixael padilla\Application Data\nssckbi.dll
c:\documents and settings\mixael padilla\Application Data\nssdbm3.dll
c:\documents and settings\mixael padilla\Application Data\nssutil3.dll
c:\documents and settings\mixael padilla\Application Data\PCProxyDLL.dll
c:\documents and settings\mixael padilla\Application Data\RegisterLSP.exe
c:\documents and settings\mixael padilla\Application Data\smime3.dll
c:\documents and settings\mixael padilla\Application Data\softokn3.dll
c:\documents and settings\mixael padilla\Application Data\sqlite3.dll
c:\documents and settings\mixael padilla\Application Data\ssl3.dll
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((   Files Created from 2013-07-19 to 2013-08-19  )))))))))))))))))))))))))))))))
.
.
2013-08-19 10:18 . 2013-08-19 10:24    --------    d---a-w-    C:\Kaspersky Rescue Disk 10.0
2013-08-15 22:59 . 2013-08-15 22:59    --------    d-----w-    c:\documents and settings\mixael padilla\Local Settings\Application Data\8EVvll6gC
2013-08-09 19:42 . 2013-08-09 19:42    --------    d-----w-    c:\documents and settings\All Users\Application Data\Nuance
2013-08-09 19:33 . 2013-08-09 19:33    --------    d-----w-    c:\program files\Microsoft.NET
2013-08-08 21:29 . 2013-08-08 21:29    --------    d-----w-    c:\program files\DVDVideoSoft
2013-08-08 21:29 . 2013-08-08 21:29    --------    d-----w-    c:\program files\Common Files\DVDVideoSoft
2013-08-07 20:19 . 2013-08-07 20:19    --------    d-----w-    c:\documents and settings\mixael padilla\Application Data\ParetoLogic
2013-08-07 20:19 . 2013-08-08 16:33    --------    d-----w-    c:\documents and settings\All Users\Application Data\ParetoLogic
2013-08-07 19:12 . 2013-08-07 19:12    --------    d-----w-    c:\windows\system32\wbem\Repository
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-12 15:19 . 2013-07-01 18:51    380928    ----a-w-    c:\documents and settings\mixael padilla\Application Data\RegisterLSP64.exe
2013-07-26 02:47 . 2006-03-04 03:33    920064    ----a-w-    c:\windows\system32\wininet.dll
2013-07-26 02:47 . 2004-08-04 10:00    43520    ----a-w-    c:\windows\system32\licmgr10.dll
2013-07-26 02:47 . 2004-08-04 10:00    1469440    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-07-25 15:52 . 2004-08-04 10:00    385024    ----a-w-    c:\windows\system32\html.iec
2013-07-15 20:16 . 2013-07-15 20:17    558133    ----a-w-    c:\windows\system32\sqlite3.dll
2013-07-15 20:12 . 2012-06-05 16:04    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-15 20:12 . 2012-06-05 16:04    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-07-10 10:37 . 2004-08-04 10:00    406016    ----a-w-    c:\windows\system32\usp10.dll
2013-07-04 03:03 . 2005-03-30 01:21    2149888    ------w-    c:\windows\system32\ntoskrnl.exe
2013-07-04 02:08 . 2005-03-30 01:01    2028544    ------w-    c:\windows\system32\ntkrnlpa.exe
2013-07-01 18:51 . 2013-07-01 18:51    128512    ----a-w-    c:\windows\system32\cashproxy.dll
2013-06-04 07:23 . 2004-08-04 10:00    562688    ----a-w-    c:\windows\system32\qedit.dll
2013-06-04 01:40 . 2004-08-04 10:00    1876736    ----a-w-    c:\windows\system32\win32k.sys
2013-05-28 01:59 . 2004-08-04 10:00    590848    ----a-w-    c:\windows\system32\rpcrt4.dll
2013-05-28 00:41 . 2009-11-17 15:49    6144    ----a-w-    c:\windows\system32\xpsp4res.dll
2011-04-14 16:26 . 2011-05-17 20:15    142296    ----a-w-    c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}]
2013-04-02 10:01    1467528    ----a-w-    c:\program files\Microsoft\BingBar\7.2.233.0\BingExt.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{E5C2A1FE-86DB-87B4-11F0-1AA2579E81DD}]
2012-03-19 14:59    13632    ----a-w-    c:\program files\Bucksbee Loyalty Plugin - 100815\BucksBee Loyalty Plugin.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    130736    ----a-w-    c:\documents and settings\mixael padilla\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    130736    ----a-w-    c:\documents and settings\mixael padilla\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    130736    ----a-w-    c:\documents and settings\mixael padilla\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36    130736    ----a-w-    c:\documents and settings\mixael padilla\Application Data\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Officejet Pro 8600 (NET)"="c:\program files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" [2011-05-26 1801064]
"Adobe Acrobat Synchronizer"="c:\program files\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe" [2010-10-25 1216416]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes Anti-Malware (rootkit-scan)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2013-04-04 887432]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-03-24 49208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2012-02-23 59240]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2010-10-25 36760]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2010-10-25 821144]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2013-05-01 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-05-31 152392]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2011-08-20 1874264]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-14 39264]
.
c:\documents and settings\mixael padilla\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\mixael padilla\Application Data\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-24 27776968]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Intuit Data Protect.lnk - c:\program files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe /Startup [2011-8-19 5828952]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE -b -l [2001-2-13 83360]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2011-8-20 1175912]
QuickBooks US Plugin.lnk - c:\program files\PayPal Payment Request Wizard\QB US edition\OEHook.exe [2012-3-19 888987]
QuickBooks_Standard_21.lnk - c:\program files\Intuit\QuickBooks 2005\QBW32.EXE -silent [2011-8-20 1178984]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdAuxService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdCoreService]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\mixael padilla\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"d:\\ONYX60\\WebUI\\jre\\bin\\javaw.exe"=
"Microsoft Windows Hosting Service"= c:\docume~1\MIXAEL~1\LOCALS~1\Temp\csrssr.exe
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2005\\QBDBMgrN.exe"=
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [9/26/2012 2:22 PM 383368]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [9/26/2012 2:22 PM 342168]
S1 kxhekyc;Microsoft kxhekyc support;c:\windows\system32\drivers\kxhekyc.sys [3/29/2005 6:21 PM 31360]
S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\drivers\PCTSD.sys [9/26/2012 2:22 PM 203120]
S2 AviraUpgradeService;Avira Upgrade Service;"c:\windows\TEMP\AVSETUP_507d8146\avupgsvc.exe" /TEMPSTART:""c:\windows\TEMP\AVSETUP_507d8146\setup.exe" /NOTEMPCLEANUP /CROSSUPGRADE" --> c:\windows\TEMP\AVSETUP_507d8146\avupgsvc.exe [?]
S2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.2.233.0\BBSvc.EXE [4/2/2013 3:01 AM 193672]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [9/26/2012 2:27 PM 575448]
S2 OnyxUpdaterService;Onyx Updater;c:\program files\Onyx Graphics\AutoUpdate\OnxUpdtService.exe [9/22/2004 3:27 PM 61440]
S2 QBVSS;QBIDPService;c:\program files\Common Files\Intuit\DataProtect\QBIDPService.exe [8/19/2011 9:31 PM 1248256]
S3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.2.233.0\SeaPort.EXE [4/2/2013 3:01 AM 240264]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.318\McCHSvc.exe [2/5/2013 8:48 AM 235216]
S3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\drivers\PCTBD.sys [9/26/2012 2:27 PM 70768]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools\PC Tools Security\pctsAuxs.exe [9/26/2012 2:26 PM 402368]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-07-31 21:55    1173456    ----a-w-    c:\program files\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-04 20:12]
.
2013-08-18 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-02 00:57]
.
2013-08-18 c:\windows\Tasks\At1.job
- c:\program files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2011-05-26 01:13]
.
2013-08-19 c:\windows\Tasks\At2.job
- c:\program files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2011-05-26 01:13]
.
2013-08-18 c:\windows\Tasks\At3.job
- c:\program files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2011-05-26 01:13]
.
2013-08-18 c:\windows\Tasks\At4.job
- c:\program files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2011-05-26 01:13]
.
2013-08-17 c:\windows\Tasks\EXHIBIT GRAPHICS, INC 1215562252.job
- c:\program files\Intuit\QuickBooks 2005\AutoBackupEXE.exe [2011-08-20 08:32]
.
2013-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-23 21:36]
.
2013-08-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-23 21:36]
.
2013-08-19 c:\windows\Tasks\User_Feed_Synchronization-{1B7E6FF3-37EB-45DA-A7B1-D7430E9A3610}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 11:31]
.
2013-08-19 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-11-18 06:18]
.
.
------- Supplementary Scan -------
.


uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = http=127.0.0.1:6092
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -
LSP: c:\windows\system32\cashproxy.dll
Trusted Zone: payroll.com
TCP: DhcpNameServer = 192.168.7.254
FF - ProfilePath - c:\documents and settings\mixael padilla\Application Data\Mozilla\Firefox\Profiles\38ogo3dc.default\
FF - prefs.js: browser.search.selectedEngine - ALOT Search
FF - prefs.js: browser.startup.homepage - www.yahoo.com

user_pref(security.warn_submit_insecure,false);user_pref(security.warn_viewing_mixed,false);
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-08-19 09:50
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(880)
c:\windows\system32\cashproxy.dll
.
Completion time: 2013-08-19  09:52:20
ComboFix-quarantined-files.txt  2013-08-19 16:52
ComboFix2.txt  2013-08-12 15:24
.
Pre-Run: 3,595,784,192 bytes free
Post-Run: 3,732,770,816 bytes free
.
- - End Of File - - E5386DFF3D919E985E6AD6F97042E860
8F558EB6672622401DA993E1E865C861
 

Share this post


Link to post
Share on other sites

Good, there's a lot of malware still showing, we use FRST for this type of infection:

Please download Farbar Recovery Scan Tool and save it to a folder. (32bit version)

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

MrC

Share this post


Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-08-2013
Ran by mixael padilla (administrator) on 19-08-2013 10:20:32
Running from D:\FIRST
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Malwarebytes Anti-Malware (rootkit-scan)] - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [887432 2013-04-04] (Malwarebytes Corporation)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [HP Software Update] - C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-03-24] (Hewlett-Packard)
HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [AppleSyncNotifier] - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2012-02-23] (Apple Inc.)
HKLM\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [36760 2010-10-25] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [821144 2010-10-25] (Adobe Systems Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM\...\Run: [intuit SyncManager] - C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe [1874264 2011-08-19] (Intuit Inc. All rights reserved.)
HKLM\...\Run: [DWQueuedReporting] - C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe [39264 2007-03-13] (Microsoft Corporation)
HKLM\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] - rundll32.exe "C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1127496 2013-04-04] (Malwarebytes Corporation)
HKCU\...\Run: [HP Officejet Pro 8600 (NET)] - C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [1801064 2011-05-25] (Hewlett-Packard Co.)
HKCU\...\Run: [Adobe Acrobat Synchronizer] - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe [1216416 2010-10-25] (Adobe Systems Incorporated)
HKU\Administrator\...\Run: [iSUSPM] - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [ 2006-09-11] (Macrovision Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
ShortcutTarget: Adobe Reader Speed Launch.lnk -> C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Intuit Data Protect.lnk
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks US Plugin.lnk
ShortcutTarget: QuickBooks US Plugin.lnk -> C:\Program Files\PayPal Payment Request Wizard\QB US edition\OEHook.exe (A-1 Technology, Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files\Intuit\QuickBooks 2005\QBW32.EXE (Intuit Inc.)
Startup: C:\Documents and Settings\mixael padilla\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\mixael padilla\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

