Video Studders, qvo6 virus

Solved
By Jomamk
May 10, 2013
  1. Jomamk

    Jomamk Newcomer, in training Topic Starter Posts: 41

    That was the last one of FRST, I hope I didn't do anything wrong, that was a long log. Here it is Addition file:

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-05-2013 01
    Ran by Joma at 2013-05-10 22:37:20 Run:
    Running from C:\Users\jomaa_000\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Installed Programs =======================

    µTorrent (Version: 3.3.0.29111)
    Adobe AIR (Version: 3.6.0.6090)
    Adobe Audition CS6 (Version: 5.0)
    Adobe Download Assistant (Version: 1.2.5)
    Adobe Flash Player 11 Plugin (Version: 11.7.700.169)
    Adobe Help Manager (Version: 4.0.244)
    Adobe Photoshop CS6 (Version: 13.0)
    Adobe Pixel Bender Toolkit 2 (Version: 2.0)
    Adobe Reader X (10.1.3) MUI (Version: 10.1.3)
    AIMP3 (Version: v3.20.1165, 21.12.2012)
    AllSharePlayLink (Version: 1.0.0)
    Amnesia: The Dark Descent (Version: 1.0.1)
    AudioMulch Interactive Music Studio 2.1.1
    Autodesk Design Review 2013 (Version: 13.0.0.82)
    AVG 2013 (Version: 13.0.3162)
    AVG 2013 (Version: 13.0.3336)
    AVG 2013 (Version: 2013.0.3336)
    AVG PC TuneUp (Version: 12.0.4000.108)
    AVG PC TuneUp Language Pack (es-ES) (Version: 12.0.4000.108)
    bl (Version: 1.0.0)
    CDisplay 1.8
    CyberLink YouCam 5 (Version: 5.0.0909)
    DAEMON Tools Pro (Version: 5.2.0.0348)
    Dear Esther
    DFX for Winamp (Version: 9.302.0.0)
    DivX Setup (Version: 2.6.1.24)
    Easy File Share (Version: 1.3.4)
    Eines de correcció del Microsoft Office 2013: català (Version: 15.0.4420.1017)
    ETDWare PS/2-X64 11.7.2.1_WHQL (Version: 11.7.2.1)
    EVEREST Ultimate Edition v5.50 (Version: 5.50)
    Fable III (Version: 1.0.0000.131)
    Fable III (Version: 1.0.0001.131)
    Facebook Video Calling 1.2.0.287 (Version: 1.2.287)
    FARO LS 1.1.406.58 (Version: 4.6.58.2)
    Ferramentas de verificación de Microsoft Office 2013 - Galego (Version: 15.0.4420.1017)
    FreeArc 0.666 (Version: 0.666)
    Google Chrome (Version: 26.0.1410.64)
    Google Earth Plug-in (Version: 7.0.3.8542)
    Google Update Helper (Version: 1.3.21.145)
    Guitar Pro 5.2
    Help Desk (Version: 1.0.5)
    Intel(R) Processor Graphics (Version: 9.17.10.2932)
    Intel(R) Rapid Storage Technology (Version: 11.5.2.1001)
    iolo technologies' System Mechanic (Version: 11.7.0)
    Java 7 Update 21 (Version: 7.0.210)
    Java Auto Updater (Version: 2.1.9.5)
    League of Legends (Version: 1.3)
    LogMeIn Hamachi (Version: 2.1.0.296)
    Los Sims™ 3 (Version: 1.38.151)
    Malwarebytes Anti-Malware versión 1.75.0.1300 (Version: 1.75.0.1300)
    Manhunt 2 (Version: 1.00.0000)
    Microsoft Access MUI (Spanish) 2013 (Version: 15.0.4420.1017)
    Microsoft DCF MUI (Spanish) 2013 (Version: 15.0.4420.1017)
    Microsoft Excel MUI (Spanish) 2013 (Version: 15.0.4420.1017)
    Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.92.0)
    Microsoft Games for Windows Marketplace (Version: 3.5.50.0)
    Microsoft Groove MUI (Spanish) 2013 (Version: 15.0.4420.1017)
    Microsoft InfoPath MUI (Spanish) 2013 (Version: 15.0.4420.1017)
    Microsoft Lync MUI (Spanish) 2013 (Version: 15.0.4420.1017)
    Microsoft Office 64-bit Components 2013 (Version: 15.0.4420.1017)
    Microsoft Office OSM MUI (Spanish) 2013 (Version: 15.0.4420.1017)
    Microsoft Office OSM UX MUI (Spanish) 2013 (Version: 15.0.4420.1017)
    Microsoft Office Professional Plus 2013 (Version: 15.0.4420.1017)
    Microsoft Office Proofing (Spanish) 2013 (Version: 15.0.4420.1017)
    Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4420.1017)
    Microsoft Office Proofing Tools 2013 - Español (Version: 15.0.4420.1017)
    Microsoft Office Shared 64-bit MUI (Spanish) 2013 (Version: 15.0.4420.1017)
    Microsoft Office Shared MUI (Spanish) 2013 (Version: 15.0.4420.1017)
    Microsoft Office zuzenketa-tresnak 2013 - Euskara (Version: 15.0.4420.1017)
    Microsoft OneNote MUI (Spanish) 2013 (Version: 15.0.4420.1017)
    Microsoft Outlook MUI (Spanish) 2013 (Version: 15.0.4420.1017)
    Microsoft PowerPoint MUI (Spanish) 2013 (Version: 15.0.4420.1017)
    Microsoft Publisher MUI (Spanish) 2013 (Version: 15.0.4420.1017)
    Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
    Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
    Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
    Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
    Microsoft Word MUI (Spanish) 2013 (Version: 15.0.4420.1017)
    Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
    Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
    Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
    Mozilla Firefox 20.0.1 (x86 es-ES) (Version: 20.0.1)
    Mozilla Maintenance Service (Version: 20.0.1)
    MusicBee 2.0 (Version: 2.0)
    Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017)
    Pando Media Booster (Version: 2.6.0.8)
    Paquete de controladores de Windows - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass (07/27/2012 20.57.1.735) (Version: 07/27/2012 20.57.1.735)
    PDF Settings CS6 (Version: 11.0)
    ph (Version: 1.0.0)
    Power Tab Editor 1.7 (Version: 1.7.0)
    PowerDVD (Version: 10.00.0000)
    Project64 1.7
    Qualcomm Atheros Client Installation Program (Version: 10.0)
    Quick Starter (Version: 1.0.0)
    Razer Game Booster (Version: 3.5.6.0)
    Realtek Ethernet Controller Driver (Version: 8.2.612.2012)
    Realtek High Definition Audio Driver (Version: 6.0.1.6699)
    Recovery (Version: 6.0.6.5)
    Revisores de Texto do Microsoft Office 2013 – Português do Brasil (Version: 15.0.4420.1017)
    S Agent (Version: 1.1.40)
    Settings (Version: 2.0.0)
    Skype™ 6.2 (Version: 6.2.106)
    Spider-Man 3 (TM) (Version: 1.00.0000)
    Spider-Man 3(TM) (Version: 1.00.0000)
    SPORE(TM) (Version: 1.02.0000)
    SPORE™: Pack de Accesorios. Factoría de Criaturas (Version: 1.00.0000)
    Support Center (Version: 2.1.80)
    Support Center FAQ (Version: 1.0.8)
    SW Update (Version: 2.1.14)
    System Requirements Lab CYRI (Version: 5.0.6.0)
    Ultra Fractal 5.04
    Ultra MPEG-4 Converter 5.2.0603
    Unity Web Player (Version: )
    Update for Microsoft SkyDrive Pro (KB2768356) 32-Bit Edition
    VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
    Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
    VLC media player 2.0.5 (Version: 2.0.5)
    WinZip 17.5 (Version: 17.5.10480)
    Xfire

    ==================== Restore Points =========================

    10-05-2013 21:30:26 Poner archivo en cuarentena: Java(TM) Platform SE binary
    11-05-2013 02:44:15 BeforeCombo

    ==================== Faulty Device Manager Devices =============

    Name: Bluetooth Device (Personal Area Network)
    Description: Dispositivo Bluetooth (Red de área personal)
    Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
    Manufacturer: Microsoft
    Service: BthPan
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (05/10/2013 10:26:19 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: Frankenstein)
    Description: No se pudo activar la aplicación Microsoft.SkypeApp_kzf8qxf38zg5c!App debido al error: -2144927141. Consulte el registro Microsoft-Windows-TWinUI/Operational para obtener más información.

