Jump to content

Welcome Guest to Geeks to Go - Register now for FREE
Geeks To Go is a helpful hub, where thousands of friendly volunteers serve up answers and support. Get free advice from the experts. Feel free to browse the site as a guest. However, you must log in to reply to existing topics or start a new topic of your own, and enjoy all this forum has to offer. Additionally, if you can assist another member by sharing your knowledge, please post a reply! Best of all - Registration and all assistance, is FREE! Learn more about How it Works. Infected? Malware Cleaning Guide. What are you waiting for?
Create an Account Login to Account

Internet access blocked. Possible virus? [Solved]


  • This topic is locked This topic is locked

#1
Micaso

Micaso

    Member

  • Member
  • PipPip
  • 43 posts
Hello! Long time member, first time poster. I've always been a fan of this site and what it does. It's a beaming light of hope for people that have no one else to go to, so first of all, i'd like to say thanks to the entire community for everything you're doing. You guys are awesome! Now here's to hoping you can help me with a little problem of my own.

As of yesterday, i was playing a game online and suddenly disconnected. Chrome couldn't access the internet either, then i noticed the tiny notification next to my internet connection icon on the bottom right. I continued to call my ISP which made me run some diagnostics. When they instructed me to run CMD and use ipconfig /all to check my IP's, they noticed my IPv4 was odd. Instead of anything else, it was 192.168.0.4. The operator that took my call continued to ask me if i had any routers installed. None at all. He said my computer was being confused by a router, but i have no router near me. They quickly said they couldn't help because the service was being provided even though i can't access it. I called a technician and after running the same diagnostics, told me that my best choice is to reinstall my operating system. This is the last thing i want to do, but if necessary i'll have to.
Through all this process i was asking friends of anything similar happening to them and they started investigating online. One friend told me to disable my IPv6 Adapter in my Local Area Connection and to type in the command ''netsh winsock reset catalog'' into CMD. After i had done that, my internet had come back, but today it happened again. I'm convinced it's a virus. McAfee hasn't been able to locate any virus as of my last full scan yesterday, so i'm really hoping i can find some answers here. To be sure, i disabled McAfee's firewall and downloaded ZoneAlarm's firewall, thinking McAfee could have also been blocking my internet connection. I have internet access for now, but i also noticed that on boot, i sometimes have to reset my PC because it just freezes, which also started happening as of yesterday.
Well, here's hoping you guys can help me. As of the tutorial on the top post, here is my OTL log.


OTL logfile created on: 3/22/2012 8:56:44 PM - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Usuario\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 75.07% Memory free
15.99 Gb Paging File | 13.81 Gb Available in Paging File | 86.38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 687.71 Gb Free Space | 73.83% Space Free | Partition Type: NTFS

Computer Name: USUARIO-PC | User Name: Usuario | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/22 20:56:14 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Usuario\Desktop\OTL.exe
PRC - [2012/03/13 05:37:52 | 003,331,872 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Usuario\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/02/18 07:59:28 | 000,282,648 | ---- | M] (McAfee, Inc.) -- c:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
PRC - [2012/02/14 22:49:08 | 000,636,032 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
PRC - [2011/12/18 21:08:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2011/12/18 21:04:24 | 000,073,360 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/10/26 22:36:08 | 000,393,216 | ---- | M] (AMD) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
PRC - [2010/08/10 13:25:20 | 001,492,312 | ---- | M] (Logitech©) -- C:\Program Files (x86)\Logitech\G930\G930.exe
PRC - [2009/11/20 08:17:54 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009/10/15 14:06:46 | 000,223,464 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2009/10/15 14:06:42 | 000,375,000 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
PRC - [2009/08/24 14:38:06 | 000,068,136 | ---- | M] () -- C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/10 06:21:42 | 000,429,040 | ---- | M] () -- C:\Users\Usuario\AppData\Local\Google\Chrome\Application\17.0.963.79\ppgooglenaclpluginchrome.dll
MOD - [2012/03/10 06:21:41 | 003,772,912 | ---- | M] () -- C:\Users\Usuario\AppData\Local\Google\Chrome\Application\17.0.963.79\pdf.dll
MOD - [2012/03/10 06:20:17 | 000,122,880 | ---- | M] () -- C:\Users\Usuario\AppData\Local\Google\Chrome\Application\17.0.963.79\avutil-51.dll
MOD - [2012/03/10 06:20:16 | 000,220,672 | ---- | M] () -- C:\Users\Usuario\AppData\Local\Google\Chrome\Application\17.0.963.79\avformat-53.dll
MOD - [2012/03/10 06:20:15 | 001,747,456 | ---- | M] () -- C:\Users\Usuario\AppData\Local\Google\Chrome\Application\17.0.963.79\avcodec-53.dll
MOD - [2012/03/10 02:56:11 | 008,593,056 | ---- | M] () -- C:\Users\Usuario\AppData\Local\Google\Chrome\Application\17.0.963.79\gcswf32.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
MOD - [2009/06/27 10:11:12 | 000,503,202 | ---- | M] () -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/02/15 00:13:00 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/02/14 22:16:40 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/11/03 11:44:42 | 000,827,520 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe -- (IswSvc)
SRV:64bit: - [2011/10/18 14:32:28 | 000,161,168 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2011/10/18 14:23:24 | 000,208,536 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2011/10/18 14:23:06 | 000,199,272 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2011/06/23 15:23:52 | 000,501,768 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV:64bit: - [2010/04/06 16:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV:64bit: - [2009/07/13 22:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 22:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/03/22 15:40:54 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/02/28 17:38:54 | 002,343,816 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012/02/10 17:26:01 | 003,340,064 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_7de0ed9.dll -- (Akamai)
SRV - [2011/12/18 21:08:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/03 18:10:00 | 004,116,984 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/15 14:06:46 | 000,223,464 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009/08/24 14:38:06 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe -- (ES lite Service)
SRV - [2009/06/10 18:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/02/15 00:48:32 | 010,856,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/02/14 23:13:12 | 000,327,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/01/03 22:22:54 | 000,055,936 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
DRV:64bit: - [2012/01/03 22:22:54 | 000,055,936 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- c:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
DRV:64bit: - [2011/11/22 20:40:52 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2011/11/22 20:40:52 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2011/11/22 20:40:43 | 000,410,184 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ladfGSCamd64.sys -- (LADF_CaptureOnly)
DRV:64bit: - [2011/11/22 20:40:43 | 000,341,832 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ladfGSRamd64.sys -- (LADF_RenderOnly)
DRV:64bit: - [2011/11/19 09:16:12 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/11/03 11:44:22 | 000,033,672 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV:64bit: - [2011/10/15 13:16:16 | 000,647,080 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2011/10/15 13:16:16 | 000,481,768 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2011/10/15 13:16:16 | 000,284,648 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2011/10/15 13:16:16 | 000,229,528 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2011/10/15 13:16:16 | 000,160,280 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2011/10/15 13:16:16 | 000,100,912 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2011/10/15 13:16:16 | 000,075,808 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2011/10/15 13:16:16 | 000,065,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2011/09/21 10:25:54 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2011/08/07 12:43:20 | 000,230,352 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2011/05/24 20:40:10 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2011/05/07 17:51:32 | 000,454,232 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant)
DRV:64bit: - [2011/03/11 03:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 03:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 10:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 08:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 08:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/07/08 12:17:40 | 000,334,552 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ladfBakerRamd64.sys -- (LADF_BakerROnly)
DRV:64bit: - [2010/07/08 12:17:18 | 000,363,096 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ladfBakerCamd64.sys -- (LADF_BakerCOnly)
DRV:64bit: - [2010/04/27 11:56:38 | 000,021,544 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
DRV:64bit: - [2010/03/22 06:57:20 | 000,347,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010/01/27 00:05:00 | 000,231,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/11/20 08:16:02 | 000,177,152 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2009/11/20 08:15:58 | 000,075,776 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009/07/13 22:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 22:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 22:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 22:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 22:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (1394hub)
DRV:64bit: - [2009/06/10 17:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 17:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 17:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 17:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008/11/11 13:42:00 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2008/11/11 13:42:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2008/11/11 13:42:00 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2007/05/14 16:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2012/03/22 20:52:14 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2011/12/19 15:33:05 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2011/12/17 01:32:52 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\etdrv.sys -- (etdrv)
DRV - [2010/03/12 05:40:48 | 000,052,280 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Gigabyte\ET6\amd64\AODDriver.sys -- (AODDriver)
DRV - [2009/07/13 22:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005/01/02 18:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ar.msn.com/?r...AR&dcc=AR&opt=0
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 95 E0 87 AC 5F 02 CD 01 [binary data]
IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{73D766EB-3112-471e-8154-07A77D3A6716}: "URL" = http://www.bing.com/...=SPLBR2&pc=SPLH
IE - HKCU\..\SearchScopes\{7E258096-8430-4d70-AF28-2FEB892E83B9}: "URL" = http://www.google.co...2788:4067623346
IE - HKCU\..\SearchScopes\{C40B175E-9ABA-4a8a-9EA4-4FF82BC2AFD9}: "URL" = http://search.yahoo....cevm&type=STDVM
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=;ftp=;https=;