ProxyServer: http=127.0.0.1:6092
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?ocid=OIE8HP&PC=UP62
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Bing Bar Helper - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - C:\Program Files\Microsoft\BingBar\7.2.233.0\BingExt.dll (Microsoft Corporation.)
BHO: PC Tools Browser Guard BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: Bucksbee Loyalty Plugin - 100815 - {E5C2A1FE-86DB-87B4-11F0-1AA2579E81DD} - C:\Program Files\Bucksbee Loyalty Plugin - 100815\BucksBee Loyalty Plugin.dll (Freecause Inc.)
BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
BHO: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Bing Bar - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files\Microsoft\BingBar\7.2.233.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU -Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
Toolbar: HKCU -&Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU -PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll
DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files\Intuit\QuickBooks 2005\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler: ipp - No CLSID Value -
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: msdaipp - No CLSID Value -
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\WINDOWS\system32\cashproxy.dll [128512] (Cash Ventures Corp)
Winsock: Catalog9 02 C:\WINDOWS\system32\cashproxy.dll [128512] (Cash Ventures Corp)
Winsock: Catalog9 28 C:\WINDOWS\system32\cashproxy.dll [128512] (Cash Ventures Corp)
Tcpip\Parameters: [DhcpNameServer] 192.168.7.254

FireFox:
========
FF ProfilePath: C:\Documents and Settings\mixael padilla\Application Data\Mozilla\Firefox\Profiles\38ogo3dc.default
FF user.js: detected! => C:\Documents and Settings\mixael padilla\Application Data\Mozilla\Firefox\Profiles\38ogo3dc.default\user.js
FF SelectedSearchEngine: ALOT Search
FF Homepage: www.yahoo.com

FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @movenetworks.com/Quantum Media Player - C:\Documents and Settings\mixael padilla\Application Data\Move Networks\plugins\npqmp071705000014.dll (Move Networks)
FF Plugin: @rayv.com/rayvplugin - C:\Program Files\RayV\RayV\plugins\nprayvplugin.dll (RayV)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 - C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF Plugin HKCU: @movenetworks.com/Quantum Media Player - C:\Documents and Settings\mixael padilla\Application Data\Move Networks\plugins\npqmp071705000014.dll (Move Networks)
FF Plugin HKCU: @octoshape.com/Octoshape Streaming Services,version=1.0 - C:\Documents and Settings\mixael padilla\Application Data\Octoshape\Octoshape Streaming Services\sua-1103234-0-npoctoshape.dll (Octoshape ApS)
FF Plugin HKCU: mattelinc.com/HotWheelsLoader - C:\Documents and Settings\mixael padilla\Local Settings\Application Data\sswat_hwrc_win_live\npHotWheelsLoader.dll (Mattel, Inc)
FF SearchPlugin: C:\Documents and Settings\mixael padilla\Application Data\Mozilla\Firefox\Profiles\38ogo3dc.default\searchplugins\alot-search.xml
FF SearchPlugin: C:\Documents and Settings\mixael padilla\Application Data\Mozilla\Firefox\Profiles\38ogo3dc.default\searchplugins\conduit.xml
FF SearchPlugin: C:\Documents and Settings\mixael padilla\Application Data\Mozilla\Firefox\Profiles\38ogo3dc.default\searchplugins\Search_Results.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
FF Extension: ALOT Appbar - C:\Documents and Settings\mixael padilla\Application Data\Mozilla\Firefox\Profiles\38ogo3dc.default\Extensions\appbar@alot.com
FF Extension: VideoFileDownload - Download YouTube Videos - C:\Documents and Settings\mixael padilla\Application Data\Mozilla\Firefox\Profiles\38ogo3dc.default\Extensions\plugin@videofiledownload.com
FF Extension: uTorrentControl_v2  - C:\Documents and Settings\mixael padilla\Application Data\Mozilla\Firefox\Profiles\38ogo3dc.default\Extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}
FF Extension: Shop to Win 29 - C:\Documents and Settings\mixael padilla\Application Data\Mozilla\Firefox\Profiles\38ogo3dc.default\Extensions\{f6eedaac-826d-50f4-3ded-d0d2b7570509}
FF Extension: Vgrabber1  - C:\Documents and Settings\mixael padilla\Application Data\Mozilla\Firefox\Profiles\38ogo3dc.default\Extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}
FF Extension: No Name - C:\Documents and Settings\mixael padilla\Application Data\Mozilla\Firefox\Profiles\38ogo3dc.default\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
FF Extension: Default - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF HKLM\...\Firefox\Extensions: [{cb84136f-9c44-433a-9048-c5cd9df1dc16}] C:\Program Files\PC Tools\PC Tools Security\BDT\Firefox\
FF Extension: Browser Guard Toolbar - C:\Program Files\PC Tools\PC Tools Security\BDT\Firefox\
FF HKLM\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF HKLM\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\
FF HKCU\...\Firefox\Extensions: [moveplayer@movenetworks.com] C:\Documents and Settings\mixael padilla\Application Data\Move Networks
FF Extension: Move Media Player - C:\Documents and Settings\mixael padilla\Application Data\Move Networks
FF StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======


CHR DefaultSearchURL: (Web Search) - http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtDtC0DtDzyzytAzzyByCzz0F0CtCzztN0D0Tzu0CtCzytAtN1L2XzutBtFtCtFtDtFtAtDtC&cr=724230615
CHR DefaultSuggestURL: (Web Search) - {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\28.0.1500.72\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll No File
CHR Plugin: (Shockwave for Director) - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\28.0.1500.72\pdf.dll ()
CHR Plugin: (Octoshape Streaming Services) - C:\Documents and Settings\mixael padilla\Application Data\Mozilla\plugins\npoctoshape.dll (Octoshape ApS)
CHR Plugin: (Octoshape Streaming Services) - C:\Documents and Settings\mixael padilla\Application Data\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Move Streaming Media Player) - C:\Documents and Settings\mixael padilla\Application Data\Move Networks\plugins\npqmp071705000014.dll (Move Networks)
CHR Plugin: (HotWheels Loader) - C:\Documents and Settings\mixael padilla\Local Settings\Application Data\sswat_hwrc_win_live\npHotWheelsLoader.dll (Mattel, Inc)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll No File
CHR Plugin: (RayV Plugin) - C:\Program Files\RayV\RayV\plugins\nprayvplugin.dll (RayV)
CHR Plugin: (Yahoo! activeX Plug-in Bridge) - C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (YouTube) - C:\DOCUME~1\MIXAEL~1\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\DOCUME~1\MIXAEL~1\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0
CHR Extension: (uTorrentControl_v2) - C:\DOCUME~1\MIXAEL~1\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\2.3.15.10_0
CHR Extension: (Gmail) - C:\DOCUME~1\MIXAEL~1\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0
CHR HKLM\...\Chrome\Extension: [ejpbbhjlbipncjklfjjaedaieimbmdda] - C:\Documents and Settings\mixael padilla\Local Settings\Application Data\CRE\ejpbbhjlbipncjklfjjaedaieimbmdda.crx

========================== Services (Whitelisted) =================

S2 6to4; C:\Windows\System32\6to4svc.dll [100864 2010-02-11] (Microsoft Corporation)
S4 ATMsrvc; C:\Windows\System32\ATMsrvc.exe [15360 2000-05-24] (Adobe Systems Incorporated)
S2 Browser Defender Update Service; C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [575448 2012-06-22] (Threat Expert Ltd.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
S2 OnyxUpdaterService; C:\Program Files\Onyx Graphics\AutoUpdate\OnxUpdtService.exe [61440 2004-09-22] ()
S2 QBVSS; C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2011-08-19] (Intuit Inc.)
S3 sdAuxService; C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe [402368 2012-06-22] (PC Tools)
S3 sdCoreService; C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe [1118680 2012-06-22] (PC Tools)
S2 AviraUpgradeService; "C:\WINDOWS\TEMP\AVSETUP_507d8146\avupgsvc.exe" /TEMPSTART:""C:\WINDOWS\TEMP\AVSETUP_507d8146\setup.exe" /NOTEMPCLEANUP /CROSSUPGRADE" [x]
S3 getPlus® Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [x]
S4 HidServ; %SystemRoot%\System32\hidserv.dll [x]
S2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" [x]

