Jump to content
Due to inclement weather in Southwest Florida, our Clearwater support team is offline. Our other offices are available to assist you, however their responses may be delayed. We appreciate your patience and understanding during this time. ×

Shell.exe, svchost.exe dwm.exe reappearing, browser hijack


DonJota
 Share

Recommended Posts

Hello, first of all I want to say thank you for the amazing service you guys provide in this forum, Im sure many users are really glad you guys exist.

Now, my problem is the following. Yesterday I downloaded an e-mail containing pictures of my family. After opening this e-mail I abruptly got a blue screen that didn't last 2 seconds. I could only read the word ERROR at the top, and then my computer restarted...After this, I noticed many strange things happening with my computer. Most of them have been resolved, so I am going to discuss everything I have already done, and what its not fixed yet.

First, I was infected with some kind of virus that wouldn't let my Google Chrome open any sites. I would only get a blank page. After running the TDSS rootkit removal software from Kaspersky, this issue was resolved.

Second, I ran Malwarebytes software, finding around 20 infections...15 of which were removed and were fixed.

Now, there is still 5 infections that I haven't been able to remove. Everytime I delete the files through Malwarebytes, they come back after the restart...I looked for the files manually, they come back after 20 seconds. And my problem is that randomly, when I click a google search result, it will redirect me to a random adult site or to a website that starts running a fake virus scan on my computer and makes me download a file (AntiVirus haha.)...

The files I think responsible for this behaviour are

shell.exe located in C:\Users\Jesus\AppData\Roaming\Microsoft\Windows\shell.exe

svchost.exe located in C:\Users\Jesus\AppData\Roaming\Microsoft\svchost.exe

stor.cfg located in C:\Users\Jesus\AppData\Roaming\Microsoft\stor.cfg

There is also a really strange entry in my HJT log stating something about a proxy : R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:50370

I dont use proxies.

And for last, there is also a malicious entry that keeps coming back even after delete : F3 - REG:win.ini: load=C:\Users\Jesus\AppData\Local\Temp\dwm.exe

Any help will be greatly appreciated

If you need any logs, let me know and I'll post immediately. I'll be behind the computer the whole day, so no delays from my part.

Thank you so much !

Link to post
Share on other sites

DDS (Ver_10-10-10.03) - NTFS_AMD64

Run by Jesus at 21:05:25.60 on Sun 10/17/2010

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_15

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.6135.3643 [GMT -4:00]

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Essentials\MsMpEng.exe

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\Hpservice.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\IOS.SYS\config\DVMExportService.exe

C:\Windows\system32\emaudsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\Soluto\soluto.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Microsoft Security Essentials\msseces.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Windows\system32\DllHost.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Users\Jesus\AppData\Local\Temp\dwm.exe

C:\Program Files\Soluto\SolutoService.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Intel\TurboBoost\TurboBoost.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\wbem\wmiprvse.exe

C:\Users\Jesus\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Jesus\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Jesus\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Jesus\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe

C:\Users\Jesus\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Users\Jesus\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

C:\Users\Jesus\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Users\Jesus\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Jesus\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Jesus\AppData\Roaming\Microsoft\svchost.exe

C:\Users\Jesus\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe

C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\HPMediaSmartWebcam.exe

C:\Users\Jesus\AppData\Roaming\Microsoft\Windows\shell.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Users\Jesus\Desktop\dds.scr

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb

uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb

mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb

uInternet Settings,ProxyServer = http=127.0.0.1:50370

uWinlogon: Shell=explorer.exe,C:\Users\Jesus\AppData\Roaming\Microsoft\Windows\shell.exe

uWindows: Load=C:\Users\Jesus\AppData\Local\Temp\dwm.exe

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: FlashFXP Helper for Internet Explorer: {e5a1691b-d188-4419-ad02-90002030b8ee} - C:\PROGRA~2\FlashFXP\IEFlash.dll

BHO: DAPIELoader Class: {ff6c3cf0-4b15-11d1-abed-709549c10000} - C:\PROGRA~2\DAP\DAPIEL~1.DLL

TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

{555d4d79-4bd2-4094-a395-cfc534424a05}

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

mRun: [<NO NAME>]

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [svchost] C:\Users\Jesus\AppData\Roaming\Microsoft\svchost.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

mPolicies-system: LocalAccountTokenFilterPolicy = 1 (0x1)

IE: &Clean Traces - C:\Program Files (x86)\DAP\Privacy Package\dapcleanerie.htm

IE: &Download with &DAP - C:\Program Files (x86)\DAP\dapextie.htm

IE: Add to &Evernote - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll/2000

IE: Download &all with DAP - C:\Program Files (x86)\DAP\dapextie2.htm

IE: E&xportar a Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000

IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL

IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab

DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab

DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/mjss/MJSS.cab109791.cab

DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab

TCP: {3CB425E2-9708-4382-9F4D-4B966F913984} = 192.168.1.1

TCP: {E4C87104-99D6-49B4-8A49-492ECDB91598} = 192.168.1.1

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

Name-Space Handler: ftp\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\PROGRA~2\DAP\dapie.dll

Name-Space Handler: http\ZDA - {5BFA1DAF-5EDC-11D2-959E-00C00C02DA5E} - C:\PROGRA~2\DAP\dapie.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

mRun-x64: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey

mRun-x64: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe

mRun-x64: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Jesus\AppData\Roaming\Mozilla\Firefox\Profiles\k9rs6ts9.default\

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 50370

FF - prefs.js: network.proxy.type - 1

FF - component: C:\Program Files (x86)\DAP\DAPFireFox\components\DAPFireFox.dll

FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Jesus\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);

============= SERVICES / DRIVERS ===============

R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2010-3-25 173984]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]

R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-3-2 89600]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-7-2 203264]

R2 DvmMDES;DeviceVM Meta Data Export Service;C:\IOS.SYS\config\DVMExportService.exe [2009-7-9 323672]

R2 emaudsv;E-MU Audio Service;C:\Windows\System32\emaudsv.exe [2007-11-26 25600]

R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2010-3-30 1823112]

R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2010-7-16 30520]

R2 SolutoService;Soluto PCGenome Core Service;C:\Program Files\Soluto\SolutoService.exe [2010-10-12 330784]

R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-5-21 13832]

R2 TurboBoost;Intel® Turbo Boost Technology Monitor;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-5-21 134928]

R3 acpials;ALS Sensor Filter;C:\Windows\System32\drivers\acpials.sys [2009-7-14 9728]

R3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2010-4-14 54824]

R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2009-9-26 35104]

R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-6-13 7680512]

S0 PCGenFAM;PCGenFAM;C:\Windows\System32\drivers\PCGenFAM.sys [2010-9-12 198600]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 hasplms;HASP License Manager;C:\Windows\system32\hasplms.exe -run --> C:\Windows\system32\hasplms.exe -run [?]

S3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-9-7 227896]

S3 emusba10;E-MU USB-Audio 1.0 Driver;C:\Windows\System32\drivers\emusba10.sys [2007-11-26 213272]

S3 GT72NDISIPXP;GT 72 IP NDIS;C:\Windows\System32\drivers\Gt51Ip.sys [2007-11-13 124416]

S3 GT72UBUS;GT 72 U BUS;C:\Windows\System32\drivers\gt72ubus.sys [2007-10-9 80896]

S3 GtDetectSc;GtDetectSc;C:\Program Files\Option\GlobeTrotter Connect\GtDetectSc.exe [2007-12-18 312320]

S3 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-17 135664]

S3 hpdoccardsvc;HP Documention Flash Card Detection Service;C:\Program Files (x86)\Hewlett-Packard\HP Envy Document Card Utilities\doccardsvc.exe [2009-7-31 83240]

S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-2-26 158976]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\System32\drivers\L1C62x64.sys [2009-9-4 62464]

S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;C:\Windows\System32\drivers\libusb0.sys [2010-8-8 32808]

S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2010-3-25 40832]

S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw5v64.sys [2009-9-26 5435904]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-9-26 216576]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-4-19 50688]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-2-28 1255736]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

=============== Created Last 30 ================

2010-10-17 19:46:25 100864 ----a-w- C:\Users\Jesus\AppData\Roaming\Microsoft\svchost.exe

2010-10-17 19:35:29 34560 ----a-w- C:\Windows\SysWow64\drivers\Normandy.sys

2010-10-17 19:26:28 141312 ----a-w- C:\Users\Jesus\AppData\Roaming\Microsoft\Windows\shell.exe

2010-10-17 17:01:14 -------- d-----w- C:\TDSSKiller_Quarantine

2010-10-17 16:57:38 -------- d-----w- C:\PROGRA~3\Audio Damage

2010-10-17 02:01:25 -------- d-----w- C:\Users\Jesus\AppData\Roaming\Malwarebytes

2010-10-17 02:01:16 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2010-10-17 02:01:13 24664 ----a-w- C:\Windows\System32\drivers\mbam.sys

2010-10-17 02:01:13 -------- d-----w- C:\PROGRA~3\Malwarebytes

2010-10-17 02:01:12 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2010-10-17 00:24:16 7935824 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{86D66754-839E-4446-ADEC-4E49E86929B8}\mpengine.dll

