Solved Video Studders, qvo6 virus

Jomamk

Jomamk

Posts: 24   +0
Hi. My brother try to installed a game and he downloaded the 2qvo6" virus. I deleted according to some guide I read but the problem of stuffer image videos persisted. Right now Java Console is blocking a lot of spam pages. I need help
 
Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
That was the last one of FRST, I hope I didn't do anything wrong, that was a long log. Here it is Addition file:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-05-2013 01
Ran by Joma at 2013-05-10 22:37:20 Run:
Running from C:\Users\jomaa_000\Downloads
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

µTorrent (Version: 3.3.0.29111)
Adobe AIR (Version: 3.6.0.6090)
Adobe Audition CS6 (Version: 5.0)
Adobe Download Assistant (Version: 1.2.5)
Adobe Flash Player 11 Plugin (Version: 11.7.700.169)
Adobe Help Manager (Version: 4.0.244)
Adobe Photoshop CS6 (Version: 13.0)
Adobe Pixel Bender Toolkit 2 (Version: 2.0)
Adobe Reader X (10.1.3) MUI (Version: 10.1.3)
AIMP3 (Version: v3.20.1165, 21.12.2012)
AllSharePlayLink (Version: 1.0.0)
Amnesia: The Dark Descent (Version: 1.0.1)
AudioMulch Interactive Music Studio 2.1.1
Autodesk Design Review 2013 (Version: 13.0.0.82)
AVG 2013 (Version: 13.0.3162)
AVG 2013 (Version: 13.0.3336)
AVG 2013 (Version: 2013.0.3336)
AVG PC TuneUp (Version: 12.0.4000.108)
AVG PC TuneUp Language Pack (es-ES) (Version: 12.0.4000.108)
bl (Version: 1.0.0)
CDisplay 1.8
CyberLink YouCam 5 (Version: 5.0.0909)
DAEMON Tools Pro (Version: 5.2.0.0348)
Dear Esther
DFX for Winamp (Version: 9.302.0.0)
DivX Setup (Version: 2.6.1.24)
Easy File Share (Version: 1.3.4)
Eines de correcció del Microsoft Office 2013: català (Version: 15.0.4420.1017)
ETDWare PS/2-X64 11.7.2.1_WHQL (Version: 11.7.2.1)
EVEREST Ultimate Edition v5.50 (Version: 5.50)
Fable III (Version: 1.0.0000.131)
Fable III (Version: 1.0.0001.131)
Facebook Video Calling 1.2.0.287 (Version: 1.2.287)
FARO LS 1.1.406.58 (Version: 4.6.58.2)
Ferramentas de verificación de Microsoft Office 2013 - Galego (Version: 15.0.4420.1017)
FreeArc 0.666 (Version: 0.666)
Google Chrome (Version: 26.0.1410.64)
Google Earth Plug-in (Version: 7.0.3.8542)
Google Update Helper (Version: 1.3.21.145)
Guitar Pro 5.2
Help Desk (Version: 1.0.5)
Intel(R) Processor Graphics (Version: 9.17.10.2932)
Intel(R) Rapid Storage Technology (Version: 11.5.2.1001)
iolo technologies' System Mechanic (Version: 11.7.0)
Java 7 Update 21 (Version: 7.0.210)
Java Auto Updater (Version: 2.1.9.5)
League of Legends (Version: 1.3)
LogMeIn Hamachi (Version: 2.1.0.296)
Los Sims™ 3 (Version: 1.38.151)
Malwarebytes Anti-Malware versión 1.75.0.1300 (Version: 1.75.0.1300)
Manhunt 2 (Version: 1.00.0000)
Microsoft Access MUI (Spanish) 2013 (Version: 15.0.4420.1017)
Microsoft DCF MUI (Spanish) 2013 (Version: 15.0.4420.1017)
Microsoft Excel MUI (Spanish) 2013 (Version: 15.0.4420.1017)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.92.0)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0)
Microsoft Groove MUI (Spanish) 2013 (Version: 15.0.4420.1017)
Microsoft InfoPath MUI (Spanish) 2013 (Version: 15.0.4420.1017)
Microsoft Lync MUI (Spanish) 2013 (Version: 15.0.4420.1017)
Microsoft Office 64-bit Components 2013 (Version: 15.0.4420.1017)
Microsoft Office OSM MUI (Spanish) 2013 (Version: 15.0.4420.1017)
Microsoft Office OSM UX MUI (Spanish) 2013 (Version: 15.0.4420.1017)
Microsoft Office Professional Plus 2013 (Version: 15.0.4420.1017)
Microsoft Office Proofing (Spanish) 2013 (Version: 15.0.4420.1017)
Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4420.1017)
Microsoft Office Proofing Tools 2013 - Español (Version: 15.0.4420.1017)
Microsoft Office Shared 64-bit MUI (Spanish) 2013 (Version: 15.0.4420.1017)
Microsoft Office Shared MUI (Spanish) 2013 (Version: 15.0.4420.1017)
Microsoft Office zuzenketa-tresnak 2013 - Euskara (Version: 15.0.4420.1017)
Microsoft OneNote MUI (Spanish) 2013 (Version: 15.0.4420.1017)
Microsoft Outlook MUI (Spanish) 2013 (Version: 15.0.4420.1017)
Microsoft PowerPoint MUI (Spanish) 2013 (Version: 15.0.4420.1017)
Microsoft Publisher MUI (Spanish) 2013 (Version: 15.0.4420.1017)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Word MUI (Spanish) 2013 (Version: 15.0.4420.1017)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Mozilla Firefox 20.0.1 (x86 es-ES) (Version: 20.0.1)
Mozilla Maintenance Service (Version: 20.0.1)
MusicBee 2.0 (Version: 2.0)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017)
Pando Media Booster (Version: 2.6.0.8)
Paquete de controladores de Windows - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass (07/27/2012 20.57.1.735) (Version: 07/27/2012 20.57.1.735)
PDF Settings CS6 (Version: 11.0)
ph (Version: 1.0.0)
Power Tab Editor 1.7 (Version: 1.7.0)
PowerDVD (Version: 10.00.0000)
Project64 1.7
Qualcomm Atheros Client Installation Program (Version: 10.0)
Quick Starter (Version: 1.0.0)
Razer Game Booster (Version: 3.5.6.0)
Realtek Ethernet Controller Driver (Version: 8.2.612.2012)
Realtek High Definition Audio Driver (Version: 6.0.1.6699)
Recovery (Version: 6.0.6.5)
Revisores de Texto do Microsoft Office 2013 – Português do Brasil (Version: 15.0.4420.1017)
S Agent (Version: 1.1.40)
Settings (Version: 2.0.0)
Skype™ 6.2 (Version: 6.2.106)
Spider-Man 3 (TM) (Version: 1.00.0000)
Spider-Man 3(TM) (Version: 1.00.0000)
SPORE(TM) (Version: 1.02.0000)
SPORE™: Pack de Accesorios. Factoría de Criaturas (Version: 1.00.0000)
Support Center (Version: 2.1.80)
Support Center FAQ (Version: 1.0.8)
SW Update (Version: 2.1.14)
System Requirements Lab CYRI (Version: 5.0.6.0)
Ultra Fractal 5.04
Ultra MPEG-4 Converter 5.2.0603
Unity Web Player (Version: )
Update for Microsoft SkyDrive Pro (KB2768356) 32-Bit Edition
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
VLC media player 2.0.5 (Version: 2.0.5)
WinZip 17.5 (Version: 17.5.10480)
Xfire

==================== Restore Points =========================

10-05-2013 21:30:26 Poner archivo en cuarentena: Java(TM) Platform SE binary
11-05-2013 02:44:15 BeforeCombo

==================== Faulty Device Manager Devices =============

Name: Bluetooth Device (Personal Area Network)
Description: Dispositivo Bluetooth (Red de área personal)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: BthPan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/10/2013 10:26:19 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: Frankenstein)
Description: No se pudo activar la aplicación Microsoft.SkypeApp_kzf8qxf38zg5c!App debido al error: -2144927141. Consulte el registro Microsoft-Windows-TWinUI/Operational para obtener más información.