==================== Drivers (Whitelisted) ====================

R3 akshasp; C:\Windows\System32\DRIVERS\akshasp.sys [328448 2004-04-28] (Aladdin Knowledge Systems)
R3 aksusb; C:\Windows\System32\DRIVERS\aksusb.sys [99968 2004-05-11] (Aladdin Knowledge Systems)
S2 DLABMFSM; C:\Windows\System32\Drivers\DLABMFSM.SYS [37360 2007-07-23] (Roxio)
S2 DLABOIOM; C:\Windows\System32\Drivers\DLABOIOM.SYS [32848 2007-07-23] (Roxio)
S2 DLADResM; C:\Windows\System32\Drivers\DLADResM.SYS [9104 2007-07-23] (Roxio)
S2 DLAIFS_M; C:\Windows\System32\Drivers\DLAIFS_M.SYS [108752 2007-07-23] (Roxio)
S2 DLAOPIOM; C:\Windows\System32\Drivers\DLAOPIOM.SYS [27216 2007-07-23] (Roxio)
S2 DLAPoolM; C:\Windows\System32\Drivers\DLAPoolM.SYS [16304 2007-07-23] (Roxio)
S2 DLAUDFAM; C:\Windows\System32\Drivers\DLAUDFAM.SYS [93552 2007-07-23] (Roxio)
S2 DLAUDF_M; C:\Windows\System32\Drivers\DLAUDF_M.SYS [98448 2007-07-23] (Roxio)
S2 Hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [676864 2004-07-14] (Aladdin Knowledge Systems)
S2 Haspnt; C:\WINDOWS\system32\drivers\Haspnt.sys [47616 2010-05-19] (Aladdin Knowledge Systems)
S1 kxhekyc; C:\Windows\System32\drivers\kxhekyc.sys [31360 2013-03-06] (Windows ® 2000 DDK provider)
U0 nhdnhbu; C:\Windows\System32\drivers\oxohero.sys [54016 2013-08-19] ()
S3 nm; C:\Windows\System32\DRIVERS\NMnt.sys [40320 2008-04-13] (Microsoft Corporation)
S2 NwlnkIpx; C:\Windows\System32\DRIVERS\nwlnkipx.sys [88320 2008-04-13] (Microsoft Corporation)
S2 NwlnkNb; C:\Windows\System32\DRIVERS\nwlnknb.sys [63232 2004-08-04] (Microsoft Corporation)
S2 NwlnkSpx; C:\Windows\System32\DRIVERS\nwlnkspx.sys [55936 2004-08-04] (Microsoft Corporation)
S3 PCTBD; C:\Windows\System32\Drivers\PCTBD.sys [70768 2012-06-22] (PC Tools)
R0 PCTCore; C:\Windows\System32\drivers\PCTCore.sys [383368 2012-04-23] (PC Tools)
R0 pctDS; C:\Windows\System32\drivers\pctDS.sys [342168 2012-02-28] (PC Tools)
S1 PCTSD; C:\Windows\System32\Drivers\PCTSD.sys [203120 2012-06-22] (PC Tools)
S1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28352 2007-03-01] (Avira GmbH)
S3 taphss; C:\Windows\System32\DRIVERS\taphss.sys [33512 2013-01-03] (AnchorFree Inc)
R1 Tcpip6; C:\Windows\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
R3 catchme; \??\C:\DOCUME~1\MIXAEL~1\LOCALS~1\Temp\catchme.sys [x]
U3 mbr; \??\C:\ComboFix\mbr.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-08-19 10:19 - 2013-08-19 10:19 - 00054016 _____ C:\WINDOWS\system32\Drivers\oxohero.sys
2013-08-19 09:52 - 2013-08-19 09:52 - 00016961 _____ C:\ComboFix.txt
2013-08-19 09:52 - 2013-08-19 09:52 - 00004818 _____ C:\WINDOWS\setupapi.log
2013-08-19 09:39 - 2013-08-19 09:39 - 00000275 _____ C:\Documents and Settings\mixael padilla\Desktop\Shortcut to ComboFix.lnk
2013-08-19 04:42 - 2013-08-19 04:42 - 00133576 _____ C:\OTL.Txt
2013-08-19 03:18 - 2013-08-19 03:24 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2013-08-15 15:59 - 2013-08-19 10:19 - 00000000 ____D C:\Documents and Settings\mixael padilla\Local Settings\Application Data\8EVvll6gC
2013-08-15 15:59 - 2013-08-15 15:59 - 00182272 _____ C:\Documents and Settings\mixael padilla\Local Settings\Application Data\vpLNhumSDQ
2013-08-15 15:59 - 2013-08-15 15:59 - 00182272 _____ C:\Documents and Settings\mixael padilla\Application Data\UiQFgXec
2013-08-15 15:59 - 2013-08-15 15:59 - 00182272 _____ C:\Documents and Settings\All Users\Application Data\DZvBvHC6p
2013-08-15 09:48 - 2013-08-15 09:48 - 00030272 _____ C:\Documents and Settings\mixael padilla\Application Data\123cook.dat
2013-08-15 04:01 - 2013-08-15 04:01 - 01282640 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-08-15 03:39 - 2013-08-15 03:39 - 00132346 _____ C:\WINDOWS\KB2834904.log
2013-08-15 03:39 - 2013-08-15 03:39 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834904_WM11$
2013-08-15 03:38 - 2013-08-15 03:39 - 00135190 _____ C:\WINDOWS\KB2862772-IE8.log
2013-08-15 03:35 - 2013-08-15 03:35 - 00125331 _____ C:\WINDOWS\KB2834886.log
2013-08-15 03:35 - 2013-08-15 03:35 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850851$
2013-08-15 03:35 - 2013-08-15 03:35 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834886$
2013-08-15 03:26 - 2013-08-15 03:26 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2845187$
2013-08-15 03:23 - 2013-08-15 03:24 - 00125423 _____ C:\WINDOWS\KB2803821.log
2013-08-15 03:23 - 2013-08-15 03:24 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2803821_WM9$
2013-08-15 03:19 - 2013-08-15 03:20 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850869$
2013-08-15 03:17 - 2013-08-15 03:17 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2859537$
2013-08-15 03:13 - 2013-08-15 03:39 - 00066154 _____ C:\WINDOWS\iis6.log
2013-08-15 03:13 - 2013-08-15 03:39 - 00061586 _____ C:\WINDOWS\FaxSetup.log
2013-08-15 03:13 - 2013-08-15 03:39 - 00029560 _____ C:\WINDOWS\ocgen.log
2013-08-15 03:13 - 2013-08-15 03:39 - 00028200 _____ C:\WINDOWS\tsoc.log
2013-08-15 03:13 - 2013-08-15 03:39 - 00020504 _____ C:\WINDOWS\comsetup.log
2013-08-15 03:13 - 2013-08-15 03:39 - 00018632 _____ C:\WINDOWS\msmqinst.log
2013-08-15 03:13 - 2013-08-15 03:39 - 00012429 _____ C:\WINDOWS\ntdtcsetup.log
2013-08-15 03:13 - 2013-08-15 03:39 - 00010830 _____ C:\WINDOWS\netfxocm.log
2013-08-15 03:13 - 2013-08-15 03:39 - 00005286 _____ C:\WINDOWS\updspapi.log
2013-08-15 03:13 - 2013-08-15 03:39 - 00004250 _____ C:\WINDOWS\MedCtrOC.log
2013-08-15 03:13 - 2013-08-15 03:39 - 00003420 _____ C:\WINDOWS\ocmsn.log
2013-08-15 03:13 - 2013-08-15 03:39 - 00003110 _____ C:\WINDOWS\tabletoc.log
2013-08-15 03:13 - 2013-08-15 03:39 - 00003090 _____ C:\WINDOWS\msgsocm.log
2013-08-15 03:13 - 2013-08-15 03:39 - 00001374 _____ C:\WINDOWS\imsins.log
2013-08-15 03:13 - 2013-08-15 03:39 - 00001374 _____ C:\WINDOWS\imsins.BAK
2013-08-15 03:13 - 2013-08-15 03:13 - 00123732 _____ C:\WINDOWS\KB2863058.log
2013-08-15 03:13 - 2013-08-15 03:13 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2863058$
2013-08-15 03:13 - 2013-08-15 03:13 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2849470$
2013-08-15 03:13 - 2013-08-15 03:13 - 00000000 _____ C:\WINDOWS\setuperr.log
2013-08-15 03:13 - 2013-08-15 03:13 - 00000000 _____ C:\WINDOWS\setupact.log
2013-08-14 14:39 - 2013-08-15 03:35 - 00130310 _____ C:\WINDOWS\KB2850851.log
2013-08-14 14:38 - 2013-08-15 03:26 - 00129027 _____ C:\WINDOWS\KB2845187.log
2013-08-14 14:38 - 2013-08-15 03:20 - 00129323 _____ C:\WINDOWS\KB2850869.log
2013-08-14 14:38 - 2013-08-15 03:17 - 00131106 _____ C:\WINDOWS\KB2859537.log
2013-08-12 08:16 - 2013-08-12 08:16 - 00511362 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2013-08-12 08:00 - 2013-08-12 08:01 - 05102975 ____R (Swearware) C:\Documents and Settings\mixael padilla\Desktop\ComboFix.exe
2013-08-09 12:45 - 2013-08-09 12:45 - 00001836 _____ C:\Documents and Settings\All Users\Desktop\QuickBooks Pro 2012.lnk
2013-08-09 12:42 - 2013-08-09 12:42 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Nuance
2013-08-09 12:33 - 2013-08-09 12:33 - 00000000 ____D C:\Program Files\Microsoft.NET
2013-08-08 14:29 - 2013-08-08 14:29 - 00001051 _____ C:\Documents and Settings\All Users\Desktop\Free YouTube to MP3 Converter.lnk
2013-08-08 14:29 - 2013-08-08 14:29 - 00000000 ____D C:\Program Files\DVDVideoSoft
2013-08-08 14:29 - 2013-08-08 14:29 - 00000000 ____D C:\Program Files\Common Files\DVDVideoSoft
2013-08-08 08:09 - 2013-08-08 08:09 - 00000580 _____ C:\Documents and Settings\mixael padilla\Desktop\QBFS_test.qwc
2013-08-07 13:19 - 2013-08-08 09:33 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\ParetoLogic
2013-08-07 13:19 - 2013-08-07 13:19 - 00000000 ____D C:\Documents and Settings\mixael padilla\Application Data\ParetoLogic
2013-08-06 10:43 - 2013-08-06 11:25 - 00000000 ____D C:\Documents and Settings\mixael padilla\Desktop\yuri 8-6-2013
2013-07-27 10:57 - 2013-07-27 10:57 - 00001915 _____ C:\Documents and Settings\All Users\Desktop\Google Earth.lnk

