Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

MyStart ByIncredibar start page [Solved]

Started by Aranel , May 14 2012 05:08 PM

  • This topic is locked This topic is locked

#1
Aranel
Posted 14 May 2012 - 05:08 PM

Aranel

    Member

  • Member
  • PipPip
  • 10 posts
Hi, MyStart by Incredibar is taking over Moxilla Firefox. I open Moxilla and the start page is My start By incredibar, even though i change it, it always appears again.
I need help to solve my problem.

Thanks.


Here is my OTL Log:

OTL logfile created on: 14/05/2012 19:58:24 - Run 1
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\Gonzalo\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c0a | Country: España | Language: ESN | Date Format: dd/MM/yyyy

4,00 Gb Total Physical Memory | 2,09 Gb Available Physical Memory | 52,35% Memory free
8,00 Gb Paging File | 5,54 Gb Available in Paging File | 69,28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,76 Gb Total Space | 99,40 Gb Free Space | 21,34% Space Free | Partition Type: NTFS

Computer Name: GONZALO-AMD | User Name: Gonzalo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Gonzalo\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Lineage II\system\l2.exe ()
PRC - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Lineage II\system\NWindows.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Lineage II\system\Fire.DLL ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files (x86)\Lineage II\system\l2.exe ()
MOD - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll ()
MOD - C:\Program Files (x86)\Lineage II\system\dsetup.dll ()
MOD - C:\Program Files (x86)\Lineage II\system\window.dll ()
MOD - C:\Program Files (x86)\Lineage II\system\WinDrv.DLL ()
MOD - C:\Program Files (x86)\Lineage II\system\NWindow.DLL ()
MOD - C:\Program Files (x86)\Lineage II\system\Engine.dll ()
MOD - C:\Program Files (x86)\Lineage II\system\D3DDrv.DLL ()
MOD - C:\Program Files (x86)\Lineage II\system\Core.dll ()
MOD - C:\Program Files (x86)\Lineage II\system\ALAudio.DLL ()
MOD - C:\Program Files (x86)\Lineage II\system\unichat.dll ()
MOD - C:\Program Files (x86)\Lineage II\system\vorbis.dll ()
MOD - C:\Program Files (x86)\Lineage II\system\vorbisfile.dll ()
MOD - C:\Program Files (x86)\Lineage II\system\ogg.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (SbieSvc) -- C:\Program Files\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (NAUpdate) @C:\Program Files (x86) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (ES lite Service) -- C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE ()
SRV - (BCUService) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.)
SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AresChatServer) -- C:\Program Files (x86)\Ares\chatServer.exe (Ares Development Group)


========== Driver Services (SafeList) ==========

DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AODDriver4.1) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys (Advanced Micro Devices)
DRV:64bit: - (AODDriver4.01) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys (Advanced Micro Devices)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (Lbd) -- C:\Windows\SysNative\drivers\Lbd.sys (Lavasoft AB)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSEH) -- C:\Windows\SysNative\drivers\AVGIDSEH.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (SbieDrv) -- C:\Program Files\Sandboxie\SbieDrv.sys (SANDBOXIE L.T.D)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (AVGIDSErHrw7a) -- C:\Windows\SysNative\drivers\AVGIDSwa.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Avgfwfd) -- C:\Windows\SysNative\drivers\avgfwd6a.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (amdiox64) -- C:\Windows\SysNative\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows ® Server 2003 DDK provider)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (ISODrive) -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys (EZB Systems, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://topweb9.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoo...earchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = es
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8B 56 A4 D1 67 E7 CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {0974848a-b5bc-49f2-9778-307742b4a55d} - No CLSID value found
IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoo...earchTerms}&f=4
IE - HKCU\..\SearchScopes\{3D8E39F7-6FD5-4cfc-A7C0-1ED1F6CAC1DC}: "URL" = http://es.search.yah...cevm&type=STDVM
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-se...q={searchTerms}
IE - HKCU\..\SearchScopes\{B0AF75E4-A086-42f5-8D04-DE28D0BB6B3A}: "URL" = http://www.google.co...2788:4067623346
IE - HKCU\..\SearchScopes\{E2D59C90-4A82-4070-8286-FB78FCAFB036}: "URL" = http://www.bing.com/...=SPLBR2&pc=SPLH
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.selectedEngine: "MyStart Search"
FF - prefs.js..browser.startup.homepage: "http://Mystart.incre...ibar.com/mb124"
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.3
FF - prefs.js..extensions.enabledItems: {a3a5c777-f583-4fef-9380-ab4add1bc2a8}:2.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "http://mystart.incre...&&i=26&search="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/03/06 17:48:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/05 04:21:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/12/16 16:52:36 | 000,000,000 | ---D | M]

[2010/11/11 14:01:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gonzalo\AppData\Roaming\mozilla\Extensions
[2012/04/07 01:17:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gonzalo\AppData\Roaming\mozilla\Firefox\Profiles\nhokb6bx.default\extensions
[2011/12/17 20:32:18 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Gonzalo\AppData\Roaming\mozilla\Firefox\Profiles\nhokb6bx.default\extensions\[email protected]
[2012/04/06 23:27:25 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Users\Gonzalo\AppData\Roaming\mozilla\Firefox\Profiles\nhokb6bx.default\extensions\[email protected]
[2012/01/20 12:50:38 | 000,000,000 | ---D | M] (Super Start) -- C:\Users\Gonzalo\AppData\Roaming\mozilla\Firefox\Profiles\nhokb6bx.default\extensions\[email protected]
[2011/02/05 23:53:09 | 000,002,059 | ---- | M] () -- C:\Users\Gonzalo\AppData\Roaming\Mozilla\Firefox\Profiles\nhokb6bx.default\searchplugins\daemon-search.xml
[2012/04/06 23:27:17 | 000,002,203 | ---- | M] () -- C:\Users\Gonzalo\AppData\Roaming\Mozilla\Firefox\Profiles\nhokb6bx.default\searchplugins\MyStart Search.xml
[2011/12/16 16:52:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012/04/06 21:57:04 | 000,013,666 | ---- | M] () (No name found) -- C:\USERS\GONZALO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NHOKB6BX.DEFAULT\EXTENSIONS\{A3A5C777-F583-4FEF-9380-AB4ADD1BC2A8}.XPI
[2012/03/23 12:58:05 | 000,686,225 | ---- | M] () (No name found) -- C:\USERS\GONZALO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NHOKB6BX.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI
[2012/05/05 04:21:21 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/11 00:14:29 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/11 00:14:29 | 000,003,996 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\drae.xml
[2012/02/11 00:14:29 | 000,001,143 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-es.xml
[2011/12/15 12:42:42 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
[2012/02/11 00:14:29 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[2012/02/11 00:14:29 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-es.xml
[2012/02/11 00:14:29 | 000,001,102 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-es.xml

O1 HOSTS File: ([2009/06/10 18:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0974848A-B5BC-49F2-9778-307742B4A55D} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11g_Plugin.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: &Enviar a OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found
O8:64bit: - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: &Enviar a OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9D4D3E30-AC58-447A-A796-7B776B479B00}: NameServer = 200.115.192.29,200.115.192.30
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/12/08 01:22:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/14 13:06:37 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{5A594F08-8D04-4C12-A3CA-CE42A476CCC4}
[2012/05/14 13:06:13 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{469A6063-7BDA-4E3B-84B6-1EEEF6A1E310}
[2012/05/14 01:05:47 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{39CC0F8F-6B74-4B18-A0EB-3F5D5DF5950D}
[2012/05/13 13:20:23 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012/05/13 13:20:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2012/05/13 13:20:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012/05/13 13:20:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2012/05/13 13:05:10 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{55C2EA97-777B-4098-BAFC-0335622850DD}
[2012/05/13 13:04:47 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{55D0DFCB-79EC-40C7-B36A-E43867CA6AE2}
[2012/05/12 18:11:22 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{D1D510AD-FC55-41AE-B43A-34F289EA7BEF}
[2012/05/12 18:10:22 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{DFA3E18A-36ED-496B-BEE9-100BE78E9DA9}
[2012/05/12 04:29:50 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{C2AE99CB-9052-4A60-A9D9-E9D289DC60C1}
[2012/05/11 16:29:25 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{3B0E208F-5D31-4AD7-893C-A3CDA1145951}
[2012/05/11 16:29:03 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{F870DA9A-CE4D-4823-AE19-791D3B7CE96B}
[2012/05/11 04:28:33 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{1BDFFDB1-9289-4BCC-B753-9298C790C68C}
[2012/05/11 04:28:14 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{90EED6A3-CFFC-4674-B36E-835BE593C0F9}
[2012/05/09 15:32:45 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{256F7DA9-03CE-4336-907C-B2B491FCCEF6}
[2012/05/09 15:32:32 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{4C388D5C-B010-41B8-8D54-618D7841E7B5}
[2012/05/09 00:50:25 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{6794A934-CAE4-45A5-9FCE-095DE7B73C08}
[2012/05/08 15:15:35 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\Desktop\Diagramas
[2012/05/08 12:49:22 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{9720CD11-4B12-4D7D-B0B3-A4718F038782}
[2012/05/08 12:48:59 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{C37AE853-B554-48C9-A5D4-D0516507F53A}
[2012/05/08 00:48:07 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{DD296E06-9225-402A-ACE5-9EDFA70F0938}
[2012/05/08 00:47:44 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{B07BB328-8A24-4703-B65D-94DF7F2F1EB7}
[2012/05/07 12:47:01 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{2FF43B4B-9001-4865-8A8A-D727939C39AB}
[2012/05/07 12:46:08 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{B928387D-AB9C-4F4D-B8B8-466D7FA04907}
[2012/05/06 16:20:55 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{ED7AEF2B-8BD3-4A16-9193-23DBD4272AD5}
[2012/05/06 16:20:41 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{AABEE1CC-E17D-4E78-AFCD-57351DA89F4B}
[2012/05/05 12:50:48 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{6DD778DE-C804-4A56-B21D-7BFD3F1DE330}
[2012/05/05 12:50:25 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{CB8A03FA-42F3-4DC9-B6A2-CC962D88E205}
[2012/05/05 04:21:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/05/02 13:36:36 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{6E532465-64AA-4D03-9340-14FE8F7376C0}
[2012/05/02 13:36:13 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{B128A7C4-9739-415D-A558-7168141ED201}
[2012/05/02 01:35:46 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{E4088F82-0272-4C26-A674-92326CD2CD6E}
[2012/05/01 13:35:09 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{F5266D9F-A38E-4D0C-BDD0-45CEC7573DEA}
[2012/05/01 13:34:46 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{F744F225-79E9-4267-A590-A10D8A601B16}
[2012/05/01 01:34:20 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{31FE5C18-64EB-4BF0-826A-68A9F648B8AF}
[2012/05/01 01:33:58 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{0DF2974D-843A-4E2D-B7DB-1153163FC1AA}
[2012/04/30 13:33:44 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{D6024324-308F-4537-A945-29D53F16B606}
[2012/04/30 13:33:31 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{D7993BEA-F9D6-4BD3-B9FE-A3735DC99404}
[2012/04/30 00:41:15 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{E7309E2E-2A52-4617-997D-EA0D293B4A53}
[2012/04/30 00:40:53 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{396CBB30-0AC8-4586-B813-D1B750A4FAA9}
[2012/04/29 12:40:26 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{DEC641C0-1100-40AA-8311-AFDEF91A7B01}
[2012/04/29 12:40:04 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{97B20CFC-5EDF-4494-8DAD-A7184F719261}
[2012/04/29 00:39:37 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{E74EC652-80EA-4733-8E37-1AE591F3A399}
[2012/04/28 12:38:59 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{27B86FB6-0DDC-4F9E-971E-98776DA4633A}
[2012/04/28 12:38:36 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{DE9A6738-D791-497C-91B8-A38168C3DF42}
[2012/04/28 00:38:09 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{7B559DB6-0FCE-4CC7-AC71-0D71B702A0E2}
[2012/04/28 00:37:17 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{AEE7D706-F024-4241-98C9-8CA81E1182AD}
[2012/04/27 12:36:49 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{881FED82-77BE-409B-95A4-62FE9BC942E9}
[2012/04/27 12:36:31 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{48F0FDDA-3AEC-4A70-819A-4BC7EA6B7D42}
[2012/04/26 14:28:27 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{4319C87A-0AD3-4511-AA74-0FDBF82D2B2E}
[2012/04/26 14:28:13 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{43461298-4D4D-4C7E-942C-2F3AC58BB851}
[2012/04/24 11:36:47 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{12314F58-7F13-4CC7-9AAE-74EC1B3D53D6}
[2012/04/24 11:36:32 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{B8FC456B-18CB-469C-9BA2-1226E0F44B78}
[2012/04/22 23:31:51 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{270C9168-2805-44C1-914E-2A21F2F0B36F}
[2012/04/22 23:31:33 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{A2618E75-45CF-4C33-BAC9-21DDFB75AE34}
[2012/04/22 01:25:55 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{52E6A5C6-37ED-4019-BD73-9536BBF55895}
[2012/04/22 01:25:32 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{3878BA92-127B-42F2-A5B5-70F39D00B492}
[2012/04/21 13:25:17 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{4A51C319-26CD-404C-8B31-6BECE09CF64D}
[2012/04/21 13:25:06 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{9C712213-CC39-4181-A5BE-CB2B60A71D1C}
[2012/04/19 14:18:56 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{A6BF3705-1035-4D7B-BEC9-F7DCA352A29A}
[2012/04/19 14:18:16 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{301FC789-10EE-474F-AC78-923FDCAA04B5}
[2012/04/18 09:42:24 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\Desktop\Download
[2012/04/18 09:42:21 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Roaming\Media Finder
[2012/04/18 09:42:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
[2012/04/18 09:36:15 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Roaming\Macro Recorder
[2012/04/18 09:36:11 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jitbit Macro Recorder
[2012/04/15 15:50:08 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\.argouml
[2012/04/15 15:50:02 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ArgoUML
[2012/04/15 15:50:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArgoUML
[2012/04/15 15:50:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ArgoUML
[2012/04/15 14:03:55 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/04/15 13:42:25 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/04/15 13:42:25 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/04/15 13:42:25 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/04/15 13:42:21 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/04/15 13:42:19 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/04/15 12:55:52 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Roaming\Malwarebytes
[2012/04/15 12:55:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/14 19:11:49 | 000,000,020 | ---- | M] () -- C:\Windows\lö¿
[2012/05/14 13:36:01 | 000,018,384 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/14 13:36:01 | 000,018,384 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/14 13:28:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/14 13:28:54 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/14 12:32:19 | 000,813,243 | ---- | M] () -- C:\Users\Gonzalo\Desktop\88ceb518403.jpg
[2012/05/13 14:35:59 | 000,000,116 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2012/04/19 09:22:38 | 095,582,017 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2012/04/17 14:50:41 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2012/04/17 14:50:41 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2012/04/15 18:15:16 | 000,004,949 | ---- | M] () -- C:\Users\Gonzalo\Documents\Diagrama de estado.zargo
[2012/04/15 18:15:15 | 000,000,000 | ---- | M] () -- C:\Users\Gonzalo\Documents\Diagrama de estado.zargo~
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/14 19:11:48 | 000,000,020 | ---- | C] () -- C:\Windows\lö¿
[2012/05/14 12:32:18 | 000,813,243 | ---- | C] () -- C:\Users\Gonzalo\Desktop\88ceb518403.jpg
[2012/04/15 18:15:15 | 000,004,949 | ---- | C] () -- C:\Users\Gonzalo\Documents\Diagrama de estado.zargo
[2012/04/15 18:15:15 | 000,000,000 | ---- | C] () -- C:\Users\Gonzalo\Documents\Diagrama de estado.zargo~
[2012/04/15 13:42:25 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/04/15 13:42:25 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/04/15 13:42:25 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/04/15 13:42:25 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/04/15 13:42:25 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/03/09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/03/06 14:50:16 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2012/03/06 14:50:15 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2012/02/14 23:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/02/14 23:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/02/10 01:18:02 | 000,001,456 | ---- | C] () -- C:\Users\Gonzalo\AppData\Local\Adobe Guardar para Web 12.0 Prefs
[2012/01/25 21:01:59 | 000,000,132 | ---- | C] () -- C:\Users\Gonzalo\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2012/01/15 01:34:14 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012/01/15 01:34:14 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012/01/15 01:34:14 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2012/01/15 01:34:14 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/01/15 01:34:13 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/11/08 15:27:26 | 001,853,736 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/10/31 11:02:28 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\bcevent.dll
[2011/10/25 23:31:57 | 000,055,808 | ---- | C] () -- C:\Windows\SysWow64\zlib1.dll
[2011/10/25 21:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011/09/12 19:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/09/12 11:12:53 | 000,000,116 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011/09/10 19:10:50 | 000,002,316 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2011/03/19 18:21:27 | 000,164,510 | ---- | C] () -- C:\Windows\Video Slice Uninstaller.exe
[2011/01/21 17:27:56 | 000,003,584 | ---- | C] () -- C:\Users\Gonzalo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/01 18:40:05 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2010/10/14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/09/23 13:59:42 | 000,000,849 | ---- | C] () -- C:\Windows\ARPR.INI
[2010/09/06 20:27:22 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/08/22 00:45:44 | 000,007,602 | ---- | C] () -- C:\Users\Gonzalo\AppData\Local\Resmon.ResmonCfg
[2010/05/16 14:44:00 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini

========== LOP Check ==========

[2012/02/04 16:52:33 | 000,000,000 | ---D | M] -- C:\Users\Gonzalo\AppData\Roaming\AVG2012
[2010/07/11 15:23:59 | 000,000,000 | ---D | M] -- C:\Users\Gonzalo\AppData\Roaming\AVG9
[2012/04/15 12:58:00 | 000,000,000 | ---D | M] -- C:\Users\Gonzalo\AppData\Roaming\DAEMON Tools Lite
[2011/12/30 18:52:17 | 000,000,000 | ---D | M] -- C:\Users\Gonzalo\AppData\Roaming\Dev-Cpp
[2012/04/24 00:48:33 | 000,000,000 | ---D | M] -- C:\Users\Gonzalo\AppData\Roaming\FileZilla
[2011/10/24 23:40:19 | 000,000,000 | ---D | M] -- C:\Users\Gonzalo\AppData\Roaming\fltk.org
[2011/06/07 11:31:42 | 000,000,000 | ---D | M] -- C:\Users\Gonzalo\AppData\Roaming\GetRightToGo
[2011/05/15 01:33:07 | 000,000,000 | ---D | M] -- C:\Users\Gonzalo\AppData\Roaming\Helios
[2010/07/27 20:03:29 | 000,000,000 | ---D | M] -- C:\Users\Gonzalo\AppData\Roaming\JGsoft
[2012/02/04 12:09:33 | 000,000,000 | ---D | M] -- C:\Users\Gonzalo\AppData\Roaming\Lineage Utils - Beta
[2012/04/18 09:36:15 | 000,000,000 | ---D | M] -- C:\Users\Gonzalo\AppData\Roaming\Macro Recorder
[2012/05/14 19:10:19 | 000,000,000 | ---D | M] -- C:\Users\Gonzalo\AppData\Roaming\Media Finder
[2011/02/22 16:13:00 | 000,000,000 | ---D | M] -- C:\Users\Gonzalo\AppData\Roaming\OnReally
[2011/08/30 12:52:48 | 000,000,000 | ---D | M] -- C:\Users\Gonzalo\AppData\Roaming\OpenOffice.org
[2011/12/25 21:21:45 | 000,000,000 | ---D | M] -- C:\Users\Gonzalo\AppData\Roaming\Opera
[2012/04/06 23:25:12 | 000,000,000 | ---D | M] -- C:\Users\Gonzalo\AppData\Roaming\player
[2011/03/19 18:21:26 | 000,000,000 | ---D | M] -- C:\Users\Gonzalo\AppData\Roaming\River Past G5
[2011/06/19 13:43:17 | 000,000,000 | ---D | M] -- C:\Users\Gonzalo\AppData\Roaming\Runiter
[2012/04/25 11:36:12 | 000,000,000 | ---D | M] -- C:\Users\Gonzalo\AppData\Roaming\TS3Client
[2011/01/01 23:37:03 | 000,000,000 | ---D | M] -- C:\Users\Gonzalo\AppData\Roaming\Uniblue
[2012/04/15 12:57:59 | 000,000,000 | ---D | M] -- C:\Users\Gonzalo\AppData\Roaming\uTorrent
[2012/04/03 22:08:59 | 000,032,532 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2011/06/28 21:40:28 | 000,000,036 | ---- | M] ()(C:\Windows\SysWow64\?­) -- C:\Windows\SysWow64\绠­
[2011/06/28 21:40:28 | 000,000,036 | ---- | C] ()(C:\Windows\SysWow64\?­) -- C:\Windows\SysWow64\绠­
[2011/06/18 20:27:12 | 000,000,036 | ---- | M] ()(C:\Windows\SysWow64\?L) -- C:\Windows\SysWow64\泐Ľ
[2011/06/18 20:27:12 | 000,000,036 | ---- | C] ()(C:\Windows\SysWow64\?L) -- C:\Windows\SysWow64\泐Ľ
[2011/04/28 23:39:14 | 000,000,036 | ---- | M] ()(C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\였ĸ
[2011/04/28 23:39:14 | 000,000,036 | ---- | C] ()(C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\였ĸ

========== Alternate Data Streams ==========

@Alternate Data Stream - 518 bytes -> C:\ProgramData\TEMP:05EE1EEF

< End of report >
  • 0

Advertisements

#2
Crowbar
Posted 15 May 2012 - 02:36 PM

Crowbar

    Teacher

  • GeekU Moderator
  • 4,798 posts
Hello Aranel and welcome to Geeks To Go !!

My name is Crowbar and I'll be the malware removal Geek that will be helping you remove any infections you may have on your computer.
Please be patient with me as I am currently in training, and all of my responses to you have to be reviewed by my instructor before I post them.
You get an advantage as you have 2 people examining your issue.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • Please save my instructions as a text file on your desktop, or print them out, as you may not be able to access this thread at times.
  • Please follow the steps exactly as written, in the same order.
  • If there's anything you don't understand or isn't totally clear, please ask me any questions that you may have.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.
  • This process is not an instant process - please stick with me until I tell you that your machine is clean. If you don't see any symptoms it does not mean your system is clear of malware
  • Please don't run any other scans or other software unless I ask you to, as it will make this repair more difficult.

I see that you have utorrent installed. I HIGHLY recommend that you stop using it as many of the files out there are infected. If you want to keep it installed please refrain from using it until we are all finished.

I would like to see a more thorough scan so please do the following for me:

Step 1
Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in

netsvcs
msconfig
safebootminimal
safebootnetwork
%SYSTEMDRIVE%\*.exe
/md5start
consrv.dll
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
C:\Windows\assembly\tmp\U\*.* /s
C:\Program Files\Common Files\ComObjects\*.* /s
C:\windows\*. /RP /s
%Temp%\smtmp\1\*.*
%Temp%\smtmp\2\*.*
%Temp%\smtmp\3\*.*
%Temp%\smtmp\4\*.*
>C:\commands.txt echo list vol /raw /hide /c
/wait
>C:\DiskReport.txt diskpart /s C:\commands.txt /raw /hide /c
/wait
type c:\diskreport.txt /c
/wait
erase c:\commands.txt /hide /c
/wait
erase c:\diskreport.txt /hide /c
CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs in your next response

Step 2
Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it
Posted Image

Click the [Scan] button to start scan
Posted Image

On completion of the scan click [Save log], save it to your desktop and post in your next reply

In your next reply I would like to see:
  • OTL.txt log (it won't open a new Extras.txt)
  • Please post the Extras.txt which can be found on your desktop, let me know if you can't find it.
  • aswMBR log file

  • 0

#3
Aranel
Posted 17 May 2012 - 10:24 AM

Aranel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hi Crowbar, i followed the steps you tell me to with OTL but got an Out of memory Error, i got no programs running at the same time, put the option All ussers, paste the code you
give me and then click on Quick start and let it run.

Here i add an image of the error i got, the OTL didn´t make neither the Extras file nor the OTL file.


Posted Image


Then i run the other software and here is the .txt:


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-17 13:15:40
-----------------------------
13:15:40.545 OS Version: Windows x64 6.1.7600
13:15:40.545 Number of processors: 4 586 0x403
13:15:40.546 ComputerName: GONZALO-AMD UserName: Gonzalo
13:15:41.448 Initialize success
13:16:03.364 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-7
13:16:03.366 Disk 0 Vendor: SAMSUNG_HD502HJ 1AJ100E4 Size: 476940MB BusType: 3
13:16:03.377 Disk 0 MBR read successfully
13:16:03.379 Disk 0 MBR scan
13:16:03.380 Disk 0 Windows 7 default MBR code
13:16:03.382 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476937 MB offset 63
13:16:03.384 Disk 0 scanning C:\Windows\system32\drivers
13:16:07.162 Service scanning
13:16:13.982 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
13:16:16.255 Modules scanning
13:16:16.258 Disk 0 trace - called modules:
13:16:16.378 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80039aa2c0]<<sptd.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
13:16:16.380 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a60060]
13:16:16.382 3 CLASSPNP.SYS[fffff880013ab43f] -> nt!IofCallDriver -> [0xfffffa80044be520]
13:16:16.385 5 ACPI.sys[fffff88000e3a781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T1L0-7[0xfffffa80044ac060]
13:16:16.389 \Driver\atapi[0xfffffa8004492df0] -> IRP_MJ_CREATE -> 0xfffffa80039aa2c0
13:16:16.392 Scan finished successfully
13:17:07.170 Disk 0 MBR has been saved successfully to "C:\Users\Gonzalo\Desktop\MBR.dat"
13:17:07.175 The log file has been saved successfully to "C:\Users\Gonzalo\Desktop\aswMBR.txt"
  • 0

#4
Crowbar
Posted 19 May 2012 - 09:23 AM

Crowbar

    Teacher

  • GeekU Moderator
  • 4,798 posts
Hello Aranel,
Let's try that custom scan one more time, I have altered it a bit.

Step 1
Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in

netsvcs
msconfig
safebootminimal
safebootnetwork
%SYSTEMDRIVE%\*.exe
/md5start
consrv.dll
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
C:\Windows\assembly\tmp\U\*.* /s
C:\Program Files\Common Files\ComObjects\*.* /s
C:\windows\*. /RP /s
%Temp%\smtmp\1\*.*
%Temp%\smtmp\2\*.*
%Temp%\smtmp\3\*.*
%Temp%\smtmp\4\*.*
CREATERESTOREPOINT

  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs in your next response

In your next reply I would like to see:
  • OTL log
  • Extras.txt which should be in the C:\Users\Gonzalo\Downloads\ folder, let me know if it's not and I can generate a new one.

  • 0

#5
Aranel
Posted 19 May 2012 - 12:47 PM

Aranel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
I'am still getting the same error in the same part, where it says: Manual File Scan - Getting folder structure.
It stops there a few minutes and then Out of memory error.
After this error i closed the OTL, reopened it and let it run in Run Option, then i got this Extras/OTL .txt files, i don´t know if its
what you are asking me to give you but i will put it here.



OTL Extras logfile created on: 19/05/2012 15:40:15 - Run 1
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\Gonzalo\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c0a | Country: España | Language: ESN | Date Format: dd/MM/yyyy

4,00 Gb Total Physical Memory | 2,78 Gb Available Physical Memory | 69,62% Memory free
8,00 Gb Paging File | 6,34 Gb Available in Paging File | 79,26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,76 Gb Total Space | 78,51 Gb Free Space | 16,86% Space Free | Partition Type: NTFS

Computer Name: GONZALO-AMD | User Name: Gonzalo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl[@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\SysWow64\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\SysWow64\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Video Slice\VideoSlice.exe" = C:\Program Files (x86)\Video Slice\VideoSlice.exe:*:Enabled:River Past Video Slice -- (River Past Corporation)
"C:\Program Files (x86)\Video Slice\VideoSlice.exe" = C:\Program Files (x86)\Video Slice\VideoSlice.exe:*:Enabled:River Past Video Slice -- (River Past Corporation)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{006B655E-FACE-42CB-9650-ABCD6B9A6EE9}" = lport=10243 | protocol=6 | dir=in | app=system |
"{01EF5D0A-936A-40D8-BA5D-D229A7DABEB6}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0A663EAB-9C25-4715-911F-978D767F8DCD}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{0AB340C1-55D4-409C-A3CA-B71D36F6B446}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0EA72EEF-8064-46D1-B3E6-ECE4B2A1ED8F}" = lport=445 | protocol=6 | dir=in | app=system |
"{13668B28-D910-4E16-BF6C-6ED7447823CA}" = lport=139 | protocol=6 | dir=in | app=system |
"{1CC9C880-B179-4A93-8E94-B9FB8C72C1F7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{27BDDD72-788B-41DB-8D43-FDB80CFD0E61}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2B0487CE-5AB9-4F30-A23C-9E20007E74DC}" = rport=137 | protocol=17 | dir=out | app=system |
"{2D889B2B-70CD-41B1-9C46-9E595CD1B064}" = rport=139 | protocol=6 | dir=out | app=system |
"{39AC4177-79A5-4086-9E85-A5A8DF34362C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{43240408-5B70-478E-B8B6-613A7EE4008A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4447C3A8-9690-4174-88B1-8700C95F8C90}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4DC6250A-4879-473F-9718-07219A234E87}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{50708441-A8FB-4B1E-9084-926C36BD0DC7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{60028196-D2B6-4EDB-8838-060836A004D7}" = rport=10243 | protocol=6 | dir=out | app=system |
"{62B406F8-67DB-431E-B4B6-B00D56183635}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6FA52F79-A959-49E2-AB05-5ECD15E85BF3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{769B06D6-E565-4DD9-96FD-027EB204B0BE}" = lport=138 | protocol=17 | dir=in | app=system |
"{9DD102C9-C231-4327-99CD-C49D367432F6}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9FABDDBE-544A-4C4C-995A-D5177CB1D6BC}" = rport=445 | protocol=6 | dir=out | app=system |
"{B37CD133-8B1F-4B0F-9D4A-9323B7C1EBD8}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{BBA79848-E075-45DB-84F3-7AC278902283}" = lport=137 | protocol=17 | dir=in | app=system |
"{C1E8634E-BA27-449E-AAAC-103ADF185DD0}" = rport=138 | protocol=17 | dir=out | app=system |
"{C3DE61BC-AE4F-4343-B39F-2A5804625572}" = lport=5444 | protocol=6 | dir=in | name=networklookout |
"{DCC789BF-138A-41D7-8E0E-E5182CA49AB7}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DDA941B7-D575-4A68-87CC-0A2219483434}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E93AA20F-54F4-4E77-974B-6123773B587E}" = lport=5444 | protocol=6 | dir=in | name=networklookout |
"{FD249A90-F0D7-4665-9708-6094A56BA219}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{046DB903-D9F9-473A-9046-1843C52168EE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0521E8FB-6513-4C54-AF25-10EB6E731F0D}" = protocol=17 | dir=in | app=c:\program files (x86)\battlefield 3™\bf3.exe |
"{0BEA9ADA-F89E-474B-87D6-02D69D2285BC}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{0DA1B6C0-AA41-473C-BA27-1B6CC8D73712}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of mythology\aomx.exe |
"{16BBEE46-D7C1-476D-8564-63539C349270}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{19E904C6-1E39-46B4-8990-59E330431371}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2B77785D-C608-4D58-8782-D4B0C83BFA0F}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{30B3EC6C-B0AD-43B6-97F9-AC1902E36EC4}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{32EBD254-3B03-41E2-A794-1307D207566F}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{3566D3C7-DCC3-4D9E-A8FC-D52513011141}" = dir=in | app=c:\program files (x86)\avg\avg9\avgam.exe |
"{380377DC-ED09-4037-8A61-68932F70B9DC}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{3FAC2BC6-B7D4-41B1-8BF2-3946505C5E45}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{474D8981-E0C7-4875-A962-4A7048D55C7E}" = protocol=6 | dir=in | app=c:\program files (x86)\capcom\resident evil 5\re5dx10.exe |
"{47DEE971-92C4-4D6C-ADBD-ADB3C1ABF45D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4ED15D6B-5DBB-44B6-82B0-C42165BA0B2D}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{56BAB4D5-CCA3-4C98-94AF-39674752DFE7}" = dir=in | app=c:\program files (x86)\avg\avg9\avgemc.exe |
"{5710D9B9-F814-47D0-9A1E-2716AEB99B1F}" = protocol=6 | dir=in | app=c:\program files (x86)\capcom\resident evil 5\re5dx9.exe |
"{5B27D9D9-C0A4-4C85-B5D5-D3CE40A3814E}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{606F6548-26E6-4114-90CD-540205975429}" = dir=in | app=c:\program files (x86)\avg\avg9\avgupd.exe |
"{62C449A6-3306-4FFD-8E6E-E4650F5A3B47}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{691195B7-118B-4730-A08A-AB8DA5E28055}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6B156AC2-F807-48A3-AB88-3CB0E78AECA5}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6BEDB875-35B8-4817-B653-F03818307649}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{715B742D-790B-4875-97B9-4A8BC21DDDE6}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{73357357-ECEC-47EF-9B12-B24CF0EE80A4}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{7697E8F4-9BC5-4066-96DB-A268588B1745}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8692CBEC-861A-4E49-86E7-C6A4F4313E89}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{899003B2-03E2-4756-9B59-C7A965D28F82}" = protocol=58 | dir=out | [email protected],-28546 |
"{8B89C12B-ED6E-44F7-B169-615B27481C83}" = protocol=58 | dir=out | [email protected],-503 |
"{8BABEB25-3949-416E-BBF5-5D36BA485EB2}" = protocol=58 | dir=in | [email protected],-28545 |
"{8C70CF16-81B2-4F9B-859D-0885478FD74A}" = protocol=6 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{936AE2A3-C7E8-4C02-AD11-647A1FE9CD55}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of mythology\aomx.exe |
"{990B0B80-88EA-4B1C-B140-09E51077895B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9ED41CC0-FF8D-4423-A098-FBC87AB77531}" = protocol=17 | dir=in | app=c:\program files (x86)\capcom\resident evil 5\re5dx10.exe |
"{A100FF42-F6B3-407E-A8D5-0E9B6908F64F}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{A22D9712-056F-4025-ADD5-A7DAB6180191}" = protocol=6 | dir=out | app=system |
"{A9CF68D8-AA24-49E2-962C-F404EA91EB16}" = dir=in | app=c:\program files (x86)\avg\avg9\avgdiagex.exe |
"{C315A3B6-D447-4617-BB4A-8604B1F2F710}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CE718D3E-231E-48DA-B300-585B622893B2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D61873EF-E9EF-427F-8785-F996B7117C9A}" = protocol=1 | dir=out | [email protected],-28544 |
"{D69BF0AF-882C-4155-8B60-2A6E321EBF6E}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe |
"{E6810D8A-1C5D-4EFE-A24A-18F74BBFEE92}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{EAA6978C-878F-41DF-961D-8CBB5C6D9815}" = protocol=58 | dir=in | app=system |
"{EE309CD2-AAB0-4303-8D74-3738A13D088F}" = protocol=6 | dir=in | app=c:\program files (x86)\battlefield 3™\bf3.exe |
"{EE8838D0-9DBC-47FB-8BBB-C050972B2181}" = protocol=17 | dir=in | app=c:\program files (x86)\capcom\resident evil 5\re5dx9.exe |
"{EEF6223F-CB70-4EBB-9415-A4DFE14CBDEF}" = protocol=1 | dir=in | [email protected],-28543 |
"{F1FE01BF-BE1C-4D4F-A44B-D39E5369D7EB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F97A8A5D-492D-4F27-998A-EA9E8931DEDF}" = dir=in | app=c:\program files (x86)\avg\avg9\avgnsa.exe |
"{FD43D2DA-9A1D-44EB-8E46-8B75AC1AF59B}" = protocol=17 | dir=in | app=c:\program files\ventrilo\ventrilo.exe |
"{FDA3F8EF-B812-4BED-98F9-F1FC54A39F8A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"TCP Query User{332D55AB-F5AD-4216-9611-582C7B423187}C:\program files (x86)\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ares\ares.exe |
"TCP Query User{FAC7D9C0-0855-4812-A958-D3770BDD8006}C:\program files (x86)\counter-strike 1.6\hl.exe" = protocol=6 | dir=in | app=c:\program files (x86)\counter-strike 1.6\hl.exe |
"UDP Query User{16AE6908-2D7D-4B33-A905-B22D49F73027}C:\program files (x86)\counter-strike 1.6\hl.exe" = protocol=17 | dir=in | app=c:\program files (x86)\counter-strike 1.6\hl.exe |
"UDP Query User{BD23B806-E192-45B2-95D8-DFB0F7CDC55F}C:\program files (x86)\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ares\ares.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0CC4F67D-D41D-8C1A-C605-39154DDEAC63}" = AMD Fuel
"{119B2F5A-2A06-DB96-FF28-992EC2A10BDF}" = AMD Accelerated Video Transcoding
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{20c31435-2a0a-4580-be8b-ac06fc243ca5}" = Python 2.7 (64-bit)
"{2E8D6204-D656-8355-1ED3-2988AC52EB0F}" = ccc-utility64
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5800B5A7-176D-C773-7BA0-AABB25C57591}" = ATI Problem Report Wizard
"{5831C6D6-309D-DBB5-14F7-FEE57086CEE7}" = AMD Catalyst Install Manager
"{63CE6C32-1EB3-4C51-89FC-9FD96A661A9C}" = AMD Media Foundation Decoders
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{C3C912BB-BF4B-3788-8A19-DA5B999CE0C6}" = Microsoft .NET Framework 4 Client Profile ESN Language Pack
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{CB5340E7-7745-7B18-1413-C14508C2AC2B}" = ATI AVIVO64 Codecs
"{CFA5BA6D-D6BB-AE1B-E61E-5B1ACFC8F0BB}" = AMD Drag and Drop Transcoding
"{D050583D-5CEC-47B1-88AA-8B328CAA8621}" = AVG 2012
"{DA2737A4-B639-96F4-1CC2-30D2919EE1FB}" = AMD Steady Video Plug-In
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{E51A1789-9C20-43FC-AF13-C7AC29FAF111}" = AVG 2012
"{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"AVG" = AVG 2012
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile ESN Language Pack" = Paquete de idioma de Microsoft .NET Framework 4 Client Profile ESN
"Sandboxie" = Sandboxie 3.56 (64-bit)
"Video Slice" = River Past Video Slice