Error: (05/10/2013 10:11:20 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: Frankenstein)
Description: No se pudo activar la aplicación Microsoft.SkypeApp_kzf8qxf38zg5c!App debido al error: -2144927141. Consulte el registro Microsoft-Windows-TWinUI/Operational para obtener más información.

Error: (05/10/2013 09:54:25 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: Frankenstein)
Description: No se pudo activar la aplicación Microsoft.SkypeApp_kzf8qxf38zg5c!App debido al error: -2144927141. Consulte el registro Microsoft-Windows-TWinUI/Operational para obtener más información.

Error: (05/10/2013 09:39:25 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: Frankenstein)
Description: No se pudo activar la aplicación Microsoft.SkypeApp_kzf8qxf38zg5c!App debido al error: -2144927141. Consulte el registro Microsoft-Windows-TWinUI/Operational para obtener más información.

Error: (05/10/2013 09:24:26 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: Frankenstein)
Description: No se pudo activar la aplicación Microsoft.SkypeApp_kzf8qxf38zg5c!App debido al error: -2144927141. Consulte el registro Microsoft-Windows-TWinUI/Operational para obtener más información.

Error: (05/10/2013 09:09:24 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: Frankenstein)
Description: No se pudo activar la aplicación Microsoft.SkypeApp_kzf8qxf38zg5c!App debido al error: -2144927141. Consulte el registro Microsoft-Windows-TWinUI/Operational para obtener más información.

Error: (05/10/2013 08:54:24 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: Frankenstein)
Description: No se pudo activar la aplicación Microsoft.SkypeApp_kzf8qxf38zg5c!App debido al error: -2144927141. Consulte el registro Microsoft-Windows-TWinUI/Operational para obtener más información.

Error: (05/10/2013 08:39:24 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: Frankenstein)
Description: No se pudo activar la aplicación Microsoft.SkypeApp_kzf8qxf38zg5c!App debido al error: -2144927141. Consulte el registro Microsoft-Windows-TWinUI/Operational para obtener más información.

Error: (05/10/2013 08:24:23 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: Frankenstein)
Description: No se pudo activar la aplicación Microsoft.SkypeApp_kzf8qxf38zg5c!App debido al error: -2144927141. Consulte el registro Microsoft-Windows-TWinUI/Operational para obtener más información.

Error: (05/10/2013 08:09:22 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: Frankenstein)
Description: No se pudo activar la aplicación Microsoft.SkypeApp_kzf8qxf38zg5c!App debido al error: -2144927141. Consulte el registro Microsoft-Windows-TWinUI/Operational para obtener más información.


System errors:
=============
Error: (05/10/2013 10:26:14 PM) (Source: DCOM) (User: Frankenstein)
Description: App.AppX54xz6wnkhmw763c2y8tb018n7d71dtx7.wwa

Error: (05/10/2013 10:19:06 PM) (Source: bowser) (User: )
Description: El explorador maestro recibió una notificación del equipo Y2
que cree que es el explorador maestro para el dominio en el transporte NetBT_Tcpip_{ABB59B2D-1049-4A17-9565-08D0AA78429B}.
El explorador maestro está detenido o se está forzando una elección.

Error: (05/10/2013 10:11:14 PM) (Source: DCOM) (User: Frankenstein)
Description: App.AppX54xz6wnkhmw763c2y8tb018n7d71dtx7.wwa

Error: (05/10/2013 10:07:05 PM) (Source: bowser) (User: )
Description: El explorador maestro recibió una notificación del equipo Y2
que cree que es el explorador maestro para el dominio en el transporte NetBT_Tcpip_{ABB59B2D-1049-4A17-9565-08D0AA78429B}.
El explorador maestro está detenido o se está forzando una elección.

Error: (05/10/2013 09:55:06 PM) (Source: bowser) (User: )
Description: El explorador maestro recibió una notificación del equipo Y2
que cree que es el explorador maestro para el dominio en el transporte NetBT_Tcpip_{ABB59B2D-1049-4A17-9565-08D0AA78429B}.
El explorador maestro está detenido o se está forzando una elección.

Error: (05/10/2013 09:54:20 PM) (Source: DCOM) (User: Frankenstein)
Description: App.AppX54xz6wnkhmw763c2y8tb018n7d71dtx7.wwa

Error: (05/10/2013 09:39:19 PM) (Source: DCOM) (User: Frankenstein)
Description: App.AppX54xz6wnkhmw763c2y8tb018n7d71dtx7.wwa

Error: (05/10/2013 09:24:21 PM) (Source: DCOM) (User: Frankenstein)
Description: App.AppX54xz6wnkhmw763c2y8tb018n7d71dtx7.wwa

Error: (05/10/2013 09:09:19 PM) (Source: DCOM) (User: Frankenstein)
Description: App.AppX54xz6wnkhmw763c2y8tb018n7d71dtx7.wwa

Error: (05/10/2013 08:54:18 PM) (Source: DCOM) (User: Frankenstein)
Description: App.AppX54xz6wnkhmw763c2y8tb018n7d71dtx7.wwa


Microsoft Office Sessions:
=========================
Error: (05/10/2013 10:26:19 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: Frankenstein)
Description: Microsoft.SkypeApp_kzf8qxf38zg5c!App-2144927141

Error: (05/10/2013 10:11:20 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: Frankenstein)
Description: Microsoft.SkypeApp_kzf8qxf38zg5c!App-2144927141

Error: (05/10/2013 09:54:25 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: Frankenstein)
Description: Microsoft.SkypeApp_kzf8qxf38zg5c!App-2144927141

Error: (05/10/2013 09:39:25 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: Frankenstein)
Description: Microsoft.SkypeApp_kzf8qxf38zg5c!App-2144927141

Error: (05/10/2013 09:24:26 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: Frankenstein)
Description: Microsoft.SkypeApp_kzf8qxf38zg5c!App-2144927141

Error: (05/10/2013 09:09:24 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: Frankenstein)
Description: Microsoft.SkypeApp_kzf8qxf38zg5c!App-2144927141