==================== One Month Modified Files and Folders =======

2013-08-19 10:37 - 2012-09-26 15:15 - 00000049 _____ C:\WINDOWS\wiaservc.log
2013-08-19 10:37 - 2011-09-12 12:10 - 00000000 ____D C:\Documents and Settings\mixael padilla\Application Data\Dropbox
2013-08-19 10:36 - 2011-02-23 14:36 - 00000898 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-19 10:36 - 2009-11-18 09:53 - 00000260 _____ C:\WINDOWS\Tasks\WGASetup.job
2013-08-19 10:36 - 2004-08-11 14:20 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-08-19 10:20 - 2013-08-19 10:20 - 00000000 ____D C:\FRST
2013-08-19 10:19 - 2013-08-19 10:19 - 00054016 _____ C:\WINDOWS\system32\Drivers\oxohero.sys
2013-08-19 10:19 - 2013-08-15 15:59 - 00000000 ____D C:\Documents and Settings\mixael padilla\Local Settings\Application Data\8EVvll6gC
2013-08-19 10:16 - 2012-09-26 14:32 - 01236342 _____ C:\WINDOWS\WindowsUpdate.log
2013-08-19 10:16 - 2008-06-20 12:42 - 00000278 ___SH C:\Documents and Settings\mixael padilla\ntuser.ini
2013-08-19 09:52 - 2013-08-19 09:52 - 00016961 _____ C:\ComboFix.txt
2013-08-19 09:52 - 2013-08-19 09:52 - 00004818 _____ C:\WINDOWS\setupapi.log
2013-08-19 09:52 - 2009-10-27 13:27 - 00000000 ____D C:\Qoobox
2013-08-19 09:52 - 2004-08-11 14:20 - 00000000 __SHD C:\Documents and Settings\NetworkService
2013-08-19 09:52 - 2004-08-11 14:20 - 00000000 __SHD C:\Documents and Settings\LocalService
2013-08-19 09:50 - 2004-08-11 14:00 - 00000227 _____ C:\WINDOWS\system.ini
2013-08-19 09:39 - 2013-08-19 09:39 - 00000275 _____ C:\Documents and Settings\mixael padilla\Desktop\Shortcut to ComboFix.lnk
2013-08-19 09:38 - 2004-08-11 14:00 - 00013762 _____ C:\WINDOWS\system32\wpa.dbl
2013-08-19 06:28 - 2012-09-26 15:14 - 00032544 _____ C:\WINDOWS\SchedLgU.Txt
2013-08-19 06:24 - 2010-06-01 08:34 - 00000440 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{1B7E6FF3-37EB-45DA-A7B1-D7430E9A3610}.job
2013-08-19 06:21 - 2012-06-05 09:04 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-08-19 05:55 - 2011-02-23 14:36 - 00000902 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-19 04:42 - 2013-08-19 04:42 - 00133576 _____ C:\OTL.Txt
2013-08-19 03:24 - 2013-08-19 03:18 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2013-08-18 20:40 - 2012-01-14 14:45 - 00000452 _____ C:\WINDOWS\Tasks\At2.job
2013-08-18 14:00 - 2012-01-14 14:45 - 00000452 _____ C:\WINDOWS\Tasks\At4.job
2013-08-18 13:45 - 2012-01-14 14:45 - 00000452 _____ C:\WINDOWS\Tasks\At3.job
2013-08-18 10:10 - 2012-01-14 14:45 - 00000452 _____ C:\WINDOWS\Tasks\At1.job
2013-08-17 19:29 - 2008-06-25 12:59 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2013-08-16 17:30 - 2008-07-08 17:10 - 00000532 ____H C:\WINDOWS\Tasks\EXHIBIT GRAPHICS, INC 1215562252.job
2013-08-15 23:54 - 2004-08-11 14:00 - 00000435 __RSH C:\boot.ini
2013-08-15 15:59 - 2013-08-15 15:59 - 00182272 _____ C:\Documents and Settings\mixael padilla\Local Settings\Application Data\vpLNhumSDQ
2013-08-15 15:59 - 2013-08-15 15:59 - 00182272 _____ C:\Documents and Settings\mixael padilla\Application Data\UiQFgXec
2013-08-15 15:59 - 2013-08-15 15:59 - 00182272 _____ C:\Documents and Settings\All Users\Application Data\DZvBvHC6p
2013-08-15 14:07 - 2008-06-26 14:29 - 00203968 _____ C:\Documents and Settings\mixael padilla\Application Data\GDIPFONTCACHEV1.DAT
2013-08-15 09:48 - 2013-08-15 09:48 - 00030272 _____ C:\Documents and Settings\mixael padilla\Application Data\123cook.dat
2013-08-15 09:48 - 2011-09-12 12:11 - 00000000 ___RD C:\Documents and Settings\mixael padilla\My Documents\Dropbox
2013-08-15 09:45 - 2008-06-20 12:42 - 00000000 ____D C:\Documents and Settings\mixael padilla
2013-08-15 04:01 - 2013-08-15 04:01 - 01282640 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-08-15 04:01 - 2008-08-13 07:23 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-08-15 03:46 - 2004-08-11 14:21 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2013-08-15 03:42 - 2004-08-11 14:07 - 00693646 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-08-15 03:39 - 2013-08-15 03:39 - 00132346 _____ C:\WINDOWS\KB2834904.log
2013-08-15 03:39 - 2013-08-15 03:39 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834904_WM11$
2013-08-15 03:39 - 2013-08-15 03:38 - 00135190 _____ C:\WINDOWS\KB2862772-IE8.log
2013-08-15 03:39 - 2013-08-15 03:13 - 00066154 _____ C:\WINDOWS\iis6.log
2013-08-15 03:39 - 2013-08-15 03:13 - 00061586 _____ C:\WINDOWS\FaxSetup.log
2013-08-15 03:39 - 2013-08-15 03:13 - 00029560 _____ C:\WINDOWS\ocgen.log
2013-08-15 03:39 - 2013-08-15 03:13 - 00028200 _____ C:\WINDOWS\tsoc.log
2013-08-15 03:39 - 2013-08-15 03:13 - 00020504 _____ C:\WINDOWS\comsetup.log
2013-08-15 03:39 - 2013-08-15 03:13 - 00018632 _____ C:\WINDOWS\msmqinst.log
2013-08-15 03:39 - 2013-08-15 03:13 - 00012429 _____ C:\WINDOWS\ntdtcsetup.log
2013-08-15 03:39 - 2013-08-15 03:13 - 00010830 _____ C:\WINDOWS\netfxocm.log
2013-08-15 03:39 - 2013-08-15 03:13 - 00005286 _____ C:\WINDOWS\updspapi.log
2013-08-15 03:39 - 2013-08-15 03:13 - 00004250 _____ C:\WINDOWS\MedCtrOC.log
2013-08-15 03:39 - 2013-08-15 03:13 - 00003420 _____ C:\WINDOWS\ocmsn.log
2013-08-15 03:39 - 2013-08-15 03:13 - 00003110 _____ C:\WINDOWS\tabletoc.log
2013-08-15 03:39 - 2013-08-15 03:13 - 00003090 _____ C:\WINDOWS\msgsocm.log
2013-08-15 03:39 - 2013-08-15 03:13 - 00001374 _____ C:\WINDOWS\imsins.log
2013-08-15 03:39 - 2013-08-15 03:13 - 00001374 _____ C:\WINDOWS\imsins.BAK
2013-08-15 03:35 - 2013-08-15 03:35 - 00125331 _____ C:\WINDOWS\KB2834886.log
2013-08-15 03:35 - 2013-08-15 03:35 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850851$
2013-08-15 03:35 - 2013-08-15 03:35 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2834886$
2013-08-15 03:35 - 2013-08-14 14:39 - 00130310 _____ C:\WINDOWS\KB2850851.log
2013-08-15 03:26 - 2013-08-15 03:26 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2845187$
2013-08-15 03:26 - 2013-08-14 14:38 - 00129027 _____ C:\WINDOWS\KB2845187.log
2013-08-15 03:24 - 2013-08-15 03:23 - 00125423 _____ C:\WINDOWS\KB2803821.log
2013-08-15 03:24 - 2013-08-15 03:23 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2803821_WM9$
2013-08-15 03:20 - 2013-08-15 03:19 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2850869$
2013-08-15 03:20 - 2013-08-14 14:38 - 00129323 _____ C:\WINDOWS\KB2850869.log
2013-08-15 03:17 - 2013-08-15 03:17 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2859537$
2013-08-15 03:17 - 2013-08-14 14:38 - 00131106 _____ C:\WINDOWS\KB2859537.log
2013-08-15 03:13 - 2013-08-15 03:13 - 00123732 _____ C:\WINDOWS\KB2863058.log
2013-08-15 03:13 - 2013-08-15 03:13 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2863058$
2013-08-15 03:13 - 2013-08-15 03:13 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2849470$
2013-08-15 03:13 - 2013-08-15 03:13 - 00000000 _____ C:\WINDOWS\setuperr.log
2013-08-15 03:13 - 2013-08-15 03:13 - 00000000 _____ C:\WINDOWS\setupact.log
2013-08-15 03:13 - 2008-06-13 13:23 - 00761694 _____ C:\WINDOWS\system32\TZLog.log
2013-08-15 03:03 - 2009-11-18 18:12 - 00000000 ____D C:\WINDOWS\system32\XPSViewer
2013-08-14 12:18 - 2013-03-07 20:29 - 00000682 _____ C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2013-08-14 12:18 - 2008-06-20 16:43 - 00000000 ____D C:\Program Files\CCleaner
2013-08-12 08:20 - 2013-07-01 11:51 - 00004974 _____ C:\Documents and Settings\mixael padilla\Application Data\dll.ini
2013-08-12 08:20 - 2013-07-01 11:51 - 00002040 _____ C:\WINDOWS\system32\CashProxyOff.ini
2013-08-12 08:19 - 2013-07-01 11:51 - 00380928 _____ (Cash Ventures Corp) C:\Documents and Settings\mixael padilla\Application Data\RegisterLSP64.exe
2013-08-12 08:19 - 2013-07-01 11:51 - 00003696 _____ C:\WINDOWS\system32\CashProxy.ini
2013-08-12 08:19 - 2013-07-01 11:51 - 00000086 _____ C:\Documents and Settings\mixael padilla\Application Data\registerlsp.ini
2013-08-12 08:19 - 2008-06-13 13:34 - 00203968 _____ C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-08-12 08:17 - 2008-06-27 12:40 - 00000000 ____D C:\WINDOWS\SxsCaPendDel
2013-08-12 08:16 - 2013-08-12 08:16 - 00511362 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2013-08-12 08:16 - 2004-08-11 10:06 - 41156608 _____ C:\WINDOWS\system32\config\SOFTWARE.bak
2013-08-12 08:16 - 2004-08-11 10:06 - 12845056 _____ C:\WINDOWS\system32\config\SYSTEM.bak
2013-08-12 08:16 - 2004-08-11 10:06 - 00393216 _____ C:\WINDOWS\system32\config\DEFAULT.bak
2013-08-12 08:16 - 2004-08-11 10:06 - 00262144 _____ C:\WINDOWS\system32\config\SECURITY.bak
2013-08-12 08:16 - 2004-08-11 10:06 - 00262144 _____ C:\WINDOWS\system32\config\SAM.bak
2013-08-12 08:15 - 2009-10-27 13:38 - 00008192 ____H C:\WINDOWS\system32\config\SECURITY.tmp.LOG
2013-08-12 08:15 - 2009-10-27 13:28 - 00000000 ____D C:\WINDOWS\ERDNT
2013-08-12 08:01 - 2013-08-12 08:00 - 05102975 ____R (Swearware) C:\Documents and Settings\mixael padilla\Desktop\ComboFix.exe
2013-08-09 13:26 - 2008-06-20 17:28 - 00000000 ____D C:\Documents and Settings\mixael padilla\Local Settings\Application Data\Intuit
2013-08-09 12:45 - 2013-08-09 12:45 - 00001836 _____ C:\Documents and Settings\All Users\Desktop\QuickBooks Pro 2012.lnk
2013-08-09 12:45 - 2011-06-01 11:02 - 00000095 _____ C:\WINDOWS\QBChanUtil_Trigger.ini
2013-08-09 12:43 - 2008-06-20 17:10 - 00000000 ____D C:\Program Files\Common Files\Intuit
2013-08-09 12:42 - 2013-08-09 12:42 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Nuance
2013-08-09 12:42 - 2008-06-20 17:10 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Intuit
2013-08-09 12:33 - 2013-08-09 12:33 - 00000000 ____D C:\Program Files\Microsoft.NET
2013-08-09 12:29 - 2011-06-01 10:57 - 00000000 ____D C:\WINDOWS\Intuit
2013-08-08 14:29 - 2013-08-08 14:29 - 00001051 _____ C:\Documents and Settings\All Users\Desktop\Free YouTube to MP3 Converter.lnk
2013-08-08 14:29 - 2013-08-08 14:29 - 00000000 ____D C:\Program Files\DVDVideoSoft
2013-08-08 14:29 - 2013-08-08 14:29 - 00000000 ____D C:\Program Files\Common Files\DVDVideoSoft
2013-08-08 14:29 - 2013-06-11 11:59 - 00000000 ____D C:\Documents and Settings\mixael padilla\Application Data\DVDVideoSoft
2013-08-08 09:33 - 2013-08-07 13:19 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\ParetoLogic
2013-08-08 08:09 - 2013-08-08 08:09 - 00000580 _____ C:\Documents and Settings\mixael padilla\Desktop\QBFS_test.qwc
2013-08-07 13:19 - 2013-08-07 13:19 - 00000000 ____D C:\Documents and Settings\mixael padilla\Application Data\ParetoLogic
2013-08-07 13:16 - 2009-11-19 16:43 - 00001324 _____ C:\WINDOWS\system32\d3d9caps.dat
2013-08-07 12:12 - 2010-05-04 13:32 - 00000000 ____D C:\Documents and Settings\HelpAssistant
2013-08-07 12:12 - 2004-08-11 14:20 - 00000000 ____D C:\Documents and Settings\Administrator
2013-08-07 12:12 - 2004-08-11 14:11 - 00000000 ____D C:\WINDOWS\Registration
2013-08-06 11:25 - 2013-08-06 10:43 - 00000000 ____D C:\Documents and Settings\mixael padilla\Desktop\yuri 8-6-2013
2013-08-01 11:36 - 2009-12-11 15:22 - 00000000 ____D C:\Documents and Settings\mixael padilla\Application Data\vlc
2013-07-31 14:58 - 2011-02-23 14:38 - 00001813 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2013-07-27 10:57 - 2013-07-27 10:57 - 00001915 _____ C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
2013-07-25 21:23 - 2004-08-04 03:00 - 00174592 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ie4uinit.exe
2013-07-25 21:23 - 2004-08-04 03:00 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2013-07-25 19:47 - 2012-06-13 18:21 - 00522240 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsdbgui.dll
2013-07-25 19:47 - 2010-07-14 12:04 - 00743424 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedvtool.dll
2013-07-25 19:47 - 2010-07-14 12:04 - 00247808 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieproxy.dll
2013-07-25 19:47 - 2010-07-14 12:04 - 00012800 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpshims.dll
2013-07-25 19:47 - 2009-08-29 00:36 - 11113472 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieframe.dll
2013-07-25 19:47 - 2009-08-29 00:36 - 02005504 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iertutil.dll
2013-07-25 19:47 - 2009-08-29 00:36 - 00630272 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeeds.dll
2013-07-25 19:47 - 2009-08-29 00:36 - 00055296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2013-07-25 19:47 - 2007-08-13 18:54 - 11113472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2013-07-25 19:47 - 2007-08-13 18:54 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2013-07-25 19:47 - 2007-08-13 18:54 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2013-07-25 19:47 - 2007-08-13 18:34 - 02005504 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2013-07-25 19:47 - 2006-03-23 10:32 - 06017536 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll
2013-07-25 19:47 - 2006-03-23 10:32 - 06017536 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2013-07-25 19:47 - 2006-03-18 04:09 - 01215488 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\urlmon.dll
2013-07-25 19:47 - 2006-03-18 04:09 - 01215488 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2013-07-25 19:47 - 2006-03-03 20:33 - 00920064 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wininet.dll
2013-07-25 19:47 - 2006-03-03 20:33 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2013-07-25 19:47 - 2006-03-03 20:33 - 00611840 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mstime.dll
2013-07-25 19:47 - 2006-03-03 20:33 - 00611840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstime.dll
2013-07-25 19:47 - 2006-03-03 20:33 - 00184320 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iepeers.dll
2013-07-25 19:47 - 2006-03-03 20:33 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2013-07-25 19:47 - 2006-03-03 20:33 - 00067072 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtmled.dll
2013-07-25 19:47 - 2006-03-03 20:33 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2013-07-25 19:47 - 2004-08-11 14:12 - 00759296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\vgx.dll
2013-07-25 19:47 - 2004-08-04 03:00 - 01469440 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\inetcpl.cpl
2013-07-25 19:47 - 2004-08-04 03:00 - 01469440 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2013-07-25 19:47 - 2004-08-04 03:00 - 00387584 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedkcs32.dll
2013-07-25 19:47 - 2004-08-04 03:00 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2013-07-25 19:47 - 2004-08-04 03:00 - 00206848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\occache.dll
2013-07-25 19:47 - 2004-08-04 03:00 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
2013-07-25 19:47 - 2004-08-04 03:00 - 00105984 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\url.dll
2013-07-25 19:47 - 2004-08-04 03:00 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
2013-07-25 19:47 - 2004-08-04 03:00 - 00043520 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\licmgr10.dll
2013-07-25 19:47 - 2004-08-04 03:00 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll
2013-07-25 19:47 - 2004-08-04 03:00 - 00025600 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsproxy.dll
2013-07-25 19:47 - 2004-08-04 03:00 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2013-07-25 08:52 - 2004-08-04 03:00 - 00385024 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2013-07-23 11:14 - 2013-07-11 10:35 - 00000000 ____D C:\Documents and Settings\mixael padilla\Desktop\jennifer