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
"{07300F01-89CA-4CF8-92BD-2A605EB83C95}" = EasySaver B9.0904.1
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{19D614EB-D62A-AEE7-2391-E74126601D59}" = CCC Help Italian
"{1C373820-B9C8-0F7F-8F84-FC1B76A85F27}" = CCC Help Portuguese
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21040472-F8DF-48A9-A093-2986C1495670}" = Lineage II
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java™ 6 Update 22
"{2D35BC33-7D08-D529-DF91-8A15FBF2600E}" = CCC Help Polish
"{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{337788D1-43D1-9A0F-9787-DD00DB512D41}" = Catalyst Control Center Localization All
"{4725833D-4325-5C34-57D4-1FE23E5AE578}" = CCC Help Chinese Standard
"{49471DB8-7F3C-42DB-89C2-AC50FA0C5290}" = Camtasia Studio 7
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B271648-43CB-DD31-FF24-E7B06D3EE72A}" = Catalyst Control Center InstallProxy
"{4B930AE3-61C6-4D02-A9D4-84F4ACBCEC25}" = OpenOffice.org 3.3
"{4DC37F33-7AEC-A4CB-56B1-69A402828763}" = CCC Help Japanese
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{5710DAC2-8F2A-503C-CFC2-A973ADE0EA4C}" = CCC Help Czech
"{5B363E1D-8C36-4458-BAE4-D5081999E094}" = Browser Configuration Utility
"{5C763682-4C40-86DA-9C46-31924D7D2C34}" = CCC Help Thai
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{60E5022D-FA4B-C6A2-1E80-B46EC39096F3}" = CCC Help Chinese Traditional
"{60F34FDF-267C-408F-290E-EC90D841C8CB}" = CCC Help German
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66B79AE1-C6E2-B958-689C-D0812DE86BAB}" = CCC Help Greek
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6B39BE0F-0F5E-A8FA-33E4-8481AE39D96C}" = CCC Help Russian
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}" = Nero BurnLite 10
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E19F2AF-7145-51DE-E395-7729A9374973}" = Catalyst Control Center Graphics Previews Common
"{8E9976D2-E563-43DE-A51F-5AEBC38D1F08}" = Ad-Aware
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{90110C0A-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91CB5B8B-4EC8-DBA1-A88D-99FD480567B0}" = CCC Help English
"{924FBAC4-60D2-7981-3C3E-979DF9CBB346}" = CCC Help Finnish
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{939C80FA-96C9-44A6-B318-8E7D8BD8481B}" = Messenger Companion
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}" = Counter-Strike 1.6
"{9DC939DC-B7A4-D0E2-C582-A442DF1B3EBE}" = CCC Help Spanish
"{A1BD938B-F006-6E6D-70B2-47E1DD56F7DE}" = CCC Help Swedish
"{A1DB7CFC-1B10-4C49-8ECB-0D8A3A45D3CA}" = LogMeIn Hamachi
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}" = Nero BurnLite 10
"{AC08BBA0-96B9-431A-A7D0-D8598E493775}" = RESIDENT EVIL 5
"{AC76BA86-7AD7-1034-7B44-A94000000001}" = Adobe Reader 9.4.7 - Español
"{BABF7852-C2DD-6A8A-9956-101720C715C7}" = CCC Help Turkish
"{BB7C2A56-9706-43B8-5A8C-210AF5816106}" = CCC Help French
"{CE8C262E-5DB4-C8AC-7DA2-DC88767653A1}" = HydraVision
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFC2CB60-5654-05A7-4D30-C661800A3A92}" = CCC Help Korean
"{D04CE005-D1D2-80F3-84C8-B3524FCD39C3}" = CCC Help Norwegian
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D544AE4C-4152-225B-A897-6756C8986B14}" = AMD VISION Engine Control Center
"{D81E9069-3CCC-4405-3751-71E4AFEACC52}" = CCC Help Hungarian
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E93FF166-DF14-2537-8FB4-96BB5810A96C}" = CCC Help Danish
"{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FA9827E1-8A8E-C176-4923-0840A67ED4DE}" = CCC Help Dutch
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Age of Mythology Expansion Pack 1.0" = Age of Mythology Gold
"Ares" = Ares 2.1.7
"ArgoUML" = ArgoUML 0.28
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Cheating-Death" = Cheating-Death 4.33.4
"Classroom Spy Professional Console_is1" = Classroom Spy Professional Console 2.6.8
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"DVD Shrink_is1" = DVD Shrink 3.2
"EditPad Lite" = Just Great Software EditPad Lite 6.5.0
"Encrypt Files_is1" = Encrypt Files v1.5
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FileZilla Client" = FileZilla Client 3.5.1
"Fraps" = Fraps (remove only)
"Graphing Calculator 3D_is1" = Graphing Calculator 3D 3.2
"HTMLKit_is1" = HTML-Kit
"KLiteCodecPack_is1" = K-Lite Codec Pack 8.1.0 (Full)
"LogMeIn Hamachi" = LogMeIn Hamachi
"Mozilla Firefox 12.0 (x86 es-ES)" = Mozilla Firefox 12.0 (x86 es-ES)
"Picasa 3" = Picasa 3
"SpaceTime 4.0" = SpaceTime 4.0
"sXe Injected" = sXe Injected
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Total Video Converter 3.61_is1" = Total Video Converter 3.61 100319
"UltraISO_is1" = UltraISO Premium V9.0
"uTorrent" = µTorrent
"VLC media player" = VideoLAN VLC media player 0.8.5
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"2a7a433177cfa3a6" = Macro Recorder
"CodeBlocks" = CodeBlocks
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 15/05/2011 0:26:53 | Computer Name = Gonzalo-AMD | Source = SideBySide | ID = 16842832
Description = Error al generar el contexto de activación para "C:\Users\Gonzalo\Desktop\SoftonicDownloader_para_fxite.exe".
Error en el archivo de manifiesto o directiva "" en la línea . Una versión de componente
requerida por la aplicación está en conflicto con la versión de otro componente
activo. Los componentes en conflicto son:. Componente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Componente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.

Error - 15/05/2011 0:27:00 | Computer Name = Gonzalo-AMD | Source = SideBySide | ID = 16842832
Description = Error al generar el contexto de activación para "C:\Users\Gonzalo\Desktop\SoftonicDownloader_para_fxite.exe".
Error en el archivo de manifiesto o directiva "" en la línea . Una versión de componente
requerida por la aplicación está en conflicto con la versión de otro componente
activo. Los componentes en conflicto son:. Componente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Componente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.

Error - 15/05/2011 0:27:02 | Computer Name = Gonzalo-AMD | Source = SideBySide | ID = 16842832
Description = Error al generar el contexto de activación para "C:\Users\Gonzalo\Desktop\SoftonicDownloader_para_fxite.exe".
Error en el archivo de manifiesto o directiva "" en la línea . Una versión de componente
requerida por la aplicación está en conflicto con la versión de otro componente
activo. Los componentes en conflicto son:. Componente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Componente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.

Error - 15/05/2011 1:07:22 | Computer Name = Gonzalo-AMD | Source = SideBySide | ID = 16842832
Description = Error al generar el contexto de activación para "C:\Users\Gonzalo\Desktop\SoftonicDownloader_para_fxite.exe".
Error en el archivo de manifiesto o directiva "" en la línea . Una versión de componente
requerida por la aplicación está en conflicto con la versión de otro componente
activo. Los componentes en conflicto son:. Componente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Componente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.

Error - 15/05/2011 16:15:24 | Computer Name = Gonzalo-AMD | Source = SideBySide | ID = 16842832
Description = Error al generar el contexto de activación para "C:\$Recycle.Bin\S-1-5-21-2267350405-1461759959-713937585-1001\$R3VAPV5.exe".
Error en el archivo de manifiesto o directiva "" en la línea . Una versión de componente
requerida por la aplicación está en conflicto con la versión de otro componente
activo. Los componentes en conflicto son:. Componente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Componente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.

Error - 29/05/2011 14:20:55 | Computer Name = Gonzalo-AMD | Source = Application Hang | ID = 1002
Description = El programa aomx.exe, versión 4.2003.9.200, dejó de interactuar con
Windows y se cerró. Para ver si hay más información disponible acerca del problema,
compruebe el historial de problemas en el panel de control Centro de actividades.

Identificador
de proceso: 38c Hora de inicio: 01cc1e2c23ea976c Hora de finalización: 2 Ruta de acceso
de la aplicación: C:\Program Files (x86)\Microsoft Games\Age of Mythology\aomx.exe

Identificador
de informe: 61a583a6-8a20-11e0-bafe-6cf0490c7ba9

Error - 03/06/2011 12:01:35 | Computer Name = Gonzalo-AMD | Source = Application Error | ID = 1000
Description = Nombre de la aplicación con errores: setup.exe_Microsoft® Visual Basic
para Windows, versión: 6.0.81.69, marca de tiempo: 0x35895e12 Nombre del módulo
con errores: setup.exe, versión: 6.0.81.69, marca de tiempo: 0x35895e12 Código de
excepción: 0xc0000005 Desplazamiento de errores: 0x0002d096 Id. del proceso con errores:
0x97c Hora de inicio de la aplicación con errores: 0x01cc22078330d86a Ruta de acceso
de la aplicación con errores: C:\Users\Gonzalo\AppData\Local\Temp\Rar$EX00.938\setup.exe
Ruta
de acceso del módulo con errores: C:\Users\Gonzalo\AppData\Local\Temp\Rar$EX00.938\setup.exe
Id.
del informe: c133f8a7-8dfa-11e0-a473-6cf0490c7ba9

Error - 07/06/2011 23:10:26 | Computer Name = Gonzalo-AMD | Source = SideBySide | ID = 16842832
Description = Error al generar el contexto de activación para "C:\Users\Gonzalo\Desktop\Aranel\Gonzalo's
Files\RealPlayer .rmvb .exe". Error en el archivo de manifiesto o directiva ""
en la línea . Una versión de componente requerida por la aplicación está en conflicto
con la versión de otro componente activo. Los componentes en conflicto son:. Componente
1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Componente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.

Error - 09/06/2011 10:32:38 | Computer Name = Gonzalo-AMD | Source = ATIeRecord | ID = 16388
Description = ATI EEU Client event error

Error - 11/06/2011 16:23:55 | Computer Name = Gonzalo-AMD | Source = Application Hang | ID = 1002
Description = El programa wow.exe, versión 3.3.5.12340, dejó de interactuar con
Windows y se cerró. Para ver si hay más información disponible acerca del problema,
compruebe el historial de problemas en el panel de control Centro de actividades.

Identificador
de proceso: 12d8 Hora de inicio: 01cc286406b03dd1 Hora de finalización: 229 Ruta de
acceso de la aplicación: C:\Program Files (x86)\World of Warcraft\wow.exe Identificador
de informe: b83b5f2a-9468-11e0-a1df-6cf0490c7ba9

[ System Events ]
Error - 17/05/2012 17:29:09 | Computer Name = Gonzalo-AMD | Source = Service Control Manager | ID = 7023
Description = El servicio Windows Defender se cerró con el siguiente error: %%126

Error - 17/05/2012 17:29:09 | Computer Name = Gonzalo-AMD | Source = Service Control Manager | ID = 7000
Description = El servicio AODDriver4.1 no pudo iniciarse debido al siguiente error:
%%2

Error - 18/05/2012 8:11:34 | Computer Name = Gonzalo-AMD | Source = Service Control Manager | ID = 7000
Description = El servicio AODDriver4.1 no pudo iniciarse debido al siguiente error:
%%2

Error - 18/05/2012 8:11:34 | Computer Name = Gonzalo-AMD | Source = Service Control Manager | ID = 7000
Description = El servicio AVG Firewall no pudo iniciarse debido al siguiente error:
%%2

Error - 18/05/2012 8:11:34 | Computer Name = Gonzalo-AMD | Source = Service Control Manager | ID = 7023
Description = El servicio Windows Defender se cerró con el siguiente error: %%126

Error - 18/05/2012 8:11:35 | Computer Name = Gonzalo-AMD | Source = Service Control Manager | ID = 7000
Description = El servicio AODDriver4.1 no pudo iniciarse debido al siguiente error:
%%2

Error - 19/05/2012 12:10:25 | Computer Name = Gonzalo-AMD | Source = Service Control Manager | ID = 7000
Description = El servicio AODDriver4.1 no pudo iniciarse debido al siguiente error:
%%2

Error - 19/05/2012 12:10:25 | Computer Name = Gonzalo-AMD | Source = Service Control Manager | ID = 7000
Description = El servicio AVG Firewall no pudo iniciarse debido al siguiente error:
%%2

Error - 19/05/2012 12:10:25 | Computer Name = Gonzalo-AMD | Source = Service Control Manager | ID = 7023
Description = El servicio Windows Defender se cerró con el siguiente error: %%126

Error - 19/05/2012 12:10:26 | Computer Name = Gonzalo-AMD | Source = Service Control Manager | ID = 7000
Description = El servicio AODDriver4.1 no pudo iniciarse debido al siguiente error:
%%2


< End of report >




OTL logfile created on: 19/05/2012 15:40:15 - Run 1
OTL by OldTimer - Version 3.2.43.0 Folder = C:\Users\Gonzalo\Downloads
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c0a | Country: España | Language: ESN | Date Format: dd/MM/yyyy

4,00 Gb Total Physical Memory | 2,78 Gb Available Physical Memory | 69,62% Memory free
8,00 Gb Paging File | 6,34 Gb Available in Paging File | 79,26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,76 Gb Total Space | 78,51 Gb Free Space | 16,86% Space Free | Partition Type: NTFS