    Error: (05/10/2013 10:11:20 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: Frankenstein)
    Description: No se pudo activar la aplicación Microsoft.SkypeApp_kzf8qxf38zg5c!App debido al error: -2144927141. Consulte el registro Microsoft-Windows-TWinUI/Operational para obtener más información.

    Error: (05/10/2013 09:54:25 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: Frankenstein)
    Description: No se pudo activar la aplicación Microsoft.SkypeApp_kzf8qxf38zg5c!App debido al error: -2144927141. Consulte el registro Microsoft-Windows-TWinUI/Operational para obtener más información.

    Error: (05/10/2013 09:39:25 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: Frankenstein)
    Description: No se pudo activar la aplicación Microsoft.SkypeApp_kzf8qxf38zg5c!App debido al error: -2144927141. Consulte el registro Microsoft-Windows-TWinUI/Operational para obtener más información.

    Error: (05/10/2013 09:24:26 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: Frankenstein)
    Description: No se pudo activar la aplicación Microsoft.SkypeApp_kzf8qxf38zg5c!App debido al error: -2144927141. Consulte el registro Microsoft-Windows-TWinUI/Operational para obtener más información.

    Error: (05/10/2013 09:09:24 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: Frankenstein)
    Description: No se pudo activar la aplicación Microsoft.SkypeApp_kzf8qxf38zg5c!App debido al error: -2144927141. Consulte el registro Microsoft-Windows-TWinUI/Operational para obtener más información.

    Error: (05/10/2013 08:54:24 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: Frankenstein)
    Description: No se pudo activar la aplicación Microsoft.SkypeApp_kzf8qxf38zg5c!App debido al error: -2144927141. Consulte el registro Microsoft-Windows-TWinUI/Operational para obtener más información.

    Error: (05/10/2013 08:39:24 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: Frankenstein)
    Description: No se pudo activar la aplicación Microsoft.SkypeApp_kzf8qxf38zg5c!App debido al error: -2144927141. Consulte el registro Microsoft-Windows-TWinUI/Operational para obtener más información.

    Error: (05/10/2013 08:24:23 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: Frankenstein)
    Description: No se pudo activar la aplicación Microsoft.SkypeApp_kzf8qxf38zg5c!App debido al error: -2144927141. Consulte el registro Microsoft-Windows-TWinUI/Operational para obtener más información.

    Error: (05/10/2013 08:09:22 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: Frankenstein)
    Description: No se pudo activar la aplicación Microsoft.SkypeApp_kzf8qxf38zg5c!App debido al error: -2144927141. Consulte el registro Microsoft-Windows-TWinUI/Operational para obtener más información.


    System errors:
    =============
    Error: (05/10/2013 10:26:14 PM) (Source: DCOM) (User: Frankenstein)
    Description: App.AppX54xz6wnkhmw763c2y8tb018n7d71dtx7.wwa

    Error: (05/10/2013 10:19:06 PM) (Source: bowser) (User: )
    Description: El explorador maestro recibió una notificación del equipo Y2
    que cree que es el explorador maestro para el dominio en el transporte NetBT_Tcpip_{ABB59B2D-1049-4A17-9565-08D0AA78429B}.
    El explorador maestro está detenido o se está forzando una elección.

    Error: (05/10/2013 10:11:14 PM) (Source: DCOM) (User: Frankenstein)
    Description: App.AppX54xz6wnkhmw763c2y8tb018n7d71dtx7.wwa

    Error: (05/10/2013 10:07:05 PM) (Source: bowser) (User: )
    Description: El explorador maestro recibió una notificación del equipo Y2
    que cree que es el explorador maestro para el dominio en el transporte NetBT_Tcpip_{ABB59B2D-1049-4A17-9565-08D0AA78429B}.
    El explorador maestro está detenido o se está forzando una elección.

    Error: (05/10/2013 09:55:06 PM) (Source: bowser) (User: )
    Description: El explorador maestro recibió una notificación del equipo Y2
    que cree que es el explorador maestro para el dominio en el transporte NetBT_Tcpip_{ABB59B2D-1049-4A17-9565-08D0AA78429B}.
    El explorador maestro está detenido o se está forzando una elección.

    Error: (05/10/2013 09:54:20 PM) (Source: DCOM) (User: Frankenstein)
    Description: App.AppX54xz6wnkhmw763c2y8tb018n7d71dtx7.wwa

    Error: (05/10/2013 09:39:19 PM) (Source: DCOM) (User: Frankenstein)
    Description: App.AppX54xz6wnkhmw763c2y8tb018n7d71dtx7.wwa

    Error: (05/10/2013 09:24:21 PM) (Source: DCOM) (User: Frankenstein)
    Description: App.AppX54xz6wnkhmw763c2y8tb018n7d71dtx7.wwa

    Error: (05/10/2013 09:09:19 PM) (Source: DCOM) (User: Frankenstein)
    Description: App.AppX54xz6wnkhmw763c2y8tb018n7d71dtx7.wwa

    Error: (05/10/2013 08:54:18 PM) (Source: DCOM) (User: Frankenstein)
    Description: App.AppX54xz6wnkhmw763c2y8tb018n7d71dtx7.wwa


    Microsoft Office Sessions:
    =========================
    Error: (05/10/2013 10:26:19 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: Frankenstein)
    Description: Microsoft.SkypeApp_kzf8qxf38zg5c!App-2144927141

    Error: (05/10/2013 10:11:20 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: Frankenstein)
    Description: Microsoft.SkypeApp_kzf8qxf38zg5c!App-2144927141

    Error: (05/10/2013 09:54:25 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: Frankenstein)
    Description: Microsoft.SkypeApp_kzf8qxf38zg5c!App-2144927141

    Error: (05/10/2013 09:39:25 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: Frankenstein)
    Description: Microsoft.SkypeApp_kzf8qxf38zg5c!App-2144927141

    Error: (05/10/2013 09:24:26 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: Frankenstein)
    Description: Microsoft.SkypeApp_kzf8qxf38zg5c!App-2144927141

    Error: (05/10/2013 09:09:24 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: Frankenstein)
    Description: Microsoft.SkypeApp_kzf8qxf38zg5c!App-2144927141

    Error: (05/10/2013 08:54:24 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: Frankenstein)
    Description: Microsoft.SkypeApp_kzf8qxf38zg5c!App-2144927141

    Error: (05/10/2013 08:39:24 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: Frankenstein)
    Description: Microsoft.SkypeApp_kzf8qxf38zg5c!App-2144927141

    Error: (05/10/2013 08:24:23 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: Frankenstein)
    Description: Microsoft.SkypeApp_kzf8qxf38zg5c!App-2144927141

    Error: (05/10/2013 08:09:22 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: Frankenstein)
    Description: Microsoft.SkypeApp_kzf8qxf38zg5c!App-2144927141


    ==================== Memory info ===========================

    Percentage of memory in use: 19%
    Total physical RAM: 9939.53 MB
    Available physical RAM: 7988.44 MB
    Total Pagefile: 20179.54 MB
    Available Pagefile: 18134.4 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.79 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:440.68 GB) (Free:293.23 GB) NTFS (Disk=0 Partition=4)

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 466 GB) (Disk ID: 9B1BE6D8)

    Partition: GPT Partition Type
    ==================== End Of Log ============================
  2. Broni

    Broni Malware Annihilator Posts: 45,307   +243

    That looks good.

    [​IMG] Uninstall iolo technologies' System Mechanic.
    Registry cleaners/optimizers are not recommended for several reasons:

    • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

      The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
    • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
    • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
    • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
    • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
    Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.