Files to move or delete:
====================
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At3.job
C:\Windows\Tasks\At4.job

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

 

 

HERE IS THE OTHER ONE

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-08-2013
Ran by mixael padilla at 2013-08-19 10:21:21
Running from D:\FIRST
Boot Mode: Normal
==========================================================

==================== Installed Programs =======================

Adobe Acrobat X Pro - English, Français, Deutsch (Version: 10.0.0)
Adobe Flash Player 11 ActiveX (Version: 11.8.800.94)
Adobe Illustrator CS2 (Version: 12.000.000)
Adobe InDesign CS2 (Version: 004.000.000)
Adobe Photoshop 7.0 (Version: 7.0)
Adobe Reader 7.0 (Version: 7.0.0)
Adobe Shockwave Player 11.5 (Version: 11.5.6.606)
Adobe SVG Viewer 3.0 (Version:  3.0)
Adobe Type Manager 4.1
Apple Application Support (Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
Bing Bar (Version: 7.2.233.0)
Bonjour (Version: 3.0.0.10)
Browser Address Error Redirector (Version: 1.00.0000)
Browser Guard 4.0 (Version: 4.0.0.1606)
Bucksbee Loyalty Plugin - 100815
CCleaner (Version: 4.04)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
CUT-Server (Version: 1.00.000)
Dell Driver Reset Tool (Version: 1.02.0000)
Dell Support Center (Version: 2.1.08060)
Dropbox (HKCU Version: 2.0.22)
Free YouTube to MP3 Converter version 3.12.9.725 (Version: 3.12.9.725)
Google Chrome (Version: 28.0.1500.95)
Google Earth (Version: 7.1.1.1888)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Update Helper (Version: 1.3.21.153)
GPL Ghostscript 8.62
GPL Ghostscript Fonts
HiJackThis (Version: 1.0.0)
HP FWUpdateEDO2 (Version: 1.2.0.0)
HP Officejet Pro 8600 Basic Device Software (Version: 24.0.342.0)
HP Officejet Pro 8600 Help (Version: 140.0.2.2)
HP Officejet Pro 8600 Product Improvement Study (Version: 24.0.342.0)
HP Update (Version: 5.003.000.004)
HPDiagnosticAlert (Version: 1.00.0000)
I.R.I.S. OCR (Version: 12.3.4.0)
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Connections 12.1.8.0 (Version: )
iTunes (Version: 11.0.4.4)
Java Auto Updater (Version: 2.0.7.1)
Java 6 Update 31 (Version: 6.0.310)
Java 6 Update 5 (Version: 1.6.0.50)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
McAfee Security Scan Plus (Version: 3.0.318.3)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage (Version: 10.0.2627.0)
Microsoft Publisher 2002 (Version: 10.0.2627.01)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
MobileMe Control Panel (Version: 3.1.8.0)
Move Media Player
Mozilla Firefox 4.0.1 (x86 en-US) (Version: 4.0.1)
MSN
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
MSXML 6 Service Pack 2 (KB973686) (Version: 6.20.2003.0)
Netflix Movie Viewer (Version: 1.2.211)
Octoshape Streaming Services
PayPal Payment Request Wizard For QuickBooks US Edition (Version: 1.00.000)
PC Tools Spyware Doctor 9.0 (Version: 9.0)
Photo/Graphic Edges
PosterShop (Version: 6.00)
PosterShop AutoUpdate
PowerDVD (Version: 8.0)
QuarkXPress 5.0 (Version: 5.00.0000)
QuickBooks (Version: 22.0.4001.2206)
QuickBooks Pro 2012 (Version: 22.0.4001.2206)
QuickTime (Version: 7.74.80.86)
RayV (Version: 2.0.1.65)
Realtek High Definition Audio Driver
Roxio Activation Module (Version: 1.0)
Roxio Creator Audio (Version: 3.5.0)
Roxio Creator BDAV Plugin (Version: 3.5.0)
Roxio Creator Copy (Version: 3.5.0)
Roxio Creator Data (Version: 3.5.0)
Roxio Creator DE (Version: 3.5.0)
Roxio Creator Tools (Version: 3.5.0)
Roxio Drag-to-Disc (Version: 9.1)
Roxio Express Labeler 3 (Version: 3.2.1)
Roxio Update Manager (Version: 6.0.0)
Sonic CinePlayer Decoder Pack (Version: 4.2.0)
SupportSoft Assisted Service (Version: 15)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 7 (KB976749) (Version: 1)
Update for Windows Internet Explorer 7 (KB980182) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows Internet Explorer 8 (KB976662) (Version: 1)
Update for Windows XP (KB2863058) (Version: 1)
VideoFileDownload (Version: 1.0)
VLC media player 1.0.3 (Version: 1.0.3)
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Imaging Component (Version: 3.0.0.0)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3 (Version: 20080414.031525)
Yahoo! Install Manager
Yahoo! Search Protection
Yahoo! Search Suggest Add-on for IE7
Yahoo! Software Update
Yahoo! Toolbar
 

==================== Restore Points  =========================

16-07-2013 10:00:17 Software Distribution Service 3.0
17-07-2013 10:00:17 Software Distribution Service 3.0
18-07-2013 10:00:16 Software Distribution Service 3.0
19-07-2013 10:00:17 Software Distribution Service 3.0
20-07-2013 10:00:16 Software Distribution Service 3.0
21-07-2013 10:00:17 Software Distribution Service 3.0
22-07-2013 10:00:16 Software Distribution Service 3.0
23-07-2013 10:00:16 Software Distribution Service 3.0
24-07-2013 10:00:19 Software Distribution Service 3.0
25-07-2013 10:00:17 Software Distribution Service 3.0
26-07-2013 10:00:17 Software Distribution Service 3.0
27-07-2013 10:00:17 Software Distribution Service 3.0
28-07-2013 10:00:16 Software Distribution Service 3.0
29-07-2013 10:00:17 Software Distribution Service 3.0
30-07-2013 10:53:59 System Checkpoint
31-07-2013 11:06:01 System Checkpoint
01-08-2013 12:05:59 System Checkpoint
02-08-2013 12:06:16 System Checkpoint
03-08-2013 12:10:06 System Checkpoint
04-08-2013 13:10:06 System Checkpoint
05-08-2013 13:58:06 System Checkpoint
07-08-2013 17:40:21 System Checkpoint
07-08-2013 19:11:10 Restore Operation
08-08-2013 10:00:17 Software Distribution Service 3.0
09-08-2013 10:00:18 Software Distribution Service 3.0
10-08-2013 10:00:17 Software Distribution Service 3.0
11-08-2013 10:00:16 Software Distribution Service 3.0
12-08-2013 10:00:16 Software Distribution Service 3.0
13-08-2013 10:00:17 Software Distribution Service 3.0
14-08-2013 10:00:17 Software Distribution Service 3.0
15-08-2013 10:00:21 Software Distribution Service 3.0
16-08-2013 10:00:17 Software Distribution Service 3.0
17-08-2013 10:00:26 Software Distribution Service 3.0
18-08-2013 10:00:16 Software Distribution Service 3.0
19-08-2013 10:00:18 Software Distribution Service 3.0

==================== Hosts content: ==========================

2004-08-11 14:00 - 2013-08-19 09:50 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\At1.job => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\At2.job => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\At3.job => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\At4.job => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe
Task: C:\WINDOWS\Tasks\EXHIBIT GRAPHICS, INC 1215562252.job => C:\Program Files\Intuit\QuickBooks 2005\AutoBackupEXE.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{1B7E6FF3-37EB-45DA-A7B1-D7430E9A3610}.job => C:\WINDOWS\system32\msfeedssync.exe
Task: C:\WINDOWS\Tasks\WGASetup.job => C:\WINDOWS\system32\KB905474\wgasetup.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (08/19/2013 03:00:35 AM) (Source: NativeWrapper) (User: )
Description: visualstudio7x80updatemsiexec.exe1.0.1722.5085kb28339411033643finstallx865.1.2600.2.3.0.2560

Error: (08/19/2013 03:00:35 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 - Update '{C0F0DCDC-99EA-4405-BDAE-CACABD3D2DF0}' could not be installed. Error code 1603. Additional information is available in the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2833941-X86\NDP1.1sp1-KB2833941-X86-msi.0.log.

Error: (08/19/2013 03:00:34 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source could be found for product Microsoft .NET Framework 1.1.  The Windows installer cannot continue.

Error: (08/18/2013 03:00:35 AM) (Source: NativeWrapper) (User: )
Description: visualstudio7x80updatemsiexec.exe1.0.1722.5085kb28339411033643finstallx865.1.2600.2.3.0.2560

Error: (08/18/2013 03:00:34 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 - Update '{C0F0DCDC-99EA-4405-BDAE-CACABD3D2DF0}' could not be installed. Error code 1603. Additional information is available in the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2833941-X86\NDP1.1sp1-KB2833941-X86-msi.0.log.

Error: (08/18/2013 03:00:33 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source could be found for product Microsoft .NET Framework 1.1.  The Windows installer cannot continue.

Error: (08/17/2013 03:00:52 AM) (Source: NativeWrapper) (User: )
Description: visualstudio7x80updatemsiexec.exe1.0.1722.5085kb28339411033643finstallx865.1.2600.2.3.0.2560

Error: (08/17/2013 03:00:52 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 - Update '{C0F0DCDC-99EA-4405-BDAE-CACABD3D2DF0}' could not be installed. Error code 1603. Additional information is available in the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2833941-X86\NDP1.1sp1-KB2833941-X86-msi.0.log.

Error: (08/17/2013 03:00:51 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source could be found for product Microsoft .NET Framework 1.1.  The Windows installer cannot continue.

Error: (08/16/2013 03:00:43 AM) (Source: NativeWrapper) (User: )
Description: visualstudio7x80updatemsiexec.exe1.0.1722.5085kb28339411033643finstallx865.1.2600.2.3.0.2560

System errors:
=============
Error: (08/19/2013 10:37:26 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}
 to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20).  This security permission can be modified using the Component Services administrative tool.

Error: (08/19/2013 10:37:15 AM) (Source: Service Control Manager) (User: )
Description: The Avira Upgrade Service service failed to start due to the following error:
%%3

Error: (08/19/2013 10:37:04 AM) (Source: NETLOGON) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Error: (08/19/2013 10:16:04 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (08/19/2013 10:15:42 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}
 to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20).  This security permission can be modified using the Component Services administrative tool.

Error: (08/19/2013 10:14:42 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}
 to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20).  This security permission can be modified using the Component Services administrative tool.

Error: (08/19/2013 10:13:42 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}
 to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20).  This security permission can be modified using the Component Services administrative tool.

Error: (08/19/2013 10:12:41 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}
 to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20).  This security permission can be modified using the Component Services administrative tool.

Error: (08/19/2013 10:11:41 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}
 to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20).  This security permission can be modified using the Component Services administrative tool.

Error: (08/19/2013 10:10:41 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID
{B1A429DB-FB06-4645-B7C0-0CC405EAD3CD}
 to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20).  This security permission can be modified using the Component Services administrative tool.