Computer Name: GONZALO-AMD | User Name: Gonzalo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/19 14:52:42 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Gonzalo\Downloads\OTL(1).exe
PRC - [2009/09/18 16:24:04 | 000,380,928 | ---- | M] (AMD) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
PRC - [2009/08/04 12:29:52 | 000,346,320 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/28 18:19:12 | 000,093,696 | ---- | M] () -- C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
MOD - [2009/09/18 16:23:24 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraEsp.dll
MOD - [2009/07/30 13:15:32 | 000,503,202 | ---- | M] () -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/04/05 23:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/04/05 21:57:34 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/06/17 10:30:54 | 000,094,480 | ---- | M] (SANDBOXIE L.T.D) [Disabled | Stopped] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV:64bit: - [2009/07/13 22:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/05/11 14:50:26 | 002,152,688 | ---- | M] (Lavasoft Limited) [Disabled | Stopped] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2012/02/02 13:22:40 | 002,343,816 | ---- | M] (LogMeIn Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2011/10/12 06:25:22 | 004,433,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Disabled | Stopped] -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/08/02 06:09:08 | 000,192,776 | ---- | M] (AVG Technologies CZ, s.r.o.) [Disabled | Stopped] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) @C:\Program Files (x86)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/08/24 09:38:06 | 000,068,136 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE -- (ES lite Service)
SRV - [2009/08/04 12:29:54 | 000,219,360 | ---- | M] (DeviceVM, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009/07/13 22:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2009/07/13 22:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2009/07/13 22:14:53 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2009/06/10 18:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/27 15:26:42 | 000,398,336 | ---- | M] (Ares Development Group) [Disabled | Stopped] -- C:\Program Files (x86)\Ares\chatServer.exe -- (AresChatServer)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/06 02:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012/04/06 02:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/04/05 22:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/03/05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys -- (AODDriver4.1)
DRV:64bit: - [2012/03/05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys -- (AODDriver4.01)
DRV:64bit: - [2012/02/23 09:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/12/23 07:12:12 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2011/10/07 06:23:46 | 000,283,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2011/09/13 06:30:08 | 000,037,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/08/08 06:08:58 | 000,046,672 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/07/11 01:14:36 | 000,375,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2011/07/11 01:14:08 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/07/11 01:14:06 | 000,120,400 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/07/11 01:14:06 | 000,026,704 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSEH.sys -- (AVGIDSEH)
DRV:64bit: - [2011/06/17 10:30:50 | 000,154,752 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Stopped] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV:64bit: - [2011/02/05 23:53:06 | 000,513,080 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/06/22 10:07:39 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSwa.sys -- (AVGIDSErHrw7a)
DRV:64bit: - [2010/06/01 09:59:24 | 000,029,976 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/08/23 11:02:30 | 000,120,336 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/07/30 08:58:42 | 000,236,544 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/17 15:52:00 | 000,201,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/07/13 22:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 22:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 22:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 22:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 22:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 22:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 22:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 17:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 17:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 17:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 17:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2012/02/08 12:47:22 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2009/07/13 22:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007/11/07 11:42:28 | 000,104,912 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys -- (ISODrive)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://topweb9.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoo...earchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = es
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8B 56 A4 D1 67 E7 CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {0974848a-b5bc-49f2-9778-307742b4a55d} - No CLSID value found
IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoo...earchTerms}&f=4
IE - HKCU\..\SearchScopes\{3D8E39F7-6FD5-4cfc-A7C0-1ED1F6CAC1DC}: "URL" = http://es.search.yah...cevm&type=STDVM
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-se...q={searchTerms}
IE - HKCU\..\SearchScopes\{B0AF75E4-A086-42f5-8D04-DE28D0BB6B3A}: "URL" = http://www.google.co...2788:4067623346
IE - HKCU\..\SearchScopes\{E2D59C90-4A82-4070-8286-FB78FCAFB036}: "URL" = http://www.bing.com/...=SPLBR2&pc=SPLH
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.selectedEngine: "MyStart Search"
FF - prefs.js..browser.startup.homepage: "http://Mystart.incre...ibar.com/mb124"
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.3
FF - prefs.js..extensions.enabledItems: {a3a5c777-f583-4fef-9380-ab4add1bc2a8}:2.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "http://mystart.incre...&&i=26&search="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/03/06 17:48:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/05 04:21:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/12/16 16:52:36 | 000,000,000 | ---D | M]

[2010/11/11 14:01:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gonzalo\AppData\Roaming\mozilla\Extensions
[2012/05/18 22:15:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gonzalo\AppData\Roaming\mozilla\Firefox\Profiles\nhokb6bx.default\extensions
[2011/12/17 20:32:18 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Gonzalo\AppData\Roaming\mozilla\Firefox\Profiles\nhokb6bx.default\extensions\[email protected]
[2012/04/06 23:27:25 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Users\Gonzalo\AppData\Roaming\mozilla\Firefox\Profiles\nhokb6bx.default\extensions\[email protected]
[2012/01/20 12:50:38 | 000,000,000 | ---D | M] (Super Start) -- C:\Users\Gonzalo\AppData\Roaming\mozilla\Firefox\Profiles\nhokb6bx.default\extensions\[email protected]
[2011/02/05 23:53:09 | 000,002,059 | ---- | M] () -- C:\Users\Gonzalo\AppData\Roaming\Mozilla\Firefox\Profiles\nhokb6bx.default\searchplugins\daemon-search.xml
[2012/04/06 23:27:17 | 000,002,203 | ---- | M] () -- C:\Users\Gonzalo\AppData\Roaming\Mozilla\Firefox\Profiles\nhokb6bx.default\searchplugins\MyStart Search.xml
[2011/12/16 16:52:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012/04/06 21:57:04 | 000,013,666 | ---- | M] () (No name found) -- C:\USERS\GONZALO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NHOKB6BX.DEFAULT\EXTENSIONS\{A3A5C777-F583-4FEF-9380-AB4ADD1BC2A8}.XPI
[2012/05/18 22:15:04 | 000,697,058 | ---- | M] () (No name found) -- C:\USERS\GONZALO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NHOKB6BX.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI
[2012/05/05 04:21:21 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/11 00:14:29 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/11 00:14:29 | 000,003,996 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\drae.xml
[2012/02/11 00:14:29 | 000,001,143 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-es.xml
[2011/12/15 12:42:42 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
[2012/02/11 00:14:29 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[2012/02/11 00:14:29 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-es.xml
[2012/02/11 00:14:29 | 000,001,102 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-es.xml

O1 HOSTS File: ([2009/06/10 18:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0974848A-B5BC-49F2-9778-307742B4A55D} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: &Enviar a OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found
O8:64bit: - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: &Enviar a OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9D4D3E30-AC58-447A-A796-7B776B479B00}: NameServer = 200.115.192.29,200.115.192.30
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/12/08 01:22:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/18 21:51:36 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{E95FB76C-3CA5-4B71-A05E-0BC303DD916F}
[2012/05/18 21:51:13 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{66CF7FBA-27F0-4AC9-BA2E-CFBEBF4FBD9C}
[2012/05/18 10:52:48 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\Desktop\Sonata Arctica - Stones Grow Her Name by msfher666
[2012/05/18 09:50:45 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{F69EDC45-8297-4323-8F1A-0A2FBC00A0CA}
[2012/05/18 09:50:28 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{8C90D4AA-AA0F-4626-A28C-EBABF19ADD52}
[2012/05/17 16:01:16 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{BC06832F-A64F-4B9B-92B1-5EEEA0A73E95}
[2012/05/17 16:01:01 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{73B40C8A-1073-4595-A9C3-B761313C1E3A}
[2012/05/16 17:14:44 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{28198C12-8AEF-428E-AB9B-EDFE9429A7F0}
[2012/05/16 17:14:29 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{9B744A81-6374-40FE-A743-E2C77778E9D1}
[2012/05/15 22:08:33 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{0567D3E5-3BFB-4EE0-AF26-FF248F55E1A4}
[2012/05/15 22:08:20 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{33C1D890-397D-46B7-9CE9-601F1FF40FA4}
[2012/05/15 10:06:44 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{2161C7DC-6FDC-4FCB-BE48-2EC8B3E0478A}
[2012/05/15 10:06:07 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{668C0231-4024-4E89-BAC3-82CAEE29B3F5}
[2012/05/14 13:06:37 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{5A594F08-8D04-4C12-A3CA-CE42A476CCC4}
[2012/05/14 13:06:13 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{469A6063-7BDA-4E3B-84B6-1EEEF6A1E310}
[2012/05/14 01:05:47 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{39CC0F8F-6B74-4B18-A0EB-3F5D5DF5950D}
[2012/05/13 13:20:23 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012/05/13 13:20:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2012/05/13 13:20:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012/05/13 13:20:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2012/05/13 13:05:10 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{55C2EA97-777B-4098-BAFC-0335622850DD}
[2012/05/13 13:04:47 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{55D0DFCB-79EC-40C7-B36A-E43867CA6AE2}
[2012/05/12 18:11:22 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{D1D510AD-FC55-41AE-B43A-34F289EA7BEF}
[2012/05/12 18:10:22 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{DFA3E18A-36ED-496B-BEE9-100BE78E9DA9}
[2012/05/12 04:29:50 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{C2AE99CB-9052-4A60-A9D9-E9D289DC60C1}
[2012/05/11 16:29:25 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{3B0E208F-5D31-4AD7-893C-A3CDA1145951}
[2012/05/11 16:29:03 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{F870DA9A-CE4D-4823-AE19-791D3B7CE96B}
[2012/05/11 04:28:33 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{1BDFFDB1-9289-4BCC-B753-9298C790C68C}
[2012/05/11 04:28:14 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{90EED6A3-CFFC-4674-B36E-835BE593C0F9}
[2012/05/09 15:32:45 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{256F7DA9-03CE-4336-907C-B2B491FCCEF6}
[2012/05/09 15:32:32 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{4C388D5C-B010-41B8-8D54-618D7841E7B5}
[2012/05/09 00:50:25 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{6794A934-CAE4-45A5-9FCE-095DE7B73C08}
[2012/05/08 15:15:35 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\Desktop\Diagramas
[2012/05/08 12:49:22 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{9720CD11-4B12-4D7D-B0B3-A4718F038782}
[2012/05/08 12:48:59 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{C37AE853-B554-48C9-A5D4-D0516507F53A}
[2012/05/08 00:48:07 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{DD296E06-9225-402A-ACE5-9EDFA70F0938}
[2012/05/08 00:47:44 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{B07BB328-8A24-4703-B65D-94DF7F2F1EB7}
[2012/05/07 12:47:01 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{2FF43B4B-9001-4865-8A8A-D727939C39AB}
[2012/05/07 12:46:08 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{B928387D-AB9C-4F4D-B8B8-466D7FA04907}
[2012/05/06 16:20:55 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{ED7AEF2B-8BD3-4A16-9193-23DBD4272AD5}
[2012/05/06 16:20:41 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{AABEE1CC-E17D-4E78-AFCD-57351DA89F4B}
[2012/05/05 12:50:48 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{6DD778DE-C804-4A56-B21D-7BFD3F1DE330}
[2012/05/05 12:50:25 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{CB8A03FA-42F3-4DC9-B6A2-CC962D88E205}
[2012/05/05 04:21:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/05/02 13:36:36 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{6E532465-64AA-4D03-9340-14FE8F7376C0}
[2012/05/02 13:36:13 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{B128A7C4-9739-415D-A558-7168141ED201}
[2012/05/02 01:35:46 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{E4088F82-0272-4C26-A674-92326CD2CD6E}
[2012/05/01 13:35:09 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{F5266D9F-A38E-4D0C-BDD0-45CEC7573DEA}
[2012/05/01 13:34:46 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{F744F225-79E9-4267-A590-A10D8A601B16}
[2012/05/01 01:34:20 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{31FE5C18-64EB-4BF0-826A-68A9F648B8AF}
[2012/05/01 01:33:58 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{0DF2974D-843A-4E2D-B7DB-1153163FC1AA}
[2012/04/30 13:33:44 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{D6024324-308F-4537-A945-29D53F16B606}
[2012/04/30 13:33:31 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{D7993BEA-F9D6-4BD3-B9FE-A3735DC99404}
[2012/04/30 00:41:15 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{E7309E2E-2A52-4617-997D-EA0D293B4A53}
[2012/04/30 00:40:53 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{396CBB30-0AC8-4586-B813-D1B750A4FAA9}
[2012/04/29 12:40:26 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{DEC641C0-1100-40AA-8311-AFDEF91A7B01}
[2012/04/29 12:40:04 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{97B20CFC-5EDF-4494-8DAD-A7184F719261}
[2012/04/29 00:39:37 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{E74EC652-80EA-4733-8E37-1AE591F3A399}
[2012/04/28 12:38:59 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{27B86FB6-0DDC-4F9E-971E-98776DA4633A}
[2012/04/28 12:38:36 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{DE9A6738-D791-497C-91B8-A38168C3DF42}
[2012/04/28 00:38:09 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{7B559DB6-0FCE-4CC7-AC71-0D71B702A0E2}
[2012/04/28 00:37:17 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{AEE7D706-F024-4241-98C9-8CA81E1182AD}
[2012/04/27 12:36:49 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{881FED82-77BE-409B-95A4-62FE9BC942E9}
[2012/04/27 12:36:31 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{48F0FDDA-3AEC-4A70-819A-4BC7EA6B7D42}
[2012/04/26 14:28:27 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{4319C87A-0AD3-4511-AA74-0FDBF82D2B2E}
[2012/04/26 14:28:13 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{43461298-4D4D-4C7E-942C-2F3AC58BB851}
[2012/04/24 11:36:47 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{12314F58-7F13-4CC7-9AAE-74EC1B3D53D6}
[2012/04/24 11:36:32 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{B8FC456B-18CB-469C-9BA2-1226E0F44B78}
[2012/04/22 23:31:51 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{270C9168-2805-44C1-914E-2A21F2F0B36F}
[2012/04/22 23:31:33 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{A2618E75-45CF-4C33-BAC9-21DDFB75AE34}
[2012/04/22 01:25:55 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{52E6A5C6-37ED-4019-BD73-9536BBF55895}
[2012/04/22 01:25:32 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{3878BA92-127B-42F2-A5B5-70F39D00B492}
[2012/04/21 13:25:17 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{4A51C319-26CD-404C-8B31-6BECE09CF64D}
[2012/04/21 13:25:06 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{9C712213-CC39-4181-A5BE-CB2B60A71D1C}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/19 13:18:12 | 000,018,384 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/19 13:18:12 | 000,018,384 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/19 13:10:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/19 13:10:22 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/17 13:14:06 | 000,131,752 | ---- | M] () -- C:\Users\Gonzalo\Desktop\error.png
[2012/05/16 00:37:25 | 000,207,271 | ---- | M] () -- C:\Users\Gonzalo\Desktop\Shot00014.jpg
[2012/05/16 00:24:00 | 000,000,116 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2012/05/14 19:11:49 | 000,000,020 | ---- | M] () -- C:\Windows\lö¿
[2012/05/14 12:32:19 | 000,813,243 | ---- | M] () -- C:\Users\Gonzalo\Desktop\88ceb518403.jpg
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/17 13:14:06 | 000,131,752 | ---- | C] () -- C:\Users\Gonzalo\Desktop\error.png
[2012/05/16 00:37:24 | 000,207,271 | ---- | C] () -- C:\Users\Gonzalo\Desktop\Shot00014.jpg
[2012/05/14 19:11:48 | 000,000,020 | ---- | C] () -- C:\Windows\lö¿
[2012/05/14 12:32:18 | 000,813,243 | ---- | C] () -- C:\Users\Gonzalo\Desktop\88ceb518403.jpg
[2012/03/09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/03/06 14:50:16 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2012/03/06 14:50:15 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2012/02/14 23:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/02/14 23:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/02/10 01:18:02 | 000,001,456 | ---- | C] () -- C:\Users\Gonzalo\AppData\Local\Adobe Guardar para Web 12.0 Prefs
[2012/01/25 21:01:59 | 000,000,132 | ---- | C] () -- C:\Users\Gonzalo\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2012/01/15 01:34:14 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012/01/15 01:34:14 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012/01/15 01:34:14 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2012/01/15 01:34:14 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/01/15 01:34:13 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/11/08 15:27:26 | 001,853,736 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/10/31 11:02:28 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\bcevent.dll
[2011/10/25 23:31:57 | 000,055,808 | ---- | C] () -- C:\Windows\SysWow64\zlib1.dll
[2011/10/25 21:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011/09/12 19:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/09/12 11:12:53 | 000,000,116 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011/09/10 19:10:50 | 000,002,316 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2011/03/19 18:21:27 | 000,164,510 | ---- | C] () -- C:\Windows\Video Slice Uninstaller.exe
[2011/01/21 17:27:56 | 000,003,584 | ---- | C] () -- C:\Users\Gonzalo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/01 18:40:05 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2010/10/14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/09/23 13:59:42 | 000,000,849 | ---- | C] () -- C:\Windows\ARPR.INI
[2010/09/06 20:27:22 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/08/22 00:45:44 | 000,007,602 | ---- | C] () -- C:\Users\Gonzalo\AppData\Local\Resmon.ResmonCfg