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.4: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.4: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Users\Usuario\AppData\Local\Roblox\Versions\version-59ef45ad660c45f5\\NPRobloxProxy.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Usuario\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Usuario\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2012/03/22 14:42:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/02/25 00:16:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2011/12/22 09:54:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2012/03/22 14:25:25 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Usuario\AppData\Local\Google\Chrome\Application\17.0.963.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Usuario\AppData\Local\Google\Chrome\Application\17.0.963.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Usuario\AppData\Local\Google\Chrome\Application\17.0.963.79\pdf.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Java™ Platform SE 7 U3 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: npFFApi (Enabled) = C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll
CHR - plugin: WPI Detector 1.4 (Enabled) = C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Usuario\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Roblox Launcher Plugin (Enabled) = C:\Users\Usuario\AppData\Local\Roblox\Versions\version-59ef45ad660c45f5\\NPRobloxProxy.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.18_0\
CHR - Extension: SiteAdvisor = C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\
CHR - Extension: Gmail = C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 18:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20111221225701.dll (McAfee, Inc.)
O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2:64bit: - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No CLSID value found.
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111221225701.dll (McAfee, Inc.)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [Logitech G930] C:\Program Files (x86)\Logitech\G930\G930.exe (Logitech©)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Usuario\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - Startup: C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech blank Product Registration.lnk = C:\Program Files (x86)\Logitech\G930\eReg.exe (Leader Technologies/Logitech)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1979 ([http] in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.3.0)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_03)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A211ED2F-02C5-4962-8E30-96622E81039C}: DhcpNameServer = 200.49.130.44 200.42.4.207 172.20.2.26
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{533002d4-14ef-11e1-9087-1c6f65ae73bb}\Shell - "" = AutoRun
O33 - MountPoints2\{533002d4-14ef-11e1-9087-1c6f65ae73bb}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\{74b24303-b790-11e0-afc0-1c6f65ae73bb}\Shell - "" = AutoRun
O33 - MountPoints2\{74b24303-b790-11e0-afc0-1c6f65ae73bb}\Shell\AutoRun\command - "" = "I:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/22 20:56:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/03/22 20:56:10 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Usuario\Desktop\OTL.exe
[2012/03/22 14:27:27 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/03/22 14:25:26 | 000,000,000 | ---D | C] -- C:\Users\Usuario\Documents\ForceField Shared Files
[2012/03/22 14:25:26 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Roaming\CheckPoint
[2012/03/22 14:25:08 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2012/03/22 14:25:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
[2012/03/22 14:25:00 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2012/03/22 14:22:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CheckPoint
[2012/03/22 13:41:13 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{91A5237F-7E7F-46F0-BEC5-95177AD2E123}
[2012/03/22 13:41:00 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{227F50D7-F8AD-44F6-948D-5B95BC64B8C2}
[2012/03/22 13:07:54 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{CBE59478-AEC1-48EF-9A07-6D45A7DC206F}
[2012/03/22 00:04:52 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{B250E7AE-7703-49C0-8582-DA5F365011B6}
[2012/03/22 00:04:17 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{A84A03E7-9527-4B7E-B74B-FFD2739DA69D}
[2012/03/21 23:29:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2012/03/21 23:29:43 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2012/03/21 23:17:33 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{7F3273DB-E174-47CE-8776-86357BB7780F}
[2012/03/21 23:17:20 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{09AB66F2-90AF-4F84-9AA6-F42342885F53}
[2012/03/21 23:08:26 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{B903252C-FB79-4D55-B34C-DB126251704D}
[2012/03/21 17:49:48 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{6C779CB5-4AA6-4153-8182-901CB22652B9}
[2012/03/21 08:55:06 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{FFF5E64D-4E25-4AB9-98B6-9F049E079CD5}
[2012/03/21 08:54:30 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{C4A31188-813A-427C-85E3-1511B6B808A0}
[2012/03/20 11:43:41 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{00B1233B-198A-4034-909D-04E25CA23E9E}
[2012/03/20 11:43:06 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{0A25CD7D-8035-4153-9023-07C291275115}
[2012/03/19 23:42:40 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{5205A4F7-A8B7-43E8-B962-AAC1972F53A4}
[2012/03/19 23:42:04 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{E56B8373-FC6C-4FA2-B42E-D1A533E570FE}
[2012/03/19 17:28:56 | 000,000,000 | ---D | C] -- C:\Users\Usuario\Dropbox
[2012/03/19 17:25:29 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2012/03/19 17:24:56 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Roaming\Dropbox
[2012/03/19 11:41:34 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{B0184B59-C023-46E0-822B-37E143BCE636}
[2012/03/19 11:41:21 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{6980CE66-DCED-48A4-9D83-D2F0E28D79CA}
[2012/03/18 20:18:15 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{10417EC3-30E3-4485-9688-8144B5E4A195}
[2012/03/18 20:17:40 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{5D275BE2-9259-48EF-9DB1-281D0CE4E450}
[2012/03/18 16:25:50 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{ECBFF8D6-33BD-473C-B0F8-B8D1459ABA38}
[2012/03/18 00:17:36 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{EE857735-2D78-4D35-A7C3-5A3B4F087C2C}
[2012/03/18 00:17:01 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{735D69A8-661B-4B94-947A-F6648DCD2048}
[2012/03/17 00:39:43 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{A4D80499-E54F-4C92-8AE6-860E71572180}
[2012/03/17 00:39:08 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{CF1D0C19-2BCC-42DB-8915-78D04C8135BC}
[2012/03/17 00:17:05 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/03/16 12:31:52 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{46455393-292A-4C12-8D22-4D14AA6BDDE8}
[2012/03/16 12:31:16 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{396E845D-4E9F-49B6-9ECE-F7731957B0B6}
[2012/03/16 00:30:47 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{1CA044D6-CB67-4EE9-A905-37FAF074124D}
[2012/03/16 00:30:11 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{30C99B21-0889-480B-AF55-CEBFD52ADA75}
[2012/03/15 11:23:57 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{34697E7E-C439-4E58-A3E9-0AC4DC7D3799}
[2012/03/15 11:23:22 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{5781A4BC-25FC-449E-82FC-A6B91EB14593}
[2012/03/14 23:22:54 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{8A835B8F-7CBC-4C20-838C-C342DD38D959}
[2012/03/14 23:22:18 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{F23A7E84-D0DF-44D8-8924-7408509A2ACE}
[2012/03/14 15:39:46 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012/03/14 15:34:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2012/03/14 15:34:40 | 000,000,000 | ---D | C] -- C:\Program Files\AMD
[2012/03/14 15:34:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012/03/14 15:34:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2012/03/14 11:21:51 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{BEE21756-2A57-4BBE-83AC-E9F3A2B7C75E}
[2012/03/14 11:21:16 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{901F85AE-957C-440B-ADBE-7E8438F30272}
[2012/03/13 23:20:48 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{F83357D2-2440-4316-9C7F-9DA3D55576CC}
[2012/03/13 23:20:14 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{4BAA8DE4-D660-4DAA-A10D-E4AD3589FE0A}
[2012/03/13 18:29:32 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Roaming\.Nitrous
[2012/03/13 08:54:47 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{CD349D1B-DC97-4E1D-BF8B-DF5FCB390F41}
[2012/03/13 08:54:11 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{C7A01AF5-346C-419A-8AE3-3E9C811C7131}
[2012/03/12 20:53:45 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{E5707995-B585-4644-B300-F529FCD4070B}
[2012/03/12 20:53:32 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{20BD95C7-60C6-4319-AC7B-DAFA82AB073D}
[2012/03/12 08:22:18 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{82449D8C-FC76-480D-A655-121A6DC2112A}
[2012/03/12 08:22:05 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{D502147E-7927-4474-8434-35436BE764A8}
[2012/03/11 21:43:39 | 000,000,000 | ---D | C] -- C:\Users\Usuario\Zomboid
[2012/03/11 21:37:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/03/11 14:23:33 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Roaming\RotMG.Production
[2012/03/11 13:49:15 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{9A86DDBD-CFF5-4224-9DA7-EF830D8654D3}
[2012/03/11 13:48:39 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{90C9BA01-C9CA-48DF-AA62-F5A4A7E9D0B6}
[2012/03/11 01:48:10 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{A1B95D00-4102-4FB2-AF69-89872E357A11}
[2012/03/11 01:47:35 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{2584EA5F-DB77-49FE-9DAC-158891719196}
[2012/03/10 13:47:14 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{87330367-6691-4CA7-B79E-D3FFF7EFC1AD}
[2012/03/10 13:46:38 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{050760B5-F6F3-420E-B965-531E1AA24938}
[2012/03/10 01:46:10 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{F2259874-2083-46A8-8391-F743066D273E}
[2012/03/10 01:45:55 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{12A406DE-3011-48A5-8131-46761F8E8235}
[2012/03/09 12:39:25 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{0D01B0BB-F090-4235-9D31-2443B4B51897}
[2012/03/09 12:39:06 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{9AE96E50-87EE-4372-9062-C90550B7C4CC}
[2012/03/09 00:24:00 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{23AD8432-6D9B-4D47-885C-ECB84250CD7B}
[2012/03/09 00:23:24 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{AD981023-DDBF-4743-B9B2-79AFFD09B5D0}
[2012/03/08 12:22:55 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{B4CCEC7B-1A09-4CAB-A66F-D98C493F300A}
[2012/03/08 12:22:19 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{1ABA6B8D-DD51-4E5D-93AA-42985135DC38}
[2012/03/08 00:21:53 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{65750DF7-1342-42DF-8553-572D1038038A}
[2012/03/08 00:21:17 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{0E0E6379-B9A8-48D8-8EEA-5F9BE9D975F3}
[2012/03/07 18:26:10 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/03/07 12:20:50 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{F5119AE3-14F7-4236-B183-F760B0408FCE}
[2012/03/07 12:20:17 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{F75D2100-667E-4614-A2AA-65AEB71F8B56}
[2012/03/07 11:28:20 | 000,000,000 | -HSD | C] -- C:\found.000
[2012/03/07 00:19:49 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{E2CE3E38-B879-4D24-BB8B-37C382418EEB}
[2012/03/07 00:19:14 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{A2E7544A-210A-42FC-A38B-0A64CB4838BD}
[2012/03/06 10:10:22 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{5D5C8AF0-F6B3-47E9-AD32-84C4F2F47C27}
[2012/03/06 10:09:46 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{E8EEDD9D-26F0-4B8D-BB41-DEB4362CB109}
[2012/03/05 22:09:17 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{4278DD47-08E5-46D9-9036-BBBB078A562A}
[2012/03/05 22:08:42 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{B50D3389-3367-4DBD-B779-A292220546A3}
[2012/03/05 21:57:23 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Roaming\LOVE
[2012/03/05 09:02:31 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{74B62CFD-1E8A-4061-9C1D-34B186337A59}
[2012/03/05 09:01:50 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{96AAEFC8-6B2E-48F0-B15B-429C516F10C0}
[2012/03/05 08:50:22 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{A3A784E4-3BD8-4F64-A0C2-A378BA6D6250}
[2012/03/04 15:55:49 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{559D0405-852B-4BC6-AC8E-D7B63CB1292E}
[2012/03/04 15:55:13 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{C4886E2D-951B-4505-AD01-B61BB611AC97}
[2012/03/04 00:10:00 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{C7D28A75-8E96-4216-B041-E029C6709BB3}
[2012/03/04 00:09:25 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{C0FEF6A2-7CD5-4458-8127-823498502D58}
[2012/03/03 12:08:54 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{D7E60828-A1C9-4531-9968-2E5748139A6F}
[2012/03/03 12:08:15 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{9FE4518A-C215-48F7-ADA3-0703A3BF843A}
[2012/03/03 00:07:22 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{81F50C63-36FE-42F3-A45D-9E877371C4C4}
[2012/03/03 00:07:09 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{1A3E159E-C333-40CA-AACF-F601AE440299}
[2012/03/02 18:29:59 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Roaming\.minecraft
[2012/03/02 12:06:31 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{8F7F5E44-6789-486E-A78B-552CEDE2ECE6}
[2012/03/02 12:06:08 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{AB453612-3A0A-42D7-AD1F-2C7AFEF81293}
[2012/03/01 09:04:54 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{04D54C1B-9121-4207-954C-5C9607ADE97F}
[2012/03/01 09:04:19 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{E3AB5512-7D77-4747-A416-342E8BCAE67F}
[2012/03/01 00:30:44 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Roaming\JoyChina
[2012/02/29 19:32:13 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{7A2E65DA-B84C-4805-AF1A-EDFA1A13E99A}
[2012/02/29 19:31:38 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{220ECC77-5820-4FF3-A08D-0148E4BDCE19}
[2012/02/29 09:05:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012/02/29 09:05:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2012/02/29 00:29:35 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{D23ECB85-3E80-4FE2-907F-35E7184099BE}
[2012/02/29 00:29:00 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{A6E4430C-95A2-4C5A-9B42-0F067B0A383F}
[2012/02/28 12:28:32 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{5847C161-50B9-4B62-9991-6A749CDE6A7B}
[2012/02/28 12:27:56 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{F452981C-8297-4691-9C25-078B3E8517DD}
[2012/02/28 00:27:27 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{C246A2CC-1B35-4757-8A04-5DB3AD1A68A6}
[2012/02/27 12:26:34 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{2EBEE2FC-5F38-40A3-B319-2DE91E478FD1}
[2012/02/27 00:25:46 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{F2CF8B56-7190-4842-BEBF-5C58D6D01C44}
[2012/02/26 12:24:52 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{2B9A756B-4405-42F9-84AF-BC4A2D89F4AC}
[2012/02/26 12:24:33 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{9D01E286-D4C2-4301-BE40-BC67FDD5BAC6}
[2012/02/26 00:20:12 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{8317828C-1B85-4A4B-AE5A-6DCCC5C0B0A3}
[2012/02/25 12:19:21 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{9CAF6892-0FD0-42AC-A209-EFE58056DD26}
[2012/02/25 12:18:44 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{DD058197-C50E-456C-8905-7C0176AEF035}
[2012/02/25 00:18:14 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{7329A6A6-913C-4792-8D18-C0481CA5641F}
[2012/02/25 00:17:44 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{5943F0FD-3300-471D-9D6F-612604615240}
[2012/02/24 11:08:07 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{2B85720F-9036-46CC-B9A0-CB203850E42F}
[2012/02/24 11:07:54 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{AA337F15-48FD-4155-B6CD-92C20EA1C237}
[2012/02/23 22:15:30 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{548600E4-515C-434F-9036-A09F27CB428A}
[2012/02/23 22:14:54 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{78E1A343-420B-4DDE-A28F-71FB930E7C98}
[2012/02/23 10:14:26 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{31F0883D-C8E7-4C55-8237-EEF9A49FE039}
[2012/02/23 10:13:50 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{A14B6BCF-93FD-45EE-95C7-E63D128B8F98}
[2012/02/22 22:13:21 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{D9AD76CA-3D93-4F5A-B253-9EA2C8CD6EAA}
[2012/02/22 22:12:45 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{BB96E69C-A835-4005-ADB7-C0B38B6B7FE8}
[2012/02/22 01:41:09 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{FDBF2133-B57A-4306-8BD1-7F0DD9139635}
[2012/02/22 01:40:34 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{FAC114C1-1DD4-4AFE-A261-2026CD4C626C}