Microsoft Office Sessions:
=========================
Error: (08/19/2013 03:00:35 AM) (Source: NativeWrapper)(User: )
Description: visualstudio7x80updatemsiexec.exe1.0.1722.5085kb28339411033643finstallx865.1.2600.2.3.0.2560

Error: (08/19/2013 03:00:35 AM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Microsoft .NET Framework 1.1{C0F0DCDC-99EA-4405-BDAE-CACABD3D2DF0}1603C:\WINDOWS\TEMP\NDP1.1sp1-KB2833941-X86\NDP1.1sp1-KB2833941-X86-msi.0.log

Error: (08/19/2013 03:00:34 AM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source could be found for product Microsoft .NET Framework 1.1.  The Windows installer cannot continue.(NULL)(NULL)(NULL)

Error: (08/18/2013 03:00:35 AM) (Source: NativeWrapper)(User: )
Description: visualstudio7x80updatemsiexec.exe1.0.1722.5085kb28339411033643finstallx865.1.2600.2.3.0.2560

Error: (08/18/2013 03:00:34 AM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Microsoft .NET Framework 1.1{C0F0DCDC-99EA-4405-BDAE-CACABD3D2DF0}1603C:\WINDOWS\TEMP\NDP1.1sp1-KB2833941-X86\NDP1.1sp1-KB2833941-X86-msi.0.log

Error: (08/18/2013 03:00:33 AM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source could be found for product Microsoft .NET Framework 1.1.  The Windows installer cannot continue.(NULL)(NULL)(NULL)

Error: (08/17/2013 03:00:52 AM) (Source: NativeWrapper)(User: )
Description: visualstudio7x80updatemsiexec.exe1.0.1722.5085kb28339411033643finstallx865.1.2600.2.3.0.2560

Error: (08/17/2013 03:00:52 AM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Microsoft .NET Framework 1.1{C0F0DCDC-99EA-4405-BDAE-CACABD3D2DF0}1603C:\WINDOWS\TEMP\NDP1.1sp1-KB2833941-X86\NDP1.1sp1-KB2833941-X86-msi.0.log

Error: (08/17/2013 03:00:51 AM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source could be found for product Microsoft .NET Framework 1.1.  The Windows installer cannot continue.(NULL)(NULL)(NULL)

Error: (08/16/2013 03:00:43 AM) (Source: NativeWrapper)(User: )
Description: visualstudio7x80updatemsiexec.exe1.0.1722.5085kb28339411033643finstallx865.1.2600.2.3.0.2560

==================== Memory info ===========================

Percentage of memory in use: 16%
Total physical RAM: 3317.1 MB
Available physical RAM: 2757.86 MB
Total Pagefile: 5204.64 MB
Available Pagefile: 4894.44 MB
Total Virtual: 2047.88 MB
Available Virtual: 1941.79 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:60 GB) (Free:3.44 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: () (Fixed) (Total:172.76 GB) (Free:12.63 GB) NTFS
Drive h: () (Fixed) (Total:465.76 GB) (Free:465.66 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 233 GB) (Disk ID: 41AB2316)
Partition 1: (Not Active) - (Size=55 MB) - (Type=DE)
Partition 2: (Active) - (Size=60 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=173 GB) - (Type=OF Extended)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 633BB09F)
Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Share this post


Link to post
Share on other sites

Download the attached fixlist.txt to the same folder as FRST.

Run FRST and click Fix only once and wait

The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

Then........

Download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt
To attach a log if needed:

Bottom right corner of this page.

more-reply-options.jpg

New window that comes up.