========== LOP Check ==========

[2012/02/04 16:52:33 | 000,000,000 | ---D | M] -- C:\Users\Gonzalo\AppData\Roaming\AVG2012
[2010/07/11 15:23:59 | 000,000,000 | ---D | M] -- C:\Users\Gonzalo\AppData\Roaming\AVG9
[2012/04/15 12:58:00 | 000,000,000 | ---D | M] -- C:\Users\Gonzalo\AppData\Roaming\DAEMON Tools Lite
[2011/12/30 18:52:17 | 000,000,000 | ---D | M] -- C:\Users\Gonzalo\AppData\Roaming\Dev-Cpp
[2012/04/24 00:48:33 | 000,000,000 | ---D | M] -- C:\Users\Gonzalo\AppData\Roaming\FileZilla
[2011/10/24 23:40:19 | 000,000,000 | ---D | M] -- C:\Users\Gonzalo\AppData\Roaming\fltk.org
[2011/06/07 11:31:42 | 000,000,000 | ---D | M] -- C:\Users\Gonzalo\AppData\Roaming\GetRightToGo
[2011/05/15 01:33:07 | 000,000,000 | ---D | M] -- C:\Users\Gonzalo\AppData\Roaming\Helios
[2010/07/27 20:03:29 | 000,000,000 | ---D | M] -- C:\Users\Gonzalo\AppData\Roaming\JGsoft
[2012/02/04 12:09:33 | 000,000,000 | ---D | M] -- C:\Users\Gonzalo\AppData\Roaming\Lineage Utils - Beta
[2012/04/18 09:36:15 | 000,000,000 | ---D | M] -- C:\Users\Gonzalo\AppData\Roaming\Macro Recorder
[2012/05/14 19:10:19 | 000,000,000 | ---D | M] -- C:\Users\Gonzalo\AppData\Roaming\Media Finder
[2011/02/22 16:13:00 | 000,000,000 | ---D | M] -- C:\Users\Gonzalo\AppData\Roaming\OnReally
[2011/08/30 12:52:48 | 000,000,000 | ---D | M] -- C:\Users\Gonzalo\AppData\Roaming\OpenOffice.org
[2011/12/25 21:21:45 | 000,000,000 | ---D | M] -- C:\Users\Gonzalo\AppData\Roaming\Opera
[2012/04/06 23:25:12 | 000,000,000 | ---D | M] -- C:\Users\Gonzalo\AppData\Roaming\player
[2011/03/19 18:21:26 | 000,000,000 | ---D | M] -- C:\Users\Gonzalo\AppData\Roaming\River Past G5
[2011/06/19 13:43:17 | 000,000,000 | ---D | M] -- C:\Users\Gonzalo\AppData\Roaming\Runiter
[2012/04/25 11:36:12 | 000,000,000 | ---D | M] -- C:\Users\Gonzalo\AppData\Roaming\TS3Client
[2011/01/01 23:37:03 | 000,000,000 | ---D | M] -- C:\Users\Gonzalo\AppData\Roaming\Uniblue
[2012/05/18 19:02:56 | 000,000,000 | ---D | M] -- C:\Users\Gonzalo\AppData\Roaming\uTorrent
[2012/04/03 22:08:59 | 000,032,532 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2011/06/28 21:40:28 | 000,000,036 | ---- | M] ()(C:\Windows\SysWow64\?­) -- C:\Windows\SysWow64\绠­
[2011/06/28 21:40:28 | 000,000,036 | ---- | C] ()(C:\Windows\SysWow64\?­) -- C:\Windows\SysWow64\绠­
[2011/06/18 20:27:12 | 000,000,036 | ---- | M] ()(C:\Windows\SysWow64\?L) -- C:\Windows\SysWow64\泐Ľ
[2011/06/18 20:27:12 | 000,000,036 | ---- | C] ()(C:\Windows\SysWow64\?L) -- C:\Windows\SysWow64\泐Ľ
[2011/04/28 23:39:14 | 000,000,036 | ---- | M] ()(C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\였ĸ
[2011/04/28 23:39:14 | 000,000,036 | ---- | C] ()(C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\였ĸ

========== Alternate Data Streams ==========

@Alternate Data Stream - 518 bytes -> C:\ProgramData\TEMP:05EE1EEF

< End of report >
  • 0

#6
Crowbar
Posted 20 May 2012 - 06:20 AM

Crowbar

    Teacher

  • GeekU Moderator
  • 4,798 posts
Hello Aranel,
Hmmm, you reposted the original OTL scan, but did post the Extras.txt file for me, good job :thumbsup:

Let's try my original custom scan in safe mode. There are instructions to start your computer in Safe Mode With Networking here if you need them

Step 1
Please boot your computer into Safe Mode With Networking, so that you still have access to this topic.

Step 2
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    netsvcs
msconfig
safebootminimal
safebootnetwork
%SYSTEMDRIVE%\*.exe
/md5start
consrv.dll
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
C:\Windows\assembly\tmp\U\*.* /s
C:\Program Files\Common Files\ComObjects\*.* /s
C:\windows\*. /RP /s
%Temp%\smtmp\1\*.*
%Temp%\smtmp\2\*.*
%Temp%\smtmp\3\*.*
%Temp%\smtmp\4\*.*
CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • Post the log it produces in your next reply.

In your next reply I would like to see:
  • OTL log file

  • 0

#7
Aranel
Posted 21 May 2012 - 07:01 AM

Aranel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
I turned the computer in Safe mode with networking, run the OTL with the code you gave me, but then again i got this Out of memory
error, tried it twice but still got this error.
  • 0

#8
Crowbar
Posted 21 May 2012 - 12:06 PM

Crowbar

    Teacher

  • GeekU Moderator
  • 4,798 posts
Hi Aranel,

Let's try another scanner and see if we have better luck.

Please download DDS and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds.scr to run the tool.
  • When done, DDS.txt will open.
  • Click Yes at the next prompt for Optional Scan.
  • Save both reports to your desktop.
---------------------------------------------------

Please include the contents of the following in your next reply:

DDS.txt

Please attach the second file; Attach.txt. To attach a file, do the following:
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

In your next reply I would like to see:
  • The contents of DDS.txt
  • The contents of Attach.txt

  • 0

#9
Aranel
Posted 22 May 2012 - 08:41 AM

Aranel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Ok, this one worked, DDS.txt pasted and Attach.txt attached.


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Run by Gonzalo at 11:36:47 on 2012-05-22
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.3082.18.4094.2720 [GMT -3:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
mStart Page = hxxp://topweb9.com
mSearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
uURLSearchHooks: SearchHook Class: {bc86e1ab-eda5-4059-938f-ce307b0c6f0a} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - No File
BHO: Aplicación auxiliar de inicio de sesión de Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {0974848A-B5BC-49F2-9778-307742B4A55D} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
mRun: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: &Enviar a OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html
IE: E&xportar a Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: Interfaces\{9D4D3E30-AC58-447A-A796-7B776B479B00} : NameServer = 200.115.192.29,200.115.192.30
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{22BF413B-C6D2-4d91-82A9-A0F997BA588C}
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
BHO-X64: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - No File
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{9FDDE16B-836F-4806-AB1F-1455CBEFF289}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
TB-X64: {0974848A-B5BC-49F2-9778-307742B4A55D} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB-X64: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
mRun-x64: [BCU] "C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Gonzalo\AppData\Roaming\Mozilla\Firefox\Profiles\nhokb6bx.default\
FF - prefs.js: browser.search.selectedEngine - MyStart Search
FF - prefs.js: browser.startup.homepage - hxxp://Mystart.incredibar.com/mb124
FF - prefs.js: keyword.URL - hxxp://mystart.incredibar.com/mb119/?loc=IB_DS&a=6R8p9vzXys&&i=26&search=
FF - component: C:\Users\Gonzalo\AppData\Roaming\Mozilla\Firefox\Profiles\nhokb6bx.default\extensions\[email protected]\components\FFHst.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\NOS\bin\np_gp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6R8p9vzXys&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 8451efe90000000000006cf0490c7ba9
FF - user.js: extensions.incredibar_i.instlDay - 15437
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1423:27:25
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6R8p9vzXys
FF - user.js: extensions.incredibar_i.upn2n - 92824146508152380
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10606
FF - user.js: extensions.incredibar_i.ppd - 85%5F3
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 AVGIDSErHrw7a;AVG9IDSErHr;C:\Windows\system32\Drivers\AVGIDSwa.sys --> C:\Windows\system32\Drivers\AVGIDSwa.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R1 Avgfwfd;AVG network filter service;C:\Windows\system32\DRIVERS\avgfwd6a.sys --> C:\Windows\system32\DRIVERS\avgfwd6a.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-4-5 361984]
R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
S2 avgfws9;AVG Firewall;"C:\Program Files (x86)\AVG\AVG9\avgfws9.exe" --> C:\Program Files (x86)\AVG\AVG9\avgfws9.exe [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
S3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
S3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2011-6-17 154752]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 WatAdminSvc;Servicio de tecnologías de activación de Windows;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 avg9emc;AVG E-mail Scanner;"C:\Program Files (x86)\AVG\AVG9\avgemc.exe" --> C:\Program Files (x86)\AVG\AVG9\avgemc.exe [?]
S4 avg9wd;AVG WatchDog;"C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe" --> C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [?]
S4 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S4 avgwd;WatchDog de AVG;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
S4 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2010-4-29 219360]
S4 ES lite Service;ES lite Service for program management.;C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe [2010-4-29 68136]
S4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-2-2 2343816]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-12-23 2152688]
S4 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
S4 NLCSAgent;NLCS Agent;C:\Windows\SysWOW64\nlcspro\csagtprosvc.exe --> C:\Windows\SysWOW64\nlcspro\csagtprosvc.exe [?]
.
=============== File Associations ===============
.
inffile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
VBEFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*
VBSFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-05-21 22:28:55 -------- d-----w- C:\Users\Gonzalo\AppData\Local\{CA76DE75-1C34-473D-B63E-2EE20BF705AC}
2012-05-21 22:28:37 -------- d-----w- C:\Users\Gonzalo\AppData\Local\{18F48607-9101-42DC-8DB8-150945BB76ED}
2012-05-20 19:03:07 -------- d-----w- C:\Users\Gonzalo\AppData\Local\{4832370F-C69C-4025-9226-DE8C452A38AD}
2012-05-20 19:02:54 -------- d-----w- C:\Users\Gonzalo\AppData\Local\{E407DC43-80FE-4C0B-8C63-2B2ABC5BF60A}
2012-05-19 23:22:30 -------- d-----w- C:\Users\Gonzalo\AppData\Local\{77353729-0723-4373-A46D-199197E7DBFA}
2012-05-19 23:22:12 -------- d-----w- C:\Users\Gonzalo\AppData\Local\{4E049D48-76E3-4E17-83F7-2BEF0B8D4E2A}
2012-05-19 00:51:36 -------- d-----w- C:\Users\Gonzalo\AppData\Local\{E95FB76C-3CA5-4B71-A05E-0BC303DD916F}
2012-05-19 00:51:13 -------- d-----w- C:\Users\Gonzalo\AppData\Local\{66CF7FBA-27F0-4AC9-BA2E-CFBEBF4FBD9C}
2012-05-18 12:50:45 -------- d-----w- C:\Users\Gonzalo\AppData\Local\{F69EDC45-8297-4323-8F1A-0A2FBC00A0CA}
2012-05-18 12:50:28 -------- d-----w- C:\Users\Gonzalo\AppData\Local\{8C90D4AA-AA0F-4626-A28C-EBABF19ADD52}
2012-05-17 19:01:16 -------- d-----w- C:\Users\Gonzalo\AppData\Local\{BC06832F-A64F-4B9B-92B1-5EEEA0A73E95}
2012-05-17 19:01:01 -------- d-----w- C:\Users\Gonzalo\AppData\Local\{73B40C8A-1073-4595-A9C3-B761313C1E3A}
2012-05-16 20:14:44 -------- d-----w- C:\Users\Gonzalo\AppData\Local\{28198C12-8AEF-428E-AB9B-EDFE9429A7F0}
2012-05-16 20:14:29 -------- d-----w- C:\Users\Gonzalo\AppData\Local\{9B744A81-6374-40FE-A743-E2C77778E9D1}
2012-05-16 01:08:33 -------- d-----w- C:\Users\Gonzalo\AppData\Local\{0567D3E5-3BFB-4EE0-AF26-FF248F55E1A4}
2012-05-16 01:08:20 -------- d-----w- C:\Users\Gonzalo\AppData\Local\{33C1D890-397D-46B7-9CE9-601F1FF40FA4}
2012-05-15 13:06:44 -------- d-----w- C:\Users\Gonzalo\AppData\Local\{2161C7DC-6FDC-4FCB-BE48-2EC8B3E0478A}
2012-05-15 13:06:07 -------- d-----w- C:\Users\Gonzalo\AppData\Local\{668C0231-4024-4E89-BAC3-82CAEE29B3F5}
2012-05-14 16:06:37 -------- d-----w- C:\Users\Gonzalo\AppData\Local\{5A594F08-8D04-4C12-A3CA-CE42A476CCC4}
2012-05-14 16:06:13 -------- d-----w- C:\Users\Gonzalo\AppData\Local\{469A6063-7BDA-4E3B-84B6-1EEEF6A1E310}
2012-05-14 04:05:47 -------- d-----w- C:\Users\Gonzalo\AppData\Local\{39CC0F8F-6B74-4B18-A0EB-3F5D5DF5950D}
2012-05-13 16:20:22 -------- d-----w- C:\Program Files (x86)\AMD AVT
2012-05-13 16:20:18 -------- d-----w- C:\Program Files (x86)\AMD APP
2012-05-13 16:05:10 -------- d-----w- C:\Users\Gonzalo\AppData\Local\{55C2EA97-777B-4098-BAFC-0335622850DD}
2012-05-13 16:04:47 -------- d-----w- C:\Users\Gonzalo\AppData\Local\{55D0DFCB-79EC-40C7-B36A-E43867CA6AE2}
2012-05-12 21:11:22 -------- d-----w- C:\Users\Gonzalo\AppData\Local\{D1D510AD-FC55-41AE-B43A-34F289EA7BEF}
2012-05-12 21:10:22 -------- d-----w- C:\Users\Gonzalo\AppData\Local\{DFA3E18A-36ED-496B-BEE9-100BE78E9DA9}
2012-05-12 07:29:50 -------- d-----w- C:\Users\Gonzalo\AppData\Local\{C2AE99CB-9052-4A60-A9D9-E9D289DC60C1}
2012-05-11 19:29:25 -------- d-----w- C:\Users\Gonzalo\AppData\Local\{3B0E208F-5D31-4AD7-893C-A3CDA1145951}
2012-05-11 19:29:03 -------- d-----w- C:\Users\Gonzalo\AppData\Local\{F870DA9A-CE4D-4823-AE19-791D3B7CE96B}
2012-05-11 07:28:33 -------- d-----w- C:\Users\Gonzalo\AppData\Local\{1BDFFDB1-9289-4BCC-B753-9298C790C68C}
2012-05-11 07:28:14 -------- d-----w- C:\Users\Gonzalo\AppData\Local\{90EED6A3-CFFC-4674-B36E-835BE593C0F9}
2012-05-09 18:32:45 -------- d-----w- C:\Users\Gonzalo\AppData\Local\{256F7DA9-03CE-4336-907C-B2B491FCCEF6}
2012-05-09 18:32:32 -------- d-----w- C:\Users\Gonzalo\AppData\Local\{4C388D5C-B010-41B8-8D54-618D7841E7B5}
2012-05-09 03:50:25 -------- d-----w- C:\Users\Gonzalo\AppData\Local\{6794A934-CAE4-45A5-9FCE-095DE7B73C08}
2012-05-08 15:49:22 -------- d-----w- C:\Users\Gonzalo\AppData\Local\{9720CD11-4B12-4D7D-B0B3-A4718F038782}
2012-05-08 15:48:59 -------- d-----w- C:\Users\Gonzalo\AppData\Local\{C37AE853-B554-48C9-A5D4-D0516507F53A}
2012-05-08 03:48:07 -------- d-----w- C:\Users\Gonzalo\AppData\Local\{DD296E06-9225-402A-ACE5-9EDFA70F0938}
2012-05-08 03:47:44 -------- d-----w- C:\Users\Gonzalo\AppData\Local\{B07BB328-8A24-4703-B65D-94DF7F2F1EB7}
2012-05-07 15:47:01 -------- d-----w- C:\Users\Gonzalo\AppData\Local\{2FF43B4B-9001-4865-8A8A-D727939C39AB}
2012-05-07 15:46:08 -------- d-----w- C:\Users\Gonzalo\AppData\Local\{B928387D-AB9C-4F4D-B8B8-466D7FA04907}
2012-05-06 19:20:55 -------- d-----w- C:\Users\Gonzalo\AppData\Local\{ED7AEF2B-8BD3-4A16-9193-23DBD4272AD5}
2012-05-06 19:20:41 -------- d-----w- C:\Users\Gonzalo\AppData\Local\{AABEE1CC-E17D-4E78-AFCD-57351DA89F4B}
2012-05-05 15:50:48 -------- d-----w- C:\Users\Gonzalo\AppData\Local\{6DD778DE-C804-4A56-B21D-7BFD3F1DE330}
2012-05-05 15:50:25 -------- d-----w- C:\Users\Gonzalo\AppData\Local\{CB8A03FA-42F3-4DC9-B6A2-CC962D88E205}
2012-05-05 07:21:21 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-05 07:21:21 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-05-02 16:36:36 -------- d-----w- C:\Users\Gonzalo\AppData\Local\{6E532465-64AA-4D03-9340-14FE8F7376C0}
2012-05-02 16:36:13 -------- d-----w- C:\Users\Gonzalo\AppData\Local\{B128A7C4-9739-415D-A558-7168141ED201}
2012-05-02 04:35:46 -------- d-----w- C:\Users\Gonzalo\AppData\Local\{E4088F82-0272-4C26-A674-92326CD2CD6E}
2012-05-01 16:35:09 -------- d-----w- C:\Users\Gonzalo\AppData\Local\{F5266D9F-A38E-4D0C-BDD0-45CEC7573DEA}
2012-05-01 16:34:46 -------- d-----w- C:\Users\Gonzalo\AppData\Local\{F744F225-79E9-4267-A590-A10D8A601B16}
2012-05-01 04:34:20 -------- d-----w- C:\Users\Gonzalo\AppData\Local\{31FE5C18-64EB-4BF0-826A-68A9F648B8AF}
2012-05-01 04:33:58 -------- d-----w- C:\Users\Gonzalo\AppData\Local\{0DF2974D-843A-4E2D-B7DB-1153163FC1AA}
2012-04-30 16:33:44 -------- d-----w- C:\Users\Gonzalo\AppData\Local\{D6024324-308F-4537-A945-29D53F16B606}
2012-04-30 16:33:31 -------- d-----w- C:\Users\Gonzalo\AppData\Local\{D7993BEA-F9D6-4BD3-B9FE-A3735DC99404}
2012-04-30 03:41:15 -------- d-----w- C:\Users\Gonzalo\AppData\Local\{E7309E2E-2A52-4617-997D-EA0D293B4A53}
2012-04-30 03:40:53 -------- d-----w- C:\Users\Gonzalo\AppData\Local\{396CBB30-0AC8-4586-B813-D1B750A4FAA9}
2012-04-29 15:40:26 -------- d-----w- C:\Users\Gonzalo\AppData\Local\{DEC641C0-1100-40AA-8311-AFDEF91A7B01}
2012-04-29 15:40:04 -------- d-----w- C:\Users\Gonzalo\AppData\Local\{97B20CFC-5EDF-4494-8DAD-A7184F719261}
2012-04-29 03:39:37 -------- d-----w- C:\Users\Gonzalo\AppData\Local\{E74EC652-80EA-4733-8E37-1AE591F3A399}
2012-04-28 15:38:59 -------- d-----w- C:\Users\Gonzalo\AppData\Local\{27B86FB6-0DDC-4F9E-971E-98776DA4633A}
2012-04-28 15:38:36 -------- d-----w- C:\Users\Gonzalo\AppData\Local\{DE9A6738-D791-497C-91B8-A38168C3DF42}
2012-04-28 03:38:09 -------- d-----w- C:\Users\Gonzalo\AppData\Local\{7B559DB6-0FCE-4CC7-AC71-0D71B702A0E2}
2012-04-28 03:37:17 -------- d-----w- C:\Users\Gonzalo\AppData\Local\{AEE7D706-F024-4241-98C9-8CA81E1182AD}
2012-04-27 15:36:49 -------- d-----w- C:\Users\Gonzalo\AppData\Local\{881FED82-77BE-409B-95A4-62FE9BC942E9}
2012-04-27 15:36:31 -------- d-----w- C:\Users\Gonzalo\AppData\Local\{48F0FDDA-3AEC-4A70-819A-4BC7EA6B7D42}
2012-04-26 17:28:27 -------- d-----w- C:\Users\Gonzalo\AppData\Local\{4319C87A-0AD3-4511-AA74-0FDBF82D2B2E}
2012-04-26 17:28:13 -------- d-----w- C:\Users\Gonzalo\AppData\Local\{43461298-4D4D-4C7E-942C-2F3AC58BB851}
2012-04-24 14:36:47 -------- d-----w- C:\Users\Gonzalo\AppData\Local\{12314F58-7F13-4CC7-9AAE-74EC1B3D53D6}
2012-04-24 14:36:32 -------- d-----w- C:\Users\Gonzalo\AppData\Local\{B8FC456B-18CB-469C-9BA2-1226E0F44B78}
2012-04-23 02:31:51 -------- d-----w- C:\Users\Gonzalo\AppData\Local\{270C9168-2805-44C1-914E-2A21F2F0B36F}
2012-04-23 02:31:33 -------- d-----w- C:\Users\Gonzalo\AppData\Local\{A2618E75-45CF-4C33-BAC9-21DDFB75AE34}
.
==================== Find3M ====================
.
2012-04-06 05:22:40 11174400 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2012-04-06 02:22:00 159744 ----a-w- C:\Windows\System32\atiapfxx.exe
2012-04-06 02:21:52 909312 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2012-04-06 02:20:04 1067520 ----a-w- C:\Windows\System32\aticfx64.dll
2012-04-06 02:16:52 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2012-04-06 02:16:46 503808 ----a-w- C:\Windows\System32\atieclxx.exe
2012-04-06 02:16:02 236544 ----a-w- C:\Windows\System32\atiesrxx.exe
2012-04-06 02:14:44 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2012-04-06 02:14:30 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2012-04-06 02:14:26 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2012-04-06 02:14:20 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2012-04-06 02:13:42 6800896 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2012-04-06 02:10:50 26181632 ----a-w- C:\Windows\System32\atio6axx.dll
2012-04-06 02:00:10 64000 ----a-w- C:\Windows\System32\coinst.dll
2012-04-06 01:54:46 7479296 ----a-w- C:\Windows\System32\atidxx64.dll
2012-04-06 01:50:56 19753984 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2012-04-06 01:35:24 1120768 ----a-w- C:\Windows\System32\atiumd6v.dll
2012-04-06 01:34:50 1831424 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2012-04-06 01:34:34 4731904 ----a-w- C:\Windows\System32\atiumd6a.dll
2012-04-06 01:34:26 187392 ----a-w- C:\Windows\System32\clinfo.exe
2012-04-06 01:34:10 74752 ----a-w- C:\Windows\System32\OpenVideo64.dll
2012-04-06 01:34:04 64512 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2012-04-06 01:34:04 6203392 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2012-04-06 01:33:56 63488 ----a-w- C:\Windows\System32\OVDecode64.dll
2012-04-06 01:33:52 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2012-04-06 01:33:44 16457216 ----a-w- C:\Windows\System32\amdocl64.dll
2012-04-06 01:32:56 13007872 ----a-w- C:\Windows\SysWow64\amdocl.dll
2012-04-06 01:30:16 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2012-04-06 01:30:14 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2012-04-06 01:30:08 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2012-04-06 01:30:06 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2012-04-06 01:29:54 16090624 ----a-w- C:\Windows\System32\aticaldd64.dll
2012-04-06 01:25:30 13764096 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2012-04-06 01:23:24 7431680 ----a-w- C:\Windows\System32\atiumd64.dll
2012-04-06 01:22:54 4795904 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2012-04-06 01:11:28 514560 ----a-w- C:\Windows\System32\atiadlxx.dll
2012-04-06 01:11:20 360448 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2012-04-06 01:11:06 17408 ----a-w- C:\Windows\System32\atig6pxx.dll
2012-04-06 01:11:04 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2012-04-06 01:11:04 14848 ----a-w- C:\Windows\System32\atiglpxx.dll
2012-04-06 01:11:00 41984 ----a-w- C:\Windows\System32\atig6txx.dll
2012-04-06 01:10:52 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2012-04-06 01:10:44 343040 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2012-04-06 01:09:56 54784 ----a-w- C:\Windows\System32\atiuxp64.dll
2012-04-06 01:09:48 41984 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2012-04-06 01:09:42 44544 ----a-w- C:\Windows\System32\atiu9p64.dll
2012-04-06 01:09:34 32256 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2012-04-06 01:09:02 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2012-04-06 01:06:08 54784 ----a-w- C:\Windows\System32\atimpc64.dll
2012-04-06 01:06:08 54784 ----a-w- C:\Windows\System32\amdpcom64.dll
2012-04-06 01:06:04 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2012-04-06 01:06:04 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2012-03-22 19:12:12 4435968 ----a-w- C:\Windows\SysWow64\GPhotos.scr
2012-03-12 15:21:25 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-09 17:07:04 29184 ----a-w- C:\Windows\System32\kdbsdk64.dll
2012-03-09 17:06:14 24576 ----a-w- C:\Windows\SysWow64\kdbsdk32.dll
2012-03-08 21:50:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll
2012-03-08 21:37:20 302448 ----a-w- C:\Windows\WLXPGSS.SCR
2012-03-06 17:57:42 16432 ----a-w- C:\Windows\System32\lsdelete.exe
2012-02-23 12:32:04 95760 ----a-w- C:\Windows\System32\drivers\AtihdW76.sys
.
============= FINISH: 11:36:57,80 ===============