    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe
    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  3. Jomamk

    Jomamk Newcomer, in training Topic Starter Posts: 41

    AdwCleaner, came clean. Heres Junkware: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 4.9.4 (05.06.2013:1)
    OS: Windows 8 Single Language x64
    Ran by Joma on 10/05/2013 at 23:20:59.99
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files

    Successfully deleted: [File] C:\windows\prefetch\ASKINSTALLCHECKER.EXE-FB360FFA.pf



    ~~~ Folders

    Successfully deleted: [Folder] "C:\Users\jomaa_000\AppData\Roaming\babylon"
    Successfully deleted: [Folder] "C:\Users\jomaa_000\appdata\locallow\boost_interprocess"



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 10/05/2013 at 23:27:00.97
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  4. Jomamk

    Jomamk Newcomer, in training Topic Starter Posts: 41

    OTL logfile created on: 10/05/2013 11:31:20 p. m. - Run 2
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\jomaa_000\Downloads
    64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
    Internet Explorer (Version = 9.10.9200.16540)
    Locale: 0000080A | Country: México | Language: ESM | Date Format: dd/MM/yyyy

    9.71 Gb Total Physical Memory | 8.48 Gb Available Physical Memory | 87.40% Memory free
    19.71 Gb Paging File | 18.48 Gb Available in Paging File | 93.79% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 440.68 Gb Total Space | 293.41 Gb Free Space | 66.58% Space Free | Partition Type: NTFS

    Computer Name: FRANKENSTEIN | User Name: Joma | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/05/10 23:07:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jomaa_000\Downloads\OTL.exe
    PRC - [2013/04/29 00:58:42 | 004,408,368 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
    PRC - [2013/04/18 04:34:38 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
    PRC - [2013/04/10 11:07:36 | 001,428,472 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
    PRC - [2013/02/19 04:01:14 | 000,328,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe
    PRC - [2012/09/05 17:50:26 | 001,593,976 | ---- | M] (Samsung Electronics CO., LTD.) -- C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
    PRC - [2012/09/05 17:50:24 | 000,085,112 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
    PRC - [2012/09/05 17:50:16 | 002,623,096 | ---- | M] (Samsung Electronics CO., LTD.) -- C:\Program Files (x86)\Samsung\Settings\sSettings.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/09/05 17:50:28 | 000,110,712 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll
    MOD - [2012/09/05 17:50:22 | 000,211,064 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll
    MOD - [2012/09/05 17:50:16 | 000,060,536 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll
    MOD - [2012/09/05 17:50:10 | 000,103,544 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll
    MOD - [2012/09/05 17:50:10 | 000,026,744 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll


    ========== Services (SafeList) ==========

    SRV:64bit: - [2013/03/01 21:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
    SRV:64bit: - [2013/03/01 21:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
    SRV:64bit: - [2013/02/02 03:21:45 | 000,467,456 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
    SRV:64bit: - [2013/01/09 18:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
    SRV:64bit: - [2013/01/09 18:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
    SRV:64bit: - [2012/11/05 23:17:41 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
    SRV:64bit: - [2012/09/20 04:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
    SRV:64bit: - [2012/09/20 01:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
    SRV:64bit: - [2012/09/20 01:30:41 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
    SRV:64bit: - [2012/08/29 16:22:36 | 000,208,384 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Windows\SysNative\AdminService.exe -- (AtherosSvc)
    SRV:64bit: - [2012/07/25 22:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
    SRV:64bit: - [2012/07/25 22:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
    SRV:64bit: - [2012/07/25 22:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
    SRV:64bit: - [2012/07/25 22:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
    SRV:64bit: - [2012/07/25 22:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
    SRV:64bit: - [2012/07/25 22:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
    SRV:64bit: - [2012/07/25 22:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
    SRV:64bit: - [2012/07/25 22:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
    SRV:64bit: - [2012/07/25 22:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
    SRV:64bit: - [2012/07/25 22:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
    SRV:64bit: - [2012/07/25 22:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
    SRV:64bit: - [2012/07/25 22:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
    SRV:64bit: - [2012/07/25 22:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
    SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
    SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
    SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
    SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
    SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
    SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
    SRV - [2013/05/10 17:07:19 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2013/04/25 13:41:34 | 004,936,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
    SRV - [2013/04/18 04:34:38 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
    SRV - [2013/04/10 11:07:36 | 001,428,472 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgfws.exe -- (avgfws)
    SRV - [2013/04/09 17:00:02 | 002,921,520 | ---- | M] (Samsung Electronics CO., LTD.) [Disabled | Stopped] -- C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe -- (SWUpdateService)
    SRV - [2013/03/03 04:06:50 | 001,432,400 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Archivos de programa\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
    SRV - [2013/02/07 14:54:40 | 000,161,384 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2012/12/14 11:08:50 | 002,466,304 | ---- | M] (LogMeIn Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
    SRV - [2012/12/14 03:42:10 | 000,277,616 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
    SRV - [2012/09/23 20:43:36 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/09/05 17:50:26 | 001,593,976 | ---- | M] (Samsung Electronics CO., LTD.) [Auto | Running] -- C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe -- (Easy Launcher)
    SRV - [2012/08/23 11:31:24 | 002,148,216 | ---- | M] (AVG) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
    SRV - [2012/07/25 22:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
    SRV - [2012/07/25 22:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
    SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2013/03/29 02:53:48 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgidsdrivera.sys -- (AVGIDSDriver)
    DRV:64bit: - [2013/03/21 03:08:26 | 000,248,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgwfpa.sys -- (Avgwfpa)
    DRV:64bit: - [2013/03/17 23:36:16 | 000,030,752 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\ElRawDsk.sys -- (ElRawDisk)
    DRV:64bit: - [2013/03/02 05:57:48 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
    DRV:64bit: - [2013/03/02 05:57:46 | 000,283,880 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
    DRV:64bit: - [2013/03/02 05:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
    DRV:64bit: - [2013/03/02 05:45:20 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
    DRV:64bit: - [2013/03/02 05:45:19 | 000,194,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2013/03/02 05:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
    DRV:64bit: - [2013/02/15 22:20:55 | 000,023,408 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RadioHIDMini.sys -- (RadioHIDMini)
    DRV:64bit: - [2013/02/15 21:44:00 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\dtsoftbus01.sys -- (dtsoftbus01)
    DRV:64bit: - [2013/02/08 04:37:56 | 000,116,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\avgmfx64.sys -- (Avgmfx64)
    DRV:64bit: - [2013/02/08 04:37:54 | 000,311,096 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\avgloga.sys -- (Avgloga)
    DRV:64bit: - [2013/02/08 04:37:50 | 000,071,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\avgidsha.sys -- (AVGIDSHA)
    DRV:64bit: - [2013/02/08 04:37:42 | 000,206,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgldx64.sys -- (Avgldx64)
    DRV:64bit: - [2013/02/08 04:37:40 | 000,045,880 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\avgrkx64.sys -- (Avgrkx64)
    DRV:64bit: - [2013/02/02 06:19:44 | 000,446,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
    DRV:64bit: - [2013/02/02 02:25:23 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
    DRV:64bit: - [2013/01/28 20:57:05 | 000,035,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
    DRV:64bit: - [2013/01/28 18:08:22 | 000,230,904 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
    DRV:64bit: - [2013/01/11 19:02:34 | 000,064,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
    DRV:64bit: - [2013/01/09 20:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
    DRV:64bit: - [2012/12/14 03:42:22 | 005,353,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2012/11/26 22:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
    DRV:64bit: - [2012/11/19 23:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
    DRV:64bit: - [2012/11/05 22:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
    DRV:64bit: - [2012/10/26 04:17:44 | 000,020,912 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\avgboota.sys -- (Avgboota)
    DRV:64bit: - [2012/10/12 03:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
    DRV:64bit: - [2012/10/11 02:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
    DRV:64bit: - [2012/10/11 02:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
    DRV:64bit: - [2012/09/20 02:55:33 | 000,212,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
    DRV:64bit: - [2012/09/20 02:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
    DRV:64bit: - [2012/09/20 02:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2012/09/20 02:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2012/09/19 01:15:20 | 003,653,632 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\athw8x.sys -- (athr)
    DRV:64bit: - [2012/09/04 10:39:32 | 000,050,296 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgfwd6a.sys -- (Avgfwfd)
    DRV:64bit: - [2012/08/29 16:22:38 | 000,565,760 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btfilter.sys -- (BtFilter)
    DRV:64bit: - [2012/08/06 12:41:28 | 000,313,712 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\ETD.sys -- (ETD)
    DRV:64bit: - [2012/08/02 12:39:29 | 002,814,096 | ---- | M] (TamoSoft) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ts_athrx.sys -- (TS_ARN5416)
    DRV:64bit: - [2012/07/31 12:22:00 | 000,645,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA)
    DRV:64bit: - [2012/07/26 00:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/07/26 00:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
    DRV:64bit: - [2012/07/26 00:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
    DRV:64bit: - [2012/07/26 00:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
    DRV:64bit: - [2012/07/26 00:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
    DRV:64bit: - [2012/07/26 00:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
    DRV:64bit: - [2012/07/26 00:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
    DRV:64bit: - [2012/07/26 00:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2012/07/26 00:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2012/07/26 00:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
    DRV:64bit: - [2012/07/26 00:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2012/07/26 00:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
    DRV:64bit: - [2012/07/26 00:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
    DRV:64bit: - [2012/07/26 00:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2012/07/26 00:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
    DRV:64bit: - [2012/07/26 00:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2012/07/26 00:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2012/07/25 23:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
    DRV:64bit: - [2012/07/25 23:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
    DRV:64bit: - [2012/07/25 23:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
    DRV:64bit: - [2012/07/25 22:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
    DRV:64bit: - [2012/07/25 21:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
    DRV:64bit: - [2012/07/25 21:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
    DRV:64bit: - [2012/07/25 21:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
    DRV:64bit: - [2012/07/25 21:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
    DRV:64bit: - [2012/07/25 21:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
    DRV:64bit: - [2012/07/25 21:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
    DRV:64bit: - [2012/07/25 21:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
    DRV:64bit: - [2012/07/25 21:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
    DRV:64bit: - [2012/07/25 21:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
    DRV:64bit: - [2012/07/25 21:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
    DRV:64bit: - [2012/07/25 21:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
    DRV:64bit: - [2012/07/25 21:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
    DRV:64bit: - [2012/07/25 21:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
    DRV:64bit: - [2012/07/25 21:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2012/07/25 21:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
    DRV:64bit: - [2012/07/25 21:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
    DRV:64bit: - [2012/07/25 21:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2012/07/25 21:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
    DRV:64bit: - [2012/07/25 21:25:02 | 000,202,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\BthLEEnum.sys -- (BthLEEnum)
    DRV:64bit: - [2012/07/25 21:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
    DRV:64bit: - [2012/07/25 21:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
    DRV:64bit: - [2012/07/25 21:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
    DRV:64bit: - [2012/06/12 21:41:22 | 000,683,664 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)
    DRV:64bit: - [2011/11/03 04:01:00 | 000,056,208 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\hamachi.sys -- (hamachi)
    DRV:64bit: - [2008/04/16 15:49:34 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys -- (RimUsb)
    DRV - [2012/11/13 22:53:00 | 000,014,544 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys -- (WinRing0_1_2_0)
    DRV - [2012/07/04 15:26:12 | 000,011,880 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
    IE:64bit: - HKLM\..\SearchScopes\{A64660B8-05C3-4DB7-A225-68951787A84C}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
    IE - HKLM\..\SearchScopes,DefaultScope =
    IE - HKLM\..\SearchScopes\{A64660B8-05C3-4DB7-A225-68951787A84C}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS


    IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

    IE - HKU\S-1-5-21-2189366859-98369154-2125593965-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung13.msn.com
    IE - HKU\S-1-5-21-2189366859-98369154-2125593965-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://samsung13.msn.com
    IE - HKU\S-1-5-21-2189366859-98369154-2125593965-1003\..\SearchScopes,DefaultScope =
    IE - HKU\S-1-5-21-2189366859-98369154-2125593965-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..browser.startup.homepage: "google.com"
    FF - prefs.js..extensions.enabledAddons: %7B23fcfd51-4958-4f00-80a3-ae97e717ed8b%7D:2.1.2.172
    FF - prefs.js..extensions.enabledAddons: %7Ba3a5c777-f583-4fef-9380-ab4add1bc2a8%7D:5.2
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
    FF - user.js - File not found

    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files (x86)\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\Nexon.net/NxGame: File not found
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
    FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\jomaa_000\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
    FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\jomaa_000\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
    FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013/02/24 06:18:55 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/05/10 17:07:20 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/05/10 17:07:10 | 000,000,000 | ---D | M]

    [2013/05/10 16:52:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jomaa_000\AppData\Roaming\mozilla\Extensions
    [2013/04/02 01:29:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jomaa_000\AppData\Roaming\mozilla\Firefox\Profiles\extensions
    [2013/05/10 17:06:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jomaa_000\AppData\Roaming\mozilla\Firefox\Profiles\lj7ul3xr.default\extensions
    [2013/02/11 05:58:00 | 000,214,122 | ---- | M] () (No name found) -- C:\Users\jomaa_000\AppData\Roaming\mozilla\firefox\profiles\extensions\putlockerdownloader2@putlockerdownloader.com.xpi
    [2013/05/10 17:06:03 | 000,014,004 | ---- | M] () (No name found) -- C:\Users\jomaa_000\AppData\Roaming\mozilla\firefox\profiles\lj7ul3xr.default\extensions\{a3a5c777-f583-4fef-9380-ab4add1bc2a8}.xpi
    [2013/05/10 17:07:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
    [2013/05/10 17:07:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions
    [2013/05/10 17:07:10 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    [2013/02/24 06:18:55 | 000,000,000 | ---D | M] (No name found) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
    [2013/05/10 17:07:20 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2012/10/01 21:33:44 | 000,034,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
    [2013/03/27 00:03:43 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
    [2013/03/27 00:03:43 | 000,004,095 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\drae.xml
    [2013/03/27 00:03:43 | 000,001,356 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-es.xml
    [2013/03/27 00:03:43 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
    [2013/03/27 00:03:43 | 000,001,391 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-es.xml
    [2013/03/27 00:03:43 | 000,001,315 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-es.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
    CHR - homepage: http://www.thisiscolossal.com/
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
    CHR - plugin: Chrome Remote Desktop Viewer (Disabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
    CHR - plugin: AdobeAAMDetect (Enabled) = C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
    CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
    CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
    CHR - plugin: Microsoft Office 2013 (Enabled) = C:\Program Files (x86)\Microsoft Office\Office15\NPSPWRAP.DLL
    CHR - plugin: Microsoft Office 2013 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll
    CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
    CHR - plugin: Unity Player (Enabled) = C:\Users\jomaa_000\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\jomaa_000\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
    CHR - plugin: Java Deployment Toolkit 7.0.210.11 (Enabled) = C:\windows\SysWOW64\npDeployJava1.dll
    CHR - Extension: Google Docs = C:\Users\jomaa_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
    CHR - Extension: Google Drive = C:\Users\jomaa_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
    CHR - Extension: YouTube = C:\Users\jomaa_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
    CHR - Extension: B\u00FAsqueda de Google = C:\Users\jomaa_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
    CHR - Extension: Cuevana Stream HD = C:\Users\jomaa_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhoagnbfkcambccccedddgiljljfljad\5.4_0\
    CHR - Extension: AdBlock = C:\Users\jomaa_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.63_0\
    CHR - Extension: Cuevana Stream = C:\Users\jomaa_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfdckejfnkaemompfjhecfmhjgnchmjg\5.2.1_0\
    CHR - Extension: \u003Cvideo\u003E de HTML5 de DivX Plus Web Player = C:\Users\jomaa_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0\
    CHR - Extension: Cuevana Stream (Fixed) = C:\Users\jomaa_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\phicfmbjmkdipkhlhlkblgjamldaonjd\3.1.4_0\
    CHR - Extension: Gmail = C:\Users\jomaa_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
  5. Jomamk