Error: (05/10/2013 08:54:24 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: Frankenstein)
Description: Microsoft.SkypeApp_kzf8qxf38zg5c!App-2144927141

Error: (05/10/2013 08:39:24 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: Frankenstein)
Description: Microsoft.SkypeApp_kzf8qxf38zg5c!App-2144927141

Error: (05/10/2013 08:24:23 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: Frankenstein)
Description: Microsoft.SkypeApp_kzf8qxf38zg5c!App-2144927141

Error: (05/10/2013 08:09:22 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: Frankenstein)
Description: Microsoft.SkypeApp_kzf8qxf38zg5c!App-2144927141


==================== Memory info ===========================

Percentage of memory in use: 19%
Total physical RAM: 9939.53 MB
Available physical RAM: 7988.44 MB
Total Pagefile: 20179.54 MB
Available Pagefile: 18134.4 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:440.68 GB) (Free:293.23 GB) NTFS (Disk=0 Partition=4)

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 9B1BE6D8)

Partition: GPT Partition Type
==================== End Of Log ============================
 
That looks good.

redtarget.gif
Uninstall iolo technologies' System Mechanic.
Registry cleaners/optimizers are not recommended for several reasons:

  • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

    The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
  • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
  • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
  • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
  • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.


redtarget.gif
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

redtarget.gif
Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
AdwCleaner, came clean. Heres Junkware: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 8 Single Language x64
Ran by Joma on 10/05/2013 at 23:20:59.99
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\windows\prefetch\ASKINSTALLCHECKER.EXE-FB360FFA.pf



~~~ Folders

Successfully deleted: [Folder] "C:\Users\jomaa_000\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\jomaa_000\appdata\locallow\boost_interprocess"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 10/05/2013 at 23:27:00.97
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
OTL logfile created on: 10/05/2013 11:31:20 p. m. - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\jomaa_000\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 0000080A | Country: México | Language: ESM | Date Format: dd/MM/yyyy

9.71 Gb Total Physical Memory | 8.48 Gb Available Physical Memory | 87.40% Memory free
19.71 Gb Paging File | 18.48 Gb Available in Paging File | 93.79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 440.68 Gb Total Space | 293.41 Gb Free Space | 66.58% Space Free | Partition Type: NTFS

Computer Name: FRANKENSTEIN | User Name: Joma | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/05/10 23:07:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\jomaa_000\Downloads\OTL.exe
PRC - [2013/04/29 00:58:42 | 004,408,368 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2013/04/18 04:34:38 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2013/04/10 11:07:36 | 001,428,472 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgfws.exe
PRC - [2013/02/19 04:01:14 | 000,328,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe
PRC - [2012/09/05 17:50:26 | 001,593,976 | ---- | M] (Samsung Electronics CO., LTD.) -- C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
PRC - [2012/09/05 17:50:24 | 000,085,112 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
PRC - [2012/09/05 17:50:16 | 002,623,096 | ---- | M] (Samsung Electronics CO., LTD.) -- C:\Program Files (x86)\Samsung\Settings\sSettings.exe


========== Modules (No Company Name) ==========

MOD - [2012/09/05 17:50:28 | 000,110,712 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll
MOD - [2012/09/05 17:50:22 | 000,211,064 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll
MOD - [2012/09/05 17:50:16 | 000,060,536 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll
MOD - [2012/09/05 17:50:10 | 000,103,544 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll
MOD - [2012/09/05 17:50:10 | 000,026,744 | ---- | M] () -- C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/03/01 21:45:07 | 000,171,008 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker)
SRV:64bit: - [2013/03/01 21:45:05 | 000,180,224 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker)
SRV:64bit: - [2013/02/02 03:21:45 | 000,467,456 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm)
SRV:64bit: - [2013/01/09 18:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc)
SRV:64bit: - [2013/01/09 18:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM)
SRV:64bit: - [2012/11/05 23:17:41 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder)
SRV:64bit: - [2012/09/20 04:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService)
SRV:64bit: - [2012/09/20 01:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc)
SRV:64bit: - [2012/09/20 01:30:41 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure)
SRV:64bit: - [2012/08/29 16:22:36 | 000,208,384 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Windows\SysNative\AdminService.exe -- (AtherosSvc)
SRV:64bit: - [2012/07/25 22:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify)
SRV:64bit: - [2012/07/25 22:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc)
SRV:64bit: - [2012/07/25 22:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc)
SRV:64bit: - [2012/07/25 22:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc)
SRV:64bit: - [2012/07/25 22:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc)
SRV:64bit: - [2012/07/25 22:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon)
SRV:64bit: - [2012/07/25 22:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc)
SRV:64bit: - [2012/07/25 22:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup)
SRV:64bit: - [2012/07/25 22:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso)
SRV:64bit: - [2012/07/25 22:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS)
SRV:64bit: - [2012/07/25 22:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc)
SRV:64bit: - [2012/07/25 22:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService)
SRV:64bit: - [2012/07/25 22:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange)
SRV:64bit: - [2012/07/25 19:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat)
SRV - [2013/05/10 17:07:19 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/04/25 13:41:34 | 004,936,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/04/18 04:34:38 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/04/10 11:07:36 | 001,428,472 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgfws.exe -- (avgfws)
SRV - [2013/04/09 17:00:02 | 002,921,520 | ---- | M] (Samsung Electronics CO., LTD.) [Disabled | Stopped] -- C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe -- (SWUpdateService)
SRV - [2013/03/03 04:06:50 | 001,432,400 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Archivos de programa\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV - [2013/02/07 14:54:40 | 000,161,384 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/12/14 11:08:50 | 002,466,304 | ---- | M] (LogMeIn Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012/12/14 03:42:10 | 000,277,616 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012/09/23 20:43:36 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/09/05 17:50:26 | 001,593,976 | ---- | M] (Samsung Electronics CO., LTD.) [Auto | Running] -- C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe -- (Easy Launcher)
SRV - [2012/08/23 11:31:24 | 002,148,216 | ---- | M] (AVG) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012/07/25 22:30:05 | 002,675,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify)
SRV - [2012/07/25 22:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/03/29 02:53:48 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013/03/21 03:08:26 | 000,248,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgwfpa.sys -- (Avgwfpa)