Attached Files


  • 0

#10
Crowbar
Posted 23 May 2012 - 06:13 PM

Crowbar

    Teacher

  • GeekU Moderator
  • 4,798 posts
Hi Aranel,
Glad DDS worked for you, I will have you run it's sister program.

I notice that you have one or more P2P (Peer to Peer) file sharing programs installed on your computer.
  • UTorrent
This is a very easy way to get infected, as many of the files that can be downloaded with these P2P programs are infected with all sorts of malware.
You put your system at a very big risk by downloading these files, and that is why we recommend
that you remove these programs from your computer.
If you do not want to remove them, please DO NOT use them while we are cleaning your machine.

If you need any help removing them I will be glad to assist you.

Your Java is out of date, I've included instructions to update it.

Step 1
Please download ComboFix from Here or Here to your Desktop.

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks
  • Also allow the installation of the recovery console

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" ComboFix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.

Step 2
Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. NOT supported for use in 9x or ME

Upgrade Java : (64 bits)
  • Download the latest version of Java SE Runtime Environment (JRE) JRE 7 Update 3 .
  • Under the JAVA Platform Standard Edition, click the "Download JRE" button to the right.
  • Check the box that says: "Accept License Agreement.".
  • Click on the link to download Windows Offline Installation 64 bit ( jre-7u3-windows-x64.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista or Win 7 users, right click on the jre-7u3-windows-x64.exe and select "Run as an Administrator.")

Step 3
Your Internet Explorer is outdated, you should upgrade to IE 9, even if you don't use it. You can download IE9 here

In your next reply I would like to see:
  • Combofix log
  • How is your computer running now?

  • 0

Advertisements

#11
Aranel
Posted 24 May 2012 - 07:29 AM

Aranel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Okay, i followed your steps, got the last java and IE version.
Downloaded and run Combofix.

Pc working normally, but MyStart still in Moxilla.

Here goes ComboFix log:


ComboFix 12-05-24.01 - Gonzalo 24/05/2012 9:46.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.3082.18.4094.2524 [GMT -3:00]
Running from: c:\users\Gonzalo\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-04-24 to 2012-05-24 )))))))))))))))))))))))))))))))
.
.
2012-05-24 13:04 . 2012-05-24 13:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-24 12:42 . 2012-05-24 12:41 955848 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-05-24 12:42 . 2012-05-24 12:41 839112 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-24 12:41 . 2012-05-24 12:41 -------- d-----w- c:\program files\Java
2012-05-24 12:35 . 2012-05-24 12:35 -------- d-----w- c:\windows\SysWow64\wbem\en-US
2012-05-24 12:35 . 2012-05-24 12:35 -------- d-----w- c:\windows\system32\wbem\en-US
2012-05-24 12:30 . 2012-05-24 12:30 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-05-13 16:20 . 2012-05-13 16:20 -------- d-----w- c:\programdata\ATI
2012-05-13 16:20 . 2012-05-13 16:20 -------- d-----w- c:\program files (x86)\AMD AVT
2012-05-13 16:20 . 2012-05-13 16:20 -------- d-----w- c:\program files (x86)\AMD APP
2012-05-05 07:21 . 2012-05-05 07:21 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-05 07:21 . 2012-05-05 07:21 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-06 05:22 . 2012-04-06 05:22 11174400 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-04-06 02:22 . 2012-04-06 02:22 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-04-06 02:21 . 2011-07-28 21:40 909312 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-04-06 02:20 . 2011-07-28 21:39 1067520 ----a-w- c:\windows\system32\aticfx64.dll
2012-04-06 02:16 . 2012-04-06 02:16 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-04-06 02:16 . 2012-04-06 02:16 503808 ----a-w- c:\windows\system32\atieclxx.exe
2012-04-06 02:16 . 2012-04-06 02:16 236544 ----a-w- c:\windows\system32\atiesrxx.exe
2012-04-06 02:14 . 2012-04-06 02:14 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-04-06 02:14 . 2012-04-06 02:14 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-04-06 02:14 . 2012-04-06 02:14 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-04-06 02:14 . 2012-04-06 02:14 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-04-06 02:13 . 2011-11-10 03:06 6800896 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-04-06 02:10 . 2012-04-06 02:10 26181632 ----a-w- c:\windows\system32\atio6axx.dll
2012-04-06 02:00 . 2011-07-28 21:01 64000 ----a-w- c:\windows\system32\coinst.dll
2012-04-06 01:54 . 2009-09-19 02:04 7479296 ----a-w- c:\windows\system32\atidxx64.dll
2012-04-06 01:50 . 2012-04-06 01:50 19753984 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-04-06 01:35 . 2012-04-06 01:35 1120768 ----a-w- c:\windows\system32\atiumd6v.dll
2012-04-06 01:34 . 2012-04-06 01:34 1831424 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2012-04-06 01:34 . 2012-04-06 01:34 4731904 ----a-w- c:\windows\system32\atiumd6a.dll
2012-04-06 01:34 . 2012-04-06 01:34 187392 ----a-w- c:\windows\system32\clinfo.exe
2012-04-06 01:34 . 2012-04-06 01:34 74752 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-04-06 01:34 . 2012-04-06 01:34 64512 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-04-06 01:34 . 2012-02-15 02:34 6203392 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-04-06 01:33 . 2012-04-06 01:33 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-04-06 01:33 . 2012-04-06 01:33 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-04-06 01:33 . 2012-04-06 01:33 16457216 ----a-w- c:\windows\system32\amdocl64.dll
2012-04-06 01:32 . 2012-04-06 01:32 13007872 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-04-06 01:30 . 2012-04-06 01:30 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-04-06 01:30 . 2012-04-06 01:30 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-04-06 01:30 . 2012-04-06 01:30 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-04-06 01:30 . 2012-04-06 01:30 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-04-06 01:29 . 2012-04-06 01:29 16090624 ----a-w- c:\windows\system32\aticaldd64.dll
2012-04-06 01:25 . 2012-04-06 01:25 13764096 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-04-06 01:23 . 2012-04-06 01:23 7431680 ----a-w- c:\windows\system32\atiumd64.dll
2012-04-06 01:22 . 2012-02-15 02:29 4795904 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-04-06 01:11 . 2012-04-06 01:11 514560 ----a-w- c:\windows\system32\atiadlxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 360448 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-04-06 01:11 . 2012-04-06 01:11 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-04-06 01:10 . 2012-04-06 01:10 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-04-06 01:10 . 2012-04-06 01:10 343040 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-04-06 01:09 . 2011-07-28 20:53 54784 ----a-w- c:\windows\system32\atiuxp64.dll
2012-04-06 01:09 . 2011-11-10 02:11 41984 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-04-06 01:09 . 2012-04-06 01:09 44544 ----a-w- c:\windows\system32\atiu9p64.dll
2012-04-06 01:09 . 2012-02-15 02:12 32256 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-04-06 01:09 . 2012-04-06 01:09 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-04-06 01:06 . 2012-04-06 01:06 54784 ----a-w- c:\windows\system32\atimpc64.dll
2012-04-06 01:06 . 2012-04-06 01:06 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\SysWow64\GPhotos.scr
2012-03-12 15:21 . 2011-12-18 15:29 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-09 17:07 . 2012-03-09 17:07 29184 ----a-w- c:\windows\system32\kdbsdk64.dll
2012-03-09 17:06 . 2012-03-09 17:06 24576 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
2012-03-08 21:50 . 2012-03-08 21:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2012-03-08 21:37 . 2012-03-08 21:37 302448 ----a-w- c:\windows\WLXPGSS.SCR
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-08-04 346320]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
R2 avgfws9;AVG Firewall;c:\program files (x86)\AVG\AVG9\avgfws9.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AVGIDSDriverw7a;AVG9IDSDriver;c:\program files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN764\AVGIDSDriver.sys [x]
R3 AVGIDSFilterw7a;AVG9IDSFilter;c:\program files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN764\AVGIDSFilter.sys [x]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\users\Gonzalo\AppData\Local\Temp\EverestDriver.sys [x]
R3 npkycryp;npkycryp;c:\program files (x86)\GxRO\npkycryp.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WatAdminSvc;Servicio de tecnologías de activación de Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 avg9emc;AVG E-mail Scanner;c:\program files (x86)\AVG\AVG9\avgemc.exe [x]
R4 avg9wd;AVG WatchDog;c:\program files (x86)\AVG\AVG9\avgwdsvc.exe [x]
R4 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-08-04 219360]
R4 ES lite Service;ES lite Service for program management.;c:\program files (x86)\Gigabyte\EasySaver\ESSVR.EXE [2009-08-24 68136]
R4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-02 2343816]
R4 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
R4 NLCSAgent;NLCS Agent;c:\windows\SysWOW64\nlcspro\csagtprosvc.exe [x]
S0 AVGIDSErHrw7a;AVG9IDSErHr;c:\windows\System32\Drivers\AVGIDSwa.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-04-06 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-18 8067616]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://topweb9.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Enviar a OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download with &Media Finder - c:\program files (x86)\Media Finder\hook.html
IE: E&xportar a Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
TCP: Interfaces\{9D4D3E30-AC58-447A-A796-7B776B479B00}: NameServer = 200.115.192.29,200.115.192.30
FF - ProfilePath - c:\users\Gonzalo\AppData\Roaming\Mozilla\Firefox\Profiles\nhokb6bx.default\
FF - prefs.js: browser.search.selectedEngine - MyStart Search
FF - prefs.js: browser.startup.homepage - hxxp://Mystart.incredibar.com/mb124
FF - prefs.js: keyword.URL - hxxp://mystart.incredibar.com/mb119/?loc=IB_DS&a=6R8p9vzXys&&i=26&search=
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6R8p9vzXys&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 8451efe90000000000006cf0490c7ba9
FF - user.js: extensions.incredibar_i.instlDay - 15437
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1423:27
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6R8p9vzXys
FF - user.js: extensions.incredibar_i.upn2n - 92824146508152380
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10606
FF - user.js: extensions.incredibar_i.ppd - 85%5F3
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{0974848a-b5bc-49f2-9778-307742b4a55d} - (no file)
WebBrowser-{0974848A-B5BC-49F2-9778-307742B4A55D} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2267350405-1461759959-713937585-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C5949B16-6D9E-C2F1-48C8-930984EC3E70}*]
"maemkkloifdpnfgkhpgfoaakfk"=hex:6a,61,68,6b,64,68,63,6a,6c,6f,6d,6f,6b,6a,64,
67,70,62,68,6d,00,00
"nakcmmpgjejgjbeanmhpfcifmhee"=hex:69,61,6e,6a,61,64,6b,6b,62,61,62,70,62,64,
66,65,61,6c,00,65
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-24 10:10:09 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-24 13:10
.
Pre-Run: 102.640.066.560 bytes libres
Post-Run: 103.033.978.880 bytes libres
.
- - End Of File - - 3B2F76A64DDCDF1408E02667BEC2BE6D
  • 0