    Jomamk Newcomer, in training Topic Starter Posts: 41

    O1 HOSTS File: ([2012/07/26 00:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
    O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Archivos de programa\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
    O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Archivos de programa\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
    O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Archivos de programa\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
    O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Archivos de programa\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
    O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
    O4 - HKU\S-1-5-21-2189366859-98369154-2125593965-1003..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
    O4 - HKU\S-1-5-21-2189366859-98369154-2125593965-1003..\Run: [uTorrent] C:\Users\jomaa_000\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\S-1-5-21-2189366859-98369154-2125593965-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
    O9:64bit: - Extra Button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Archivos de programa\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
    O9:64bit: - Extra 'Tools' menuitem : &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Archivos de programa\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
    O9:64bit: - Extra Button: Complemento Hacer clic para llamar de Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Archivos de programa\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
    O9:64bit: - Extra 'Tools' menuitem : Complemento Hacer clic para llamar de Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Archivos de programa\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
    O9:64bit: - Extra Button: Notas &vinculadas de OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Archivos de programa\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9:64bit: - Extra 'Tools' menuitem : Notas &vinculadas de OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Archivos de programa\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
    O1364bit: - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ABB59B2D-1049-4A17-9565-08D0AA78429B}: DhcpNameServer = 192.168.1.1
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\osf - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18:64bit: - Protocol\Filter\text/xml {807583E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O27:64bit: - HKLM IFEO\excel.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
    O27:64bit: - HKLM IFEO\groove.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
    O27:64bit: - HKLM IFEO\hamachi-2-ui.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
    O27:64bit: - HKLM IFEO\infopath.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
    O27:64bit: - HKLM IFEO\lync.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
    O27:64bit: - HKLM IFEO\manager1.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
    O27:64bit: - HKLM IFEO\misc.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
    O27:64bit: - HKLM IFEO\msaccess.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
    O27:64bit: - HKLM IFEO\msoev.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
    O27:64bit: - HKLM IFEO\msotd.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
    O27:64bit: - HKLM IFEO\msoxmled.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
    O27:64bit: - HKLM IFEO\mspub.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
    O27:64bit: - HKLM IFEO\OcPubMgr.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
    O27:64bit: - HKLM IFEO\onenote.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
    O27:64bit: - HKLM IFEO\outlook.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
    O27:64bit: - HKLM IFEO\powerpnt.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
    O27:64bit: - HKLM IFEO\skype.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
    O27:64bit: - HKLM IFEO\smanager.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
    O27:64bit: - HKLM IFEO\Winword.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
    O27 - HKLM IFEO\excel.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
    O27 - HKLM IFEO\groove.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
    O27 - HKLM IFEO\hamachi-2-ui.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
    O27 - HKLM IFEO\infopath.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
    O27 - HKLM IFEO\lync.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
    O27 - HKLM IFEO\manager1.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
    O27 - HKLM IFEO\misc.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
    O27 - HKLM IFEO\msaccess.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
    O27 - HKLM IFEO\msoev.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
    O27 - HKLM IFEO\msotd.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
    O27 - HKLM IFEO\msoxmled.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
    O27 - HKLM IFEO\mspub.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
    O27 - HKLM IFEO\OcPubMgr.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
    O27 - HKLM IFEO\onenote.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
    O27 - HKLM IFEO\outlook.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
    O27 - HKLM IFEO\powerpnt.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
    O27 - HKLM IFEO\skype.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
    O27 - HKLM IFEO\smanager.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
    O27 - HKLM IFEO\Winword.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
    O30 - LSA: Security Packages - (livessp) - File not found
    O32 - HKLM CDRom: AutoRun - 1
    O33 - MountPoints2\{c7e6c6f0-77da-11e2-be6c-50b7c35fbc97}\Shell - "" = AutoRun
    O33 - MountPoints2\{c7e6c6f0-77da-11e2-be6c-50b7c35fbc97}\Shell\AutoRun\command - "" = "E:\setup\rsrc\Autorun.exe"
    O33 - MountPoints2\{c7e6c6f0-77da-11e2-be6c-50b7c35fbc97}\Shell\dinstall\command - "" = E:\Directx\dxsetup.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/05/10 23:20:57 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
    [2013/05/10 23:20:15 | 000,000,000 | ---D | C] -- C:\JRT
    [2013/05/10 22:26:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
    [2013/05/10 22:13:49 | 000,000,000 | ---D | C] -- C:\FRST
    [2013/05/10 19:37:11 | 000,000,000 | ---D | C] -- C:\Users\jomaa_000\AppData\Local\WinZip
    [2013/05/10 19:36:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
    [2013/05/10 19:36:05 | 000,000,000 | ---D | C] -- C:\Users\jomaa_000\Documents\Add-in Express
    [2013/05/10 19:35:52 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
    [2013/05/10 19:35:51 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
    [2013/05/10 17:27:38 | 000,000,000 | ---D | C] -- C:\Users\jomaa_000\AppData\Local\Macromedia
    [2013/05/10 17:13:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
    [2013/05/10 17:12:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
    [2013/05/10 17:07:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
    [2013/05/10 16:51:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
    [2013/05/10 16:51:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
    [2013/05/10 16:25:12 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
    [2013/05/10 16:06:38 | 000,000,000 | ---D | C] -- C:\Users\jomaa_000\Desktop\RK_Quarantine
    [2013/05/10 04:04:00 | 000,030,752 | ---- | C] (EldoS Corporation) -- C:\windows\SysNative\drivers\ElRawDsk.sys
    [2013/05/10 04:03:46 | 000,000,000 | ---D | C] -- C:\ProgramData\iolo
    [2013/05/09 17:55:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
    [2013/05/06 12:47:16 | 000,000,000 | ---D | C] -- C:\Users\jomaa_000\Documents\Activision
    [2013/05/06 12:47:16 | 000,000,000 | ---D | C] -- C:\Users\jomaa_000\AppData\Roaming\Activision
    [2013/05/06 12:47:03 | 000,000,000 | -HSD | C] -- C:\windows\ftpcache
    [2013/05/06 12:37:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Activision
    [2013/05/06 04:37:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIMP3
    [2013/05/06 04:36:59 | 000,000,000 | ---D | C] -- C:\Users\jomaa_000\AppData\Roaming\AIMP3
    [2013/05/06 04:24:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AIMP3
    [2013/05/06 04:22:20 | 000,000,000 | ---D | C] -- C:\Users\jomaa_000\AppData\Local\DFX
    [2013/05/06 04:19:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DFX Audio Enhancer
    [2013/05/06 04:19:29 | 000,000,000 | ---D | C] -- C:\ProgramData\DFX
    [2013/05/06 04:19:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DFX
    [2013/05/06 04:19:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DFX
    [2013/05/06 04:17:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp
    [2013/05/05 18:19:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    [2013/05/05 15:22:47 | 000,000,000 | ---D | C] -- C:\Users\jomaa_000\AppData\Roaming\eIntaller
    [2013/05/02 20:34:04 | 000,000,000 | ---D | C] -- C:\Users\jomaa_000\Documents\Plantillas personalizadas de Office
    [2013/05/02 15:56:24 | 000,000,000 | --SD | C] -- C:\ProgramData\DSS
    [2013/05/02 15:35:18 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe
    [2013/05/02 15:21:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games
    [2013/05/02 06:04:17 | 000,000,000 | ---D | C] -- C:\Users\jomaa_000\AppData\Roaming\Lionhead Studios
    [2013/05/02 05:55:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
    [2013/05/02 05:48:58 | 000,000,000 | ---D | C] -- C:\Users\jomaa_000\Documents\Games for Windows - LIVE Demos
    [2013/05/02 05:48:01 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\xlive
    [2013/05/02 05:48:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
    [2013/05/01 15:59:09 | 000,035,192 | ---- | C] (AVG) -- C:\windows\SysNative\TURegOpt.exe
    [2013/05/01 15:59:08 | 000,026,488 | ---- | C] (AVG) -- C:\windows\SysNative\authuitu.dll
    [2013/05/01 15:59:05 | 000,021,880 | ---- | C] (AVG) -- C:\windows\SysWow64\authuitu.dll
    [2013/05/01 15:58:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp
    [2013/05/01 15:57:52 | 000,000,000 | ---D | C] -- C:\Users\jomaa_000\AppData\Roaming\AVG
    [2013/05/01 15:57:05 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG
    [2013/05/01 15:56:49 | 000,000,000 | --SD | C] -- C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
    [2013/05/01 13:10:19 | 000,000,000 | ---D | C] -- C:\Users\jomaa_000\Documents\Youcam
    [2013/05/01 02:38:37 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CyberLink
    [2013/04/30 18:04:01 | 000,000,000 | ---D | C] -- C:\Users\jomaa_000\Documents\Libros y pdfs
    [2013/04/30 17:56:17 | 000,000,000 | ---D | C] -- C:\Users\jomaa_000\Documents\Notas
    [2013/04/30 02:41:29 | 000,000,000 | ---D | C] -- C:\Users\jomaa_000\AppData\Local\ElevatedDiagnostics
    [2013/04/29 19:45:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
    [2013/04/29 19:45:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
    [2013/04/29 02:56:36 | 000,683,664 | ---- | C] (Realtek ) -- C:\windows\SysNative\drivers\Rt630x64.sys
    [2013/04/27 22:41:32 | 000,000,000 | ---D | C] -- C:\Users\jomaa_000\AppData\Local\LogMeIn Hamachi
    [2013/04/27 16:07:38 | 003,653,632 | ---- | C] (Qualcomm Atheros Communications, Inc.) -- C:\windows\SysNative\athw8x.sys
    [2013/04/22 05:23:00 | 000,033,856 | -H-- | C] (LogMeIn, Inc.) -- C:\windows\SysNative\hamachi.sys
    [2013/04/21 20:03:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\thechineseroom
    [2013/04/21 19:58:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\thechineseroom
    [2013/04/21 11:39:48 | 000,000,000 | ---D | C] -- C:\windows\Minidump
    [2013/04/21 03:22:43 | 000,000,000 | ---D | C] -- C:\Users\jomaa_000\AppData\Roaming\.minecraft
    [2013/04/20 15:45:53 | 000,000,000 | ---D | C] -- C:\Users\jomaa_000\AppData\Roaming\AVG2013
    [2013/04/20 15:40:04 | 000,000,000 | ---D | C] -- C:\Users\jomaa_000\AppData\Roaming\TuneUp Software
    [2013/04/20 15:39:14 | 000,000,000 | -H-D | C] -- C:\$AVG
    [2013/04/20 15:39:14 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
    [2013/04/20 15:38:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
    [2013/04/20 15:30:27 | 000,000,000 | ---D | C] -- C:\Users\jomaa_000\AppData\Local\MFAData
    [2013/04/20 15:30:27 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
    [2013/04/20 15:30:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Common Files
    [2013/04/20 15:30:27 | 000,000,000 | ---D | C] -- C:\Users\jomaa_000\AppData\Local\Avg2013
    [2013/04/16 21:01:45 | 000,000,000 | ---D | C] -- C:\Users\jomaa_000\AppData\Roaming\dvdcss
    [2013/04/16 20:41:19 | 000,000,000 | ---D | C] -- C:\Users\jomaa_000\Documents\Avatar
    [2013/04/16 19:55:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDisplay
    [2013/04/16 19:55:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CDisplay
    [2013/04/14 19:11:12 | 000,000,000 | ---D | C] -- C:\Users\jomaa_000\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
    [2013/04/14 19:11:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Download Assistant
    [2013/04/11 01:48:08 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
    [2013/02/25 19:43:34 | 002,063,240 | ---- | C] (Samsung Electronics) -- C:\ProgramData\MakeMarkerFile.exe