2010-10-17 00:12:59 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll

2010-10-14 18:02:37 -------- d-----w- C:\Windows\rescache

2010-10-14 16:56:51 -------- d-----w- C:\Program Files\Soluto

2010-10-12 21:08:03 340992 ----a-w- C:\Windows\System32\schannel.dll

2010-10-12 21:08:03 224256 ----a-w- C:\Windows\SysWow64\schannel.dll

2010-10-12 21:08:01 633856 ----a-w- C:\Windows\System32\comctl32.dll

2010-10-12 21:08:01 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll

2010-10-12 20:59:11 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe

2010-10-12 20:59:11 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe

2010-10-12 20:59:10 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL

2010-10-12 20:59:09 12625920 ----a-w- C:\Windows\System32\wmploc.DLL

2010-10-12 20:59:06 463360 ----a-w- C:\Windows\System32\drivers\srv.sys

2010-10-12 20:59:06 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys

2010-10-12 20:59:05 9728 ----a-w- C:\Windows\SysWow64\sscore.dll

2010-10-12 20:59:05 236032 ----a-w- C:\Windows\System32\srvsvc.dll

2010-10-12 20:59:05 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys

2010-10-12 20:59:04 3123712 ----a-w- C:\Windows\System32\win32k.sys

2010-10-09 22:58:31 -------- d-----w- C:\Users\Jesus\AppData\Local\My Games

2010-10-09 22:20:42 -------- d-----w- C:\Program Files (x86)\Sid Meier's Civilization V

2010-10-09 00:47:12 -------- d-----w- C:\Windows\en

2010-10-09 00:38:59 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\5c5a96c11cb674a0e\MeshBetaRemover.exe

2010-10-09 00:38:53 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\58d9792e1cb674a0d\DSETUP.dll

2010-10-09 00:38:53 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\58d9792e1cb674a0d\DXSETUP.exe

2010-10-09 00:38:53 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\58d9792e1cb674a0d\dsetup32.dll

2010-10-09 00:38:51 1164800 ----a-w- C:\Windows\SysWow64\UIRibbonRes.dll

2010-10-09 00:38:51 1164800 ----a-w- C:\Windows\System32\UIRibbonRes.dll

2010-10-09 00:38:50 3860992 ----a-w- C:\Windows\System32\UIRibbon.dll

2010-10-09 00:38:50 2983424 ----a-w- C:\Windows\SysWow64\UIRibbon.dll

2010-10-09 00:38:34 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\4cefd62b1cb674a0c\DSETUP.dll

2010-10-09 00:38:34 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\4cefd62b1cb674a0c\DXSETUP.exe

2010-10-09 00:38:34 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\4cefd62b1cb674a0c\dsetup32.dll

2010-10-01 06:33:29 243712 ----a-w- C:\Windows\System32\drivers\ks.sys

2010-10-01 06:33:29 184832 ----a-w- C:\Windows\System32\drivers\usbvideo.sys

2010-09-30 21:44:40 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2010-09-30 21:44:40 2048 ----a-w- C:\Windows\System32\tzres.dll

2010-09-30 21:44:35 13312 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll

2010-09-30 21:44:35 13312 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll

2010-09-27 17:21:59 -------- d-----w- C:\Users\Jesus\AppData\Local\LogMeIn Hamachi

2010-09-27 17:00:45 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi

2010-09-26 20:54:59 -------- d-----w- C:\Users\Jesus\AppData\Local\Vlaflip(Roydolfje)

2010-09-23 04:47:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll

2010-09-23 04:32:56 301936 ----a-w- C:\Windows\WLXPGSS.SCR

2010-09-21 18:54:04 529280 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

2010-09-21 18:51:18 55704 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Windows Live\msidcrl40.dll

2010-09-21 18:51:18 1129880 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Windows Live\wlidcli.dll

2010-09-21 18:49:02 252800 ----a-w- C:\Windows\System32\LIVESSP.DLL

2010-09-21 18:49:00 419712 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL

2010-09-21 18:49:00 290176 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDPROV.DLL

2010-09-21 18:49:00 2286976 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

2010-09-21 18:49:00 222592 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

2010-09-21 18:49:00 170880 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

2010-09-21 18:47:38 1558016 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDRES.DLL

2010-09-21 18:13:50 1564072 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDRES.DLL

2010-09-21 18:08:38 439168 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

2010-09-21 18:06:02 853912 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\wlidcli.dll

2010-09-21 18:06:02 57752 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\msidcrl40.dll

2010-09-21 18:03:14 332160 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDCREDPROV.DLL

2010-09-21 18:03:14 237952 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDPROV.DLL

2010-09-21 18:03:14 208768 ----a-w- C:\Windows\SysWow64\LIVESSP.DLL

2010-09-21 18:03:14 145280 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

2010-09-18 22:55:38 -------- d-----w- C:\Users\Jesus\AppData\Local\PassMark

2010-09-18 22:54:55 540688 ----a-w- C:\Windows\System32\d3dx10_39.dll

2010-09-18 22:54:55 1942552 ----a-w- C:\Windows\System32\D3DCompiler_39.dll

2010-09-18 22:54:54 4992520 ----a-w- C:\Windows\System32\D3DX9_39.dll

2010-09-18 22:54:35 -------- d-----w- C:\PROGRA~3\Passmark

2010-09-18 22:54:34 -------- d-----w- C:\Program Files\PerformanceTest

2010-09-18 22:28:32 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys

2010-09-18 22:28:30 51712 ----a-w- C:\Windows\System32\drivers\usbehci.sys

2010-09-18 22:27:37 327680 ----a-w- C:\Windows\System32\drivers\udfs.sys

2010-09-18 22:27:23 60416 ----a-w- C:\Windows\System32\athihvui.dll

2010-09-18 22:27:23 439808 ----a-w- C:\Windows\System32\athihvs.dll

2010-09-18 22:27:23 -------- d-----w- C:\Windows\System32\nn-NO

2010-09-18 22:27:11 -------- d-----w- C:\Program Files (x86)\Cisco

2010-09-18 22:27:10 -------- d-----w- C:\Program Files (x86)\Atheros

2010-09-18 22:26:35 777216 ----a-w- C:\Windows\System32\autochk.exe

2010-09-18 22:26:35 668160 ----a-w- C:\Windows\SysWow64\autochk.exe

2010-09-18 22:26:03 -------- d-----w- C:\PROGRA~3\Atheros

==================== Find3M ====================

2010-10-12 16:41:54 198600 ----a-r- C:\Windows\System32\drivers\PCGenFAM.sys

2010-09-08 05:36:17 1192960 ----a-w- C:\Windows\System32\wininet.dll

2010-09-08 05:34:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll

2010-09-08 04:30:04 978432 ----a-w- C:\Windows\SysWow64\wininet.dll

2010-09-08 04:28:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll

2010-09-08 04:16:38 482816 ----a-w- C:\Windows\System32\html.iec

2010-09-08 03:35:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2010-09-08 03:22:31 386048 ----a-w- C:\Windows\SysWow64\html.iec

2010-09-08 02:48:16 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2010-08-31 04:32:30 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll

2010-08-31 04:32:30 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll

2010-08-29 18:45:36 2549760 ----a-w- C:\Windows\msnmsnger.exe

2010-08-29 18:40:10 2430880 ----a-w- C:\Users\Jesus\AppData\Roaming\diagnostic_demo.exe

2010-08-26 05:27:28 148992 ----a-w- C:\Windows\System32\t2embed.dll

2010-08-26 04:39:58 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll

2010-08-21 06:38:47 1024512 ----a-w- C:\Windows\System32\wmpmde.dll

2010-08-21 06:29:47 558592 ----a-w- C:\Windows\System32\spoolsv.exe

2010-08-21 05:36:33 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll

2010-08-16 04:51:37 8358912 ----a-w- C:\Windows\msnmssgnr.exe

2010-08-12 22:44:53 8358912 ----a-w- C:\Windows\frost.exe

2010-08-08 06:39:29 32808 ----a-w- C:\Windows\SysWow64\libusb0.sys

2010-08-02 19:50:08 172032 ----a-w- C:\Windows\SysWow64\AniGIF.ocx

2010-07-29 06:30:34 82944 ----a-w- C:\Windows\SysWow64\iccvid.dll

============= FINISH: 21:06:28.30 ===============

Attach.txt

Link to post
Share on other sites

I see you are running a 64 bit OS. That will require a change in plans - please run this for me:

icon11.gif Download OTL to your desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and paste them into your next post.

Link to post
Share on other sites

OTL.txt

OTL logfile created on: 10/17/2010 9:18:23 PM - Run 3

OTL by OldTimer - Version 3.2.15.2 Folder = C:\Users\Jesus\Desktop

64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

6.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 58.00% Memory free

12.00 Gb Paging File | 9.00 Gb Available in Paging File | 75.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 453.68 Gb Total Space | 203.95 Gb Free Space | 44.95% Space Free | Partition Type: NTFS

Drive D: | 11.78 Gb Total Space | 1.98 Gb Free Space | 16.81% Space Free | Partition Type: NTFS

Computer Name: JESUS-HPENVY | User Name: Jesus | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Jesus\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Users\Jesus\AppData\Roaming\Microsoft\svchost.exe ()

PRC - C:\Users\Jesus\AppData\Roaming\Microsoft\Windows\shell.exe ()

PRC - C:\Users\Jesus\AppData\Local\Temp\dwm.exe ()

PRC - C:\Users\Jesus\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\HPMediaSmartWebcam.exe (CyberLink Corp.)

PRC - C:\IOS.SYS\config\DVMExportService.exe (DeviceVM, Inc.)

========== Modules (SafeList) ==========

MOD - C:\Users\Jesus\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV:64bit: - (SolutoService) -- C:\Program Files\Soluto\SolutoService.exe (Soluto)

SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)

SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company)

SRV:64bit: - (TurboBoost) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel® Corporation)

SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe (Microsoft Corporation)

SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\stacsv64.exe (IDT, Inc.)

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)

SRV:64bit: - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)

SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe (Andrea Electronics Corporation)

SRV:64bit: - (GtDetectSc) -- C:\Program Files\Option\GlobeTrotter Connect\GtDetectSc.exe (OptionNV)

SRV:64bit: - (emaudsv) -- C:\Windows\SysNative\emaudsv.exe (E-MU Systems)

SRV:64bit: - (hasplms) -- C:\Windows\SysNative\hasplms.exe (Aladdin Knowledge Systems Ltd.)

SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (hpdoccardsvc) -- C:\Program Files (x86)\Hewlett-Packard\HP Envy Document Card Utilities\doccardsvc.exe (Hewlett-Packard Developement Company, L.P.)

SRV - (DvmMDES) -- C:\IOS.SYS\config\DVMExportService.exe (DeviceVM, Inc.)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV:64bit: - (USBCCID) -- C:\Windows\SysNative\DRIVERS\RtsUCcid.sys File not found

DRV:64bit: - (RtsUIR) -- C:\Windows\SysNative\DRIVERS\Rts516xIR.sys File not found

DRV:64bit: - (PCGenFAM) -- C:\Windows\SysNative\drivers\PCGenFAM.sys (Soluto LTD.)

DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard Company)

DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard Company)

DRV:64bit: - (NETw5s64) Intel® -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)

DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)

DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys ()

DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)

DRV:64bit: - (btusbflt) -- C:\Windows\SysNative\drivers\btusbflt.sys (Broadcom Corporation.)

DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)

DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)

DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)

DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)

DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)

DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)

DRV:64bit: - (L1C) NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)

DRV:64bit: - (TIEHDUSB) -- C:\Windows\SysNative\drivers\tiehdusb.sys (Texas Instruments)

DRV:64bit: - (netw5v64) Intel® -- C:\Windows\SysNative\drivers\NETw5v64.sys (Intel Corporation)

DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)

DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)

DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)

DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (acpials) -- C:\Windows\SysNative\drivers\acpials.sys (Microsoft Corporation)

DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)

DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)

DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)

DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)

DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof ()

DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)

DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Research Inc.)

DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)

DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)

DRV:64bit: - (libusb0) -- C:\Windows\SysNative\drivers\libusb0.sys (http://libusb-win32.sourceforge.net)

DRV:64bit: - (emusba10) -- C:\Windows\SysNative\drivers\emusba10.sys (E-MU Systems)

DRV:64bit: - (GT72NDISIPXP) -- C:\Windows\SysNative\drivers\Gt51Ip.sys (Option N.V.)

DRV:64bit: - (GT72UBUS) -- C:\Windows\SysNative\drivers\gt72ubus.sys (Option N.V.)

DRV:64bit: - (GTPTSER) -- C:\Windows\SysNative\drivers\gtptser.sys (Option N.V.)

DRV - (Normandy) -- C:\Windows\SysWow64\drivers\Normandy.sys ()

DRV - (libusb0) -- C:\Windows\SysWOW64\drivers\libusb0.sys (http://libusb-win32.sourceforge.net)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ion&pf=cnnb

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198

FF - prefs.js..extensions.enabledItems: {F17C1572-C9EC-4e5c-A542-D05CBB5C5A08}:9.4.1.0

FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6

FF - prefs.js..network.proxy.http: "127.0.0.1"

FF - prefs.js..network.proxy.http_port: 50370

FF - prefs.js..network.proxy.type: 1

FF - HKLM\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/06/28 18:57:58 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/08/28 15:00:57 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/08/29 18:03:06 | 000,000,000 | ---D | M]

[2010/08/28 15:01:02 | 000,000,000 | ---D | M] -- C:\Users\Jesus\AppData\Roaming\Mozilla\Extensions

[2010/10/16 20:36:20 | 000,000,000 | ---D | M] -- C:\Users\Jesus\AppData\Roaming\Mozilla\Firefox\Profiles\k9rs6ts9.default\extensions

[2010/08/28 15:02:55 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Jesus\AppData\Roaming\Mozilla\Firefox\Profiles\k9rs6ts9.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

[2010/10/16 20:36:20 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2010/03/30 22:14:40 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

O1 HOSTS File: ([2010/08/07 23:20:10 | 000,000,684 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (FlashFXP Helper for Internet Explorer) - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\Program Files (x86)\FlashFXP\IEFlash.dll (IniCom Networks, Inc.)

O2 - BHO: (DAPIELoader Class) - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\Program Files (x86)\DAP\dapieloader.dll (SpeedBit Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.

O4:64bit: - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [svchost] C:\Users\Jesus\AppData\Roaming\Microsoft\svchost.exe ()

F3:64bit: - HKCU WinNT: Load - (C:\Users\Jesus\AppData\Local\Temp\dwm.exe) - C:\Users\Jesus\AppData\Local\Temp\dwm.exe ()

F3 - HKCU WinNT: Load - (C:\Users\Jesus\AppData\Local\Temp\dwm.exe) - C:\Users\Jesus\AppData\Local\Temp\dwm.exe ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LocalAccountTokenFilterPolicy = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8:64bit: - Extra context menu item: &Clean Traces - C:\Program Files (x86)\DAP\Privacy Package\dapcleanerie.htm ()

O8:64bit: - Extra context menu item: &Download with &DAP - C:\Program Files (x86)\DAP\dapextie.htm ()

O8:64bit: - Extra context menu item: Add to &Evernote - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)

O8:64bit: - Extra context menu item: Download &all with DAP - C:\Program Files (x86)\DAP\dapextie2.htm ()

O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O8 - Extra context menu item: &Clean Traces - C:\Program Files (x86)\DAP\Privacy Package\dapcleanerie.htm ()

O8 - Extra context menu item: &Download with &DAP - C:\Program Files (x86)\DAP\dapextie.htm ()

O8 - Extra context menu item: Add to &Evernote - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)

O8 - Extra context menu item: Download &all with DAP - C:\Program Files (x86)\DAP\dapextie2.htm ()

O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)

O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Reg Error: Key error.)

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab (Checkers Class)

O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} http://messenger.zone.msn.com/MessengerGam...S.cab109791.cab ()

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGam...1/GAME_UNO1.cab (UnoCtrl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab (MessengerStatsClient Class)

O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_15)

O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Program Files\Soluto\soluto.exe /userinit) - C:\Program Files\Soluto\soluto.exe (Soluto)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKCU Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKCU Winlogon: Shell - (C:\Users\Jesus\AppData\Roaming\Microsoft\Windows\shell.exe) - C:\Users\Jesus\AppData\Roaming\Microsoft\Windows\shell.exe ()

O20:64bit: - Winlogon\Notify\WB: DllName - Reg Error: Key error. - C:\Program Files (x86)\Stardock\MyColors\fast64.dll File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{4bdd4cb6-c8ba-11de-be80-00269e4a4b21}\Shell\AutoRun\command - "" = F:\autorun.exe -- File not found

O33 - MountPoints2\{4bdd4cb6-c8ba-11de-be80-00269e4a4b21}\Shell\phone\command - "" = F:\autorun.exe -- File not found

O33 - MountPoints2\{64718749-c374-11df-bdcb-00271334b026}\Shell - "" = AutoRun

O33 - MountPoints2\{64718749-c374-11df-bdcb-00271334b026}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found

O33 - MountPoints2\{b27bf879-ac86-11df-9787-d3907dc666f0}\Shell - "" = AutoRun

O33 - MountPoints2\{b27bf879-ac86-11df-9787-d3907dc666f0}\Shell\AutoRun\command - "" = F:\setup.exe -- File not found

O33 - MountPoints2\{bcb6fa8c-f000-11de-9744-da821940db4f}\Shell - "" = AutoRun

O33 - MountPoints2\{bcb6fa8c-f000-11de-9744-da821940db4f}\Shell\AutoRun\command - "" = E:\Installer.exe -- File not found

O33 - MountPoints2\F\Shell - "" = AutoRun

O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/10/17 21:18:02 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\Jesus\Desktop\OTL.exe

[2010/10/17 13:59:05 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW

[2010/10/17 13:54:45 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Jesus\Desktop\TFC.exe

[2010/10/17 13:01:14 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine

[2010/10/17 12:57:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Audio Damage

[2010/10/17 12:36:01 | 000,000,000 | ---D | C] -- C:\Users\Jesus\Desktop\Karta Di Amor

[2010/10/16 22:44:56 | 001,325,656 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Jesus\Desktop\tdsskiller.exe

[2010/10/16 22:01:25 | 000,000,000 | ---D | C] -- C:\Users\Jesus\AppData\Roaming\Malwarebytes

[2010/10/16 22:01:16 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2010/10/16 22:01:13 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2010/10/16 22:01:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2010/10/16 22:01:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2010/10/15 22:48:20 | 000,000,000 | ---D | C] -- C:\Users\Jesus\Desktop\No More Mastering

[2010/10/14 14:02:37 | 000,000,000 | ---D | C] -- C:\Windows\rescache

[2010/10/14 12:56:51 | 000,000,000 | ---D | C] -- C:\Program Files\Soluto

[2010/10/13 20:15:46 | 000,430,080 | ---- | C] (3DU Microsystems) -- C:\Users\Jesus\Desktop\JetSpecs.exe

[2010/10/09 19:28:30 | 000,000,000 | ---D | C] -- C:\Users\Jesus\Desktop\WinDirStats

[2010/10/09 18:58:31 | 000,000,000 | ---D | C] -- C:\Users\Jesus\AppData\Local\My Games

[2010/10/09 18:58:29 | 000,000,000 | ---D | C] -- C:\Users\Jesus\Documents\My Games

[2010/10/09 18:20:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sid Meier's Civilization V

[2010/10/08 20:47:12 | 000,000,000 | ---D | C] -- C:\Windows\en

[2010/10/07 14:58:09 | 000,000,000 | ---D | C] -- C:\Users\Jesus\Desktop\Disaster