choose-files1.jpg

~~~~~~~~~~~~~~~~~~~~~~~

Note:

If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

Internet access

Windows Update

Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot. It's located in the Plugins folder which is in the MBAR folder.

Just run fixdamage.exe.

Verify that they are now functioning normally.

MrC

Share this post


Link to post
Share on other sites

Looks Good.....

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Share this post


Link to post
Share on other sites

here it is

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.21.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
mixael padilla :: RIP06 [administrator]

8/21/2013 11:24:17 AM
mbam-log-2013-08-21 (11-24-17).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 275826
Time elapsed: 5 minute(s), 54 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 5
C:\Documents and Settings\mixael padilla\Application Data\OpenCandy (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Documents and Settings\mixael padilla\Application Data\OpenCandy\28A03C402D7C43D19924A6F4278BC902 (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Documents and Settings\mixael padilla\Application Data\OpenCandy\86C7706A3F554C06AACEF690791F7DC3 (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Documents and Settings\mixael padilla\Application Data\OpenCandy\EBE84CB63EFF477880EC06AA4E2F7B3E (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Documents and Settings\mixael padilla\Application Data\OpenCandy\OpenCandy_EBE84CB63EFF477880EC06AA4E2F7B3E (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.

Files Detected: 3
C:\Documents and Settings\mixael padilla\Application Data\OpenCandy\28A03C402D7C43D19924A6F4278BC902\4822.ico (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Documents and Settings\mixael padilla\Application Data\OpenCandy\28A03C402D7C43D19924A6F4278BC902\HSS-2.83-install-plain-452-silent.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Documents and Settings\mixael padilla\Application Data\OpenCandy\EBE84CB63EFF477880EC06AA4E2F7B3E\TuneUp_PC_2.4.6.4_CPMID_347_p11v0.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.

(end)
 

Share this post


Link to post
Share on other sites

Lets check for any adware.....

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select Run As Administrator

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
MrC

Share this post


Link to post
Share on other sites

do i hit clean? this is the report

 

# AdwCleaner v3.000 - Report created 22/08/2013 at 08:32:15
# Updated 20/08/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : mixael padilla - RIP06
# Running from : C:\Documents and Settings\mixael padilla\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Documents and Settings\HelpAssistant\Start Menu\eBay.lnk
File Found : C:\Documents and Settings\mixael padilla\Application Data\Mozilla\Firefox\Profiles\38ogo3dc.default\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
File Found : C:\Documents and Settings\mixael padilla\Application Data\Mozilla\Firefox\Profiles\38ogo3dc.default\searchplugins\alot-search.xml
File Found : C:\Documents and Settings\mixael padilla\Application Data\Mozilla\Firefox\Profiles\38ogo3dc.default\searchplugins\Conduit.xml
File Found : C:\Documents and Settings\mixael padilla\Application Data\Mozilla\Firefox\Profiles\38ogo3dc.default\searchplugins\Search_Results.xml
File Found : C:\Documents and Settings\mixael padilla\Application Data\Mozilla\Firefox\Profiles\38ogo3dc.default\user.js
File Found : C:\Documents and Settings\mixael padilla\Local Settings\Application Data\funmoods-speeddial.crx
File Found : C:\Documents and Settings\mixael padilla\Start Menu\eBay.lnk
File Found : C:\Program Files\Mozilla Firefox\searchplugins\Search_Results.xml
Folder Found : C:\Documents and Settings\mixael padilla\Application Data\Mozilla\Firefox\Profiles\38ogo3dc.default\Extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}
Folder Found : C:\Documents and Settings\mixael padilla\Application Data\Mozilla\Firefox\Profiles\38ogo3dc.default\Extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}
Folder Found : C:\Documents and Settings\mixael padilla\Application Data\Mozilla\Firefox\Profiles\38ogo3dc.default\Extensions\appbar@alot.com
Folder Found : C:\Documents and Settings\mixael padilla\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Folder Found C:\Documents and Settings\All Users\Application Data\boost_interprocess
Folder Found C:\Documents and Settings\All Users\Application Data\InstallMate
Folder Found C:\Documents and Settings\All Users\Application Data\ParetoLogic
Folder Found C:\Documents and Settings\All Users\Application Data\Premium
Folder Found C:\Documents and Settings\mixael padilla\Application Data\alotappbar
Folder Found C:\Documents and Settings\mixael padilla\Application Data\alotservice
Folder Found C:\Documents and Settings\mixael padilla\Application Data\DefaultTab
Folder Found C:\Documents and Settings\mixael padilla\Application Data\DriverCure
Folder Found C:\Documents and Settings\mixael padilla\Application Data\dvdvideosoftiehelpers
Folder Found C:\Documents and Settings\mixael padilla\Application Data\Mozilla\Firefox\Profiles\38ogo3dc.default\alot-appbar
Folder Found C:\Documents and Settings\mixael padilla\Application Data\Mozilla\Firefox\Profiles\38ogo3dc.default\CT3131886
Folder Found C:\Documents and Settings\mixael padilla\Application Data\Mozilla\Firefox\Profiles\38ogo3dc.default\FCTB
Folder Found C:\Documents and Settings\mixael padilla\Application Data\Mozilla\Firefox\Profiles\38ogo3dc.default\Smartbar
Folder Found C:\Documents and Settings\mixael padilla\Application Data\ParetoLogic
Folder Found C:\Documents and Settings\mixael padilla\Application Data\searchquband
Folder Found C:\Documents and Settings\mixael padilla\Local Settings\Application Data\Conduit
Folder Found C:\Documents and Settings\mixael padilla\Local Settings\Application Data\ConduitEngine
Folder Found C:\Documents and Settings\mixael padilla\Local Settings\Application Data\Ilivid Player
Folder Found C:\Documents and Settings\NetworkService\Local Settings\Application Data\DVDVideoSoftTB
Folder Found C:\Program Files\Conduit
Folder Found C:\Program Files\OApps

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\alotAppbar
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\DefaultTab
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\ConduitSearchScopes
Key Found : HKCU\Software\Default Tab
Key Found : HKCU\Software\DefaultTab
Key Found : HKCU\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A531D99C-5A22-449B-83DA-872725C6D0ED}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A531D99C-5A22-449B-83DA-872725C6D0ED}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\Software\bflixtoolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Classes\FCTB000100815.FCTB000100815Pos
Key Found : HKLM\SOFTWARE\Classes\FCTB000100815.FCTB000100815Pos.1
Key Found : HKLM\SOFTWARE\Classes\FCTB000100815.IEToolbar
Key Found : HKLM\SOFTWARE\Classes\FCTB000100815.IEToolbar.1
Key Found : HKLM\SOFTWARE\Classes\FCTB000100815.JSOptionsImpl
Key Found : HKLM\SOFTWARE\Classes\FCTB000100815.JSOptionsImpl.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B00FE392-639D-4688-976E-A1BFF368CB96}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\Default Tab
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}]

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v4.0.1 (en-US)

[ File : C:\Documents and Settings\mixael padilla\Application Data\Mozilla\Firefox\Profiles\38ogo3dc.default\prefs.js ]

Line Found : user_pref("CT3131886.1000082.isPlayDisplay", "true");

Line Found : user_pref("CT3131886.1000234.TWC_TMP_city", "IRVINE");
Line Found : user_pref("CT3131886.1000234.TWC_TMP_country", "US");
Line Found : user_pref("CT3131886.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3131886.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3131886.FirstTime", "true");
Line Found : user_pref("CT3131886.FirstTimeFF3", "true");

Line Found : user_pref("CT3131886.UserID", "UN05937469060241562");
Line Found : user_pref("CT3131886.addressBarTakeOverEnabledInHidden", "true");
Line Found : user_pref("CT3131886.autoDisableScopes", 0);
Line Found : user_pref("CT3131886.browser.search.defaultthis.engineName", true);
Line Found : user_pref("CT3131886.defaultSearch", "true");
Line Found : user_pref("CT3131886.embeddedsData", "[{\"appId\":\"129641800031032056\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Line Found : user_pref("CT3131886.enableAlerts", "always");
Line Found : user_pref("CT3131886.enableSearchFromAddressBar", "true");
Line Found : user_pref("CT3131886.firstTimeDialogOpened", "true");
Line Found : user_pref("CT3131886.fixPageNotFoundError", "true");
Line Found : user_pref("CT3131886.fixPageNotFoundErrorInHidden", "true");
Line Found : user_pref("CT3131886.fixUrls", true);
Line Found : user_pref("CT3131886.installId", "conduitinstaller.exe");
Line Found : user_pref("CT3131886.installType", "ConduitNSISIntegration");
Line Found : user_pref("CT3131886.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3131886.isNewTabEnabled", true);
Line Found : user_pref("CT3131886.isPerformedSmartBarTransition", "true");
Line Found : user_pref("CT3131886.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Found : user_pref("CT3131886.keyword", true);
Line Found : user_pref("CT3131886.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwindows.microsoft.com%2Fen-US%2Finternet-explorer%2Fdownloads%2Fie\",\"EB_MAIN_FRAME_TITLE\":\"%0A%09Internet%20Expl[...]
Line Found : user_pref("CT3131886.openThankYouPage", "false");
Line Found : user_pref("CT3131886.openUninstallPage", "true");
Line Found : user_pref("CT3131886.search.searchAppId", "129641800031032056");
Line Found : user_pref("CT3131886.search.searchCount", "0");
Line Found : user_pref("CT3131886.searchInNewTabEnabledInHidden", "true");
Line Found : user_pref("CT3131886.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3131886.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Found : user_pref("CT3131886.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Found : user_pref("CT3131886.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3131886\"}");

Line Found : user_pref("CT3131886.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"Vgrabber1\"}");
Line Found : user_pref("CT3131886.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3131886.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Found : user_pref("CT3131886.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1348762715748");
Line Found : user_pref("CT3131886.serviceLayer_services_appTracking_lastUpdate", "1348762717883");
Line Found : user_pref("CT3131886.serviceLayer_services_appsMetadata_lastUpdate", "1348762715725");
Line Found : user_pref("CT3131886.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1348762717488");
Line Found : user_pref("CT3131886.serviceLayer_services_login_10.10.20.14_lastUpdate", "1348762720714");
Line Found : user_pref("CT3131886.serviceLayer_services_optimizer_lastUpdate", "1348762717460");
Line Found : user_pref("CT3131886.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1348762717514");
Line Found : user_pref("CT3131886.serviceLayer_services_searchAPI_lastUpdate", "1348762714650");
Line Found : user_pref("CT3131886.serviceLayer_services_serviceMap_lastUpdate", "1348762711270");
Line Found : user_pref("CT3131886.serviceLayer_services_toolbarContextMenu_lastUpdate", "1348762717467");
Line Found : user_pref("CT3131886.serviceLayer_services_toolbarSettings_lastUpdate", "1348762720689");
Line Found : user_pref("CT3131886.serviceLayer_services_translation_lastUpdate", "1348762715730");
Line Found : user_pref("CT3131886.settingsINI", true);
Line Found : user_pref("CT3131886.shouldFirstTimeDialog", "false");
Line Found : user_pref("CT3131886.smartbar.CTID", "CT3131886");
Line Found : user_pref("CT3131886.smartbar.Uninstall", "0");
Line Found : user_pref("CT3131886.smartbar.homepage", true);
Line Found : user_pref("CT3131886.smartbar.isHidden", true);
Line Found : user_pref("CT3131886.smartbar.toolbarName", "Vgrabber1 ");
Line Found : user_pref("CT3131886.startPage", "userChanged");
Line Found : user_pref("CT3131886.toolbarBornServerTime", "27-9-2012");
Line Found : user_pref("CT3131886.toolbarCurrentServerTime", "27-9-2012");
Line Found : user_pref("Smartbar.ConduitHomepagesList", "");
Line Found : user_pref("Smartbar.ConduitSearchEngineList", "");
Line Found : user_pref("Smartbar.ConduitSearchUrlList", "");

Line Found : user_pref("Smartbar.keywordURLSelectedCTID", "CT3131886");
Line Found : user_pref("backup.old.browser.search.defaultenginename", "Search Results");
Line Found : user_pref("backup.old.browser.search.selectedEngine", "Search Results");


Line Found : user_pref("browser.search.order.1", "Search Results");


Line Found : user_pref("extensions.funmoods.aflt", "adknlg");
Line Found : user_pref("extensions.funmoods.autoRvrt", false);
Line Found : user_pref("extensions.funmoods.dfltLng", "");
Line Found : user_pref("extensions.funmoods.dfltSrch", true);
Line Found : user_pref("extensions.funmoods.dnsErr", true);
Line Found : user_pref("extensions.funmoods.envrmnt", "production");
Line Found : user_pref("extensions.funmoods.excTlbr", false);
Line Found : user_pref("extensions.funmoods.hmpg", true);

Line Found : user_pref("extensions.funmoods.id", "001D09938768FC18");
Line Found : user_pref("extensions.funmoods.instlDay", "15533");
Line Found : user_pref("extensions.funmoods.instlRef", "adknlg");
Line Found : user_pref("extensions.funmoods.isdcmntcmplt", true);
Line Found : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");

Line Found : user_pref("extensions.funmoods.prdct", "funmoods");
Line Found : user_pref("extensions.funmoods.prtnrId", "funmoods");
Line Found : user_pref("extensions.funmoods.srchPrvdr", "Search");
Line Found : user_pref("extensions.funmoods.tlbrId", "base");

Line Found : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Line Found : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Line Found : user_pref("extensions.funmoods_i.newTab", true);
Line Found : user_pref("extensions.funmoods_i.smplGrp", "none");
Line Found : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.228:11:1");
Line Found : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.AutoSearchEventData", "auto%20search");
Line Found : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.ClearCacheDate", 27);
Line Found : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.DNSCatch", false);
Line Found : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.DisplayEULA", true);
Line Found : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.DnsCatchEventData", "dns%20catch");
Line Found : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.EBOMode", true);
Line Found : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.EnableDCAData_xx", true);
Line Found : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.EnableDCA_xx", false);
Line Found : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.FirstLaunchShown", true);
Line Found : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.InstallDomain", "freecause.com");
Line Found : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.InstallType", "standard");
Line Found : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.LoadLayoutDate.100569", 27);
Line Found : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.NewTabSearchEventData", "tab%20search");
Line Found : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.ShowRecommendedOptions", true);
Line Found : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.StateReportDate", "1348762709108");
Line Found : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.TopRightSearchEventData", "top%20right%20search");
Line Found : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.beforeInstallSaved", true);
Line Found : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.beforeinstall.homepage", "hxxp%3A//start.funmoods.com/%3Ff%3D1%26a%3Dadknlg%26chnl%3Dadknlg%26cd%3D2XzuyEtN2Y1L1QzutDtDtC0DtDzyzytAzzyByCzz0F0CtCzz[...]
Line Found : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.beforeinstall.search", "Search");
Line Found : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.customNewTab", false);
Line Found : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.dcaDefaultMode", false);
Line Found : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.dcaShowInstallerPage", false);
Line Found : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.dcaShowSurvey", true);
Line Found : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.helpUsImprove", true);
Line Found : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.hideOthers", false);
Line Found : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.partnerauth", false);
Line Found : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.processAddrBar", false);
Line Found : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.restoreSearch", false);
Line Found : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.searchHistory", true);
Line Found : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.session", "48627156B24EF110FD160945046879FB9F66CDE0B44FECA0901833321EEC7AFF2B7E9007B6ACB4B0A776BA4CD82A8C7859326E8B4DFFE26FC6071644A46E8ACC86503AC8[...]
Line Found : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.showFirstLaunchOptions", false);
Line Found : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.tb_lang", "en");
Line Found : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.tool_id", "100569");
Line Found : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.user_id", "122123924");
Line Found : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.user_key", "558b38ef6885f7ed8965b4e627b29bc170e9b31d");
Line Found : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.user_layouts", "100569");
Line Found : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.user_lnames", "Shop%20to%20Win%2029");
Line Found : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.vars.disablecuidinject", "1");
Line Found : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.yahooSearch", false);

Line Found : user_pref("CT3220468.autoDisableScopes",  0);

-\\ Google Chrome v29.0.1547.57

[ File : C:\Documents and Settings\mixael padilla\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

Found : homepage
Found : search_url
Found : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [22359 octets] - [22/08/2013 08:32:15]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [22420 octets] ##########
 

Share this post


Link to post
Share on other sites

OK...Next:

Double click on AdwCleaner.exe to run the tool again.

  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • This time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
MrC

Share this post


Link to post
Share on other sites