    ========== Files - Modified Within 30 Days ==========

    [2013/05/10 23:24:00 | 000,001,058 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/05/10 23:19:49 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
    [2013/05/10 23:18:24 | 000,001,054 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/05/10 23:17:46 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
    [2013/05/10 23:10:22 | 000,074,703 | ---- | M] () -- C:\windows\SysWow64\mfc45.dat
    [2013/05/10 22:22:00 | 000,000,954 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-2189366859-98369154-2125593965-1002UA.job
    [2013/05/10 22:22:00 | 000,000,932 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-2189366859-98369154-2125593965-1002Core.job
    [2013/05/10 22:01:36 | 001,798,556 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
    [2013/05/10 22:01:36 | 000,799,280 | ---- | M] () -- C:\windows\SysNative\perfh00A.dat
    [2013/05/10 22:01:36 | 000,710,244 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
    [2013/05/10 22:01:36 | 000,163,056 | ---- | M] () -- C:\windows\SysNative\perfc00A.dat
    [2013/05/10 22:01:36 | 000,132,614 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
    [2013/05/10 21:26:06 | 000,000,960 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-2189366859-98369154-2125593965-1003UA.job
    [2013/05/10 21:26:03 | 000,000,938 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-2189366859-98369154-2125593965-1003Core.job
    [2013/05/10 08:35:18 | 000,003,472 | ---- | M] () -- C:\bootsqm.dat
    [2013/05/10 04:25:19 | 000,000,406 | ---- | M] () -- C:\windows\SysNative\ioloBootDefrag.cfg
    [2013/05/10 03:36:11 | 000,000,154 | ---- | M] () -- C:\windows\Reimage.ini
    [2013/05/09 20:41:32 | 000,476,127 | ---- | M] () -- C:\Users\jomaa_000\Desktop\Transmetropolitan_13_p16.jpg
    [2013/05/09 20:29:35 | 000,473,721 | ---- | M] () -- C:\Users\jomaa_000\Desktop\Transmetropolitan_13_p09.jpg
    [2013/05/08 08:56:22 | 000,628,743 | ---- | M] () -- C:\Users\jomaa_000\Desktop\AdwCleaner.exe
    [2013/05/07 03:53:28 | 000,000,022 | ---- | M] () -- C:\windows\cmm.dat
    [2013/05/06 14:45:58 | 000,011,264 | ---- | M] () -- C:\Users\jomaa_000\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2013/05/06 12:46:22 | 000,000,319 | ---- | M] () -- C:\windows\game.ini
    [2013/05/01 19:16:25 | 000,007,618 | ---- | M] () -- C:\Users\jomaa_000\AppData\Local\Resmon.ResmonCfg
    [2013/04/30 00:05:20 | 005,043,744 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT

    ========== Files Created - No Company Name ==========

    [2013/05/10 23:10:22 | 000,074,703 | ---- | C] () -- C:\windows\SysWow64\mfc45.dat
    [2013/05/10 16:51:29 | 000,001,175 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    [2013/05/10 08:35:18 | 000,003,472 | ---- | C] () -- C:\bootsqm.dat
    [2013/05/10 04:25:19 | 000,000,406 | ---- | C] () -- C:\windows\SysNative\ioloBootDefrag.cfg
    [2013/05/10 03:34:05 | 000,000,154 | ---- | C] () -- C:\windows\Reimage.ini
    [2013/05/09 20:41:32 | 000,476,127 | ---- | C] () -- C:\Users\jomaa_000\Desktop\Transmetropolitan_13_p16.jpg
    [2013/05/09 20:29:35 | 000,473,721 | ---- | C] () -- C:\Users\jomaa_000\Desktop\Transmetropolitan_13_p09.jpg
    [2013/05/08 08:56:17 | 000,628,743 | ---- | C] () -- C:\Users\jomaa_000\Desktop\AdwCleaner.exe
    [2013/05/07 03:53:28 | 000,000,022 | ---- | C] () -- C:\windows\cmm.dat
    [2013/05/06 12:46:22 | 000,000,319 | ---- | C] () -- C:\windows\game.ini
    [2013/05/01 15:58:34 | 000,002,205 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp.lnk
    [2013/04/30 00:04:59 | 005,043,744 | ---- | C] () -- C:\windows\SysNative\FNTCACHE.DAT
    [2013/04/27 16:07:38 | 000,331,272 | ---- | C] () -- C:\windows\SysNative\athw8x.inf
    [2013/04/27 16:07:38 | 000,080,062 | ---- | C] () -- C:\windows\SysNative\athw8x.cat
    [2013/04/24 09:17:41 | 000,387,867 | ---- | C] () -- C:\windows\SysNative\ApnDatabase.xml
    [2013/04/14 19:11:07 | 000,001,085 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk
    [2013/04/09 14:33:17 | 000,011,264 | ---- | C] () -- C:\Users\jomaa_000\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2013/04/09 14:30:29 | 000,129,024 | ---- | C] () -- C:\windows\SysWow64\AVERM.dll
    [2013/04/09 14:30:29 | 000,028,672 | ---- | C] () -- C:\windows\SysWow64\AVEQT.dll
    [2013/04/08 06:26:59 | 000,007,618 | ---- | C] () -- C:\Users\jomaa_000\AppData\Local\Resmon.ResmonCfg
    [2013/03/31 05:20:24 | 000,000,001 | -H-- | C] () -- C:\windows\mulch200.ini
    [2013/03/03 04:06:58 | 000,000,153 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
    [2013/02/25 19:43:34 | 000,003,004 | ---- | C] () -- C:\ProgramData\MakeMarkerFile.xml
    [2013/02/15 20:53:21 | 000,083,968 | ---- | C] () -- C:\windows\SysWow64\OEMLicense.dll
    [2013/02/12 19:26:34 | 000,042,880 | ---- | C] () -- C:\windows\SysWow64\xfcodec.dll
    [2012/12/14 03:42:30 | 000,963,452 | ---- | C] () -- C:\windows\SysWow64\igcodeckrng600.bin
    [2012/12/14 03:42:30 | 000,064,512 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
    [2012/12/14 03:42:28 | 000,272,928 | ---- | C] () -- C:\windows\SysWow64\igvpkrng600.bin
    [2012/12/14 03:42:24 | 000,754,652 | ---- | C] () -- C:\windows\SysWow64\igcodeckrng700.bin
    [2012/12/14 03:42:24 | 000,598,384 | ---- | C] () -- C:\windows\SysWow64\igvpkrng700.bin
    [2012/07/26 03:13:10 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
    [2012/07/26 03:13:09 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
    [2012/07/26 02:21:26 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
    [2012/07/25 20:17:42 | 000,043,520 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
    [2012/07/25 15:37:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
    [2012/07/25 15:28:31 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
    [2012/06/02 09:31:19 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat
    [2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\windows\SysWow64\xlive.dll.cat

    ========== ZeroAccess Check ==========

    [2013/02/15 21:53:36 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

    [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
    "" = C:\Windows\SysNative\shell32.dll -- [2013/03/01 21:45:01 | 019,748,864 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2013/03/02 03:23:07 | 017,560,576 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/25 22:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/25 22:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
    "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/25 22:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

    ========== LOP Check ==========

    [2013/04/30 02:51:16 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\AVG2013
    [2013/02/21 22:48:48 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\DAEMON Tools Pro
    [2013/03/27 14:32:28 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\FreeArc
    [2013/03/16 20:11:10 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\Iminent
    [2013/02/26 21:10:51 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\LolClient
    [2013/02/26 22:25:34 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\SPORE
    [2013/04/28 00:11:36 | 000,000,000 | ---D | M] -- C:\Users\jomaa_000\AppData\Roaming\.minecraft
    [2013/05/06 12:47:16 | 000,000,000 | ---D | M] -- C:\Users\jomaa_000\AppData\Roaming\Activision
    [2013/05/10 21:19:00 | 000,000,000 | ---D | M] -- C:\Users\jomaa_000\AppData\Roaming\AIMP3
    [2013/03/31 05:20:36 | 000,000,000 | ---D | M] -- C:\Users\jomaa_000\AppData\Roaming\AudioMulch
    [2013/04/19 22:32:48 | 000,000,000 | ---D | M] -- C:\Users\jomaa_000\AppData\Roaming\Autodesk
    [2013/05/01 15:57:52 | 000,000,000 | ---D | M] -- C:\Users\jomaa_000\AppData\Roaming\AVG
    [2013/04/20 15:45:53 | 000,000,000 | ---D | M] -- C:\Users\jomaa_000\AppData\Roaming\AVG2013
    [2013/04/14 19:11:12 | 000,000,000 | ---D | M] -- C:\Users\jomaa_000\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
    [2013/04/29 19:24:51 | 000,000,000 | ---D | M] -- C:\Users\jomaa_000\AppData\Roaming\DAEMON Tools Pro
    [2013/05/05 15:22:47 | 000,000,000 | ---D | M] -- C:\Users\jomaa_000\AppData\Roaming\eIntaller
    [2013/02/17 14:59:32 | 000,000,000 | ---D | M] -- C:\Users\jomaa_000\AppData\Roaming\ExpressFiles
    [2013/04/30 00:22:59 | 000,000,000 | ---D | M] -- C:\Users\jomaa_000\AppData\Roaming\FreeArc
    [2013/05/02 06:04:17 | 000,000,000 | ---D | M] -- C:\Users\jomaa_000\AppData\Roaming\Lionhead Studios
    [2013/02/18 13:58:44 | 000,000,000 | ---D | M] -- C:\Users\jomaa_000\AppData\Roaming\LolClient
    [2013/04/30 00:22:59 | 000,000,000 | ---D | M] -- C:\Users\jomaa_000\AppData\Roaming\MusicBee
    [2013/02/21 02:48:09 | 000,000,000 | ---D | M] -- C:\Users\jomaa_000\AppData\Roaming\SPORE
    [2013/05/01 16:42:36 | 000,000,000 | ---D | M] -- C:\Users\jomaa_000\AppData\Roaming\TuneUp Software
    [2013/04/01 05:49:17 | 000,000,000 | ---D | M] -- C:\Users\jomaa_000\AppData\Roaming\Ultra Fractal 5
    [2013/02/15 23:15:14 | 000,000,000 | ---D | M] -- C:\Users\jomaa_000\AppData\Roaming\Unity
    [2013/05/10 05:11:21 | 000,000,000 | ---D | M] -- C:\Users\jomaa_000\AppData\Roaming\uTorrent
    [2013/02/15 21:19:33 | 000,000,000 | ---D | M] -- C:\Users\jomaa_000\AppData\Roaming\Vtools

    ========== Purity Check ==========



    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:A1EDB939
    @Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:D1B5B4F1

    < End of report >
  6. Broni

    Broni Malware Annihilator Posts: 45,307   +243

    [​IMG] Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following
    Code:
    :OTL
    FF - user.js - File not found
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\osf - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
    O33 - MountPoints2\{c7e6c6f0-77da-11e2-be6c-50b7c35fbc97}\Shell - "" = AutoRun
    O33 - MountPoints2\{c7e6c6f0-77da-11e2-be6c-50b7c35fbc97}\Shell\AutoRun\command - "" = "E:\setup\rsrc\Autorun.exe"
    O33 - MountPoints2\{c7e6c6f0-77da-11e2-be6c-50b7c35fbc97}\Shell\dinstall\command - "" = E:\Directx\dxsetup.exe
    @Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:A1EDB939
    @Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:D1B5B4F1
    
    :Commands
    [purity]
    [emptytemp]
    [emptyjava]
    [emptyflash]
    [Reboot]
    
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.
    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
      • Other Services
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    [​IMG] Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  7. Jomamk

    Jomamk Newcomer, in training Topic Starter Posts: 41

    Hey, I just saw something weird going on. Java console shows me 3 strange google extensions. They say
    "google-extension://" and after the // a bunch of random letters
  8. Broni

    Broni Malware Annihilator Posts: 45,307   +243

    That's how extensions look in Chrome.
    Let's focus on what we're doing.
  9. Jomamk

    Jomamk Newcomer, in training Topic Starter Posts: 41

    Here's OTL
    All processes killed
    ========== OTL ==========
    64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
    File Protocol\Handler\ms-help - No CLSID value found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\osf\ deleted successfully.
    File Protocol\Handler\osf - No CLSID value found not found.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
    File Protocol\Handler\skype4com - No CLSID value found not found.
    64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c7e6c6f0-77da-11e2-be6c-50b7c35fbc97}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c7e6c6f0-77da-11e2-be6c-50b7c35fbc97}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c7e6c6f0-77da-11e2-be6c-50b7c35fbc97}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c7e6c6f0-77da-11e2-be6c-50b7c35fbc97}\ not found.
    File "E:\setup\rsrc\Autorun.exe" not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c7e6c6f0-77da-11e2-be6c-50b7c35fbc97}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c7e6c6f0-77da-11e2-be6c-50b7c35fbc97}\ not found.
    File E:\Directx\dxsetup.exe not found.
    ADS C:\ProgramData\Temp:A1EDB939 deleted successfully.
    ADS C:\ProgramData\Temp:D1B5B4F1 deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administradora_000