DRV:64bit: - [2013/03/17 23:36:16 | 000,030,752 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\ElRawDsk.sys -- (ElRawDisk)
DRV:64bit: - [2013/03/02 05:57:48 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI)
DRV:64bit: - [2013/03/02 05:57:46 | 000,283,880 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport)
DRV:64bit: - [2013/03/02 05:57:46 | 000,077,544 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci)
DRV:64bit: - [2013/03/02 05:45:20 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM)
DRV:64bit: - [2013/03/02 05:45:19 | 000,194,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2013/03/02 05:39:38 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc)
DRV:64bit: - [2013/02/15 22:20:55 | 000,023,408 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\RadioHIDMini.sys -- (RadioHIDMini)
DRV:64bit: - [2013/02/15 21:44:00 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2013/02/08 04:37:56 | 000,116,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013/02/08 04:37:54 | 000,311,096 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013/02/08 04:37:50 | 000,071,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013/02/08 04:37:42 | 000,206,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013/02/08 04:37:40 | 000,045,880 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2013/02/02 06:19:44 | 000,446,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3)
DRV:64bit: - [2013/02/02 02:25:23 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg)
DRV:64bit: - [2013/01/28 20:57:05 | 000,035,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot)
DRV:64bit: - [2013/01/28 18:08:22 | 000,230,904 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter)
DRV:64bit: - [2013/01/11 19:02:34 | 000,064,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2013/01/09 20:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32)
DRV:64bit: - [2012/12/14 03:42:22 | 005,353,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012/11/26 22:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid)
DRV:64bit: - [2012/11/19 23:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c)
DRV:64bit: - [2012/11/05 22:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM)
DRV:64bit: - [2012/10/26 04:17:44 | 000,020,912 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\avgboota.sys -- (Avgboota)
DRV:64bit: - [2012/10/12 03:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/10/11 02:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor)
DRV:64bit: - [2012/10/11 02:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam)
DRV:64bit: - [2012/09/20 02:55:33 | 000,212,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000)
DRV:64bit: - [2012/09/20 02:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101)
DRV:64bit: - [2012/09/20 02:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2012/09/20 02:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2012/09/19 01:15:20 | 003,653,632 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\athw8x.sys -- (athr)
DRV:64bit: - [2012/09/04 10:39:32 | 000,050,296 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:64bit: - [2012/08/29 16:22:38 | 000,565,760 | ---- | M] (Qualcomm Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2012/08/06 12:41:28 | 000,313,712 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\ETD.sys -- (ETD)
DRV:64bit: - [2012/08/02 12:39:29 | 002,814,096 | ---- | M] (TamoSoft) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\ts_athrx.sys -- (TS_ARN5416)
DRV:64bit: - [2012/07/31 12:22:00 | 000,645,952 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012/07/26 00:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/07/26 00:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv)
DRV:64bit: - [2012/07/26 00:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID)
DRV:64bit: - [2012/07/26 00:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt)
DRV:64bit: - [2012/07/26 00:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor)
DRV:64bit: - [2012/07/26 00:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex)
DRV:64bit: - [2012/07/26 00:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis)
DRV:64bit: - [2012/07/26 00:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2012/07/26 00:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2012/07/26 00:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS)
DRV:64bit: - [2012/07/26 00:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2012/07/26 00:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv)
DRV:64bit: - [2012/07/26 00:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass)
DRV:64bit: - [2012/07/26 00:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2012/07/26 00:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware)
DRV:64bit: - [2012/07/26 00:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2012/07/26 00:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2012/07/25 23:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS)
DRV:64bit: - [2012/07/25 23:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS)
DRV:64bit: - [2012/07/25 23:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci)
DRV:64bit: - [2012/07/25 22:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2012/07/25 21:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf)
DRV:64bit: - [2012/07/25 21:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay)
DRV:64bit: - [2012/07/25 21:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo)
DRV:64bit: - [2012/07/25 21:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender)
DRV:64bit: - [2012/07/25 21:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter)
DRV:64bit: - [2012/07/25 21:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic)
DRV:64bit: - [2012/07/25 21:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime)
DRV:64bit: - [2012/07/25 21:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig)
DRV:64bit: - [2012/07/25 21:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr)
DRV:64bit: - [2012/07/25 21:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr)
DRV:64bit: - [2012/07/25 21:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd)
DRV:64bit: - [2012/07/25 21:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx)
DRV:64bit: - [2012/07/25 21:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx)
DRV:64bit: - [2012/07/25 21:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012/07/25 21:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum)
DRV:64bit: - [2012/07/25 21:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2012/07/25 21:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/25 21:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr)
DRV:64bit: - [2012/07/25 21:25:02 | 000,202,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\BthLEEnum.sys -- (BthLEEnum)
DRV:64bit: - [2012/07/25 21:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform)
DRV:64bit: - [2012/07/25 21:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp)
DRV:64bit: - [2012/07/25 21:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu)
DRV:64bit: - [2012/06/12 21:41:22 | 000,683,664 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168)
DRV:64bit: - [2011/11/03 04:01:00 | 000,056,208 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008/04/16 15:49:34 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2012/11/13 22:53:00 | 000,014,544 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys -- (WinRing0_1_2_0)
DRV - [2012/07/04 15:26:12 | 000,011,880 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{A64660B8-05C3-4DB7-A225-68951787A84C}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{A64660B8-05C3-4DB7-A225-68951787A84C}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-2189366859-98369154-2125593965-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung13.msn.com
IE - HKU\S-1-5-21-2189366859-98369154-2125593965-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://samsung13.msn.com
IE - HKU\S-1-5-21-2189366859-98369154-2125593965-1003\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-2189366859-98369154-2125593965-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..extensions.enabledAddons: %7B23fcfd51-4958-4f00-80a3-ae97e717ed8b%7D:2.1.2.172
FF - prefs.js..extensions.enabledAddons: %7Ba3a5c777-f583-4fef-9380-ab4add1bc2a8%7D:5.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\Program Files (x86)\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Nexon.net/NxGame: File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\jomaa_000\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\jomaa_000\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013/02/24 06:18:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/05/10 17:07:20 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/05/10 17:07:10 | 000,000,000 | ---D | M]

[2013/05/10 16:52:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jomaa_000\AppData\Roaming\mozilla\Extensions
[2013/04/02 01:29:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jomaa_000\AppData\Roaming\mozilla\Firefox\Profiles\extensions
[2013/05/10 17:06:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jomaa_000\AppData\Roaming\mozilla\Firefox\Profiles\lj7ul3xr.default\extensions
[2013/02/11 05:58:00 | 000,214,122 | ---- | M] () (No name found) -- C:\Users\jomaa_000\AppData\Roaming\mozilla\firefox\profiles\extensions\putlockerdownloader2@putlockerdownloader.com.xpi
[2013/05/10 17:06:03 | 000,014,004 | ---- | M] () (No name found) -- C:\Users\jomaa_000\AppData\Roaming\mozilla\firefox\profiles\lj7ul3xr.default\extensions\{a3a5c777-f583-4fef-9380-ab4add1bc2a8}.xpi
[2013/05/10 17:07:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013/05/10 17:07:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions
[2013/05/10 17:07:10 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2013/02/24 06:18:55 | 000,000,000 | ---D | M] (No name found) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2013/05/10 17:07:20 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/10/01 21:33:44 | 000,034,016 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
[2013/03/27 00:03:43 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013/03/27 00:03:43 | 000,004,095 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\drae.xml
[2013/03/27 00:03:43 | 000,001,356 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-es.xml
[2013/03/27 00:03:43 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[2013/03/27 00:03:43 | 000,001,391 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-es.xml
[2013/03/27 00:03:43 | 000,001,315 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-es.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.thisiscolossal.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Disabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: AdobeAAMDetect (Enabled) = C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office 2013 (Enabled) = C:\Program Files (x86)\Microsoft Office\Office15\NPSPWRAP.DLL
CHR - plugin: Microsoft Office 2013 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\jomaa_000\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Facebook Video Calling Plugin (Enabled) = C:\Users\jomaa_000\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
CHR - plugin: Java Deployment Toolkit 7.0.210.11 (Enabled) = C:\windows\SysWOW64\npDeployJava1.dll
CHR - Extension: Google Docs = C:\Users\jomaa_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\jomaa_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\jomaa_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: B\u00FAsqueda de Google = C:\Users\jomaa_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Cuevana Stream HD = C:\Users\jomaa_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhoagnbfkcambccccedddgiljljfljad\5.4_0\
CHR - Extension: AdBlock = C:\Users\jomaa_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.63_0\
CHR - Extension: Cuevana Stream = C:\Users\jomaa_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfdckejfnkaemompfjhecfmhjgnchmjg\5.2.1_0\
CHR - Extension: \u003Cvideo\u003E de HTML5 de DivX Plus Web Player = C:\Users\jomaa_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.172_0\
CHR - Extension: Cuevana Stream (Fixed) = C:\Users\jomaa_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\phicfmbjmkdipkhlhlkblgjamldaonjd\3.1.4_0\
CHR - Extension: Gmail = C:\Users\jomaa_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2012/07/26 00:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Archivos de programa\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Archivos de programa\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Archivos de programa\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Archivos de programa\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-2189366859-98369154-2125593965-1003..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2189366859-98369154-2125593965-1003..\Run: [uTorrent] C:\Users\jomaa_000\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-2189366859-98369154-2125593965-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O9:64bit: - Extra Button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Archivos de programa\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Archivos de programa\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Complemento Hacer clic para llamar de Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Archivos de programa\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Complemento Hacer clic para llamar de Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Archivos de programa\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Notas &vinculadas de OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Archivos de programa\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Notas &vinculadas de OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Archivos de programa\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ABB59B2D-1049-4A17-9565-08D0AA78429B}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807583E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:64bit: - HKLM IFEO\excel.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27:64bit: - HKLM IFEO\groove.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27:64bit: - HKLM IFEO\hamachi-2-ui.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27:64bit: - HKLM IFEO\infopath.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27:64bit: - HKLM IFEO\lync.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27:64bit: - HKLM IFEO\manager1.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27:64bit: - HKLM IFEO\misc.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27:64bit: - HKLM IFEO\msaccess.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27:64bit: - HKLM IFEO\msoev.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27:64bit: - HKLM IFEO\msotd.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27:64bit: - HKLM IFEO\msoxmled.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27:64bit: - HKLM IFEO\mspub.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27:64bit: - HKLM IFEO\OcPubMgr.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27:64bit: - HKLM IFEO\onenote.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27:64bit: - HKLM IFEO\outlook.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27:64bit: - HKLM IFEO\powerpnt.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27:64bit: - HKLM IFEO\skype.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27:64bit: - HKLM IFEO\smanager.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27:64bit: - HKLM IFEO\Winword.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27 - HKLM IFEO\excel.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27 - HKLM IFEO\groove.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27 - HKLM IFEO\hamachi-2-ui.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27 - HKLM IFEO\infopath.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27 - HKLM IFEO\lync.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27 - HKLM IFEO\manager1.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27 - HKLM IFEO\misc.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27 - HKLM IFEO\msaccess.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27 - HKLM IFEO\msoev.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27 - HKLM IFEO\msotd.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27 - HKLM IFEO\msoxmled.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27 - HKLM IFEO\mspub.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27 - HKLM IFEO\OcPubMgr.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27 - HKLM IFEO\onenote.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27 - HKLM IFEO\outlook.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27 - HKLM IFEO\powerpnt.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27 - HKLM IFEO\skype.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27 - HKLM IFEO\smanager.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27 - HKLM IFEO\Winword.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{c7e6c6f0-77da-11e2-be6c-50b7c35fbc97}\Shell - "" = AutoRun
O33 - MountPoints2\{c7e6c6f0-77da-11e2-be6c-50b7c35fbc97}\Shell\AutoRun\command - "" = "E:\setup\rsrc\Autorun.exe"
O33 - MountPoints2\{c7e6c6f0-77da-11e2-be6c-50b7c35fbc97}\Shell\dinstall\command - "" = E:\Directx\dxsetup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/05/10 23:20:57 | 000,000,000 | ---D | C] -- C:\windows\ERUNT
[2013/05/10 23:20:15 | 000,000,000 | ---D | C] -- C:\JRT
[2013/05/10 22:26:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013/05/10 22:13:49 | 000,000,000 | ---D | C] -- C:\FRST
[2013/05/10 19:37:11 | 000,000,000 | ---D | C] -- C:\Users\jomaa_000\AppData\Local\WinZip
[2013/05/10 19:36:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2013/05/10 19:36:05 | 000,000,000 | ---D | C] -- C:\Users\jomaa_000\Documents\Add-in Express
[2013/05/10 19:35:52 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2013/05/10 19:35:51 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2013/05/10 17:27:38 | 000,000,000 | ---D | C] -- C:\Users\jomaa_000\AppData\Local\Macromedia
[2013/05/10 17:13:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013/05/10 17:12:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013/05/10 17:07:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013/05/10 16:51:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013/05/10 16:51:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013/05/10 16:25:12 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2013/05/10 16:06:38 | 000,000,000 | ---D | C] -- C:\Users\jomaa_000\Desktop\RK_Quarantine
[2013/05/10 04:04:00 | 000,030,752 | ---- | C] (EldoS Corporation) -- C:\windows\SysNative\drivers\ElRawDsk.sys
[2013/05/10 04:03:46 | 000,000,000 | ---D | C] -- C:\ProgramData\iolo
[2013/05/09 17:55:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2013/05/06 12:47:16 | 000,000,000 | ---D | C] -- C:\Users\jomaa_000\Documents\Activision
[2013/05/06 12:47:16 | 000,000,000 | ---D | C] -- C:\Users\jomaa_000\AppData\Roaming\Activision
[2013/05/06 12:47:03 | 000,000,000 | -HSD | C] -- C:\windows\ftpcache
[2013/05/06 12:37:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Activision
[2013/05/06 04:37:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AIMP3
[2013/05/06 04:36:59 | 000,000,000 | ---D | C] -- C:\Users\jomaa_000\AppData\Roaming\AIMP3
[2013/05/06 04:24:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AIMP3
[2013/05/06 04:22:20 | 000,000,000 | ---D | C] -- C:\Users\jomaa_000\AppData\Local\DFX
[2013/05/06 04:19:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DFX Audio Enhancer
[2013/05/06 04:19:29 | 000,000,000 | ---D | C] -- C:\ProgramData\DFX
[2013/05/06 04:19:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DFX
[2013/05/06 04:19:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DFX
[2013/05/06 04:17:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp
[2013/05/05 18:19:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013/05/05 15:22:47 | 000,000,000 | ---D | C] -- C:\Users\jomaa_000\AppData\Roaming\eIntaller
[2013/05/02 20:34:04 | 000,000,000 | ---D | C] -- C:\Users\jomaa_000\Documents\Plantillas personalizadas de Office
[2013/05/02 15:56:24 | 000,000,000 | --SD | C] -- C:\ProgramData\DSS
[2013/05/02 15:35:18 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe
[2013/05/02 15:21:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games
[2013/05/02 06:04:17 | 000,000,000 | ---D | C] -- C:\Users\jomaa_000\AppData\Roaming\Lionhead Studios
[2013/05/02 05:55:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
[2013/05/02 05:48:58 | 000,000,000 | ---D | C] -- C:\Users\jomaa_000\Documents\Games for Windows - LIVE Demos
[2013/05/02 05:48:01 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\xlive
[2013/05/02 05:48:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2013/05/01 15:59:09 | 000,035,192 | ---- | C] (AVG) -- C:\windows\SysNative\TURegOpt.exe
[2013/05/01 15:59:08 | 000,026,488 | ---- | C] (AVG) -- C:\windows\SysNative\authuitu.dll
[2013/05/01 15:59:05 | 000,021,880 | ---- | C] (AVG) -- C:\windows\SysWow64\authuitu.dll
[2013/05/01 15:58:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp
[2013/05/01 15:57:52 | 000,000,000 | ---D | C] -- C:\Users\jomaa_000\AppData\Roaming\AVG
[2013/05/01 15:57:05 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG
[2013/05/01 15:56:49 | 000,000,000 | --SD | C] -- C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
[2013/05/01 13:10:19 | 000,000,000 | ---D | C] -- C:\Users\jomaa_000\Documents\Youcam
[2013/05/01 02:38:37 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CyberLink
[2013/04/30 18:04:01 | 000,000,000 | ---D | C] -- C:\Users\jomaa_000\Documents\Libros y pdfs
[2013/04/30 17:56:17 | 000,000,000 | ---D | C] -- C:\Users\jomaa_000\Documents\Notas
[2013/04/30 02:41:29 | 000,000,000 | ---D | C] -- C:\Users\jomaa_000\AppData\Local\ElevatedDiagnostics
[2013/04/29 19:45:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2013/04/29 19:45:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2013/04/29 02:56:36 | 000,683,664 | ---- | C] (Realtek ) -- C:\windows\SysNative\drivers\Rt630x64.sys
[2013/04/27 22:41:32 | 000,000,000 | ---D | C] -- C:\Users\jomaa_000\AppData\Local\LogMeIn Hamachi
[2013/04/27 16:07:38 | 003,653,632 | ---- | C] (Qualcomm Atheros Communications, Inc.) -- C:\windows\SysNative\athw8x.sys
[2013/04/22 05:23:00 | 000,033,856 | -H-- | C] (LogMeIn, Inc.) -- C:\windows\SysNative\hamachi.sys
[2013/04/21 20:03:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\thechineseroom
[2013/04/21 19:58:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\thechineseroom
[2013/04/21 11:39:48 | 000,000,000 | ---D | C] -- C:\windows\Minidump
[2013/04/21 03:22:43 | 000,000,000 | ---D | C] -- C:\Users\jomaa_000\AppData\Roaming\.minecraft
[2013/04/20 15:45:53 | 000,000,000 | ---D | C] -- C:\Users\jomaa_000\AppData\Roaming\AVG2013
[2013/04/20 15:40:04 | 000,000,000 | ---D | C] -- C:\Users\jomaa_000\AppData\Roaming\TuneUp Software
[2013/04/20 15:39:14 | 000,000,000 | -H-D | C] -- C:\$AVG
[2013/04/20 15:39:14 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2013/04/20 15:38:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2013/04/20 15:30:27 | 000,000,000 | ---D | C] -- C:\Users\jomaa_000\AppData\Local\MFAData
[2013/04/20 15:30:27 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013/04/20 15:30:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Common Files
[2013/04/20 15:30:27 | 000,000,000 | ---D | C] -- C:\Users\jomaa_000\AppData\Local\Avg2013
[2013/04/16 21:01:45 | 000,000,000 | ---D | C] -- C:\Users\jomaa_000\AppData\Roaming\dvdcss
[2013/04/16 20:41:19 | 000,000,000 | ---D | C] -- C:\Users\jomaa_000\Documents\Avatar
[2013/04/16 19:55:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDisplay
[2013/04/16 19:55:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CDisplay
[2013/04/14 19:11:12 | 000,000,000 | ---D | C] -- C:\Users\jomaa_000\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2013/04/14 19:11:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Download Assistant
[2013/04/11 01:48:08 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys
[2013/02/25 19:43:34 | 002,063,240 | ---- | C] (Samsung Electronics) -- C:\ProgramData\MakeMarkerFile.exe

========== Files - Modified Within 30 Days ==========

[2013/05/10 23:24:00 | 000,001,058 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/10 23:19:49 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2013/05/10 23:18:24 | 000,001,054 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/10 23:17:46 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2013/05/10 23:10:22 | 000,074,703 | ---- | M] () -- C:\windows\SysWow64\mfc45.dat
[2013/05/10 22:22:00 | 000,000,954 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-2189366859-98369154-2125593965-1002UA.job
[2013/05/10 22:22:00 | 000,000,932 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-2189366859-98369154-2125593965-1002Core.job
[2013/05/10 22:01:36 | 001,798,556 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2013/05/10 22:01:36 | 000,799,280 | ---- | M] () -- C:\windows\SysNative\perfh00A.dat
[2013/05/10 22:01:36 | 000,710,244 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2013/05/10 22:01:36 | 000,163,056 | ---- | M] () -- C:\windows\SysNative\perfc00A.dat
[2013/05/10 22:01:36 | 000,132,614 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2013/05/10 21:26:06 | 000,000,960 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-2189366859-98369154-2125593965-1003UA.job
[2013/05/10 21:26:03 | 000,000,938 | ---- | M] () -- C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-2189366859-98369154-2125593965-1003Core.job
[2013/05/10 08:35:18 | 000,003,472 | ---- | M] () -- C:\bootsqm.dat
[2013/05/10 04:25:19 | 000,000,406 | ---- | M] () -- C:\windows\SysNative\ioloBootDefrag.cfg
[2013/05/10 03:36:11 | 000,000,154 | ---- | M] () -- C:\windows\Reimage.ini
[2013/05/09 20:41:32 | 000,476,127 | ---- | M] () -- C:\Users\jomaa_000\Desktop\Transmetropolitan_13_p16.jpg
[2013/05/09 20:29:35 | 000,473,721 | ---- | M] () -- C:\Users\jomaa_000\Desktop\Transmetropolitan_13_p09.jpg
[2013/05/08 08:56:22 | 000,628,743 | ---- | M] () -- C:\Users\jomaa_000\Desktop\AdwCleaner.exe
[2013/05/07 03:53:28 | 000,000,022 | ---- | M] () -- C:\windows\cmm.dat
[2013/05/06 14:45:58 | 000,011,264 | ---- | M] () -- C:\Users\jomaa_000\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/05/06 12:46:22 | 000,000,319 | ---- | M] () -- C:\windows\game.ini
[2013/05/01 19:16:25 | 000,007,618 | ---- | M] () -- C:\Users\jomaa_000\AppData\Local\Resmon.ResmonCfg
[2013/04/30 00:05:20 | 005,043,744 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2013/05/10 23:10:22 | 000,074,703 | ---- | C] () -- C:\windows\SysWow64\mfc45.dat
[2013/05/10 16:51:29 | 000,001,175 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013/05/10 08:35:18 | 000,003,472 | ---- | C] () -- C:\bootsqm.dat
[2013/05/10 04:25:19 | 000,000,406 | ---- | C] () -- C:\windows\SysNative\ioloBootDefrag.cfg
[2013/05/10 03:34:05 | 000,000,154 | ---- | C] () -- C:\windows\Reimage.ini
[2013/05/09 20:41:32 | 000,476,127 | ---- | C] () -- C:\Users\jomaa_000\Desktop\Transmetropolitan_13_p16.jpg
[2013/05/09 20:29:35 | 000,473,721 | ---- | C] () -- C:\Users\jomaa_000\Desktop\Transmetropolitan_13_p09.jpg
[2013/05/08 08:56:17 | 000,628,743 | ---- | C] () -- C:\Users\jomaa_000\Desktop\AdwCleaner.exe
[2013/05/07 03:53:28 | 000,000,022 | ---- | C] () -- C:\windows\cmm.dat
[2013/05/06 12:46:22 | 000,000,319 | ---- | C] () -- C:\windows\game.ini
[2013/05/01 15:58:34 | 000,002,205 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp.lnk
[2013/04/30 00:04:59 | 005,043,744 | ---- | C] () -- C:\windows\SysNative\FNTCACHE.DAT
[2013/04/27 16:07:38 | 000,331,272 | ---- | C] () -- C:\windows\SysNative\athw8x.inf
[2013/04/27 16:07:38 | 000,080,062 | ---- | C] () -- C:\windows\SysNative\athw8x.cat
[2013/04/24 09:17:41 | 000,387,867 | ---- | C] () -- C:\windows\SysNative\ApnDatabase.xml
[2013/04/14 19:11:07 | 000,001,085 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk
[2013/04/09 14:33:17 | 000,011,264 | ---- | C] () -- C:\Users\jomaa_000\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/04/09 14:30:29 | 000,129,024 | ---- | C] () -- C:\windows\SysWow64\AVERM.dll
[2013/04/09 14:30:29 | 000,028,672 | ---- | C] () -- C:\windows\SysWow64\AVEQT.dll
[2013/04/08 06:26:59 | 000,007,618 | ---- | C] () -- C:\Users\jomaa_000\AppData\Local\Resmon.ResmonCfg
[2013/03/31 05:20:24 | 000,000,001 | -H-- | C] () -- C:\windows\mulch200.ini
[2013/03/03 04:06:58 | 000,000,153 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2013/02/25 19:43:34 | 000,003,004 | ---- | C] () -- C:\ProgramData\MakeMarkerFile.xml
[2013/02/15 20:53:21 | 000,083,968 | ---- | C] () -- C:\windows\SysWow64\OEMLicense.dll
[2013/02/12 19:26:34 | 000,042,880 | ---- | C] () -- C:\windows\SysWow64\xfcodec.dll
[2012/12/14 03:42:30 | 000,963,452 | ---- | C] () -- C:\windows\SysWow64\igcodeckrng600.bin
[2012/12/14 03:42:30 | 000,064,512 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll
[2012/12/14 03:42:28 | 000,272,928 | ---- | C] () -- C:\windows\SysWow64\igvpkrng600.bin
[2012/12/14 03:42:24 | 000,754,652 | ---- | C] () -- C:\windows\SysWow64\igcodeckrng700.bin
[2012/12/14 03:42:24 | 000,598,384 | ---- | C] () -- C:\windows\SysWow64\igvpkrng700.bin
[2012/07/26 03:13:10 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2012/07/26 03:13:09 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2012/07/26 02:21:26 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2012/07/25 20:17:42 | 000,043,520 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2012/07/25 15:37:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2012/07/25 15:28:31 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2012/06/02 09:31:19 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\windows\SysWow64\xlive.dll.cat

========== ZeroAccess Check ==========

[2013/02/15 21:53:36 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/03/01 21:45:01 | 019,748,864 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/03/02 03:23:07 | 017,560,576 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/07/25 22:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/07/25 22:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/07/25 22:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013/04/30 02:51:16 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\AVG2013
[2013/02/21 22:48:48 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\DAEMON Tools Pro
[2013/03/27 14:32:28 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\FreeArc
[2013/03/16 20:11:10 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\Iminent
[2013/02/26 21:10:51 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\LolClient
[2013/02/26 22:25:34 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\SPORE
[2013/04/28 00:11:36 | 000,000,000 | ---D | M] -- C:\Users\jomaa_000\AppData\Roaming\.minecraft
[2013/05/06 12:47:16 | 000,000,000 | ---D | M] -- C:\Users\jomaa_000\AppData\Roaming\Activision
[2013/05/10 21:19:00 | 000,000,000 | ---D | M] -- C:\Users\jomaa_000\AppData\Roaming\AIMP3
[2013/03/31 05:20:36 | 000,000,000 | ---D | M] -- C:\Users\jomaa_000\AppData\Roaming\AudioMulch
[2013/04/19 22:32:48 | 000,000,000 | ---D | M] -- C:\Users\jomaa_000\AppData\Roaming\Autodesk
[2013/05/01 15:57:52 | 000,000,000 | ---D | M] -- C:\Users\jomaa_000\AppData\Roaming\AVG
[2013/04/20 15:45:53 | 000,000,000 | ---D | M] -- C:\Users\jomaa_000\AppData\Roaming\AVG2013
[2013/04/14 19:11:12 | 000,000,000 | ---D | M] -- C:\Users\jomaa_000\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2013/04/29 19:24:51 | 000,000,000 | ---D | M] -- C:\Users\jomaa_000\AppData\Roaming\DAEMON Tools Pro
[2013/05/05 15:22:47 | 000,000,000 | ---D | M] -- C:\Users\jomaa_000\AppData\Roaming\eIntaller
[2013/02/17 14:59:32 | 000,000,000 | ---D | M] -- C:\Users\jomaa_000\AppData\Roaming\ExpressFiles
[2013/04/30 00:22:59 | 000,000,000 | ---D | M] -- C:\Users\jomaa_000\AppData\Roaming\FreeArc
[2013/05/02 06:04:17 | 000,000,000 | ---D | M] -- C:\Users\jomaa_000\AppData\Roaming\Lionhead Studios