========== Files - Modified Within 30 Days ==========

[2012/03/22 20:59:30 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/22 20:59:30 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/22 20:56:14 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Usuario\Desktop\OTL.exe
[2012/03/22 20:52:05 | 000,000,204 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2012/03/22 20:51:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/22 20:51:48 | 2145,558,527 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/22 20:42:03 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-601339211-1191364849-2417053759-1000UA.job
[2012/03/22 20:41:48 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-601339211-1191364849-2417053759-1000Core.job
[2012/03/22 16:21:49 | 001,805,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/22 16:21:49 | 000,792,724 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
[2012/03/22 16:21:49 | 000,709,772 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/22 16:21:49 | 000,176,206 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
[2012/03/22 16:21:49 | 000,140,076 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/22 14:27:17 | 576,922,161 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/03/22 14:25:56 | 000,411,107 | ---- | M] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2012/03/22 11:49:00 | 000,000,202 | ---- | M] () -- C:\Windows\tasks\AutoKMSDaily.job
[2012/03/21 23:30:00 | 000,001,116 | ---- | M] () -- C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech blank Product Registration.lnk
[2012/03/17 00:23:35 | 000,007,605 | ---- | M] () -- C:\Users\Usuario\AppData\Local\Resmon.ResmonCfg
[2012/03/14 17:33:47 | 001,368,187 | ---- | M] () -- C:\Users\Usuario\Desktop\mcpatcher-2.3.4_01.exe
[2012/03/14 15:34:44 | 000,002,047 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AML Device Install.lnk
[2012/03/14 08:51:49 | 000,420,376 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/03/12 18:29:53 | 000,002,409 | ---- | M] () -- C:\Users\Usuario\Desktop\Google Chrome.lnk
[2012/03/10 20:40:19 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/03/10 18:05:00 | 000,001,280 | ---- | M] () -- C:\Users\Usuario\Desktop\Play Roblox.lnk
[2012/03/05 23:49:21 | 000,001,828 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Total Protection.lnk