#12
Crowbar
Posted 25 May 2012 - 12:14 PM

Crowbar

    Teacher

  • GeekU Moderator
  • 4,798 posts
Hi Aranel,
I see the problem, so let's remove MyStart

Step 1
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Firefox::
FF - ProfilePath - c:\users\Gonzalo\AppData\Roaming\Mozilla\Firefox\Profiles\nhokb6bx.default\
FF - prefs.js: browser.search.selectedEngine - MyStart Search
FF - prefs.js: browser.startup.homepage - hxxp://Mystart.incredibar.com/mb124
FF - prefs.js: keyword.URL - hxxp://mystart.incredibar.com/mb119/?loc=IB_DS&a=6R8p9vzXys&&i=26&search=
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6R8p9vzXys&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 8451efe90000000000006cf0490c7ba9
FF - user.js: extensions.incredibar_i.instlDay - 15437
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1423:27
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6R8p9vzXys
FF - user.js: extensions.incredibar_i.upn2n - 92824146508152380
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10606
FF - user.js: extensions.incredibar_i.ppd - 85%5F3

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Step 2
Download Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

In your next reply I would like to see:
  • ComboFix log
  • checkup.txt

  • 0

#13
Aranel
Posted 25 May 2012 - 03:23 PM

Aranel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
I made the .txt run ComboFix with it.
Then downloaded SecurityCheck, run it and when it says Updating antivirus stopped working and closed.
No SecurityCheck .txt was created.
Start page was mozilla's till a Mystart box appeared, i closed the explorer and when i oppened it again, Mystart was the start page again.


ComboFix 12-05-25.03 - Gonzalo 25/05/2012 17:50:30.4.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.3082.18.4094.2903 [GMT -3:00]
Running from: c:\users\Gonzalo\Desktop\ComboFix.exe
Command switches used :: c:\users\Gonzalo\Desktop\CFScript.txt.txt
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-04-25 to 2012-05-25 )))))))))))))))))))))))))))))))
.
.
2012-05-25 21:08 . 2012-05-25 21:08 -------- d-----w- c:\users\gonza\AppData\Local\temp
2012-05-25 21:08 . 2012-05-25 21:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-24 12:42 . 2012-05-24 12:41 955848 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-05-24 12:42 . 2012-05-24 12:41 839112 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-24 12:41 . 2012-05-24 12:41 -------- d-----w- c:\program files\Java
2012-05-24 12:35 . 2012-05-24 12:35 -------- d-----w- c:\windows\SysWow64\wbem\en-US
2012-05-24 12:35 . 2012-05-24 12:35 -------- d-----w- c:\windows\system32\wbem\en-US
2012-05-24 12:30 . 2012-05-24 12:30 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-05-13 16:20 . 2012-05-13 16:20 -------- d-----w- c:\programdata\ATI
2012-05-13 16:20 . 2012-05-13 16:20 -------- d-----w- c:\program files (x86)\AMD AVT
2012-05-13 16:20 . 2012-05-13 16:20 -------- d-----w- c:\program files (x86)\AMD APP
2012-05-05 07:21 . 2012-05-05 07:21 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-05 07:21 . 2012-05-05 07:21 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-06 05:22 . 2012-04-06 05:22 11174400 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-04-06 02:22 . 2012-04-06 02:22 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-04-06 02:21 . 2011-07-28 21:40 909312 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-04-06 02:20 . 2011-07-28 21:39 1067520 ----a-w- c:\windows\system32\aticfx64.dll
2012-04-06 02:16 . 2012-04-06 02:16 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-04-06 02:16 . 2012-04-06 02:16 503808 ----a-w- c:\windows\system32\atieclxx.exe
2012-04-06 02:16 . 2012-04-06 02:16 236544 ----a-w- c:\windows\system32\atiesrxx.exe
2012-04-06 02:14 . 2012-04-06 02:14 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-04-06 02:14 . 2012-04-06 02:14 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-04-06 02:14 . 2012-04-06 02:14 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-04-06 02:14 . 2012-04-06 02:14 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-04-06 02:13 . 2011-11-10 03:06 6800896 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-04-06 02:10 . 2012-04-06 02:10 26181632 ----a-w- c:\windows\system32\atio6axx.dll
2012-04-06 02:00 . 2011-07-28 21:01 64000 ----a-w- c:\windows\system32\coinst.dll
2012-04-06 01:54 . 2009-09-19 02:04 7479296 ----a-w- c:\windows\system32\atidxx64.dll
2012-04-06 01:50 . 2012-04-06 01:50 19753984 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-04-06 01:35 . 2012-04-06 01:35 1120768 ----a-w- c:\windows\system32\atiumd6v.dll
2012-04-06 01:34 . 2012-04-06 01:34 1831424 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2012-04-06 01:34 . 2012-04-06 01:34 4731904 ----a-w- c:\windows\system32\atiumd6a.dll
2012-04-06 01:34 . 2012-04-06 01:34 187392 ----a-w- c:\windows\system32\clinfo.exe
2012-04-06 01:34 . 2012-04-06 01:34 74752 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-04-06 01:34 . 2012-04-06 01:34 64512 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-04-06 01:34 . 2012-02-15 02:34 6203392 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-04-06 01:33 . 2012-04-06 01:33 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-04-06 01:33 . 2012-04-06 01:33 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-04-06 01:33 . 2012-04-06 01:33 16457216 ----a-w- c:\windows\system32\amdocl64.dll
2012-04-06 01:32 . 2012-04-06 01:32 13007872 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-04-06 01:30 . 2012-04-06 01:30 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-04-06 01:30 . 2012-04-06 01:30 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-04-06 01:30 . 2012-04-06 01:30 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-04-06 01:30 . 2012-04-06 01:30 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-04-06 01:29 . 2012-04-06 01:29 16090624 ----a-w- c:\windows\system32\aticaldd64.dll
2012-04-06 01:25 . 2012-04-06 01:25 13764096 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-04-06 01:23 . 2012-04-06 01:23 7431680 ----a-w- c:\windows\system32\atiumd64.dll
2012-04-06 01:22 . 2012-02-15 02:29 4795904 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-04-06 01:11 . 2012-04-06 01:11 514560 ----a-w- c:\windows\system32\atiadlxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 360448 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-04-06 01:11 . 2012-04-06 01:11 17408 ----a-w- c:\windows\system32\atig6pxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-04-06 01:10 . 2012-04-06 01:10 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-04-06 01:10 . 2012-04-06 01:10 343040 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-04-06 01:09 . 2011-07-28 20:53 54784 ----a-w- c:\windows\system32\atiuxp64.dll
2012-04-06 01:09 . 2011-11-10 02:11 41984 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-04-06 01:09 . 2012-04-06 01:09 44544 ----a-w- c:\windows\system32\atiu9p64.dll
2012-04-06 01:09 . 2012-02-15 02:12 32256 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-04-06 01:09 . 2012-04-06 01:09 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-04-06 01:06 . 2012-04-06 01:06 54784 ----a-w- c:\windows\system32\atimpc64.dll
2012-04-06 01:06 . 2012-04-06 01:06 54784 ----a-w- c:\windows\system32\amdpcom64.dll
2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\SysWow64\GPhotos.scr
2012-03-12 15:21 . 2011-12-18 15:29 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-09 17:07 . 2012-03-09 17:07 29184 ----a-w- c:\windows\system32\kdbsdk64.dll
2012-03-09 17:06 . 2012-03-09 17:06 24576 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
2012-03-08 21:50 . 2012-03-08 21:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2012-03-08 21:37 . 2012-03-08 21:37 302448 ----a-w- c:\windows\WLXPGSS.SCR
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-24_13.05.58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-04-29 07:17 . 2012-05-25 17:00 51938 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-05-25 17:00 34380 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2012-05-24 12:39 34380 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-04-29 07:11 . 2012-05-25 17:00 26740 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2267350405-1461759959-713937585-1001_UserData.bin
- 2010-04-28 21:59 . 2012-05-24 12:40 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-04-28 21:59 . 2012-05-24 13:44 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-04-28 21:59 . 2012-05-24 12:40 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-04-28 21:59 . 2012-05-24 13:44 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-24 12:40 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-24 13:44 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-05-25 20:47 73552 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2010-08-19 04:00 . 2012-05-25 21:08 3608 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2010-08-19 04:00 . 2012-05-22 04:11 3608 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2012-05-24 13:05 . 2012-05-24 13:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-05-25 21:10 . 2012-05-25 21:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-05-25 21:10 . 2012-05-25 21:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-05-24 13:05 . 2012-05-24 13:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:01 . 2012-05-24 13:04 517480 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-05-25 21:08 517480 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-09-16 03:34 . 2012-05-25 21:08 2450736 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2010-09-16 03:34 . 2012-05-24 13:04 2450736 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2009-07-14 02:34 . 2012-05-24 12:51 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2012-05-24 16:53 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2010-06-20 00:59 . 2012-05-25 21:08 35003984 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2267350405-1461759959-713937585-1001-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2009-09-18 380928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-08-04 346320]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
R2 avgfws9;AVG Firewall;c:\program files (x86)\AVG\AVG9\avgfws9.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AVGIDSDriverw7a;AVG9IDSDriver;c:\program files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN764\AVGIDSDriver.sys [x]
R3 AVGIDSFilterw7a;AVG9IDSFilter;c:\program files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN764\AVGIDSFilter.sys [x]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\users\Gonzalo\AppData\Local\Temp\EverestDriver.sys [x]
R3 npkycryp;npkycryp;c:\program files (x86)\GxRO\npkycryp.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WatAdminSvc;Servicio de tecnologías de activación de Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 avg9emc;AVG E-mail Scanner;c:\program files (x86)\AVG\AVG9\avgemc.exe [x]
R4 avg9wd;AVG WatchDog;c:\program files (x86)\AVG\AVG9\avgwdsvc.exe [x]
R4 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-08-04 219360]
R4 ES lite Service;ES lite Service for program management.;c:\program files (x86)\Gigabyte\EasySaver\ESSVR.EXE [2009-08-24 68136]
R4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-02-02 2343816]
R4 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
R4 NLCSAgent;NLCS Agent;c:\windows\SysWOW64\nlcspro\csagtprosvc.exe [x]
S0 AVGIDSErHrw7a;AVG9IDSErHr;c:\windows\System32\Drivers\AVGIDSwa.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-04-06 361984]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-18 8067616]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://topweb9.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Enviar a OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download with &Media Finder - c:\program files (x86)\Media Finder\hook.html
IE: E&xportar a Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
TCP: Interfaces\{9D4D3E30-AC58-447A-A796-7B776B479B00}: NameServer = 200.115.192.29,200.115.192.30
FF - ProfilePath - c:\users\Gonzalo\AppData\Roaming\Mozilla\Firefox\Profiles\nhokb6bx.default\
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2267350405-1461759959-713937585-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{C5949B16-6D9E-C2F1-48C8-930984EC3E70}*]
"maemkkloifdpnfgkhpgfoaakfk"=hex:6a,61,68,6b,64,68,63,6a,6c,6f,6d,6f,6b,6a,64,
67,70,62,68,6d,00,00
"nakcmmpgjejgjbeanmhpfcifmhee"=hex:69,61,6e,6a,61,64,6b,6b,62,61,62,70,62,64,
66,65,61,6c,00,65
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-25 18:13:19 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-25 21:13
.
Pre-Run: 102.788.857.856 bytes libres
Post-Run: 102.545.494.016 bytes libres
.
- - End Of File - - C9233C81D9A3A267059B3B0A2ACC70A4
  • 0

#14
Crowbar
Posted 27 May 2012 - 05:33 AM

Crowbar

    Teacher

  • GeekU Moderator
  • 4,798 posts
Hi again Aranel,
Stubborn problem here, I think we need to go back to OTL. Please make sure you delete the copy you have on your desktop now and download a fresh copy from the link I am providing.

Step 1
Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

In your next reply I would like to see:
  • Fresh OTL log - You won't see a new Extras.txt generated, so you don't have to post that.

  • 0

#15
Aranel
Posted 27 May 2012 - 11:05 AM

Aranel

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Okay, here you havethe OTL.txt made by OTL.


OTL logfile created on: 27/05/2012 13:59:20 - Run 1
OTL by OldTimer - Version 3.2.43.2 Folder = C:\Users\Gonzalo\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c0a | Country: España | Language: ESN | Date Format: dd/MM/yyyy

4,00 Gb Total Physical Memory | 2,86 Gb Available Physical Memory | 71,43% Memory free
8,00 Gb Paging File | 6,56 Gb Available in Paging File | 82,07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,76 Gb Total Space | 93,79 Gb Free Space | 20,14% Space Free | Partition Type: NTFS

Computer Name: GONZALO-AMD | User Name: Gonzalo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/05/27 13:53:03 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Gonzalo\Desktop\OTL.exe
PRC - [2009/09/18 16:24:04 | 000,380,928 | ---- | M] (AMD) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
PRC - [2009/08/04 12:29:52 | 000,346,320 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe


========== Modules (No Company Name) ==========

MOD - [2009/09/18 16:23:24 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraEsp.dll
MOD - [2009/07/30 13:15:32 | 000,503,202 | ---- | M] () -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/04/05 23:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/04/05 21:57:34 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/06/17 10:30:54 | 000,094,480 | ---- | M] (SANDBOXIE L.T.D) [Disabled | Stopped] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV:64bit: - [2009/07/13 22:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 22:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/02/02 13:22:40 | 002,343,816 | ---- | M] (LogMeIn Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Disabled | Stopped] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) @C:\Program Files (x86)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/08/24 09:38:06 | 000,068,136 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE -- (ES lite Service)
SRV - [2009/08/04 12:29:54 | 000,219,360 | ---- | M] (DeviceVM, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009/07/13 22:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2009/07/13 22:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2009/07/13 22:14:53 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2009/06/10 18:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/27 15:26:42 | 000,398,336 | ---- | M] (Ares Development Group) [Disabled | Stopped] -- C:\Program Files (x86)\Ares\chatServer.exe -- (AresChatServer)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/06 02:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012/04/06 02:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/04/05 22:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/03/05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys -- (AODDriver4.1)
DRV:64bit: - [2012/03/05 16:04:30 | 000,053,888 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys -- (AODDriver4.01)
DRV:64bit: - [2012/02/23 09:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/06/17 10:30:50 | 000,154,752 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Stopped] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV:64bit: - [2011/02/05 23:53:06 | 000,513,080 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/06/22 10:07:39 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AVGIDSwa.sys -- (AVGIDSErHrw7a)
DRV:64bit: - [2010/06/01 09:59:24 | 000,029,976 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:64bit: - [2010/02/18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/08/23 11:02:30 | 000,120,336 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/07/30 08:58:42 | 000,236,544 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/07/17 15:52:00 | 000,201,472 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/07/13 22:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 22:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 22:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 22:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 22:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 22:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/13 22:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 17:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 17:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 17:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 17:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2012/02/08 12:47:22 | 000,025,640 | ---- | M] (Windows ® Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2009/07/13 22:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007/11/07 11:42:28 | 000,104,912 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys -- (ISODrive)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://topweb9.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?...=EIE9HP&PC=UP50
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = es
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8B 56 A4 D1 67 E7 CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {62A21E3F-38F5-481f-9526-30F106CC1BE4}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://start.facemoo...earchTerms}&f=4
IE - HKCU\..\SearchScopes\{62A21E3F-38F5-481f-9526-30F106CC1BE4}: "URL" = http://es.search.yah...icevm&type=IEBD
IE - HKCU\..\SearchScopes\{78F28CD7-766E-4ed5-AE79-3F989FBC0559}: "URL" = http://www.google.co...q={searchTerms}
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-se...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.startup.homepage: "http://Mystart.incre...ibar.com/mb124"
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.3
FF - prefs.js..extensions.enabledItems: {a3a5c777-f583-4fef-9380-ab4add1bc2a8}:2.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/05/05 04:21:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/12/16 16:52:36 | 000,000,000 | ---D | M]