[2013/02/18 13:58:44 | 000,000,000 | ---D | M] -- C:\Users\jomaa_000\AppData\Roaming\LolClient
[2013/04/30 00:22:59 | 000,000,000 | ---D | M] -- C:\Users\jomaa_000\AppData\Roaming\MusicBee
[2013/02/21 02:48:09 | 000,000,000 | ---D | M] -- C:\Users\jomaa_000\AppData\Roaming\SPORE
[2013/05/01 16:42:36 | 000,000,000 | ---D | M] -- C:\Users\jomaa_000\AppData\Roaming\TuneUp Software
[2013/04/01 05:49:17 | 000,000,000 | ---D | M] -- C:\Users\jomaa_000\AppData\Roaming\Ultra Fractal 5
[2013/02/15 23:15:14 | 000,000,000 | ---D | M] -- C:\Users\jomaa_000\AppData\Roaming\Unity
[2013/05/10 05:11:21 | 000,000,000 | ---D | M] -- C:\Users\jomaa_000\AppData\Roaming\uTorrent
[2013/02/15 21:19:33 | 000,000,000 | ---D | M] -- C:\Users\jomaa_000\AppData\Roaming\Vtools

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:A1EDB939
@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:D1B5B4F1

< End of report >
 
redtarget.gif
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
Code: 
:OTL
FF - user.js - File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\osf - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O33 - MountPoints2\{c7e6c6f0-77da-11e2-be6c-50b7c35fbc97}\Shell - "" = AutoRun
O33 - MountPoints2\{c7e6c6f0-77da-11e2-be6c-50b7c35fbc97}\Shell\AutoRun\command - "" = "E:\setup\rsrc\Autorun.exe"
O33 - MountPoints2\{c7e6c6f0-77da-11e2-be6c-50b7c35fbc97}\Shell\dinstall\command - "" = E:\Directx\dxsetup.exe
@Alternate Data Stream - 132 bytes -> C:\ProgramData\Temp:A1EDB939
@Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:D1B5B4F1

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.
Last scans...

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.

redtarget.gif
Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
Hey, I just saw something weird going on. Java console shows me 3 strange google extensions. They say
"google-extension://" and after the // a bunch of random letters
 
Here's OTL
All processes killed
========== OTL ==========
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\osf\ deleted successfully.
File Protocol\Handler\osf - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
File Protocol\Handler\skype4com - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c7e6c6f0-77da-11e2-be6c-50b7c35fbc97}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c7e6c6f0-77da-11e2-be6c-50b7c35fbc97}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c7e6c6f0-77da-11e2-be6c-50b7c35fbc97}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c7e6c6f0-77da-11e2-be6c-50b7c35fbc97}\ not found.
File "E:\setup\rsrc\Autorun.exe" not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c7e6c6f0-77da-11e2-be6c-50b7c35fbc97}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c7e6c6f0-77da-11e2-be6c-50b7c35fbc97}\ not found.
File E:\Directx\dxsetup.exe not found.
ADS C:\ProgramData\Temp:A1EDB939 deleted successfully.
ADS C:\ProgramData\Temp:D1B5B4F1 deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administradora_000

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 57616 bytes

User: Default User

User: Guido
->Temp folder emptied: 1583 bytes
->Temporary Internet Files folder emptied: 128 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 564 bytes

User: Guidoa_000

User: HomeGroupUser$a_000

User: Invitadoa_000

User: jomaa_000
->Temp folder emptied: 3213950 bytes
->Temporary Internet Files folder emptied: 10867955 bytes
->Java cache emptied: 3574408 bytes
->FireFox cache emptied: 19371756 bytes
->Google Chrome cache emptied: 527969226 bytes
->Flash cache emptied: 58833 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: UpdatusUsera_000

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 342406 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 128 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 539.00 mb


[EMPTYJAVA]

User: Administradora_000

User: Administrator

User: All Users

User: Default

User: Default User

User: Guido
->Java cache emptied: 0 bytes

User: Guidoa_000

User: HomeGroupUser$a_000

User: Invitadoa_000

User: jomaa_000
->Java cache emptied: 0 bytes

User: Public

User: UpdatusUser

User: UpdatusUsera_000

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: Administradora_000

User: Administrator

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User

User: Guido
->Flash cache emptied: 0 bytes

User: Guidoa_000

User: HomeGroupUser$a_000

User: Invitadoa_000

User: jomaa_000
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser

User: UpdatusUsera_000

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 05112013_001104

Files\Folders moved on Reboot...
C:\Users\jomaa_000\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 
Results of screen317's Security Check version 0.99.63
x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
AVG Internet Security 2013
Windows Defender
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware versión 1.75.0.1300
AVG PC TuneUp
AVG PC TuneUp Language Pack (es-ES)
Java 7 Update 21
Adobe Flash Player 11.7.700.169
Adobe Reader 10.1.3 Adobe Reader out of Date!
Mozilla Firefox (20.0.1)
Google Chrome 26.0.1410.64
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
 
Farbar Service Scanner Version: 14-04-2013
Ran by Joma (administrator) on 11-05-2013 at 00:18:31
Running from "C:\Users\jomaa_000\Downloads"
Windows 8 Single Language (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Attempt to access Yahoo IP returned error. Yahoo IP is offline
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2013-04-24 09:18] - [2013-03-02 04:59] - 2231528 ____A (Microsoft Corporation) B6D52E2C38B49A156E58FF5B9C6CA8BE

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll
[2013-04-24 09:18] - [2013-03-01 21:45] - 3240448 ____A (Microsoft Corporation) 79F95469604B77296346DE7DB463EA2A

C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll
[2013-04-24 09:07] - [2013-01-28 18:08] - 1555920 ____A (Microsoft Corporation) 905601FFF40D8DA9FA82CBE77D1F5EB1

C:\Program Files\Windows Defender\MsMpEng.exe
[2013-04-24 09:07] - [2013-01-28 20:57] - 0014920 ____A (Microsoft Corporation) 473B9548568BA927ACE0B77EC208A561

C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
 
Hi, and good day. This is the ESET report

C:\Program Files (x86)\Microsoft Games\Fable III\paul.dlla variant of Win32/Packed.VMProtect.AAA trojan
C:\Users\Guido\Downloads\True_Romance (1).exeWin32/Adware.1ClickDownload.W application
C:\Users\Guido\Downloads\True_Romance (2).exeWin32/Adware.1ClickDownload.W application
C:\Users\Guido\Downloads\True_Romance.exeWin32/Adware.1ClickDownload.W application
C:\Users\jomaa_000\Downloads\Fable.III-SKIDROW\sr-fable3.isoa variant of Win32/Packed.VMProtect.AAA trojan
 
Update Adobe Reader

You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions (if present).
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

=====================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code: 
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure Windows Updates are current.

4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

8. Run Temporary File Cleaner (TFC) weekly.

9. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

11. (Windows XP only) Run defrag at your convenience.

12. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

13. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

14. Please, let me know, how your computer is doing.
 
I haven't deleted yet the Eset entries, I uncheked the delete threats box :/
Should I deleted manually?
 
That's NOT what my instructions say.
In any way delete those entries manually and go ahead with my other instructions.
 
Ty Broni, all seem in order now. Do I need to do anything else besides the specifications you already told me?
 
You must log in or register to reply here.

Similar threads

A
YouTube cracks down (again) on ad blockers, frustrating users
2 3
Replies
55
Views
867
bitwarden
B
midian182
YouTuber ordered to pay "King of Kong" Billy Mitchell $230,000 over defamation claims
Replies
7
Views
143
Kirby1
K
midian182
Russia fines Google $20.5 decillion for blocking YouTube channels
Replies
20
Views
516
Kirby1
K

Latest posts

Back