========== Files Created - No Company Name ==========

[2012/03/22 14:27:17 | 576,922,161 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012/03/22 14:25:34 | 000,411,107 | ---- | C] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2012/03/21 23:30:00 | 000,001,116 | ---- | C] () -- C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech blank Product Registration.lnk
[2012/03/17 00:23:35 | 000,007,605 | ---- | C] () -- C:\Users\Usuario\AppData\Local\Resmon.ResmonCfg
[2012/03/14 17:33:42 | 001,368,187 | ---- | C] () -- C:\Users\Usuario\Desktop\mcpatcher-2.3.4_01.exe
[2012/03/14 15:34:44 | 000,002,047 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AML Device Install.lnk
[2012/03/07 18:26:11 | 000,002,409 | ---- | C] () -- C:\Users\Usuario\Desktop\Google Chrome.lnk
[2012/03/07 18:24:59 | 000,000,916 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-601339211-1191364849-2417053759-1000UA.job
[2012/03/07 18:24:58 | 000,000,864 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-601339211-1191364849-2417053759-1000Core.job
[2012/02/14 23:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/02/14 23:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/02/14 22:05:16 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2012/01/31 06:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011/12/21 01:09:36 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011/12/19 13:09:34 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/11/30 22:59:26 | 000,042,392 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2011/11/18 22:05:08 | 000,163,840 | ---- | C] () -- C:\Windows\IsUninst.exe
[2011/09/20 23:00:15 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
[2011/09/20 23:00:15 | 000,002,411 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2011/08/19 22:26:40 | 001,710,940 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/07/26 11:38:20 | 000,000,184 | ---- | C] () -- C:\Windows\AutoKMS.ini
[2011/07/26 11:06:49 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/07/25 20:25:29 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2011/07/25 18:32:07 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini

========== LOP Check ==========

[2012/03/21 17:46:39 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\.minecraft
[2012/03/13 18:29:52 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\.Nitrous
[2012/03/17 00:13:59 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\BitTorrent
[2012/03/21 17:47:04 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\Blender Foundation
[2012/03/22 14:25:26 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\CheckPoint
[2011/11/23 18:09:34 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\DAEMON Tools Lite
[2012/03/21 17:37:12 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\Dropbox
[2012/03/01 00:30:46 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\JoyChina
[2011/11/22 19:19:02 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\Leadertech
[2012/03/05 21:57:23 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\LOVE
[2012/01/05 23:55:39 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\MoreTerra
[2011/09/28 21:20:43 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\Publish Providers
[2012/03/11 14:23:33 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\RotMG.Production
[2011/12/29 22:23:48 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\runic games
[2011/09/28 21:20:41 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\Sony
[2012/02/20 02:00:20 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\SuperHideIP
[2011/09/12 21:53:01 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\TeamViewer
[2012/01/24 22:26:33 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\Tomato
[2011/08/07 13:28:13 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\TrueCrypt
[2012/02/17 19:11:34 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\TS3Client
[2011/12/01 19:51:50 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\ts3overlay
[2011/08/21 11:28:47 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\TuneUp Software
[2012/03/17 00:13:59 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\uTorrent
[2012/03/22 20:52:05 | 000,000,204 | ---- | M] () -- C:\Windows\Tasks\AutoKMS.job
[2012/03/22 11:49:00 | 000,000,202 | ---- | M] () -- C:\Windows\Tasks\AutoKMSDaily.job
[2012/02/24 11:06:57 | 000,032,636 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >


Thanks in advance for taking your time to read this, i really appreciate it. My PC is the world to me.

Edited by Micaso, 22 March 2012 - 06:24 PM.

  • 0

Advertisement


#2
azarl

azarl

    GeekU Teacher

  • GeekU Moderator
  • 20,658 posts
Hi Micaso

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Files
    ipconfig /all /c
    
  • Then click the Run Fix button at the top
  • Post the log it produces in your next reply.

  • 0

#3
Micaso

Micaso

    Member

  • Member
  • PipPip
  • 43 posts
Hello Azarl, here's the log you requested.


========== FILES ==========
< ipconfig /all /c >
Windows IP Configuration
Host Name . . . . . . . . . . . . : Usuario-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Conexión de área local:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 1C-6F-65-AE-73-BB
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::2d4c:48ff:4989:dfae%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.4(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Monday, April 02, 2012 1:53:40 PM
Lease Expires . . . . . . . . . . : Monday, April 02, 2012 3:23:41 PM
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 236744549
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-BF-9A-4D-1C-6F-65-AE-73-BB
DNS Servers . . . . . . . . . . . : 200.49.130.44
200.42.4.207
172.20.2.26
NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter Hamachi:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Hamachi Network Interface
Physical Address. . . . . . . . . : 7A-79-05-47-F9-B9
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2620:9b::547:f9b9(Preferred)
Link-local IPv6 Address . . . . . : fe80::e852:f6af:4062:770f%12(Preferred)
IPv4 Address. . . . . . . . . . . : 5.71.249.185(Preferred)
Subnet Mask . . . . . . . . . . . : 255.0.0.0
Lease Obtained. . . . . . . . . . : Monday, April 02, 2012 1:53:35 PM
Lease Expires . . . . . . . . . . : Tuesday, April 02, 2013 1:55:42 PM
Default Gateway . . . . . . . . . : 5.0.0.1
DHCP Server . . . . . . . . . . . : 5.0.0.1
DHCPv6 IAID . . . . . . . . . . . : 293239260
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-BF-9A-4D-1C-6F-65-AE-73-BB
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter Conexión de área local* 13:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Adaptador 6to4 de Microsoft #5
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{A211ED2F-02C5-4962-8E30-96622E81039C}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Adaptador ISATAP de Microsoft
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:8:1cc:41ec:651a(Preferred)
Link-local IPv6 Address . . . . . : fe80::8:1cc:41ec:651a%21(Preferred)
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Disabled
Tunnel adapter isatap.{FD1740EF-FD2C-4710-A982-C4432AA3F30B}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Adaptador ISATAP de Microsoft #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
C:\Users\Usuario\Desktop\cmd.bat deleted successfully.
C:\Users\Usuario\Desktop\cmd.txt deleted successfully.

OTL by OldTimer - Version 3.2.39.2 log created on 04022012_144756
  • 0

#4
azarl

azarl

    GeekU Teacher

  • GeekU Moderator
  • 20,658 posts
Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy & Paste the entire report in your next reply.
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.
  • 0

#5
Micaso

Micaso

    Member

  • Member
  • PipPip
  • 43 posts
Here's the Malwarebytes log.


Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.04.03.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Usuario :: USUARIO-PC [administrator]

Protection: Enabled

4/3/2012 6:49:02 AM
mbam-log-2012-04-03 (06-49-02).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 198902
Time elapsed: 5 minute(s), 10 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
  • 0

#6
azarl

azarl

    GeekU Teacher

  • GeekU Moderator
  • 20,658 posts
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A211ED2F-02C5-4962-8E30-96622E81039C}: DhcpNameServer = 200.49.130.44 200.42.4.207 172.20.2.26
    
    :files
    ipconfig /flushdns  /C
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image
  • 0

#7
Micaso

Micaso

    Member

  • Member
  • PipPip
  • 43 posts
Alrighty. Here's the OTL Log:


OTL logfile created on: 4/3/2012 12:57:45 PM - Run 2
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Usuario\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.36 Gb Available Physical Memory | 79.50% Memory free
15.99 Gb Paging File | 14.19 Gb Available in Paging File | 88.72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.41 Gb Total Space | 686.23 Gb Free Space | 73.68% Space Free | Partition Type: NTFS

Computer Name: USUARIO-PC | User Name: Usuario | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/22 20:56:14 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Usuario\Desktop\OTL.exe
PRC - [2012/03/13 05:37:52 | 003,331,872 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Usuario\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/02/14 22:49:08 | 000,636,032 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/12/18 21:08:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2011/12/18 21:04:24 | 000,073,360 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/10/26 22:36:08 | 000,393,216 | ---- | M] (AMD) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
PRC - [2010/08/10 13:25:20 | 001,492,312 | ---- | M] (Logitech©) -- C:\Program Files (x86)\Logitech\G930\G930.exe
PRC - [2009/11/20 08:17:54 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009/10/15 14:06:46 | 000,223,464 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2009/10/15 14:06:42 | 000,375,000 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
PRC - [2009/08/24 14:38:06 | 000,068,136 | ---- | M] () -- C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe


========== Modules (No Company Name) ==========

MOD - [2012/03/26 23:28:43 | 000,444,400 | ---- | M] () -- C:\Users\Usuario\AppData\Local\Google\Chrome\Application\18.0.1025.142\ppgooglenaclpluginchrome.dll
MOD - [2012/03/26 23:28:42 | 003,915,248 | ---- | M] () -- C:\Users\Usuario\AppData\Local\Google\Chrome\Application\18.0.1025.142\pdf.dll
MOD - [2012/03/26 23:27:17 | 000,122,880 | ---- | M] () -- C:\Users\Usuario\AppData\Local\Google\Chrome\Application\18.0.1025.142\avutil-51.dll
MOD - [2012/03/26 23:27:16 | 000,220,672 | ---- | M] () -- C:\Users\Usuario\AppData\Local\Google\Chrome\Application\18.0.1025.142\avformat-53.dll
MOD - [2012/03/26 23:27:14 | 001,747,456 | ---- | M] () -- C:\Users\Usuario\AppData\Local\Google\Chrome\Application\18.0.1025.142\avcodec-53.dll
MOD - [2009/06/27 10:11:12 | 000,503,202 | ---- | M] () -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/02/15 00:13:00 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/02/14 22:16:40 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/11/03 11:44:42 | 000,827,520 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe -- (IswSvc)
SRV:64bit: - [2011/10/18 14:32:28 | 000,161,168 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp)
SRV:64bit: - [2011/10/18 14:23:24 | 000,208,536 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - [2011/10/18 14:23:06 | 000,199,272 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - [2011/06/23 15:23:52 | 000,501,768 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV:64bit: - [2011/01/27 18:28:20 | 000,249,936 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV:64bit: - [2010/04/06 16:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV:64bit: - [2009/07/13 22:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 22:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/03/27 20:21:49 | 003,417,376 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_6c825ce.dll -- (Akamai)
SRV - [2012/03/22 15:40:54 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/02/28 17:38:54 | 002,343,816 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/12/18 21:08:42 | 002,420,616 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/03 18:10:00 | 004,116,984 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/15 14:06:46 | 000,223,464 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009/08/24 14:38:06 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe -- (ES lite Service)
SRV - [2009/06/10 18:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/02/15 00:48:32 | 010,856,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/02/14 23:13:12 | 000,327,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/01/03 22:22:54 | 000,055,936 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1)
DRV:64bit: - [2012/01/03 22:22:54 | 000,055,936 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- c:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01)
DRV:64bit: - [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/11/22 20:40:52 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2011/11/22 20:40:52 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2011/11/22 20:40:43 | 000,410,184 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ladfGSCamd64.sys -- (LADF_CaptureOnly)
DRV:64bit: - [2011/11/22 20:40:43 | 000,341,832 | ---- | M] (Logitech) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ladfGSRamd64.sys -- (LADF_RenderOnly)
DRV:64bit: - [2011/11/19 09:16:12 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/11/03 11:44:22 | 000,033,672 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV:64bit: - [2011/10/15 13:16:16 | 000,647,080 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk)
DRV:64bit: - [2011/10/15 13:16:16 | 000,481,768 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek)
DRV:64bit: - [2011/10/15 13:16:16 | 000,284,648 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk)
DRV:64bit: - [2011/10/15 13:16:16 | 000,229,528 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk)
DRV:64bit: - [2011/10/15 13:16:16 | 000,160,280 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk)
DRV:64bit: - [2011/10/15 13:16:16 | 000,100,912 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet)
DRV:64bit: - [2011/10/15 13:16:16 | 000,075,808 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk)
DRV:64bit: - [2011/10/15 13:16:16 | 000,065,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids)
DRV:64bit: - [2011/09/21 10:25:54 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2011/08/07 12:43:20 | 000,230,352 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2011/05/24 20:40:10 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2011/05/07 17:51:32 | 000,454,232 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant)
DRV:64bit: - [2011/03/11 03:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 03:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 10:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 08:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 08:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/07/08 12:17:40 | 000,334,552 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ladfBakerRamd64.sys -- (LADF_BakerROnly)
DRV:64bit: - [2010/07/08 12:17:18 | 000,363,096 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ladfBakerCamd64.sys -- (LADF_BakerCOnly)
DRV:64bit: - [2010/04/27 11:56:38 | 000,021,544 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
DRV:64bit: - [2010/03/22 06:57:20 | 000,347,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2010/01/27 00:05:00 | 000,231,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/11/20 08:16:02 | 000,177,152 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2009/11/20 08:15:58 | 000,075,776 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009/07/13 22:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 22:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 22:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 22:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 22:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\svchost.exe -- (1394hub)
DRV:64bit: - [2009/06/10 17:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 17:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 17:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 17:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008/11/11 13:42:00 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2008/11/11 13:42:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2008/11/11 13:42:00 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2007/05/14 16:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2012/04/03 12:55:38 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2011/12/19 15:33:05 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2011/12/17 01:32:52 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\etdrv.sys -- (etdrv)
DRV - [2010/03/12 05:40:48 | 000,052,280 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Gigabyte\ET6\amd64\AODDriver.sys -- (AODDriver)
DRV - [2009/07/13 22:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005/01/02 18:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ar.msn.com/?r...AR&dcc=AR&opt=1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 47 28 0B 73 98 0F CD 01 [binary data]
IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{73D766EB-3112-471e-8154-07A77D3A6716}: "URL" = http://www.bing.com/...=SPLBR2&pc=SPLH
IE - HKCU\..\SearchScopes\{7E258096-8430-4d70-AF28-2FEB892E83B9}: "URL" = http://www.google.co...2788:4067623346
IE - HKCU\..\SearchScopes\{C40B175E-9ABA-4a8a-9EA4-4FF82BC2AFD9}: "URL" = http://search.yahoo....cevm&type=STDVM
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=;ftp=;https=;


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.4: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.4: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@nsroblox.roblox.com/launcher: C:\Users\Usuario\AppData\Local\Roblox\Versions\version-59ef45ad660c45f5\\NPRobloxProxy.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Usuario\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Usuario\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2012/03/22 14:42:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/02/25 00:16:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2011/12/22 09:54:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2012/03/22 14:25:25 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Usuario\AppData\Local\Google\Chrome\Application\18.0.1025.142\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Usuario\AppData\Local\Google\Chrome\Application\18.0.1025.142\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Usuario\AppData\Local\Google\Chrome\Application\18.0.1025.142\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\McChPlg.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Java™ Platform SE 7 U3 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: npFFApi (Enabled) = C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll
CHR - plugin: WPI Detector 1.4 (Enabled) = C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Usuario\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Roblox Launcher Plugin (Enabled) = C:\Users\Usuario\AppData\Local\Roblox\Versions\version-59ef45ad660c45f5\\NPRobloxProxy.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
CHR - Extension: YouTube = C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: SiteAdvisor = C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.41.123.2_0\
CHR - Extension: Gmail = C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009/06/10 18:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20111221225701.dll (McAfee, Inc.)
O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O2:64bit: - BHO: (no name) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - No CLSID value found.
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20111221225701.dll (McAfee, Inc.)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [Logitech G930] C:\Program Files (x86)\Logitech\G930\G930.exe (Logitech©)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Usuario\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1979 ([http] in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.3.0)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_03)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A211ED2F-02C5-4962-8E30-96622E81039C}: DhcpNameServer = 200.49.130.44 200.42.4.207 172.20.2.26
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{533002d4-14ef-11e1-9087-1c6f65ae73bb}\Shell - "" = AutoRun
O33 - MountPoints2\{533002d4-14ef-11e1-9087-1c6f65ae73bb}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O33 - MountPoints2\{74b24303-b790-11e0-afc0-1c6f65ae73bb}\Shell - "" = AutoRun
O33 - MountPoints2\{74b24303-b790-11e0-afc0-1c6f65ae73bb}\Shell\AutoRun\command - "" = "I:\WD SmartWare.exe" autoplay=true
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/04/03 13:00:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
[2012/04/03 06:47:57 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Roaming\Malwarebytes
[2012/04/03 06:47:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/04/03 06:47:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/04/03 06:47:52 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/04/03 06:47:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/04/03 01:55:10 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{4CBC36F2-4EAC-426A-B9B5-B903BF080811}
[2012/04/02 14:47:56 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/04/02 13:54:28 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{16390596-3B57-4F9F-A2EA-D394AF3FD4FD}
[2012/04/01 10:50:45 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{E9B45E7C-C680-4A58-B4D8-AF0A1959DF7A}
[2012/03/31 16:42:35 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{BD1B2ED9-D1AE-440F-889B-64238BDB75D6}
[2012/03/31 13:22:58 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\project64 1.6
[2012/03/31 12:54:02 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{CE6A6EC1-1959-44C6-9F54-8F0B83852832}
[2012/03/31 00:37:28 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{DE414A5B-DCD6-4200-BB58-FAF6122F604F}
[2012/03/30 12:37:03 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{3DCA1130-2F10-4B6D-8424-C96510920267}
[2012/03/30 00:36:15 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{305BA533-8DF2-4020-90FC-397BA55BA4AB}
[2012/03/29 12:31:57 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{D2E935B6-EC4E-4A30-9E85-C69543DB10E2}
[2012/03/28 13:33:01 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{14663476-011C-4E39-ADDD-6F1F3E224E5A}
[2012/03/28 13:32:34 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{1C8A7BD9-FD1D-49FB-BD31-3BCE7BFE8374}
[2012/03/28 00:14:30 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{1DC54AC2-C5E4-46AF-9AB4-8D7C7FAB458A}
[2012/03/28 00:13:55 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{2BDEBBD6-61B7-44C2-9646-D780BE72D42C}
[2012/03/27 09:17:36 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{A93E5EB1-6078-4E67-A8B8-879E10810DDB}
[2012/03/27 09:17:01 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{9C3F94D8-BC47-45A6-9186-833B05CEC663}
[2012/03/26 21:16:35 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{A256DC61-B0D5-4257-ACF0-BC269313CD39}
[2012/03/26 21:16:00 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{54D40C58-5B81-4E75-B189-AF8DBDEE0CA8}
[2012/03/26 08:04:17 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{CF0377E6-F4CC-4C62-9274-136629DAB858}
[2012/03/26 08:03:41 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{C57774DF-C514-42C2-AE5D-6E459D319666}
[2012/03/26 07:12:57 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{C791804F-2ADB-49F4-B69D-76FBCE586EFF}
[2012/03/25 14:26:06 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{FBACEFDB-2DA0-4BDD-A5DE-AD388631AC60}
[2012/03/25 02:25:18 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{6F67C137-B212-4AB7-93F7-B82BE26D9E64}
[2012/03/24 14:24:26 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{6983A452-09A8-490A-A5BB-02E93C0DC1A4}
[2012/03/24 14:24:07 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{61DE86DE-99E2-41DD-AC05-4C4F4E782D03}
[2012/03/24 13:54:59 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{D0FDBD54-CC51-4F5D-839C-C7504490D1ED}
[2012/03/24 13:44:58 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{0CAA6341-7C22-4764-AA2B-E55FD76A0654}
[2012/03/24 01:44:29 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{BE1BA2EC-884D-4785-B681-33370A1F5E24}
[2012/03/24 01:43:55 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{1C4F6BD5-455F-40CB-8E5A-073942AFBF38}
[2012/03/23 13:43:21 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{835FA4BB-0CD3-487D-AA9F-7A2251C0224E}
[2012/03/23 13:42:46 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{1CD89E59-B2A0-4DCC-912F-0598879086A3}
[2012/03/23 01:42:16 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{7B074F86-BCEA-43E3-90A4-AEC9D50BA012}
[2012/03/23 01:41:42 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{8583E778-789D-4564-BC82-A62CEF3C9367}
[2012/03/22 21:40:43 | 000,000,000 | ---D | C] -- C:\Windows\symbols
[2012/03/22 21:35:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WCF RIA Services V1.0 SP1
[2012/03/22 21:34:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 4 SDK - Español
[2012/03/22 21:33:51 | 000,000,000 | ---D | C] -- C:\ProgramData\VS
[2012/03/22 20:56:10 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Usuario\Desktop\OTL.exe
[2012/03/22 14:27:27 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012/03/22 14:25:26 | 000,000,000 | ---D | C] -- C:\Users\Usuario\Documents\ForceField Shared Files
[2012/03/22 14:25:26 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Roaming\CheckPoint
[2012/03/22 14:25:08 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2012/03/22 14:25:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
[2012/03/22 14:25:00 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2012/03/22 14:22:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CheckPoint
[2012/03/22 13:41:13 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{91A5237F-7E7F-46F0-BEC5-95177AD2E123}
[2012/03/22 13:41:00 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{227F50D7-F8AD-44F6-948D-5B95BC64B8C2}
[2012/03/22 13:07:54 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{CBE59478-AEC1-48EF-9A07-6D45A7DC206F}
[2012/03/22 00:04:52 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{B250E7AE-7703-49C0-8582-DA5F365011B6}
[2012/03/22 00:04:17 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{A84A03E7-9527-4B7E-B74B-FFD2739DA69D}
[2012/03/21 23:29:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2012/03/21 23:29:43 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2012/03/21 23:17:33 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{7F3273DB-E174-47CE-8776-86357BB7780F}
[2012/03/21 23:17:20 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{09AB66F2-90AF-4F84-9AA6-F42342885F53}
[2012/03/21 23:08:26 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{B903252C-FB79-4D55-B34C-DB126251704D}
[2012/03/21 17:49:48 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{6C779CB5-4AA6-4153-8182-901CB22652B9}
[2012/03/21 08:55:06 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{FFF5E64D-4E25-4AB9-98B6-9F049E079CD5}
[2012/03/21 08:54:30 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{C4A31188-813A-427C-85E3-1511B6B808A0}
[2012/03/20 11:43:41 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{00B1233B-198A-4034-909D-04E25CA23E9E}
[2012/03/20 11:43:06 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{0A25CD7D-8035-4153-9023-07C291275115}
[2012/03/19 23:42:40 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{5205A4F7-A8B7-43E8-B962-AAC1972F53A4}
[2012/03/19 23:42:04 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{E56B8373-FC6C-4FA2-B42E-D1A533E570FE}
[2012/03/19 17:28:56 | 000,000,000 | ---D | C] -- C:\Users\Usuario\Dropbox
[2012/03/19 17:25:29 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
[2012/03/19 17:24:56 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Roaming\Dropbox
[2012/03/19 11:41:34 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{B0184B59-C023-46E0-822B-37E143BCE636}
[2012/03/19 11:41:21 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{6980CE66-DCED-48A4-9D83-D2F0E28D79CA}
[2012/03/18 20:18:15 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{10417EC3-30E3-4485-9688-8144B5E4A195}
[2012/03/18 20:17:40 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{5D275BE2-9259-48EF-9DB1-281D0CE4E450}
[2012/03/18 16:25:50 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{ECBFF8D6-33BD-473C-B0F8-B8D1459ABA38}
[2012/03/18 00:17:36 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{EE857735-2D78-4D35-A7C3-5A3B4F087C2C}
[2012/03/18 00:17:01 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{735D69A8-661B-4B94-947A-F6648DCD2048}
[2012/03/17 00:39:43 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{A4D80499-E54F-4C92-8AE6-860E71572180}
[2012/03/17 00:39:08 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{CF1D0C19-2BCC-42DB-8915-78D04C8135BC}
[2012/03/17 00:17:05 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/03/16 12:31:52 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{46455393-292A-4C12-8D22-4D14AA6BDDE8}
[2012/03/16 12:31:16 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{396E845D-4E9F-49B6-9ECE-F7731957B0B6}
[2012/03/16 00:30:47 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{1CA044D6-CB67-4EE9-A905-37FAF074124D}
[2012/03/16 00:30:11 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{30C99B21-0889-480B-AF55-CEBFD52ADA75}
[2012/03/15 11:23:57 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{34697E7E-C439-4E58-A3E9-0AC4DC7D3799}
[2012/03/15 11:23:22 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{5781A4BC-25FC-449E-82FC-A6B91EB14593}
[2012/03/14 23:22:54 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{8A835B8F-7CBC-4C20-838C-C342DD38D959}
[2012/03/14 23:22:18 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{F23A7E84-D0DF-44D8-8924-7408509A2ACE}
[2012/03/14 15:39:46 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012/03/14 15:34:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2012/03/14 15:34:40 | 000,000,000 | ---D | C] -- C:\Program Files\AMD
[2012/03/14 15:34:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012/03/14 15:34:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2012/03/14 11:21:51 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{BEE21756-2A57-4BBE-83AC-E9F3A2B7C75E}
[2012/03/14 11:21:16 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{901F85AE-957C-440B-ADBE-7E8438F30272}
[2012/03/13 23:20:48 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{F83357D2-2440-4316-9C7F-9DA3D55576CC}
[2012/03/13 23:20:14 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{4BAA8DE4-D660-4DAA-A10D-E4AD3589FE0A}
[2012/03/13 18:29:32 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Roaming\.Nitrous
[2012/03/13 08:54:47 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{CD349D1B-DC97-4E1D-BF8B-DF5FCB390F41}
[2012/03/13 08:54:11 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{C7A01AF5-346C-419A-8AE3-3E9C811C7131}
[2012/03/12 20:53:45 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{E5707995-B585-4644-B300-F529FCD4070B}
[2012/03/12 20:53:32 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{20BD95C7-60C6-4319-AC7B-DAFA82AB073D}
[2012/03/12 08:22:18 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{82449D8C-FC76-480D-A655-121A6DC2112A}
[2012/03/12 08:22:05 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{D502147E-7927-4474-8434-35436BE764A8}
[2012/03/11 21:43:39 | 000,000,000 | ---D | C] -- C:\Users\Usuario\Zomboid
[2012/03/11 21:37:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/03/11 14:23:33 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Roaming\RotMG.Production
[2012/03/11 13:49:15 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{9A86DDBD-CFF5-4224-9DA7-EF830D8654D3}
[2012/03/11 13:48:39 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{90C9BA01-C9CA-48DF-AA62-F5A4A7E9D0B6}
[2012/03/11 01:48:10 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{A1B95D00-4102-4FB2-AF69-89872E357A11}
[2012/03/11 01:47:35 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{2584EA5F-DB77-49FE-9DAC-158891719196}
[2012/03/10 13:47:14 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{87330367-6691-4CA7-B79E-D3FFF7EFC1AD}
[2012/03/10 13:46:38 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{050760B5-F6F3-420E-B965-531E1AA24938}
[2012/03/10 01:46:10 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{F2259874-2083-46A8-8391-F743066D273E}
[2012/03/10 01:45:55 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{12A406DE-3011-48A5-8131-46761F8E8235}
[2012/03/09 12:39:25 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{0D01B0BB-F090-4235-9D31-2443B4B51897}
[2012/03/09 12:39:06 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{9AE96E50-87EE-4372-9062-C90550B7C4CC}
[2012/03/09 00:24:00 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{23AD8432-6D9B-4D47-885C-ECB84250CD7B}
[2012/03/09 00:23:24 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{AD981023-DDBF-4743-B9B2-79AFFD09B5D0}
[2012/03/08 12:22:55 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{B4CCEC7B-1A09-4CAB-A66F-D98C493F300A}
[2012/03/08 12:22:19 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{1ABA6B8D-DD51-4E5D-93AA-42985135DC38}
[2012/03/08 00:21:53 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{65750DF7-1342-42DF-8553-572D1038038A}
[2012/03/08 00:21:17 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{0E0E6379-B9A8-48D8-8EEA-5F9BE9D975F3}
[2012/03/07 18:26:10 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/03/07 12:20:50 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{F5119AE3-14F7-4236-B183-F760B0408FCE}
[2012/03/07 12:20:17 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{F75D2100-667E-4614-A2AA-65AEB71F8B56}
[2012/03/07 11:28:20 | 000,000,000 | -HSD | C] -- C:\found.000
[2012/03/07 00:19:49 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{E2CE3E38-B879-4D24-BB8B-37C382418EEB}
[2012/03/07 00:19:14 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{A2E7544A-210A-42FC-A38B-0A64CB4838BD}
[2012/03/06 10:10:22 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{5D5C8AF0-F6B3-47E9-AD32-84C4F2F47C27}
[2012/03/06 10:09:46 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{E8EEDD9D-26F0-4B8D-BB41-DEB4362CB109}
[2012/03/05 22:09:17 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{4278DD47-08E5-46D9-9036-BBBB078A562A}
[2012/03/05 22:08:42 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{B50D3389-3367-4DBD-B779-A292220546A3}
[2012/03/05 21:57:23 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Roaming\LOVE
[2012/03/05 09:02:31 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{74B62CFD-1E8A-4061-9C1D-34B186337A59}
[2012/03/05 09:01:50 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{96AAEFC8-6B2E-48F0-B15B-429C516F10C0}
[2012/03/05 08:50:22 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{A3A784E4-3BD8-4F64-A0C2-A378BA6D6250}
[2012/03/04 15:55:49 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{559D0405-852B-4BC6-AC8E-D7B63CB1292E}
[2012/03/04 15:55:13 | 000,000,000 | ---D | C] -- C:\Users\Usuario\AppData\Local\{C4886E2D-951B-4505-AD01-B61BB611AC97}