[2010/09/28 12:09:19 | 000,000,000 | ---D | C] -- C:\Users\Jesus\Desktop\Vaflip

[2010/09/27 13:21:59 | 000,000,000 | ---D | C] -- C:\Users\Jesus\AppData\Local\LogMeIn Hamachi

[2010/09/27 13:00:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi

[2010/09/26 16:54:59 | 000,000,000 | ---D | C] -- C:\Users\Jesus\AppData\Local\Vlaflip(Roydolfje)

[2010/09/26 11:04:48 | 000,000,000 | ---D | C] -- C:\Users\Jesus\Desktop\Vlaflip L4d2

[2010/09/26 10:22:01 | 000,000,000 | ---D | C] -- C:\Users\Jesus\Desktop\Left 4 Dead 2

[2010/09/18 18:55:45 | 000,000,000 | ---D | C] -- C:\Users\Jesus\Documents\PassMark

[2010/09/18 18:55:38 | 000,000,000 | ---D | C] -- C:\Users\Jesus\AppData\Local\PassMark

[2010/09/18 18:54:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Passmark

[2010/09/18 18:54:34 | 000,000,000 | ---D | C] -- C:\Program Files\PerformanceTest

[2010/09/18 18:40:49 | 000,000,000 | ---D | C] -- C:\Program Files\Intel

[2010/09/18 18:27:23 | 000,439,808 | ---- | C] (Atheros) -- C:\Windows\SysNative\athihvs.dll

[2010/09/18 18:27:23 | 000,060,416 | ---- | C] (Atheros) -- C:\Windows\SysNative\athihvui.dll

[2010/09/18 18:27:23 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\nn-NO

[2010/09/18 18:27:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cisco

[2010/09/18 18:27:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Atheros

[2010/09/18 18:26:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Atheros

[2010/09/12 23:47:14 | 000,000,000 | ---D | C] -- C:\Users\Jesus\AppData\Local\Real_Environment_Xtreme

[2010/09/12 23:45:39 | 000,000,000 | ---D | C] -- C:\Users\Jesus\AppData\Local\Real_Environment_Simulati

[2010/09/12 23:42:47 | 000,000,000 | ---D | C] -- C:\Users\Jesus\Desktop\Real Environment Extreme v2.0(Unwrapped)

[2010/09/12 23:32:56 | 000,000,000 | ---D | C] -- C:\Users\Jesus\AppData\Local\Microsoft Game Studios

[2010/09/12 23:09:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real Environment Xtreme

[2010/09/12 22:14:49 | 000,000,000 | ---D | C] -- C:\Users\Jesus\Documents\Flight Simulator X Files

[2010/09/12 22:12:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Microsoft Games

[2010/09/12 20:20:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games

[2010/09/12 14:11:33 | 000,000,000 | ---D | C] -- C:\Users\Jesus\AppData\Roaming\GrabIt

[2010/09/12 14:09:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GrabIt

[2010/09/12 14:08:42 | 000,000,000 | ---D | C] -- C:\newsdata

[2010/09/12 14:08:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Shared

[2010/09/12 14:08:27 | 000,000,000 | ---D | C] -- C:\Users\Jesus\AppData\Local\Ozum

[2010/09/12 14:08:27 | 000,000,000 | ---D | C] -- C:\Users\Jesus\Documents\newsdata

[2010/09/12 14:08:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ozum

[2010/09/12 13:26:54 | 000,000,000 | ---D | C] -- C:\Users\Jesus\Desktop\Turbine

[2010/09/12 00:52:27 | 000,198,600 | R--- | C] (Soluto LTD.) -- C:\Windows\SysNative\drivers\PCGenFAM.sys

[2010/09/12 00:51:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Soluto

[2010/09/02 22:13:03 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Data

[2010/09/02 22:13:03 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Data

[2010/09/02 22:12:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Creative Professional

[2010/08/30 21:10:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TOEFL Official Guide

[2010/08/30 21:10:04 | 000,000,000 | ---D | C] -- C:\Users\Jesus\AppData\Roaming\M-HTOEFL

[2010/08/30 21:04:40 | 000,000,000 | ---D | C] -- C:\Users\Jesus\Desktop\Downloads

[2010/08/29 14:40:10 | 000,000,000 | ---D | C] -- C:\Windows\jimmy_6A0BE690

[2010/08/28 22:19:28 | 000,000,000 | ---D | C] -- C:\Users\Jesus\Documents\SketchPad Backgrounds

[2010/08/28 15:00:57 | 000,000,000 | ---D | C] -- C:\Users\Jesus\AppData\Roaming\Mozilla

[2010/08/28 14:48:16 | 000,000,000 | ---D | C] -- C:\Users\Jesus\Documents\userjs

[2010/08/26 14:03:24 | 000,000,000 | ---D | C] -- C:\ProgramData\{8D274659-3D84-4410-A197-C170D180BC76}

[2010/08/23 17:09:25 | 000,000,000 | ---D | C] -- C:\Users\Jesus\Desktop\Remodelacion

[2010/08/22 23:44:27 | 000,000,000 | ---D | C] -- C:\Users\Jesus\AppData\Roaming\MusicBrainz

[2010/08/22 23:44:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MusicBrainz Picard

[2010/08/21 20:49:35 | 000,000,000 | ---D | C] -- C:\Users\Jesus\Documents\Chief Architect X2 Data

[2010/08/21 20:49:32 | 000,000,000 | ---D | C] -- C:\Users\Jesus\AppData\Roaming\Chief Architect X2

[2010/08/21 20:48:58 | 000,535,807 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\SysNative\hasplms.exe

[2010/08/21 20:48:58 | 000,535,807 | ---- | C] (Aladdin Knowledge Systems Ltd.) -- C:\Windows\SysNative\aksllmtp.exe

[2010/08/21 20:47:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SafeNet Sentinel

[2010/08/21 20:47:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Chief Architect X2

[2010/08/21 17:57:13 | 000,000,000 | ---D | C] -- C:\Users\Jesus\Desktop\Chief Architect X2

[2010/08/20 20:55:43 | 000,000,000 | ---D | C] -- C:\Program Files\Option

[2010/08/20 15:01:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition

[2010/08/20 15:00:44 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live

[2010/08/18 23:09:05 | 000,000,000 | ---D | C] -- C:\Users\Jesus\Desktop\Apple Firmware (1)

[2010/08/18 22:34:19 | 000,000,000 | ---D | C] -- C:\Users\Jesus\Desktop\Random Mp3

[2010/08/18 22:33:35 | 000,000,000 | ---D | C] -- C:\Users\Jesus\Desktop\Random FLP

[2010/08/18 22:23:32 | 000,000,000 | ---D | C] -- C:\Users\Jesus\AppData\Local\PackageAware

[2010/08/18 22:10:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner

[2010/08/14 19:44:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PostCast Server

[2010/08/12 18:35:30 | 000,000,000 | ---D | C] -- C:\Windows\Ex_6A0BE690

[2010/08/11 12:44:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite

[2010/08/08 15:50:43 | 000,000,000 | ---D | C] -- C:\Users\Jesus\AppData\Local\Evernote

[2010/08/08 15:49:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Evernote

[2010/08/08 05:30:34 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2010/08/08 05:30:32 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes

[2010/08/08 05:30:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes

[2010/08/08 05:29:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime

[2010/08/08 05:28:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update

[2010/08/08 05:28:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple

[2010/08/08 05:27:48 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour

[2010/08/08 05:27:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour

[2010/08/08 03:05:19 | 000,000,000 | ---D | C] -- C:\Users\Jesus\AppData\Roaming\Apple Computer

[2010/08/08 02:17:26 | 000,032,808 | ---- | C] (http://libusb-win32.sourceforge.net) -- C:\Windows\SysWow64\libusb0.sys

[2010/08/08 02:11:10 | 000,044,072 | ---- | C] (http://libusb-win32.sourceforge.net) -- C:\Windows\SysNative\libusb0.dll

[2010/08/08 02:11:10 | 000,043,520 | ---- | C] (http://libusb-win32.sourceforge.net) -- C:\Windows\SysWow64\libusb0.dll

[2010/08/08 02:11:10 | 000,032,808 | ---- | C] (http://libusb-win32.sourceforge.net) -- C:\Windows\SysNative\drivers\libusb0.sys

[2010/08/08 00:44:29 | 000,000,000 | ---D | C] -- C:\Users\Jesus\AppData\Local\Apple

[2010/08/08 00:43:18 | 000,000,000 | ---D | C] -- C:\Users\Jesus\AppData\Local\Apple Computer

[2010/08/02 16:08:39 | 000,000,000 | ---D | C] -- C:\Users\Jesus\Documents\My DAP Downloads

[2010/08/02 15:51:43 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedBit

[2010/08/02 15:50:08 | 000,172,032 | ---- | C] (Jin Hui E-mail: jinhui@jcomsoft.com Web: http://www.jcomsoft.com) -- C:\Windows\SysWow64\AniGIF.ocx

[2010/08/02 15:48:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAP

[2010/08/02 15:47:29 | 000,000,000 | ---D | C] -- C:\Users\Jesus\Desktop\Mixes

[2010/07/26 18:49:07 | 000,000,000 | ---D | C] -- C:\Users\Jesus\AppData\Roaming\Wi-Fi Sync

[2010/07/24 20:43:23 | 000,000,000 | ---D | C] -- C:\Users\Jesus\Documents\Chief Architect Premier X3 Trial Version Data

[2010/07/24 20:38:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Chief Architect Premier X3 Trial Version

[2010/07/24 20:38:03 | 000,000,000 | ---D | C] -- C:\Users\Jesus\AppData\Roaming\Chief Architect Premier X3 Trial Version

[2010/07/24 20:37:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Chief Architect