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 57616 bytes

    User: Default User

    User: Guido
    ->Temp folder emptied: 1583 bytes
    ->Temporary Internet Files folder emptied: 128 bytes
    ->Java cache emptied: 0 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 564 bytes

    User: Guidoa_000

    User: HomeGroupUser$a_000

    User: Invitadoa_000

    User: jomaa_000
    ->Temp folder emptied: 3213950 bytes
    ->Temporary Internet Files folder emptied: 10867955 bytes
    ->Java cache emptied: 3574408 bytes
    ->FireFox cache emptied: 19371756 bytes
    ->Google Chrome cache emptied: 527969226 bytes
    ->Flash cache emptied: 58833 bytes

    User: Public

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: UpdatusUsera_000

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 342406 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 539.00 mb


    [EMPTYJAVA]

    User: Administradora_000

    User: Administrator

    User: All Users

    User: Default

    User: Default User

    User: Guido
    ->Java cache emptied: 0 bytes

    User: Guidoa_000

    User: HomeGroupUser$a_000

    User: Invitadoa_000

    User: jomaa_000
    ->Java cache emptied: 0 bytes

    User: Public

    User: UpdatusUser

    User: UpdatusUsera_000

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: Administradora_000

    User: Administrator

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User

    User: Guido
    ->Flash cache emptied: 0 bytes

    User: Guidoa_000

    User: HomeGroupUser$a_000

    User: Invitadoa_000

    User: jomaa_000
    ->Flash cache emptied: 0 bytes

    User: Public

    User: UpdatusUser

    User: UpdatusUsera_000

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 05112013_001104

    Files\Folders moved on Reboot...
    C:\Users\jomaa_000\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
  10. Jomamk

    Jomamk Newcomer, in training Topic Starter Posts: 41

    Results of screen317's Security Check version 0.99.63
    x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    AVG Internet Security 2013
    Windows Defender
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware versión 1.75.0.1300
    AVG PC TuneUp
    AVG PC TuneUp Language Pack (es-ES)
    Java 7 Update 21
    Adobe Flash Player 11.7.700.169
    Adobe Reader 10.1.3 Adobe Reader out of Date!
    Mozilla Firefox (20.0.1)
    Google Chrome 26.0.1410.64
    ````````Process Check: objlist.exe by Laurent````````
    AVG avgwdsvc.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: %
    ````````````````````End of Log``````````````````````
  11. Jomamk

    Jomamk Newcomer, in training Topic Starter Posts: 41

    Farbar Service Scanner Version: 14-04-2013
    Ran by Joma (administrator) on 11-05-2013 at 00:18:31
    Running from "C:\Users\jomaa_000\Downloads"
    Windows 8 Single Language (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Attempt to access Yahoo IP returned error. Yahoo IP is offline
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall"=DWORD:0


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============

    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\System32\dhcpcore.dll => MD5 is legit
    C:\Windows\System32\drivers\afd.sys => MD5 is legit
    C:\Windows\System32\drivers\tdx.sys => MD5 is legit
    C:\Windows\System32\Drivers\tcpip.sys
    [2013-04-24 09:18] - [2013-03-02 04:59] - 2231528 ____A (Microsoft Corporation) B6D52E2C38B49A156E58FF5B9C6CA8BE

    C:\Windows\System32\dnsrslvr.dll => MD5 is legit
    C:\Windows\System32\mpssvc.dll => MD5 is legit
    C:\Windows\System32\bfe.dll => MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\System32\SDRSVC.dll => MD5 is legit
    C:\Windows\System32\vssvc.exe => MD5 is legit
    C:\Windows\System32\wscsvc.dll => MD5 is legit
    C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\System32\wuaueng.dll
    [2013-04-24 09:18] - [2013-03-01 21:45] - 3240448 ____A (Microsoft Corporation) 79F95469604B77296346DE7DB463EA2A

    C:\Windows\System32\qmgr.dll => MD5 is legit
    C:\Windows\System32\es.dll => MD5 is legit
    C:\Windows\System32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll
    [2013-04-24 09:07] - [2013-01-28 18:08] - 1555920 ____A (Microsoft Corporation) 905601FFF40D8DA9FA82CBE77D1F5EB1

    C:\Program Files\Windows Defender\MsMpEng.exe
    [2013-04-24 09:07] - [2013-01-28 20:57] - 0014920 ____A (Microsoft Corporation) 473B9548568BA927ACE0B77EC208A561

    C:\Windows\System32\ipnathlp.dll => MD5 is legit
    C:\Windows\System32\iphlpsvc.dll => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\rpcss.dll => MD5 is legit


    **** End of log ****
  12. Jomamk

    Jomamk Newcomer, in training Topic Starter Posts: 41

    Hi, and good day. This is the ESET report

    C:\Program Files (x86)\Microsoft Games\Fable III\paul.dlla variant of Win32/Packed.VMProtect.AAA trojan
    C:\Users\Guido\Downloads\True_Romance (1).exeWin32/Adware.1ClickDownload.W application
    C:\Users\Guido\Downloads\True_Romance (2).exeWin32/Adware.1ClickDownload.W application
    C:\Users\Guido\Downloads\True_Romance.exeWin32/Adware.1ClickDownload.W application
    C:\Users\jomaa_000\Downloads\Fable.III-SKIDROW\sr-fable3.isoa variant of Win32/Packed.VMProtect.AAA trojan
  13. Broni

    Broni Malware Annihilator Posts: 45,307   +243

    Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions (if present).
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

    =====================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [emptyjava]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure Windows Updates are current.

    4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Check if your browser plugins are up to date.
    Firefox - https://www.mozilla.org/en-US/plugincheck/
    other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

    6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    8. Run Temporary File Cleaner (TFC) weekly.

    9. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    11. (Windows XP only) Run defrag at your convenience.

    12. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    13. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

    14. Please, let me know, how your computer is doing.
     
  14. Jomamk

    Jomamk Newcomer, in training Topic Starter Posts: 41

    I haven't deleted yet the Eset entries, I uncheked the delete threats box :/
    Should I deleted manually?
  15. Broni

    Broni Malware Annihilator Posts: 45,307   +243

    Yes. Why did you change Eset settings?
  16. Jomamk

    Jomamk Newcomer, in training Topic Starter Posts: 41

    Oh, I thought you just want the Fond Archies box checkmarked
  17. Jomamk

    Jomamk Newcomer, in training Topic Starter Posts: 41

    So, I just go to the location of the file and send it to Recycle bin?
  18. Broni

    Broni Malware Annihilator Posts: 45,307   +243

    That's NOT what my instructions say.
    In any way delete those entries manually and go ahead with my other instructions.
  19. Jomamk

    Jomamk Newcomer, in training Topic Starter Posts: 41

    Ty Broni, all seem in order now. Do I need to do anything else besides the specifications you already told me?
  20. Broni

    Broni Malware Annihilator Posts: 45,307   +243

    Did you complete all steps from y reply #38?
  21. Jomamk

    Jomamk Newcomer, in training Topic Starter Posts: 41

    Yes, all of it
  22. Broni

    Broni Malware Annihilator Posts: 45,307   +243

    Way to go!! [​IMG]
    Good luck and stay safe :)
  23. Jomamk

    Jomamk Newcomer, in training Topic Starter Posts: 41

    Thak you so much, Broni. You're the man!
  24. Broni

    Broni Malware Annihilator Posts: 45,307   +243

  25. Jomamk

    Jomamk Newcomer, in training Topic Starter Posts: 41

    Hi again. The videos are running great now, he problem stop on those pages, but I'm still getting spam shoot at me on anothers. I can see it cause the page never ends to load and when I open the java console it shows me all the pages. Apparently they are been shot from a page called http://plugin.veranimesonline.com/abcedario321.js


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.