========== Files - Modified Within 30 Days ==========

[2012/04/03 13:03:02 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/04/03 13:03:02 | 000,014,224 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/04/03 12:55:33 | 000,000,204 | ---- | M] () -- C:\Windows\tasks\AutoKMS.job
[2012/04/03 12:55:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/04/03 12:55:19 | 2145,558,527 | -HS- | M] () -- C:\hiberfil.sys
[2012/04/03 12:29:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-601339211-1191364849-2417053759-1000UA.job
[2012/04/03 11:49:00 | 000,000,202 | ---- | M] () -- C:\Windows\tasks\AutoKMSDaily.job
[2012/04/03 06:47:53 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/02 14:29:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-601339211-1191364849-2417053759-1000Core.job
[2012/04/01 14:42:22 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/03/31 13:35:09 | 000,000,727 | ---- | M] () -- C:\Users\Usuario\Desktop\Project64 - Shortcut.lnk
[2012/03/30 22:32:52 | 000,002,409 | ---- | M] () -- C:\Users\Usuario\Desktop\Google Chrome.lnk
[2012/03/30 11:44:12 | 000,411,108 | ---- | M] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2012/03/22 23:19:14 | 001,805,388 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/22 23:19:14 | 000,792,724 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
[2012/03/22 23:19:14 | 000,709,772 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/22 23:19:14 | 000,176,206 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
[2012/03/22 23:19:14 | 000,140,076 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/22 21:30:09 | 001,793,356 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/03/22 20:56:14 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Usuario\Desktop\OTL.exe
[2012/03/17 00:23:35 | 000,007,605 | ---- | M] () -- C:\Users\Usuario\AppData\Local\Resmon.ResmonCfg
[2012/03/14 17:33:47 | 001,368,187 | ---- | M] () -- C:\Users\Usuario\Desktop\mcpatcher-2.3.4_01.exe
[2012/03/14 15:34:44 | 000,002,047 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AML Device Install.lnk
[2012/03/14 08:51:49 | 000,420,376 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/03/10 18:05:00 | 000,001,280 | ---- | M] () -- C:\Users\Usuario\Desktop\Play Roblox.lnk
[2012/03/05 23:49:21 | 000,001,828 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Total Protection.lnk

========== Files Created - No Company Name ==========

[2012/04/03 06:47:53 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/31 13:35:09 | 000,000,727 | ---- | C] () -- C:\Users\Usuario\Desktop\Project64 - Shortcut.lnk
[2012/03/22 14:25:34 | 000,411,108 | ---- | C] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2012/03/17 00:23:35 | 000,007,605 | ---- | C] () -- C:\Users\Usuario\AppData\Local\Resmon.ResmonCfg
[2012/03/14 17:33:42 | 001,368,187 | ---- | C] () -- C:\Users\Usuario\Desktop\mcpatcher-2.3.4_01.exe
[2012/03/14 15:34:44 | 000,002,047 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AML Device Install.lnk
[2012/03/07 18:26:11 | 000,002,409 | ---- | C] () -- C:\Users\Usuario\Desktop\Google Chrome.lnk
[2012/03/07 18:24:59 | 000,000,916 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-601339211-1191364849-2417053759-1000UA.job
[2012/03/07 18:24:58 | 000,000,864 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-601339211-1191364849-2417053759-1000Core.job
[2012/02/14 23:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/02/14 23:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/02/14 22:05:16 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2012/01/31 06:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011/12/21 01:09:36 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011/12/19 13:09:34 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/11/30 22:59:26 | 000,042,392 | ---- | C] () -- C:\Windows\SysWow64\xfcodec.dll
[2011/11/18 22:05:08 | 000,163,840 | ---- | C] () -- C:\Windows\IsUninst.exe
[2011/09/20 23:00:15 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
[2011/09/20 23:00:15 | 000,002,411 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2011/08/19 22:26:40 | 001,793,356 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/07/26 11:38:20 | 000,000,184 | ---- | C] () -- C:\Windows\AutoKMS.ini
[2011/07/26 11:06:49 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/07/25 20:25:29 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2011/07/25 18:32:07 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini

========== LOP Check ==========

[2012/03/21 17:46:39 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\.minecraft
[2012/03/13 18:29:52 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\.Nitrous
[2012/03/17 00:13:59 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\BitTorrent
[2012/03/21 17:47:04 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\Blender Foundation
[2012/03/22 14:25:26 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\CheckPoint
[2011/11/23 18:09:34 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\DAEMON Tools Lite
[2012/03/21 17:37:12 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\Dropbox
[2012/03/01 00:30:46 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\JoyChina
[2011/11/22 19:19:02 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\Leadertech
[2012/03/05 21:57:23 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\LOVE
[2012/01/05 23:55:39 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\MoreTerra
[2011/09/28 21:20:43 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\Publish Providers
[2012/03/11 14:23:33 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\RotMG.Production
[2011/12/29 22:23:48 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\runic games
[2011/09/28 21:20:41 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\Sony
[2012/02/20 02:00:20 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\SuperHideIP
[2011/09/12 21:53:01 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\TeamViewer
[2012/01/24 22:26:33 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\Tomato
[2011/08/07 13:28:13 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\TrueCrypt
[2012/02/17 19:11:34 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\TS3Client
[2011/12/01 19:51:50 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\ts3overlay
[2011/08/21 11:28:47 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\TuneUp Software
[2012/03/17 00:13:59 | 000,000,000 | ---D | M] -- C:\Users\Usuario\AppData\Roaming\uTorrent
[2012/04/03 12:55:33 | 000,000,204 | ---- | M] () -- C:\Windows\Tasks\AutoKMS.job
[2012/04/03 11:49:00 | 000,000,202 | ---- | M] () -- C:\Windows\Tasks\AutoKMSDaily.job
[2012/02/24 11:06:57 | 000,032,636 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >




And here's the aswMBR log:


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-03 13:05:55
-----------------------------
13:05:55.666 OS Version: Windows x64 6.1.7601 Service Pack 1
13:05:55.666 Number of processors: 6 586 0xA00
13:05:55.667 ComputerName: USUARIO-PC UserName: Usuario
13:05:57.350 Initialize success
13:06:23.908 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:06:23.908 Disk 0 Vendor: WDC_WD10EARS-00Y5B1 80.00A80 Size: 953869MB BusType: 3
13:06:23.908 Disk 0 MBR read successfully
13:06:23.923 Disk 0 MBR scan
13:06:23.923 Disk 0 Windows 7 default MBR code
13:06:23.923 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
13:06:23.923 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848
13:06:23.939 Disk 0 scanning C:\Windows\system32\drivers
13:06:30.101 Service scanning
13:06:44.266 Modules scanning
13:06:44.266 Disk 0 trace - called modules:
13:06:44.266 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
13:06:44.266 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007b55060]
13:06:44.281 3 CLASSPNP.SYS[fffff880019aa43f] -> nt!IofCallDriver -> [0xfffffa8007851520]
13:06:44.281 5 ACPI.sys[fffff88000f4f7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8007538060]
13:06:44.281 Scan finished successfully
13:07:06.755 Disk 0 MBR has been saved successfully to "C:\Users\Usuario\Desktop\MBR.dat"
13:07:06.755 The log file has been saved successfully to "C:\Users\Usuario\Desktop\aswMBR.txt"





EDIT: Today as i was starting up my computer i was greeted by a blue screen. I didn't quite manage to get the name of the error, but when i restarted windows it was no longer there. I did manage to copypaste this error log. After this blue screen, i can no longer use the internet unless i'm in safemode. I get a bunch of code jibberish when i try to open chrome or a straight out white screen with no error message. On IE, i get a ''Cannot access the internet'' error. Here's the error log from windows:


Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7601.2.1.0.256.1
Locale ID: 1033

Additional information about the problem:
BCCode: d1
BCP1: 0000000000000008
BCP2: 0000000000000002
BCP3: 0000000000000000
BCP4: FFFFF88006C16B72
OS Version: 6_1_7601
Service Pack: 1_0
Product: 256_1

Files that help describe the problem:
C:\Windows\Minidump\040412-19188-01.dmp
C:\Users\Usuario\AppData\Local\Temp\WER-54600-0.sysdata.xml

Edited by Micaso, 04 April 2012 - 04:03 AM.

  • 0

#8
azarl

azarl

    GeekU Teacher

  • GeekU Moderator
  • 20,658 posts
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.3.0)
    O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_03)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.7.0_03)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A211ED2F-02C5-4962-8E30-96622E81039C}: DhcpNameServer = 200.49.130.44 200.42.4.207 172.20.2.26
    O33 - MountPoints2\{533002d4-14ef-11e1-9087-1c6f65ae73bb}\Shell - "" = AutoRun
    O33 - MountPoints2\{533002d4-14ef-11e1-9087-1c6f65ae73bb}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
    O33 - MountPoints2\{74b24303-b790-11e0-afc0-1c6f65ae73bb}\Shell - "" = AutoRun
    O33 - MountPoints2\{74b24303-b790-11e0-afc0-1c6f65ae73bb}\Shell\AutoRun\command - "" = "I:\WD SmartWare.exe" autoplay=true
    :Commands
    [purity]
    [emptytemp]
    
    [Reboot]
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the log it produces in your next reply.

  • 0

#9
Micaso

Micaso

    Member

  • Member
  • PipPip
  • 43 posts
Hi Azarl,

Regarding what i edited in my last post, should i run the fix in safe mode or do i start windows up normally, run the fix then come back to safe mode to paste the log?

EDIT: Nevermind, directly can't start up in normal mode anymore. Got the blue screen again, but this time i had pen and paper. The error is ''Driver_IRQL_Not_Less_or_Equal''. Is it okay to run the above fix in safe mode?

Edited by Micaso, 04 April 2012 - 04:04 AM.

  • 0

#10
azarl

azarl

    GeekU Teacher

  • GeekU Moderator
  • 20,658 posts
When did you start getting the Blue Screen?
  • 0
<

Advertisement


#11
Micaso

Micaso

    Member

  • Member
  • PipPip
  • 43 posts
This one error happened today but i do recall another bluescreen error appearing not too long ago. It was right after i downloaded a LatencyFix program. I was having a pretty poor connection with my friend online and i was hoping it would fix it. What it was supposed to do was modify some registries and then reboot. When my computer turned back on, i got the bluescreen and proceeded to go on to safe mode to uninstall the program. I wasn't able to write the name of the bluescreen error, though i'm pretty sure it was similar to the error i'm having now. I'm not sure if it's just a coincidence. Anyway, after that, everything ran smoothly again. I'm pretty sure i can find a link to the program if needed. It's used to fix latency issues with world of warcraft servers and other games.

EDIT: I was able to get to windows normally without a bluescreen just now, as of writing this post.

Edited by Micaso, 04 April 2012 - 11:28 AM.

  • 0

#12
azarl

azarl

    GeekU Teacher

  • GeekU Moderator
  • 20,658 posts
OK, try running the reports/fixes please
  • 0

#13
Micaso

Micaso

    Member

  • Member
  • PipPip
  • 43 posts
Alright. Ran the fix, here's the report that appeared on reboot:


All processes killed
========== OTL ==========
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{A211ED2F-02C5-4962-8E30-96622E81039C}\\DhcpNameServer| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{533002d4-14ef-11e1-9087-1c6f65ae73bb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{533002d4-14ef-11e1-9087-1c6f65ae73bb}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{533002d4-14ef-11e1-9087-1c6f65ae73bb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{533002d4-14ef-11e1-9087-1c6f65ae73bb}\ not found.
File J:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{74b24303-b790-11e0-afc0-1c6f65ae73bb}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74b24303-b790-11e0-afc0-1c6f65ae73bb}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{74b24303-b790-11e0-afc0-1c6f65ae73bb}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74b24303-b790-11e0-afc0-1c6f65ae73bb}\ not found.
File "I:\WD SmartWare.exe" autoplay=true not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56468 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

User: Usuario
->Temp folder emptied: 2518551 bytes
->Temporary Internet Files folder emptied: 31132845 bytes
->Java cache emptied: 1011529 bytes
->Google Chrome cache emptied: 7831046 bytes
->Flash cache emptied: 2326 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2377196 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50539 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 43.00 mb


OTL by OldTimer - Version 3.2.39.2 log created on 04042012_155721

Files\Folders moved on Reboot...
C:\Users\Usuario\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Usuario\AppData\Local\Temp\~DFB416008B1D65F02C.TMP moved successfully.
File\Folder C:\Windows\temp\ZLT02cc9.TMP not found!

Registry entries deleted on Reboot...


I had a real slow startup when i rebooted, i'm guessing it was because OTL was doing some work as my PC started, right?
  • 0

#14
azarl

azarl

    GeekU Teacher

  • GeekU Moderator
  • 20,658 posts

I had a real slow startup when i rebooted, i'm guessing it was because OTL was doing some work as my PC started, right?

Yes

How's the Internet connection now?
  • 0

#15
Micaso

Micaso

    Member

  • Member
  • PipPip
  • 43 posts
Many thanks for the help! So far no issues, the blue screen didn't appear when i started up, i'll have to check to see if it does later on, but my IPv4 Address still appears as 192.168.0.4 in ipconfig and i can't renew it with the /release and /renew commands, although i'm not sure if it's supposed to.

EDIT: After awhile of PC usage and some reboots, i noticed bootup is a bit slower and this one time issue with a ''The following plugin has become unresponsive: Uknown'' error that caused my entire PC to freeze up only minutes after startup. Will edit again if anything else happens.

EDIT2: Yep. It's consistent. Approximately 5 or 10 minutes after i boot up the same error appears. ''The following plugin has become unresponsive: Unknown. Would you like to stop it?'' with the Yes/No buttons underneath (that don't do anything either way). My entire PC freezes up and i can't even shut down normally, i have to un-plug the PC or hold down the shutdown button on the computer case. Running on safemode for now. This wasn't happening after your fix, though. My PC ran a good two or three hours after the fix no problem then i shut the pc down. A few hours later this started so i'm guessing it could be something new.

EDIT3: I'm guessing it's something browser-related. All three times it happened it was on the same website, so i guess it's either browser related or it's something with the website. Odd thing is it freezes my entire PC when it should only freeze chrome if it's browser related.

Edited by Micaso, 04 April 2012 - 07:24 PM.

  • 0

Advertisement




Similar Topics: Internet access blocked. Possible virus? [Solved]     x


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

featured