# AdwCleaner v3.000 - Report created 22/08/2013 at 09:06:05
# Updated 20/08/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : mixael padilla - RIP06
# Running from : C:\Documents and Settings\mixael padilla\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\boost_interprocess
Folder Deleted : C:\Documents and Settings\All Users\Application Data\InstallMate
Folder Deleted : C:\Documents and Settings\All Users\Application Data\ParetoLogic
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Premium
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\OApps
Folder Deleted : C:\Documents and Settings\NetworkService\Local Settings\Application Data\DVDVideoSoftTB
Folder Deleted : C:\Documents and Settings\mixael padilla\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\mixael padilla\Local Settings\Application Data\ConduitEngine
Folder Deleted : C:\Documents and Settings\mixael padilla\Local Settings\Application Data\Ilivid Player
Folder Deleted : C:\Documents and Settings\mixael padilla\Application Data\alotappbar
Folder Deleted : C:\Documents and Settings\mixael padilla\Application Data\alotservice
Folder Deleted : C:\Documents and Settings\mixael padilla\Application Data\DefaultTab
Folder Deleted : C:\Documents and Settings\mixael padilla\Application Data\DriverCure
Folder Deleted : C:\Documents and Settings\mixael padilla\Application Data\dvdvideosoftiehelpers
Folder Deleted : C:\Documents and Settings\mixael padilla\Application Data\ParetoLogic
Folder Deleted : C:\Documents and Settings\mixael padilla\Application Data\searchquband
Folder Deleted : C:\Documents and Settings\mixael padilla\Application Data\Mozilla\Firefox\Profiles\38ogo3dc.default\alot-appbar
Folder Deleted : C:\Documents and Settings\mixael padilla\Application Data\Mozilla\Firefox\Profiles\38ogo3dc.default\FCTB
Folder Deleted : C:\Documents and Settings\mixael padilla\Application Data\Mozilla\Firefox\Profiles\38ogo3dc.default\Smartbar
Folder Deleted : C:\Documents and Settings\mixael padilla\Application Data\Mozilla\Firefox\Profiles\38ogo3dc.default\CT3131886
Folder Deleted : C:\Documents and Settings\mixael padilla\Application Data\Mozilla\Firefox\Profiles\38ogo3dc.default\Extensions\appbar@alot.com
Folder Deleted : C:\Documents and Settings\mixael padilla\Application Data\Mozilla\Firefox\Profiles\38ogo3dc.default\Extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}
Folder Deleted : C:\Documents and Settings\mixael padilla\Application Data\Mozilla\Firefox\Profiles\38ogo3dc.default\Extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}
[!] Folder Deleted : C:\Documents and Settings\mixael padilla\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
File Deleted : C:\Documents and Settings\mixael padilla\Application Data\Mozilla\Firefox\Profiles\38ogo3dc.default\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
File Deleted : C:\Documents and Settings\HelpAssistant\Start Menu\eBay.lnk
File Deleted : C:\Documents and Settings\mixael padilla\Local Settings\Application Data\funmoods-speeddial.crx
File Deleted : C:\Documents and Settings\mixael padilla\Start Menu\eBay.lnk
File Deleted : C:\Documents and Settings\mixael padilla\Application Data\Mozilla\Firefox\Profiles\38ogo3dc.default\searchplugins\alot-search.xml
File Deleted : C:\Documents and Settings\mixael padilla\Application Data\Mozilla\Firefox\Profiles\38ogo3dc.default\searchplugins\Conduit.xml
File Deleted : C:\Documents and Settings\mixael padilla\Application Data\Mozilla\Firefox\Profiles\38ogo3dc.default\searchplugins\Search_Results.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\Search_Results.xml
File Deleted : C:\Documents and Settings\mixael padilla\Application Data\Mozilla\Firefox\Profiles\38ogo3dc.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}]
Key Deleted : HKCU\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Key Deleted : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100815.FCTB000100815Pos
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100815.FCTB000100815Pos.1
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100815.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100815.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100815.JSOptionsImpl
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100815.JSOptionsImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B00FE392-639D-4688-976E-A1BFF368CB96}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A531D99C-5A22-449B-83DA-872725C6D0ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A531D99C-5A22-449B-83DA-872725C6D0ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : HKCU\Software\alotAppbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\Default Tab
Key Deleted : HKCU\Software\DefaultTab
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\DefaultTab
Key Deleted : HKLM\Software\bflixtoolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Default Tab
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v4.0.1 (en-US)

[ File : C:\Documents and Settings\mixael padilla\Application Data\Mozilla\Firefox\Profiles\38ogo3dc.default\prefs.js ]

Line Deleted : user_pref("CT3131886.1000082.isPlayDisplay", "true");

Line Deleted : user_pref("CT3131886.1000234.TWC_TMP_city", "IRVINE");
Line Deleted : user_pref("CT3131886.1000234.TWC_TMP_country", "US");
Line Deleted : user_pref("CT3131886.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3131886.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3131886.FirstTime", "true");
Line Deleted : user_pref("CT3131886.FirstTimeFF3", "true");

Line Deleted : user_pref("CT3131886.UserID", "UN05937469060241562");
Line Deleted : user_pref("CT3131886.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT3131886.autoDisableScopes", 0);
Line Deleted : user_pref("CT3131886.browser.search.defaultthis.engineName", true);
Line Deleted : user_pref("CT3131886.defaultSearch", "true");
Line Deleted : user_pref("CT3131886.embeddedsData", "[{\"appId\":\"129641800031032056\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Line Deleted : user_pref("CT3131886.enableAlerts", "always");
Line Deleted : user_pref("CT3131886.enableSearchFromAddressBar", "true");
Line Deleted : user_pref("CT3131886.firstTimeDialogOpened", "true");
Line Deleted : user_pref("CT3131886.fixPageNotFoundError", "true");
Line Deleted : user_pref("CT3131886.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT3131886.fixUrls", true);
Line Deleted : user_pref("CT3131886.installId", "conduitinstaller.exe");
Line Deleted : user_pref("CT3131886.installType", "ConduitNSISIntegration");
Line Deleted : user_pref("CT3131886.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3131886.isNewTabEnabled", true);
Line Deleted : user_pref("CT3131886.isPerformedSmartBarTransition", "true");
Line Deleted : user_pref("CT3131886.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3131886.keyword", true);
Line Deleted : user_pref("CT3131886.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwindows.microsoft.com%2Fen-US%2Finternet-explorer%2Fdownloads%2Fie\",\"EB_MAIN_FRAME_TITLE\":\"%0A%09Internet%20Expl[...]
Line Deleted : user_pref("CT3131886.openThankYouPage", "false");
Line Deleted : user_pref("CT3131886.openUninstallPage", "true");
Line Deleted : user_pref("CT3131886.search.searchAppId", "129641800031032056");
Line Deleted : user_pref("CT3131886.search.searchCount", "0");
Line Deleted : user_pref("CT3131886.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT3131886.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3131886.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3131886.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Deleted : user_pref("CT3131886.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3131886\"}");

Line Deleted : user_pref("CT3131886.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"Vgrabber1\"}");
Line Deleted : user_pref("CT3131886.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3131886.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Deleted : user_pref("CT3131886.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1348762715748");
Line Deleted : user_pref("CT3131886.serviceLayer_services_appTracking_lastUpdate", "1348762717883");
Line Deleted : user_pref("CT3131886.serviceLayer_services_appsMetadata_lastUpdate", "1348762715725");
Line Deleted : user_pref("CT3131886.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1348762717488");
Line Deleted : user_pref("CT3131886.serviceLayer_services_login_10.10.20.14_lastUpdate", "1348762720714");
Line Deleted : user_pref("CT3131886.serviceLayer_services_optimizer_lastUpdate", "1348762717460");
Line Deleted : user_pref("CT3131886.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1348762717514");
Line Deleted : user_pref("CT3131886.serviceLayer_services_searchAPI_lastUpdate", "1348762714650");
Line Deleted : user_pref("CT3131886.serviceLayer_services_serviceMap_lastUpdate", "1348762711270");
Line Deleted : user_pref("CT3131886.serviceLayer_services_toolbarContextMenu_lastUpdate", "1348762717467");
Line Deleted : user_pref("CT3131886.serviceLayer_services_toolbarSettings_lastUpdate", "1348762720689");
Line Deleted : user_pref("CT3131886.serviceLayer_services_translation_lastUpdate", "1348762715730");
Line Deleted : user_pref("CT3131886.settingsINI", true);
Line Deleted : user_pref("CT3131886.shouldFirstTimeDialog", "false");
Line Deleted : user_pref("CT3131886.smartbar.CTID", "CT3131886");
Line Deleted : user_pref("CT3131886.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT3131886.smartbar.homepage", true);
Line Deleted : user_pref("CT3131886.smartbar.isHidden", true);
Line Deleted : user_pref("CT3131886.smartbar.toolbarName", "Vgrabber1 ");
Line Deleted : user_pref("CT3131886.startPage", "userChanged");
Line Deleted : user_pref("CT3131886.toolbarBornServerTime", "27-9-2012");
Line Deleted : user_pref("CT3131886.toolbarCurrentServerTime", "27-9-2012");
Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "");
Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "");
Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "");

Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3131886");
Line Deleted : user_pref("backup.old.browser.search.defaultenginename", "Search Results");
Line Deleted : user_pref("backup.old.browser.search.selectedEngine", "Search Results");


Line Deleted : user_pref("browser.search.order.1", "Search Results");


Line Deleted : user_pref("extensions.funmoods.aflt", "adknlg");
Line Deleted : user_pref("extensions.funmoods.autoRvrt", false);
Line Deleted : user_pref("extensions.funmoods.dfltLng", "");
Line Deleted : user_pref("extensions.funmoods.dfltSrch", true);
Line Deleted : user_pref("extensions.funmoods.dnsErr", true);
Line Deleted : user_pref("extensions.funmoods.envrmnt", "production");
Line Deleted : user_pref("extensions.funmoods.excTlbr", false);
Line Deleted : user_pref("extensions.funmoods.hmpg", true);

Line Deleted : user_pref("extensions.funmoods.id", "001D09938768FC18");
Line Deleted : user_pref("extensions.funmoods.instlDay", "15533");
Line Deleted : user_pref("extensions.funmoods.instlRef", "adknlg");
Line Deleted : user_pref("extensions.funmoods.isdcmntcmplt", true);
Line Deleted : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");

Line Deleted : user_pref("extensions.funmoods.prdct", "funmoods");
Line Deleted : user_pref("extensions.funmoods.prtnrId", "funmoods");
Line Deleted : user_pref("extensions.funmoods.srchPrvdr", "Search");
Line Deleted : user_pref("extensions.funmoods.tlbrId", "base");

Line Deleted : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Line Deleted : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Line Deleted : user_pref("extensions.funmoods_i.newTab", true);
Line Deleted : user_pref("extensions.funmoods_i.smplGrp", "none");
Line Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.228:11:1");
Line Deleted : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.AutoSearchEventData", "auto%20search");
Line Deleted : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.ClearCacheDate", 27);
Line Deleted : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.DNSCatch", false);
Line Deleted : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.DisplayEULA", true);
Line Deleted : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.DnsCatchEventData", "dns%20catch");
Line Deleted : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.EBOMode", true);
Line Deleted : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.EnableDCAData_xx", true);
Line Deleted : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.EnableDCA_xx", false);
Line Deleted : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.FirstLaunchShown", true);
Line Deleted : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.InstallDomain", "freecause.com");
Line Deleted : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.InstallType", "standard");
Line Deleted : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.LoadLayoutDate.100569", 27);
Line Deleted : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.NewTabSearchEventData", "tab%20search");
Line Deleted : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.ShowRecommendedOptions", true);
Line Deleted : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.StateReportDate", "1348762709108");
Line Deleted : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.TopRightSearchEventData", "top%20right%20search");
Line Deleted : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.beforeInstallSaved", true);
Line Deleted : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.beforeinstall.homepage", "hxxp%3A//start.funmoods.com/%3Ff%3D1%26a%3Dadknlg%26chnl%3Dadknlg%26cd%3D2XzuyEtN2Y1L1QzutDtDtC0DtDzyzytAzzyByCzz0F0CtCzz[...]
Line Deleted : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.beforeinstall.search", "Search");
Line Deleted : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.customNewTab", false);
Line Deleted : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.dcaDefaultMode", false);
Line Deleted : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.dcaShowInstallerPage", false);
Line Deleted : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.dcaShowSurvey", true);
Line Deleted : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.helpUsImprove", true);
Line Deleted : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.hideOthers", false);
Line Deleted : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.partnerauth", false);
Line Deleted : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.processAddrBar", false);
Line Deleted : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.restoreSearch", false);
Line Deleted : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.searchHistory", true);
Line Deleted : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.session", "48627156B24EF110FD160945046879FB9F66CDE0B44FECA0901833321EEC7AFF2B7E9007B6ACB4B0A776BA4CD82A8C7859326E8B4DFFE26FC6071644A46E8ACC86503AC8[...]
Line Deleted : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.showFirstLaunchOptions", false);
Line Deleted : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.tb_lang", "en");
Line Deleted : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.tool_id", "100569");
Line Deleted : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.user_id", "122123924");
Line Deleted : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.user_key", "558b38ef6885f7ed8965b4e627b29bc170e9b31d");
Line Deleted : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.user_layouts", "100569");
Line Deleted : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.user_lnames", "Shop%20to%20Win%2029");
Line Deleted : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.vars.disablecuidinject", "1");
Line Deleted : user_pref("freecausef6eedaac826d50f43dedd0d2b7570509.yahooSearch", false);

Line Deleted : user_pref("CT3220468.autoDisableScopes",  0);

-\\ Google Chrome v29.0.1547.57

[ File : C:\Documents and Settings\mixael padilla\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : search_url
Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [22501 octets] - [22/08/2013 08:32:15]
AdwCleaner[s0].txt - [22933 octets] - [22/08/2013 09:06:05]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [22994 octets] ##########
 

Share this post


Link to post
Share on other sites

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
MrC

Share this post


Link to post
Share on other sites

 Results of screen317's Security Check version 0.99.72  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Disabled!  
 WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
 PC Tools Spyware Doctor 9.0
 Malwarebytes Anti-Malware version 1.75.0.1300  
 CCleaner     
 Java 6 Update 31  
 Java 6 Update 5  
 Java version out of Date!
 Adobe Reader 7 Adobe Reader out of Date!
 Mozilla Firefox (4.0.1)
 Google Chrome 28.0.1500.95  
 Google Chrome 29.0.1547.57  
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 26% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 

Share this post


Link to post
Share on other sites

Out dated programs on the system are vulnerable to malware.
Please update or uninstall them:


------------------------------------------------

Please uninstall these and any other Java in your add/remove programs:
Java™ 6 Update 31
Java™ 6 Update 5


Java version out of Date! <-------Download and install the latest version (Java™ 7 Update 25) from Here
Uncheck the box to install the Ask toolbar!!! and any other free "stuff".

------------------------------------------------


Adobe Reader 7 Adobe Reader out of Date! <---please check for an update if available or uninstall and download and install Foxit Reader which is less vulnerable to malware and much better than Adobe. Don't install any toolbars that may come with it (ASK Toolbar).

------------------------------------------------

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.
This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------

If you used FRST:
Download the fixlist.txt to the same folder as FRST.
Run FRST and click Fix only once and wait
That will delete the quarantine folder created by FRST.

-----------------------------

If you used DeFogger to disable your CD Emulation drivers, please re-enable them.

-------------------------------

Please download OTC to your desktop.
http://oldtimer.geekstogo.com/OTC.exe

Double-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")
Click on the CleanUp! button and follow the prompts.
(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)
You will be asked to reboot the machine to finish the Cleanup process, choose Yes.
After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.

Any other programs or logs you can manually delete.
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, MBAR, etc....AdwCleaner > just run the program and click uninstall.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Share this post


Link to post
Share on other sites

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.