[2010/07/24 18:58:30 | 000,000,000 | ---D | C] -- C:\Users\Jesus\AppData\Roaming\GetRightToGo

[2010/07/23 20:43:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wolfenstein - Enemy Territory

[2010/07/22 12:30:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RemoteX

========== Files - Modified Within 90 Days ==========

[2010/10/17 21:18:02 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Jesus\Desktop\OTL.exe

[2010/10/17 21:08:54 | 000,028,417 | ---- | M] () -- C:\Users\Jesus\Desktop\error.jpg

[2010/10/17 21:08:10 | 000,034,560 | ---- | M] () -- C:\Windows\SysWow64\drivers\Normandy.sys

[2010/10/17 21:07:59 | 000,133,632 | ---- | M] () -- C:\Users\Jesus\Desktop\RKUnhookerLE.EXE

[2010/10/17 21:05:12 | 000,544,768 | ---- | M] () -- C:\Users\Jesus\Desktop\dds.pif

[2010/10/17 21:05:04 | 000,544,768 | ---- | M] () -- C:\Users\Jesus\Desktop\dds.scr

[2010/10/17 20:56:13 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx

[2010/10/17 20:40:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2010/10/17 20:34:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3574360463-1873166251-200978247-1000UA.job

[2010/10/17 18:47:50 | 001,922,681 | ---- | M] () -- C:\Users\Jesus\Desktop\J - Karta Di Amor.mp3

[2010/10/17 15:53:47 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2010/10/17 15:53:47 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2010/10/17 15:52:48 | 000,730,384 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2010/10/17 15:52:48 | 000,627,082 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2010/10/17 15:52:48 | 000,107,366 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2010/10/17 15:46:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2010/10/17 15:45:46 | 529,686,527 | -HS- | M] () -- C:\hiberfil.sys

[2010/10/17 15:44:32 | 000,000,020 | ---- | M] () -- C:\Users\Jesus\defogger_reenable

[2010/10/17 13:54:47 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Jesus\Desktop\TFC.exe

[2010/10/17 13:21:36 | 000,103,846 | ---- | M] () -- C:\Users\Jesus\Documents\cc_20101017_132129.reg

[2010/10/17 12:34:00 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3574360463-1873166251-200978247-1000Core.job

[2010/10/16 23:53:41 | 000,000,008 | ---- | M] () -- C:\Users\Jesus\AppData\Roaming\dxqkew.dat

[2010/10/16 23:46:30 | 000,002,316 | ---- | M] () -- C:\Users\Jesus\Desktop\Google Chrome.lnk

[2010/10/16 22:45:05 | 001,325,656 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Jesus\Desktop\tdsskiller.exe

[2010/10/16 22:42:00 | 000,002,366 | ---- | M] () -- C:\Users\Jesus\Desktop\Google Chrome Canary Build.lnk

[2010/10/16 22:30:35 | 003,879,228 | ---- | M] () -- C:\Users\Jesus\Desktop\ComboFix.exe

[2010/10/16 22:01:18 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/10/16 20:20:55 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2010/10/16 20:20:55 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForJesus.job

[2010/10/16 17:02:34 | 000,011,523 | ---- | M] () -- C:\Users\Jesus\Documents\UF Essay.docx

[2010/10/15 23:12:54 | 010,096,918 | ---- | M] () -- C:\Users\Jesus\Desktop\Tahnee - No More.mp3

[2010/10/15 22:46:33 | 066,774,678 | ---- | M] () -- C:\Users\Jesus\Desktop\Tahnee Ft. Marc - No More (Mastered).wav

[2010/10/14 12:56:33 | 000,000,193 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc

[2010/10/13 23:03:18 | 000,462,776 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2010/10/13 20:15:48 | 000,430,080 | ---- | M] (3DU Microsystems) -- C:\Users\Jesus\Desktop\JetSpecs.exe

[2010/10/13 14:22:10 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Security Essentials.lnk

[2010/10/12 12:41:54 | 000,198,600 | R--- | M] (Soluto LTD.) -- C:\Windows\SysNative\drivers\PCGenFAM.sys

[2010/10/11 20:24:08 | 000,928,256 | ---- | M] () -- C:\Users\Jesus\Desktop\Pirate.exe

[2010/10/10 15:14:44 | 000,001,632 | ---- | M] () -- C:\Users\Jesus\Desktop\Civilization V.lnk

[2010/10/10 14:37:03 | 000,013,495 | ---- | M] () -- C:\Users\Jesus\Documents\FSU Essay Revised2.docx

[2010/10/09 19:09:52 | 000,626,981 | ---- | M] () -- C:\Users\Jesus\Desktop\windirstat1_1_2-exe-unicode.zip

[2010/10/03 21:40:08 | 002,738,101 | ---- | M] () -- C:\Users\Jesus\Desktop\Memory Book.pdf

[2010/10/03 17:18:44 | 008,234,455 | ---- | M] () -- C:\Users\Jesus\Documents\Memory Book.pptx

[2010/10/02 19:02:32 | 000,053,017 | ---- | M] () -- C:\Users\Jesus\Desktop\Distance.png

[2010/09/21 22:11:44 | 000,088,671 | ---- | M] () -- C:\Users\Jesus\Documents\LOLIS2.docx

[2010/09/19 18:28:17 | 000,060,088 | ---- | M] () -- C:\Users\Jesus\Documents\LOLIS.docx

[2010/09/19 15:06:35 | 000,011,968 | ---- | M] () -- C:\Users\Jesus\Documents\kosten.xlsx

[2010/09/18 18:24:23 | 000,000,000 | RHS- | M] () -- C:\Windows\SysWow64\drivers\103C_HP_cNB_Envy 15 Notebook PC_Y5335KV_0U_QCNF94080LT_E572167-003_4A_I7009_SQuanta_V36.35_F.2A_T100630_WU3-0_L409_M6135_J500_7Intel_86E5_91.60_#091101_N80864237;19691063_(VM247UA#ABA)_XMO

BILE_CN10_Z.MRK

[2010/09/18 18:24:23 | 000,000,000 | RHS- | M] () -- C:\Windows\SysNative\drivers\103C_HP_cNB_Envy 15 Notebook PC_Y5335KV_0U_QCNF94080LT_E572167-003_4A_I7009_SQuanta_V36.35_F.2A_T100630_WU3-0_L409_M6135_J500_7Intel_86E5_91.60_#091101_N80864237;19691063_(VM247UA#ABA)_XMO

BILE_CN10_Z.MRK

[2010/09/15 20:45:11 | 000,013,204 | ---- | M] () -- C:\Users\Jesus\Documents\FSU Essay Revised.docx

[2010/09/14 15:32:55 | 000,007,609 | ---- | M] () -- C:\Users\Jesus\AppData\Local\Resmon.ResmonCfg

[2010/09/13 16:50:14 | 016,658,538 | ---- | M] () -- C:\Users\Jesus\Desktop\rexfsx_sp3_20090914_TO_20100611.exe

[2010/09/13 16:48:28 | 008,521,235 | ---- | M] () -- C:\Users\Jesus\Desktop\rex2_2020090914.exe

[2010/09/13 16:45:31 | 098,311,045 | ---- | M] () -- C:\Users\Jesus\Desktop\rex2_rtmpatch.zip

[2010/09/13 01:41:41 | 3785,242,725 | ---- | M] () -- C:\Users\Jesus\Desktop\REX_OverDrive_FSX_1.0.zip

[2010/09/12 23:42:07 | 093,001,256 | ---- | M] () -- C:\Users\Jesus\Desktop\Real Environment Extreme v2.0(Unwrapped).rar

[2010/09/12 23:22:00 | 000,001,987 | ---- | M] () -- C:\Users\Public\Desktop\Real Environment Xtreme.lnk

[2010/09/12 14:09:26 | 000,000,943 | ---- | M] () -- C:\Users\Jesus\Application Data\Microsoft\Internet Explorer\Quick Launch\GrabIt.lnk

[2010/09/12 14:09:26 | 000,000,919 | ---- | M] () -- C:\Users\Jesus\Desktop\GrabIt.lnk

[2010/09/12 13:35:08 | 000,029,828 | ---- | M] () -- C:\Users\Jesus\Documents\cc_20100912_133458.reg

[2010/09/12 13:34:16 | 000,001,007 | ---- | M] () -- C:\Users\Jesus\Desktop\CCleaner.lnk

[2010/09/10 16:42:59 | 000,012,804 | ---- | M] () -- C:\Users\Jesus\Documents\FSU Essay.docx

[2010/09/05 21:53:15 | 000,002,126 | -H-- | M] () -- C:\Users\Jesus\Documents\Default.rdp

[2010/09/04 23:24:21 | 005,491,541 | ---- | M] () -- C:\Users\Jesus\Documents\Kaya Rooi Catootje 13 REMODELACION 3.plan

[2010/09/02 23:58:32 | 000,002,652 | ---- | M] () -- C:\Users\Jesus\Documents\Kaya Rooi Catootje 13 REMODELACION 3_p.jpg

[2010/09/02 23:58:08 | 006,584,874 | ---- | M] () -- C:\Users\Jesus\Documents\Kaya Rooi Catootje 13 REMODELACION 2.plan

[2010/09/02 23:29:09 | 000,001,903 | ---- | M] () -- C:\Users\Jesus\Documents\Kaya Rooi Catootje 13 REMODELACION 2_p.jpg

[2010/08/31 08:36:04 | 006,815,140 | ---- | M] () -- C:\Users\Jesus\Documents\Kaya Rooi Catootje 13 REMODELACION.plan

[2010/08/30 21:10:08 | 000,002,807 | ---- | M] () -- C:\Users\Public\Desktop\Official Guide to the TOEFL Test, Third Edition.lnk

[2010/08/30 21:10:08 | 000,002,627 | ---- | M] () -- C:\Users\Public\Desktop\TOEFL Practice Tests.lnk

[2010/08/29 14:45:36 | 002,549,760 | ---- | M] () -- C:\Windows\msnmsnger.exe

[2010/08/29 14:40:10 | 002,430,880 | ---- | M] () -- C:\Users\Jesus\AppData\Roaming\diagnostic_demo.exe

[2010/08/28 15:00:37 | 000,001,963 | ---- | M] () -- C:\Users\Jesus\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2010/08/28 15:00:37 | 000,001,939 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2010/08/26 14:05:28 | 000,002,179 | ---- | M] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk

[2010/08/23 13:38:44 | 000,002,198 | ---- | M] () -- C:\Users\Jesus\Documents\Kaya Rooi Catootje 13 REMODELACION_p.jpg

[2010/08/22 21:34:04 | 000,030,638 | ---- | M] () -- C:\Users\Jesus\Desktop\ProjectDossier.docx

[2010/08/22 21:21:27 | 000,025,176 | ---- | M] () -- C:\Users\Jesus\Documents\GANTCHART.xlsx

[2010/08/22 14:10:11 | 001,022,045 | ---- | M] () -- C:\Users\Jesus\Documents\Kaya Rooi Catootje 13.plan

[2010/08/21 22:28:15 | 000,000,787 | ---- | M] () -- C:\Users\Jesus\Documents\Kaya Rooi Catootje 13_p.jpg

[2010/08/21 20:48:37 | 000,001,936 | ---- | M] () -- C:\Users\Public\Desktop\Chief Architect X2.lnk

[2010/08/21 13:41:50 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

[2010/08/21 00:49:33 | 000,001,857 | ---- | M] () -- C:\Users\Jesus\Desktop\UseNeXT.lnk

[2010/08/20 14:23:37 | 000,000,600 | ---- | M] () -- C:\Users\Jesus\PUTTY.RND

[2010/08/20 14:20:36 | 000,155,648 | ---- | M] () -- C:\Users\Jesus\Desktop\U997.exe

[2010/08/16 00:51:37 | 008,358,912 | ---- | M] () -- C:\Windows\msnmssgnr.exe

[2010/08/12 18:44:53 | 008,358,912 | ---- | M] () -- C:\Windows\frost.exe

[2010/08/08 05:31:17 | 000,002,429 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk

[2010/08/08 02:39:29 | 000,032,808 | ---- | M] (http://libusb-win32.sourceforge.net) -- C:\Windows\SysWow64\libusb0.sys

[2010/08/07 23:20:10 | 000,000,684 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.msn

[2010/08/07 23:20:10 | 000,000,684 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2010/08/02 16:10:56 | 000,000,935 | ---- | M] () -- C:\Users\Jesus\Desktop\Download Accelerator Plus (DAP).lnk

[2010/08/02 15:50:08 | 000,172,032 | ---- | M] (Jin Hui E-mail: jinhui@jcomsoft.com Web: http://www.jcomsoft.com) -- C:\Windows\SysWow64\AniGIF.ocx

[2010/08/02 15:20:22 | 000,001,218 | ---- | M] () -- C:\Users\Public\Desktop\TMAC v5 R3.lnk

[2010/08/02 14:20:35 | 000,000,442 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics

[2010/07/24 19:53:35 | 000,743,534 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2010/07/23 20:44:07 | 000,001,054 | ---- | M] () -- C:\Users\Jesus\Desktop\Wolfenstein - Enemy Territory.lnk

========== Files Created - No Company Name ==========

[2010/10/17 21:08:54 | 000,028,417 | ---- | C] () -- C:\Users\Jesus\Desktop\error.jpg

[2010/10/17 21:07:59 | 000,133,632 | ---- | C] () -- C:\Users\Jesus\Desktop\RKUnhookerLE.EXE

[2010/10/17 21:05:10 | 000,544,768 | ---- | C] () -- C:\Users\Jesus\Desktop\dds.pif

[2010/10/17 21:05:04 | 000,544,768 | ---- | C] () -- C:\Users\Jesus\Desktop\dds.scr

[2010/10/17 18:47:13 | 001,922,681 | ---- | C] () -- C:\Users\Jesus\Desktop\J - Karta Di Amor.mp3

[2010/10/17 15:44:32 | 000,000,020 | ---- | C] () -- C:\Users\Jesus\defogger_reenable

[2010/10/17 15:35:29 | 000,034,560 | ---- | C] () -- C:\Windows\SysWow64\drivers\Normandy.sys

[2010/10/17 13:21:32 | 000,103,846 | ---- | C] () -- C:\Users\Jesus\Documents\cc_20101017_132129.reg

[2010/10/16 23:53:41 | 000,000,008 | ---- | C] () -- C:\Users\Jesus\AppData\Roaming\dxqkew.dat

[2010/10/16 23:46:30 | 000,002,316 | ---- | C] () -- C:\Users\Jesus\Desktop\Google Chrome.lnk

[2010/10/16 22:42:00 | 000,002,366 | ---- | C] () -- C:\Users\Jesus\Desktop\Google Chrome Canary Build.lnk

[2010/10/16 22:29:52 | 003,879,228 | ---- | C] () -- C:\Users\Jesus\Desktop\ComboFix.exe

[2010/10/16 22:01:18 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2010/10/16 20:57:18 | 000,000,908 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3574360463-1873166251-200978247-1000UA.job

[2010/10/16 20:57:17 | 000,000,856 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3574360463-1873166251-200978247-1000Core.job

[2010/10/16 16:15:12 | 000,011,523 | ---- | C] () -- C:\Users\Jesus\Documents\UF Essay.docx

[2010/10/15 23:11:18 | 010,096,918 | ---- | C] () -- C:\Users\Jesus\Desktop\Tahnee - No More.mp3

[2010/10/15 22:46:23 | 066,774,678 | ---- | C] () -- C:\Users\Jesus\Desktop\Tahnee Ft. Marc - No More (Mastered).wav

[2010/10/15 19:13:52 | 000,000,332 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForJesus.job

[2010/10/11 20:23:38 | 000,928,256 | ---- | C] () -- C:\Users\Jesus\Desktop\Pirate.exe

[2010/10/10 15:14:44 | 000,001,632 | ---- | C] () -- C:\Users\Jesus\Desktop\Civilization V.lnk

[2010/10/09 19:09:46 | 000,626,981 | ---- | C] () -- C:\Users\Jesus\Desktop\windirstat1_1_2-exe-unicode.zip

[2010/10/03 21:40:08 | 002,738,101 | ---- | C] () -- C:\Users\Jesus\Desktop\Memory Book.pdf

[2010/10/02 20:41:44 | 008,234,455 | ---- | C] () -- C:\Users\Jesus\Documents\Memory Book.pptx

[2010/10/02 19:02:32 | 000,053,017 | ---- | C] () -- C:\Users\Jesus\Desktop\Distance.png

[2010/09/21 16:39:12 | 000,088,671 | ---- | C] () -- C:\Users\Jesus\Documents\LOLIS2.docx

[2010/09/19 15:06:30 | 000,011,968 | ---- | C] () -- C:\Users\Jesus\Documents\kosten.xlsx

[2010/09/18 18:24:23 | 000,000,000 | RHS- | C] () -- C:\Windows\SysWow64\drivers\103C_HP_cNB_Envy 15 Notebook PC_Y5335KV_0U_QCNF94080LT_E572167-003_4A_I7009_SQuanta_V36.35_F.2A_T100630_WU3-0_L409_M6135_J500_7Intel_86E5_91.60_#091101_N80864237;19691063_(VM247UA#ABA)_XMO

BILE_CN10_Z.MRK

[2010/09/18 18:24:23 | 000,000,000 | RHS- | C] () -- C:\Windows\SysNative\drivers\103C_HP_cNB_Envy 15 Notebook PC_Y5335KV_0U_QCNF94080LT_E572167-003_4A_I7009_SQuanta_V36.35_F.2A_T100630_WU3-0_L409_M6135_J500_7Intel_86E5_91.60_#091101_N80864237;19691063_(VM247UA#ABA)_XMO

BILE_CN10_Z.MRK

[2010/09/18 18:12:00 | 000,013,495 | ---- | C] () -- C:\Users\Jesus\Documents\FSU Essay Revised2.docx

[2010/09/15 14:10:25 | 000,013,204 | ---- | C] () -- C:\Users\Jesus\Documents\FSU Essay Revised.docx

[2010/09/14 15:32:55 | 000,007,609 | ---- | C] () -- C:\Users\Jesus\AppData\Local\Resmon.ResmonCfg

[2010/09/13 19:36:00 | 000,075,148 | ---- | C] () -- C:\Users\Jesus\Desktop\Mink.jpg

[2010/09/13 16:49:35 | 016,658,538 | ---- | C] () -- C:\Users\Jesus\Desktop\rexfsx_sp3_20090914_TO_20100611.exe

[2010/09/13 16:45:43 | 008,521,235 | ---- | C] () -- C:\Users\Jesus\Desktop\rex2_2020090914.exe

[2010/09/13 16:42:56 | 098,311,045 | ---- | C] () -- C:\Users\Jesus\Desktop\rex2_rtmpatch.zip

[2010/09/13 00:16:42 | 3785,242,725 | ---- | C] () -- C:\Users\Jesus\Desktop\REX_OverDrive_FSX_1.0.zip

[2010/09/12 23:29:18 | 093,001,256 | ---- | C] () -- C:\Users\Jesus\Desktop\Real Environment Extreme v2.0(Unwrapped).rar

[2010/09/12 23:22:00 | 000,001,987 | ---- | C] () -- C:\Users\Public\Desktop\Real Environment Xtreme.lnk

[2010/09/12 14:09:26 | 000,000,943 | ---- | C] () -- C:\Users\Jesus\Application Data\Microsoft\Internet Explorer\Quick Launch\GrabIt.lnk

[2010/09/12 14:09:26 | 000,000,919 | ---- | C] () -- C:\Users\Jesus\Desktop\GrabIt.lnk

[2010/09/12 13:35:02 | 000,029,828 | ---- | C] () -- C:\Users\Jesus\Documents\cc_20100912_133458.reg

[2010/09/12 00:54:12 | 000,000,193 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc

[2010/09/09 16:43:15 | 000,012,804 | ---- | C] () -- C:\Users\Jesus\Documents\FSU Essay.docx

[2010/09/05 15:03:35 | 000,060,088 | ---- | C] () -- C:\Users\Jesus\Documents\LOLIS.docx

[2010/09/02 23:58:32 | 000,002,652 | ---- | C] () -- C:\Users\Jesus\Documents\Kaya Rooi Catootje 13 REMODELACION 3_p.jpg

[2010/09/02 23:58:28 | 005,491,541 | ---- | C] () -- C:\Users\Jesus\Documents\Kaya Rooi Catootje 13 REMODELACION 3.plan

[2010/09/02 23:29:09 | 000,001,903 | ---- | C] () -- C:\Users\Jesus\Documents\Kaya Rooi Catootje 13 REMODELACION 2_p.jpg

[2010/09/02 23:29:08 | 006,584,874 | ---- | C] () -- C:\Users\Jesus\Documents\Kaya Rooi Catootje 13 REMODELACION 2.plan

[2010/08/30 21:10:08 | 000,002,807 | ---- | C] () -- C:\Users\Public\Desktop\Official Guide to the TOEFL Test, Third Edition.lnk

[2010/08/30 21:10:08 | 000,002,627 | ---- | C] () -- C:\Users\Public\Desktop\TOEFL Practice Tests.lnk

[2010/08/29 14:40:10 | 002,549,760 | ---- | C] () -- C:\Windows\msnmsnger.exe

[2010/08/29 14:40:10 | 002,430,880 | ---- | C] () -- C:\Users\Jesus\AppData\Roaming\diagnostic_demo.exe

[2010/08/28 15:00:37 | 000,001,963 | ---- | C] () -- C:\Users\Jesus\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

[2010/08/28 15:00:37 | 000,001,939 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2010/08/26 14:05:28 | 000,002,179 | ---- | C] () -- C:\Users\Public\Desktop\HP Support Assistant.lnk

[2010/08/23 13:38:44 | 000,002,198 | ---- | C] () -- C:\Users\Jesus\Documents\Kaya Rooi Catootje 13 REMODELACION_p.jpg

[2010/08/23 13:38:43 | 006,815,140 | ---- | C] () -- C:\Users\Jesus\Documents\Kaya Rooi Catootje 13 REMODELACION.plan

[2010/08/22 21:34:02 | 000,030,638 | ---- | C] () -- C:\Users\Jesus\Desktop\ProjectDossier.docx

[2010/08/22 18:46:34 | 000,025,176 | ---- | C] () -- C:\Users\Jesus\Documents\GANTCHART.xlsx

[2010/08/21 22:28:15 | 000,000,787 | ---- | C] () -- C:\Users\Jesus\Documents\Kaya Rooi Catootje 13_p.jpg

[2010/08/21 22:27:24 | 001,022,045 | ---- | C] () -- C:\Users\Jesus\Documents\Kaya Rooi Catootje 13.plan

[2010/08/21 20:48:37 | 000,001,936 | ---- | C] () -- C:\Users\Public\Desktop\Chief Architect X2.lnk

[2010/08/21 13:41:50 | 000,002,014 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

[2010/08/20 14:20:36 | 000,155,648 | ---- | C] () -- C:\Users\Jesus\Desktop\U997.exe

[2010/08/18 22:10:42 | 000,001,007 | ---- | C] () -- C:\Users\Jesus\Desktop\CCleaner.lnk

[2010/08/15 23:38:57 | 008,358,912 | ---- | C] () -- C:\Windows\msnmssgnr.exe

[2010/08/12 18:35:30 | 008,358,912 | ---- | C] () -- C:\Windows\frost.exe

[2010/08/08 05:31:16 | 000,002,429 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk

[2010/08/02 16:10:56 | 000,000,935 | ---- | C] () -- C:\Users\Jesus\Desktop\Download Accelerator Plus (DAP).lnk

[2010/08/02 15:20:22 | 000,001,218 | ---- | C] () -- C:\Users\Public\Desktop\TMAC v5 R3.lnk

[2010/07/24 19:53:35 | 000,743,534 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2010/07/23 20:44:07 | 000,001,054 | ---- | C] () -- C:\Users\Jesus\Desktop\Wolfenstein - Enemy Territory.lnk

[2010/07/12 21:00:15 | 000,311,165 | ---- | C] () -- C:\Users\Jesus\AppData\Roaming\File2.exe

[2010/07/07 00:44:55 | 000,000,600 | ---- | C] () -- C:\Users\Jesus\AppData\Roaming\winscp.rnd

[2010/05/09 22:37:43 | 000,000,617 | -H-- | C] () -- C:\Program Files (x86)\buildlog.txt

[2009/11/04 20:25:43 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys

[2009/11/01 22:16:19 | 000,201,669 | ---- | C] () -- C:\ProgramData\HPWALog.txt

[2009/11/01 22:16:13 | 000,000,000 | ---- | C] () -- C:\Users\Jesus\AppData\Local\QSwitch.txt

[2009/11/01 22:16:13 | 000,000,000 | ---- | C] () -- C:\Users\Jesus\AppData\Local\DSwitch.txt

[2009/11/01 22:16:13 | 000,000,000 | ---- | C] () -- C:\Users\Jesus\AppData\Local\AtStart.txt

[2009/09/26 05:08:37 | 000,000,032 | ---- | C] () -- C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log

[2009/09/26 05:08:21 | 000,000,032 | ---- | C] () -- C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log

[2009/09/07 02:29:57 | 000,000,109 | ---- | C] () -- C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log

[2009/09/07 02:27:22 | 000,000,105 | ---- | C] () -- C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log

[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll

[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

[2009/07/10 00:03:56 | 000,370,312 | ---- | C] () -- C:\Windows\SysWow64\sqlite3.dll

[2009/06/09 12:55:58 | 000,057,904 | ---- | C] () -- C:\Windows\SysWow64\wbload.dll

[2004/06/02 11:13:00 | 000,540,672 | ---- | C] () -- C:\Windows\SysWow64\Tx32.dll

[2003/04/16 04:02:00 | 000,000,478 | ---- | C] () -- C:\Windows\SysWow64\ic32.ini

========== LOP Check ==========

[2010/06/03 17:07:38 | 000,000,000 | -HSD | M] -- C:\Users\Jesus\AppData\Roaming\.#

[2010/04/27 19:31:04 | 000,000,000 | ---D | M] -- C:\Users\Jesus\AppData\Roaming\Antares

[2010/09/12 13:35:59 | 000,000,000 | ---D | M] -- C:\Users\Jesus\AppData\Roaming\Chief Architect Premier X3 Trial Version

[2010/10/07 12:45:41 | 000,000,000 | ---D | M] -- C:\Users\Jesus\AppData\Roaming\Chief Architect X2

[2010/05/21 22:46:34 | 000,000,000 | ---D | M] -- C:\Users\Jesus\AppData\Roaming\cmw

[2009/12/23 16:24:08 | 000,000,000 | ---D | M] -- C:\Users\Jesus\AppData\Roaming\DAEMON Tools Lite

[2009/11/15 13:35:50 | 000,000,000 | ---D | M] -- C:\Users\Jesus\AppData\Roaming\EA

[2009/12/24 11:41:50 | 000,000,000 | ---D | M] -- C:\Users\Jesus\AppData\Roaming\FabFilter

[2010/08/30 21:19:06 | 000,000,000 | ---D | M] -- C:\Users\Jesus\AppData\Roaming\GetRightToGo

[2010/10/16 20:11:49 | 000,000,000 | ---D | M] -- C:\Users\Jesus\AppData\Roaming\GrabIt

[2010/08/30 21:10:06 | 000,000,000 | ---D | M] -- C:\Users\Jesus\AppData\Roaming\M-HTOEFL

[2009/11/03 20:15:53 | 000,000,000 | ---D | M] -- C:\Users\Jesus\AppData\Roaming\mjusbsp

[2010/08/22 23:44:27 | 000,000,000 | ---D | M] -- C:\Users\Jesus\AppData\Roaming\MusicBrainz

[2009/12/28 14:00:57 | 000,000,000 | ---D | M] -- C:\Users\Jesus\AppData\Roaming\Nonoh

[2010/09/12 13:39:15 | 000,000,000 | ---D | M] -- C:\Users\Jesus\AppData\Roaming\Notepad++

[2010/06/12 17:19:43 | 000,000,000 | ---D | M] -- C:\Users\Jesus\AppData\Roaming\ooVoo Details

[2010/06/12 17:17:08 | 000,000,000 | ---D | M] -- C:\Users\Jesus\AppData\Roaming\oovooinstaller

[2010/06/02 13:22:53 | 000,000,000 | RHSD | M] -- C:\Users\Jesus\AppData\Roaming\paintshop

[2009/12/23 16:56:12 | 000,000,000 | ---D | M] -- C:\Users\Jesus\AppData\Roaming\Steinberg

[2010/05/31 15:21:35 | 000,000,000 | ---D | M] -- C:\Users\Jesus\AppData\Roaming\TuneUp Software

[2010/09/30 19:49:35 | 000,000,000 | ---D | M] -- C:\Users\Jesus\AppData\Roaming\UseNeXT

[2010/10/09 11:19:35 | 000,000,000 | ---D | M] -- C:\Users\Jesus\AppData\Roaming\uTorrent

[2010/01/04 00:28:59 | 000,000,000 | ---D | M] -- C:\Users\Jesus\AppData\Roaming\VTExtra

[2010/07/26 18:49:20 | 000,000,000 | ---D | M] -- C:\Users\Jesus\AppData\Roaming\Wi-Fi Sync

[2010/07/01 13:09:16 | 000,000,000 | ---D | M] -- C:\Users\Jesus\AppData\Roaming\Windows Live Writer

[2010/10/17 13:23:06 | 000,032,540 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Files - Unicode (All) ==========

[2010/02/07 00:38:51 | 000,000,036 | ---- | M] ()(C:\Windows\SysWow64\?N) -- C:\Windows\SysWow64\??

[2010/02/07 00:38:51 | 000,000,036 | ---- | C] ()(C:\Windows\SysWow64\?N) -- C:\Windows\SysWow64\??

[2010/02/01 21:50:32 | 000,000,036 | ---- | M] ()(C:\Windows\SysWow64\?

Link to post
Share on other sites

DonJota:

report.gifP2P - I see you have P2P software (uTorrent) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to malware infections. Please see this post for more information. I recommend that you uninstall these now. You can do so via Control Panel >> Add or Remove Programs. If you choose to keep these applications, please do not use them until our fixes are complete.

icon11.gif Run OTL.exe

  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
    :OTL
    PRC - C:\Users\Jesus\AppData\Roaming\Microsoft\svchost.exe ()
    PRC - C:\Users\Jesus\AppData\Roaming\Microsoft\Windows\shell.exe ()
    PRC - C:\Users\Jesus\AppData\Local\Temp\dwm.exe ()
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370
    FF - prefs.js..network.proxy.http: "127.0.0.1"
    FF - prefs.js..network.proxy.http_port: 50370
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [svchost] C:\Users\Jesus\AppData\Roaming\Microsoft\svchost.exe ()
    F3:64bit: - HKCU WinNT: Load - (C:\Users\Jesus\AppData\Local\Temp\dwm.exe) - C:\Users\Jesus\AppData\Local\Temp\dwm.exe ()
    F3 - HKCU WinNT: Load - (C:\Users\Jesus\AppData\Local\Temp\dwm.exe) - C:\Users\Jesus\AppData\Local\Temp\dwm.exe ()
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O20 - HKCU Winlogon: Shell - (C:\Users\Jesus\AppData\Roaming\Microsoft\Windows\shell.exe) - C:\Users\Jesus\AppData\Roaming\Microsoft\Windows\shell.exe ()
    O33 - MountPoints2\{4bdd4cb6-c8ba-11de-be80-00269e4a4b21}\Shell\AutoRun\command - "" = F:\autorun.exe -- File not found
    O33 - MountPoints2\{4bdd4cb6-c8ba-11de-be80-00269e4a4b21}\Shell\phone\command - "" = F:\autorun.exe -- File not found
    O33 - MountPoints2\{64718749-c374-11df-bdcb-00271334b026}\Shell - "" = AutoRun
    O33 - MountPoints2\{64718749-c374-11df-bdcb-00271334b026}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
    O33 - MountPoints2\{b27bf879-ac86-11df-9787-d3907dc666f0}\Shell - "" = AutoRun
    O33 - MountPoints2\{b27bf879-ac86-11df-9787-d3907dc666f0}\Shell\AutoRun\command - "" = F:\setup.exe -- File not found
    O33 - MountPoints2\{bcb6fa8c-f000-11de-9744-da821940db4f}\Shell - "" = AutoRun
    O33 - MountPoints2\{bcb6fa8c-f000-11de-9744-da821940db4f}\Shell\AutoRun\command - "" = E:\Installer.exe -- File not found
    O33 - MountPoints2\F\Shell - "" = AutoRun
    O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found
    :Commands
    [EmptyFlash]
    [EmptyTemp]
    [Purity]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, it will reboot when it is done and produce a log

icon11.gif You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan.

Open MBAM

  • Click the Update tab
  • Click Check for Updates
  • If an update is found, it will download and install the latest version.
  • The program will close to update and reopen.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Please include the following in your next post:

  • OTL Fix log
  • MBAM log

Link to post
Share on other sites

OTL Log

All processes killed

========== OTL ==========

No active process named svchost.exe was found!

No active process named shell.exe was found!

No active process named dwm.exe was found!

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!

Prefs.js: "127.0.0.1" removed from network.proxy.http

Prefs.js: 50370 removed from network.proxy.http_port

Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\svchost deleted successfully.

C:\Users\Jesus\AppData\Roaming\Microsoft\svchost.exe moved successfully.

C:\Users\Jesus\AppData\Local\Temp\dwm.exe moved successfully.

64bit-Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load:C:\Users\Jesus\AppData\Local\Temp\dwm.exe deleted successfully.

File C:\Users\Jesus\AppData\Local\Temp\dwm.exe not found.

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load:C:\Users\Jesus\AppData\Local\Temp\dwm.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\Jesus\AppData\Roaming\Microsoft\Windows\shell.exe deleted successfully.

C:\Users\Jesus\AppData\Roaming\Microsoft\Windows\shell.exe moved successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4bdd4cb6-c8ba-11de-be80-00269e4a4b21}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4bdd4cb6-c8ba-11de-be80-00269e4a4b21}\ not found.

File F:\autorun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4bdd4cb6-c8ba-11de-be80-00269e4a4b21}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4bdd4cb6-c8ba-11de-be80-00269e4a4b21}\ not found.

File F:\autorun.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{64718749-c374-11df-bdcb-00271334b026}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64718749-c374-11df-bdcb-00271334b026}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{64718749-c374-11df-bdcb-00271334b026}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64718749-c374-11df-bdcb-00271334b026}\ not found.

File F:\LaunchU3.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b27bf879-ac86-11df-9787-d3907dc666f0}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b27bf879-ac86-11df-9787-d3907dc666f0}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b27bf879-ac86-11df-9787-d3907dc666f0}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b27bf879-ac86-11df-9787-d3907dc666f0}\ not found.

File F:\setup.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bcb6fa8c-f000-11de-9744-da821940db4f}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bcb6fa8c-f000-11de-9744-da821940db4f}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bcb6fa8c-f000-11de-9744-da821940db4f}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bcb6fa8c-f000-11de-9744-da821940db4f}\ not found.

File E:\Installer.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.

File F:\LaunchU3.exe not found.

========== COMMANDS ==========

[EMPTYFLASH]

User: Administrator

User: All Users

User: AppData

User: Default

->Flash cache emptied: 0 bytes

User: Default User

->Flash cache emptied: 0 bytes

User: Jesus

->Flash cache emptied: 3274 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

[EMPTYTEMP]

User: Administrator

User: All Users

User: AppData

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Jesus

->Temp folder emptied: 6515202 bytes

->Temporary Internet Files folder emptied: 1526480 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Google Chrome cache emptied: 153715598 bytes

->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 70386 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 12217055 bytes

Total Files Cleaned = 166.00 mb

OTL by OldTimer - Version 3.2.15.2 log created on 10172010_221816

Files\Folders moved on Reboot...

C:\Users\Jesus\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

C:\Users\Jesus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MXYQVWXM\ADSAdClient31[2].txt moved successfully.

C:\Users\Jesus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MB8KR33X\01[1].htm moved successfully.

C:\Users\Jesus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MB8KR33X\01[2].htm moved successfully.

C:\Users\Jesus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MB8KR33X\ADSAdClient31[1].txt moved successfully.

C:\Users\Jesus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MB8KR33X\pid=Messenger_IMSCB2_234x60_MMN[1].txt moved successfully.

Registry entries deleted on Reboot...

--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

MDAM

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4865

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

10/17/2010 10:33:14 PM

mbam-log-2010-10-17 (22-33-14).txt

Scan type: Quick scan

Objects scanned: 149982

Time elapsed: 7 minute(s), 25 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

DonJota:

Is it running better now? Please do this next:

icon11.gif Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Java 6 Update 15 can be updated from the Java control panel Start > Control Panel (Classic View) > Java (looks like a coffee cup) > Update Tab > Update Now. An update should begin; follow the prompts. If it does not, let me know.

Once the install is complete...

Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)

  • On the General tab, under Temporary Internet Files, click the Settings button.
  • Next, click on the Delete Files button
  • There are two options in the window to clear the cache - Leave BOTH Checked
    • Applications and Applets
    • Trace and Log Files

    [*]Click OK on Delete Temporary Files Window

Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.

  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.

icon11.gif Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:

  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.

3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.

Please be patient as this can take quite a long time to download.

  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:

    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases

    [*]Click on My Computer under the green Scan bar to the left to start the scan.

    [*]Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.

    [*]Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.

    [*]Click View report... at the bottom.

    [*] Click the Save report... button.

    [*] Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply

Please include the following in your next post:

  • Kaspersky log
  • How is your computer running now?

Link to post
Share on other sites

DonJota:

Absence of symptoms does not always mean your PC is clean. I'd prefer you run the scan to be certain, but if you choose not to there is some important cleanup you should take care of:

icon11.gif Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.
  • Manually delete any remaining logs or tools.

icon11.gif Finally, I'd like to make a couple of suggestions to help you stay clean in the future:

  • Restart any anti-malware programs that we disabled while we were cleaning your machine.
  • Keep your antivirus application and MBAM current and updated. Scan with them at least weekly.
  • Avoid using P2P programs. Refer back to my earlier post for more information.
  • Please visit this General Computer Security Forum and review this post for some helpful information.

Please post once more so I know you are all set and I can mark this thread resolved. Good luck and stay safe!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.