[2010/11/11 14:01:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gonzalo\AppData\Roaming\mozilla\Extensions
[2012/05/18 22:15:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Gonzalo\AppData\Roaming\mozilla\Firefox\Profiles\nhokb6bx.default\extensions
[2011/12/17 20:32:18 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Gonzalo\AppData\Roaming\mozilla\Firefox\Profiles\nhokb6bx.default\extensions\[email protected]
[2012/04/06 23:27:25 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Users\Gonzalo\AppData\Roaming\mozilla\Firefox\Profiles\nhokb6bx.default\extensions\[email protected]
[2012/01/20 12:50:38 | 000,000,000 | ---D | M] (Super Start) -- C:\Users\Gonzalo\AppData\Roaming\mozilla\Firefox\Profiles\nhokb6bx.default\extensions\[email protected]
[2011/02/05 23:53:09 | 000,002,059 | ---- | M] () -- C:\Users\Gonzalo\AppData\Roaming\Mozilla\Firefox\Profiles\nhokb6bx.default\searchplugins\daemon-search.xml
[2012/04/06 23:27:17 | 000,002,203 | ---- | M] () -- C:\Users\Gonzalo\AppData\Roaming\Mozilla\Firefox\Profiles\nhokb6bx.default\searchplugins\MyStart Search.xml
[2011/12/16 16:52:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012/04/06 21:57:04 | 000,013,666 | ---- | M] () (No name found) -- C:\USERS\GONZALO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NHOKB6BX.DEFAULT\EXTENSIONS\{A3A5C777-F583-4FEF-9380-AB4ADD1BC2A8}.XPI
[2012/05/18 22:15:04 | 000,697,058 | ---- | M] () (No name found) -- C:\USERS\GONZALO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NHOKB6BX.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI
[2012/05/05 04:21:21 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/11 00:14:29 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/11 00:14:29 | 000,003,996 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\drae.xml
[2012/02/11 00:14:29 | 000,001,143 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-es.xml
[2011/12/15 12:42:42 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
[2012/02/11 00:14:29 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml
[2012/02/11 00:14:29 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-es.xml
[2012/02/11 00:14:29 | 000,001,102 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-es.xml

O1 HOSTS File: ([2012/05/25 18:10:17 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: &Enviar a OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found
O8:64bit: - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: &Enviar a OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9D4D3E30-AC58-447A-A796-7B776B479B00}: NameServer = 200.115.192.29,200.115.192.30
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/12/08 01:22:45 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/05/27 13:52:55 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Gonzalo\Desktop\OTL.exe
[2012/05/26 15:54:45 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{40471539-48F5-4D8F-97CF-B7A5EE27491A}
[2012/05/26 15:54:17 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{F522A694-82BB-4B87-9459-CFD2B27DC709}
[2012/05/25 18:13:21 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/05/25 14:02:31 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{3F1375FE-CA26-4A7A-8AEF-9AC5B9B7319E}
[2012/05/25 14:02:15 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{95CDA446-67BE-414E-9587-485A799EE33A}
[2012/05/24 09:44:33 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/05/24 09:44:33 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/05/24 09:44:33 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/05/24 09:44:28 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/24 09:41:50 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/05/24 09:30:05 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\AVG
[2012/05/24 00:06:02 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{68460B94-B6AD-4C37-9B30-0783A541ACD2}
[2012/05/24 00:05:49 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{F600BCC0-A993-4C43-A80C-91417A32E891}
[2012/05/22 23:22:17 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{93D032CA-4132-4DCF-8300-A6C96EF4F8FE}
[2012/05/22 23:22:04 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{34D22459-BD57-4B3B-823A-78642A6678A1}
[2012/05/21 19:28:55 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{CA76DE75-1C34-473D-B63E-2EE20BF705AC}
[2012/05/21 19:28:37 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{18F48607-9101-42DC-8DB8-150945BB76ED}
[2012/05/20 16:03:07 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{4832370F-C69C-4025-9226-DE8C452A38AD}
[2012/05/20 16:02:54 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{E407DC43-80FE-4C0B-8C63-2B2ABC5BF60A}
[2012/05/19 20:22:30 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{77353729-0723-4373-A46D-199197E7DBFA}
[2012/05/19 20:22:12 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{4E049D48-76E3-4E17-83F7-2BEF0B8D4E2A}
[2012/05/18 21:51:36 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{E95FB76C-3CA5-4B71-A05E-0BC303DD916F}
[2012/05/18 21:51:13 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{66CF7FBA-27F0-4AC9-BA2E-CFBEBF4FBD9C}
[2012/05/18 09:50:45 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{F69EDC45-8297-4323-8F1A-0A2FBC00A0CA}
[2012/05/18 09:50:28 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{8C90D4AA-AA0F-4626-A28C-EBABF19ADD52}
[2012/05/17 16:01:16 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{BC06832F-A64F-4B9B-92B1-5EEEA0A73E95}
[2012/05/17 16:01:01 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{73B40C8A-1073-4595-A9C3-B761313C1E3A}
[2012/05/16 17:14:44 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{28198C12-8AEF-428E-AB9B-EDFE9429A7F0}
[2012/05/16 17:14:29 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{9B744A81-6374-40FE-A743-E2C77778E9D1}
[2012/05/15 22:08:33 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{0567D3E5-3BFB-4EE0-AF26-FF248F55E1A4}
[2012/05/15 22:08:20 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{33C1D890-397D-46B7-9CE9-601F1FF40FA4}
[2012/05/15 10:06:44 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{2161C7DC-6FDC-4FCB-BE48-2EC8B3E0478A}
[2012/05/15 10:06:07 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{668C0231-4024-4E89-BAC3-82CAEE29B3F5}
[2012/05/14 13:06:37 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{5A594F08-8D04-4C12-A3CA-CE42A476CCC4}
[2012/05/14 13:06:13 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{469A6063-7BDA-4E3B-84B6-1EEEF6A1E310}
[2012/05/14 01:05:47 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{39CC0F8F-6B74-4B18-A0EB-3F5D5DF5950D}
[2012/05/13 13:20:23 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012/05/13 13:20:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2012/05/13 13:20:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012/05/13 13:20:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2012/05/13 13:05:10 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{55C2EA97-777B-4098-BAFC-0335622850DD}
[2012/05/13 13:04:47 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{55D0DFCB-79EC-40C7-B36A-E43867CA6AE2}
[2012/05/12 18:11:22 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{D1D510AD-FC55-41AE-B43A-34F289EA7BEF}
[2012/05/12 18:10:22 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{DFA3E18A-36ED-496B-BEE9-100BE78E9DA9}
[2012/05/12 04:29:50 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{C2AE99CB-9052-4A60-A9D9-E9D289DC60C1}
[2012/05/11 16:29:25 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{3B0E208F-5D31-4AD7-893C-A3CDA1145951}
[2012/05/11 16:29:03 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{F870DA9A-CE4D-4823-AE19-791D3B7CE96B}
[2012/05/11 04:28:33 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{1BDFFDB1-9289-4BCC-B753-9298C790C68C}
[2012/05/11 04:28:14 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{90EED6A3-CFFC-4674-B36E-835BE593C0F9}
[2012/05/09 15:32:45 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{256F7DA9-03CE-4336-907C-B2B491FCCEF6}
[2012/05/09 15:32:32 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{4C388D5C-B010-41B8-8D54-618D7841E7B5}
[2012/05/09 00:50:25 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{6794A934-CAE4-45A5-9FCE-095DE7B73C08}
[2012/05/08 15:15:35 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\Desktop\Diagramas
[2012/05/08 12:49:22 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{9720CD11-4B12-4D7D-B0B3-A4718F038782}
[2012/05/08 12:48:59 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{C37AE853-B554-48C9-A5D4-D0516507F53A}
[2012/05/08 00:48:07 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{DD296E06-9225-402A-ACE5-9EDFA70F0938}
[2012/05/08 00:47:44 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{B07BB328-8A24-4703-B65D-94DF7F2F1EB7}
[2012/05/07 12:47:01 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{2FF43B4B-9001-4865-8A8A-D727939C39AB}
[2012/05/07 12:46:08 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{B928387D-AB9C-4F4D-B8B8-466D7FA04907}
[2012/05/06 16:20:55 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{ED7AEF2B-8BD3-4A16-9193-23DBD4272AD5}
[2012/05/06 16:20:41 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{AABEE1CC-E17D-4E78-AFCD-57351DA89F4B}
[2012/05/05 12:50:48 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{6DD778DE-C804-4A56-B21D-7BFD3F1DE330}
[2012/05/05 12:50:25 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{CB8A03FA-42F3-4DC9-B6A2-CC962D88E205}
[2012/05/05 04:21:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/05/02 13:36:36 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{6E532465-64AA-4D03-9340-14FE8F7376C0}
[2012/05/02 13:36:13 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{B128A7C4-9739-415D-A558-7168141ED201}
[2012/05/02 01:35:46 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{E4088F82-0272-4C26-A674-92326CD2CD6E}
[2012/05/01 13:35:09 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{F5266D9F-A38E-4D0C-BDD0-45CEC7573DEA}
[2012/05/01 13:34:46 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{F744F225-79E9-4267-A590-A10D8A601B16}
[2012/05/01 01:34:20 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{31FE5C18-64EB-4BF0-826A-68A9F648B8AF}
[2012/05/01 01:33:58 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{0DF2974D-843A-4E2D-B7DB-1153163FC1AA}
[2012/04/30 13:33:44 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{D6024324-308F-4537-A945-29D53F16B606}
[2012/04/30 13:33:31 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{D7993BEA-F9D6-4BD3-B9FE-A3735DC99404}
[2012/04/30 00:41:15 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{E7309E2E-2A52-4617-997D-EA0D293B4A53}
[2012/04/30 00:40:53 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{396CBB30-0AC8-4586-B813-D1B750A4FAA9}
[2012/04/29 12:40:26 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{DEC641C0-1100-40AA-8311-AFDEF91A7B01}
[2012/04/29 12:40:04 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{97B20CFC-5EDF-4494-8DAD-A7184F719261}
[2012/04/29 00:39:37 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{E74EC652-80EA-4733-8E37-1AE591F3A399}
[2012/04/28 12:38:59 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{27B86FB6-0DDC-4F9E-971E-98776DA4633A}
[2012/04/28 12:38:36 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{DE9A6738-D791-497C-91B8-A38168C3DF42}
[2012/04/28 00:38:09 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{7B559DB6-0FCE-4CC7-AC71-0D71B702A0E2}
[2012/04/28 00:37:17 | 000,000,000 | ---D | C] -- C:\Users\Gonzalo\AppData\Local\{AEE7D706-F024-4241-98C9-8CA81E1182AD}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/05/27 13:53:03 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Gonzalo\Desktop\OTL.exe
[2012/05/27 13:21:17 | 000,018,384 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/05/27 13:21:17 | 000,018,384 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/05/27 13:14:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/05/27 13:13:30 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2012/05/25 18:10:17 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/05/24 09:30:05 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\drivers\AVG\iavifw.avm
[2012/05/24 09:26:46 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/05/24 09:26:46 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012/05/16 00:24:00 | 000,000,116 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2012/05/14 19:11:49 | 000,000,020 | ---- | M] () -- C:\Windows\lö¿
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/05/24 09:44:33 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/05/24 09:44:33 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/05/24 09:44:33 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/05/24 09:44:33 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/05/24 09:44:33 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/05/24 09:30:05 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\drivers\AVG\iavifw.avm
[2012/05/24 09:26:46 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/05/24 09:26:46 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012/05/14 19:11:48 | 000,000,020 | ---- | C] () -- C:\Windows\lö¿
[2012/03/09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/03/06 14:50:16 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2012/03/06 14:50:15 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2012/02/14 23:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/02/14 23:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/02/10 01:18:02 | 000,001,456 | ---- | C] () -- C:\Users\Gonzalo\AppData\Local\Adobe Guardar para Web 12.0 Prefs
[2012/01/25 21:01:59 | 000,000,132 | ---- | C] () -- C:\Users\Gonzalo\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2012/01/15 01:34:14 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012/01/15 01:34:14 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012/01/15 01:34:14 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll
[2012/01/15 01:34:14 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/01/15 01:34:13 | 000,079,360 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/11/08 15:27:26 | 001,853,736 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/10/31 11:02:28 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\bcevent.dll
[2011/10/25 23:31:57 | 000,055,808 | ---- | C] () -- C:\Windows\SysWow64\zlib1.dll
[2011/10/25 21:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011/09/12 19:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/09/12 11:12:53 | 000,000,116 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011/09/10 19:10:50 | 000,002,316 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2011/03/19 18:21:27 | 000,164,510 | ---- | C] () -- C:\Windows\Video Slice Uninstaller.exe
[2011/01/21 17:27:56 | 000,003,584 | ---- | C] () -- C:\Users\Gonzalo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/01 18:40:05 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2010/10/14 01:36:44 | 000,179,263 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010/09/23 13:59:42 | 000,000,849 | ---- | C] () -- C:\Windows\ARPR.INI
[2010/09/06 20:27:22 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2010/08/22 00:45:44 | 000,007,602 | ---- | C] () -- C:\Users\Gonzalo\AppData\Local\Resmon.ResmonCfg

========== LOP Check ==========

[2012/02/04 16:52:33 | 000,000,000 | ---D | M] -- C:\Users\Gonzalo\AppData\Roaming\AVG2012
[2010/07/11 15:23:59 | 000,000,000 | ---D | M] -- C:\Users\Gonzalo\AppData\Roaming\AVG9
[2012/04/15 12:58:00 | 000,000,000 | ---D | M] -- C:\Users\Gonzalo\AppData\Roaming\DAEMON Tools Lite
[2011/12/30 18:52:17 | 000,000,000 | ---D | M] -- C:\Users\Gonzalo\AppData\Roaming\Dev-Cpp
[2012/04/24 00:48:33 | 000,000,000 | ---D | M] -- C:\Users\Gonzalo\AppData\Roaming\FileZilla
[2011/10/24 23:40:19 | 000,000,000 | ---D | M] -- C:\Users\Gonzalo\AppData\Roaming\fltk.org
[2011/06/07 11:31:42 | 000,000,000 | ---D | M] -- C:\Users\Gonzalo\AppData\Roaming\GetRightToGo
[2011/05/15 01:33:07 | 000,000,000 | ---D | M] -- C:\Users\Gonzalo\AppData\Roaming\Helios
[2010/07/27 20:03:29 | 000,000,000 | ---D | M] -- C:\Users\Gonzalo\AppData\Roaming\JGsoft
[2012/02/04 12:09:33 | 000,000,000 | ---D | M] -- C:\Users\Gonzalo\AppData\Roaming\Lineage Utils - Beta
[2012/04/18 09:36:15 | 000,000,000 | ---D | M] -- C:\Users\Gonzalo\AppData\Roaming\Macro Recorder
[2012/05/14 19:10:19 | 000,000,000 | ---D | M] -- C:\Users\Gonzalo\AppData\Roaming\Media Finder
[2011/02/22 16:13:00 | 000,000,000 | ---D | M] -- C:\Users\Gonzalo\AppData\Roaming\OnReally
[2011/08/30 12:52:48 | 000,000,000 | ---D | M] -- C:\Users\Gonzalo\AppData\Roaming\OpenOffice.org
[2011/12/25 21:21:45 | 000,000,000 | ---D | M] -- C:\Users\Gonzalo\AppData\Roaming\Opera
[2012/04/06 23:25:12 | 000,000,000 | ---D | M] -- C:\Users\Gonzalo\AppData\Roaming\player
[2011/03/19 18:21:26 | 000,000,000 | ---D | M] -- C:\Users\Gonzalo\AppData\Roaming\River Past G5
[2011/06/19 13:43:17 | 000,000,000 | ---D | M] -- C:\Users\Gonzalo\AppData\Roaming\Runiter
[2012/04/25 11:36:12 | 000,000,000 | ---D | M] -- C:\Users\Gonzalo\AppData\Roaming\TS3Client
[2011/01/01 23:37:03 | 000,000,000 | ---D | M] -- C:\Users\Gonzalo\AppData\Roaming\Uniblue
[2012/05/26 00:57:58 | 000,000,000 | ---D | M] -- C:\Users\Gonzalo\AppData\Roaming\uTorrent
[2012/04/03 22:08:59 | 000,032,532 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2011/06/28 21:40:28 | 000,000,036 | ---- | M] ()(C:\Windows\SysWow64\?­) -- C:\Windows\SysWow64\绠­
[2011/06/28 21:40:28 | 000,000,036 | ---- | C] ()(C:\Windows\SysWow64\?­) -- C:\Windows\SysWow64\绠­
[2011/06/18 20:27:12 | 000,000,036 | ---- | M] ()(C:\Windows\SysWow64\?L) -- C:\Windows\SysWow64\泐Ľ
[2011/06/18 20:27:12 | 000,000,036 | ---- | C] ()(C:\Windows\SysWow64\?L) -- C:\Windows\SysWow64\泐Ľ
[2011/04/28 23:39:14 | 000,000,036 | ---- | M] ()(C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\였ĸ
[2011/04/28 23:39:14 | 000,000,036 | ---- | C] ()(C:\Windows\SysWow64\??) -- C:\Windows\SysWow64\였ĸ

========== Alternate Data Streams ==========

@Alternate Data Stream - 518 bytes -> C:\ProgramData\TEMP:05EE1EEF

< End of report >
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP