Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Compuer Slow/ Won't shut down Security firewall cannot be started


  • This topic is locked This topic is locked

#1
ubaldo714

ubaldo714

    New Member

  • Member
  • Pip
  • 7 posts
Good Afternoon,

I've been having issues with my computer it has been super slow for the past few days, My computer freezes while shutting down and My chrome Browser freezes as well.

My Windows Security Center Service and firewall cannot be started. I tried Running Malware bytes and Avira but no luck.

Thank you!

OTL logfile created on: 8/22/2013 1:08:35 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\UBALDO\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.50 Gb Total Physical Memory | 2.10 Gb Available Physical Memory | 60.00% Memory free
6.99 Gb Paging File | 5.00 Gb Available in Paging File | 71.47% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 911.88 Gb Total Space | 845.99 Gb Free Space | 92.77% Space Free | Partition Type: NTFS
Drive D: | 43.95 Gb Total Space | 16.62 Gb Free Space | 37.81% Space Free | Partition Type: NTFS
Drive E: | 68.36 Gb Total Space | 0.02 Gb Free Space | 0.03% Space Free | Partition Type: NTFS
Drive G: | 36.74 Gb Total Space | 23.69 Gb Free Space | 64.48% Space Free | Partition Type: NTFS

Computer Name: UBALDO-PC | User Name: UBALDO | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/22 13:08:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\UBALDO\Desktop\OTL.exe
PRC - [2012/11/01 03:31:42 | 000,369,152 | ---- | M] (Alcatel-Lucent) -- C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
PRC - [2012/08/08 14:24:13 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/06/20 13:18:08 | 001,568,976 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2012/05/08 18:47:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012/05/08 18:47:27 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2012/05/08 18:47:27 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/10/12 03:22:02 | 000,218,408 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
PRC - [2011/10/12 03:22:01 | 000,321,832 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
PRC - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/08/31 03:35:01 | 000,185,640 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
PRC - [2011/08/10 20:58:26 | 000,627,304 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
PRC - [2011/05/29 19:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2011/04/22 09:44:14 | 000,244,624 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2011/04/02 14:34:42 | 000,340,848 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
PRC - [2011/03/28 19:48:54 | 000,202,608 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
PRC - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2010/03/06 04:04:24 | 000,310,224 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2007/06/05 14:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\SysWOW64\PSIService.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/12 03:22:01 | 000,321,832 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
MOD - [2011/10/12 03:22:00 | 000,370,984 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
MOD - [2011/08/10 20:58:26 | 000,627,304 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
MOD - [2011/08/10 20:57:22 | 000,151,656 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/11/01 04:45:20 | 000,460,288 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files\Common Files\Motive\pcCMService.exe -- (pcCMService64)
SRV:64bit: - [2011/05/24 08:03:40 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/04/22 09:44:14 | 000,244,624 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2013/08/20 11:49:30 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/04/04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013/03/26 10:12:56 | 000,319,488 | ---- | M] (Alcatel-Lucent) [Auto | Stopped] -- C:\Program Files (x86)\ATT\8.2.1.6\ma\bin\MAHostService.exe -- (ATT MAHostService)
SRV - [2012/11/01 03:31:42 | 000,369,152 | ---- | M] (Alcatel-Lucent) [Auto | Running] -- C:\Program Files (x86)\Common Files\Motive\pcCMService.exe -- (pcCMService)
SRV - [2012/05/13 13:30:40 | 000,018,432 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- c:\wamp\bin\apache\apache2.2.22\bin\httpd.exe -- (wampapache)
SRV - [2012/05/08 18:47:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/08 18:47:27 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012/05/08 18:47:27 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/04/19 16:02:32 | 008,177,664 | ---- | M] () [On_Demand | Stopped] -- c:\wamp\bin\mysql\mysql5.5.24\bin\mysqld.exe -- (wampmysqld)
SRV - [2011/10/01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011/10/01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011/05/29 19:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2011/04/02 14:09:38 | 000,173,424 | ---- | M] (Egis Technology Inc. ) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)
SRV - [2010/10/12 10:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/05/04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/06/05 14:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PSIService.exe -- (ProtexisLicensing)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/04/04 13:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013/02/11 21:12:06 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2013/02/06 07:42:10 | 000,203,544 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2013/02/06 07:42:08 | 000,102,936 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012/09/28 09:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/05/08 18:47:29 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012/05/08 18:47:29 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011/10/01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011/10/01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011/10/01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011/09/16 00:55:03 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011/08/02 20:35:49 | 000,062,776 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2011/08/02 20:35:49 | 000,022,648 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2011/08/02 20:35:49 | 000,020,520 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2011/06/06 03:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/05/24 09:26:58 | 009,359,872 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/05/24 07:25:44 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/05/16 07:55:28 | 000,533,096 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/05/13 03:21:02 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2011/03/10 23:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/10 23:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/11 02:16:00 | 000,037,504 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2010/11/11 02:15:58 | 000,077,952 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2010/06/16 14:15:36 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie)
DRV:64bit: - [2010/02/03 22:17:54 | 000,122,624 | R--- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\smhwser.sys -- (smhwser)
DRV:64bit: - [2010/02/02 13:05:26 | 000,043,008 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50a64.sys -- (MREMP50a64)
DRV:64bit: - [2010/02/02 13:05:26 | 000,040,960 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50a64.sys -- (MRESP50a64)
DRV:64bit: - [2010/01/13 00:04:54 | 000,114,432 | R--- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\smhwdev.sys -- (smhwdev)
DRV:64bit: - [2009/12/23 09:00:39 | 000,031,744 | R--- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\smhwadb.sys -- (androidusb)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 17:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2010/02/02 13:09:42 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/02/02 13:09:42 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...rc=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://google.com/http://etsy.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo....intl=us&.src=ym
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files (x86)\ATT\8.2.1.6\ma\bin\npMotive.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@Motive.com/npMotiveRequest,version=1.0: C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll (Alcatel-Lucent)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()



O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl-esd.su...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0BB814A6-638F-4A36-86BC-45D0E5717B6B}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E3D65A4D-AB1B-421C-9C5F-DB0AE9741439}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1fb66e9a-1808-11e1-85cf-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{1fb66e9a-1808-11e1-85cf-806e6f6e6963}\Shell\AutoRun\command - "" = "D:\Windows Utilities\Installer64\Install.exe"
O33 - MountPoints2\{2a70f8b6-fd8c-11e1-a2ba-c89cdc6f8efe}\Shell - "" = AutoRun
O33 - MountPoints2\{2a70f8b6-fd8c-11e1-a2ba-c89cdc6f8efe}\Shell\AutoRun\command - "" = H:\PcOptions.exe
O33 - MountPoints2\{2a70f8c5-fd8c-11e1-a2ba-c89cdc6f8efe}\Shell - "" = AutoRun
O33 - MountPoints2\{2a70f8c5-fd8c-11e1-a2ba-c89cdc6f8efe}\Shell\AutoRun\command - "" = H:\PcOptions.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/08/22 13:08:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\UBALDO\Desktop\OTL.exe
[2013/08/21 09:11:14 | 000,000,000 | ---D | C] -- C:\Users\UBALDO\Desktop\PLANES NAME
[2013/08/15 03:16:27 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/08/15 03:16:27 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/08/15 03:16:25 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/08/15 03:16:25 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/08/15 03:16:25 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/08/15 03:16:25 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/08/15 03:16:25 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/08/15 03:16:25 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/08/15 03:16:25 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/08/15 03:16:25 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/08/15 03:16:25 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/08/15 03:16:22 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/08/15 03:16:21 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/08/15 03:16:21 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/08/15 03:16:20 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/08/14 05:30:35 | 001,472,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013/08/14 05:30:34 | 000,224,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2013/08/14 05:30:32 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013/08/14 05:30:15 | 001,888,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2013/08/14 05:30:14 | 001,620,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2013/08/14 05:30:14 | 001,217,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
[2013/08/14 05:30:13 | 003,913,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/08/14 05:30:12 | 003,968,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/08/14 05:30:11 | 005,550,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/08/14 05:30:11 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2013/08/14 05:30:11 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/08/14 05:30:10 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/08/14 05:30:10 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/08/14 05:30:10 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/08/14 05:30:10 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/08/14 05:30:10 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2011/02/02 14:02:22 | 052,743,152 | -HS- | C] (Alien Skin Software, LLC) -- C:\Users\UBALDO\AppData\Roaming\setup.exe
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/08/22 13:08:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\UBALDO\Desktop\OTL.exe
[2013/08/22 12:48:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/08/22 09:18:45 | 000,869,418 | ---- | M] () -- C:\Users\UBALDO\Desktop\CHUCKECHEESETOPPERS.jpg
[2013/08/22 08:31:42 | 000,065,306 | ---- | M] () -- C:\Users\UBALDO\Desktop\chuck_e_cheese_birthday_invitations_all_colors_click_for_additional_6cfd60e8.jpg
[2013/08/22 08:29:58 | 000,203,108 | ---- | M] () -- C:\Users\UBALDO\Desktop\il_fullxfull_337483218.jpg
[2013/08/22 07:35:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/21 19:31:55 | 000,039,287 | ---- | M] () -- C:\Users\UBALDO\Desktop\il_570xN_489944018_4jhw.jpg
[2013/08/21 15:59:22 | 000,501,097 | ---- | M] () -- C:\Users\UBALDO\Desktop\DESPICABLEMEWATERWRAPPERS1-3.jpg
[2013/08/21 15:46:45 | 000,184,913 | ---- | M] () -- C:\Users\UBALDO\Desktop\DESPICABLEMEWATERWRAPPERDESIGN04.jpg
[2013/08/21 15:46:34 | 000,173,316 | ---- | M] () -- C:\Users\UBALDO\Desktop\DESPICABLEMEWATERWRAPPERDESIGN05.jpg
[2013/08/21 15:05:04 | 000,834,661 | ---- | M] () -- C:\Users\UBALDO\Desktop\DESPICABLEMEWATERWRAPPERDESIGN03.jpg
[2013/08/21 11:47:12 | 000,425,488 | ---- | M] () -- C:\Users\UBALDO\Desktop\tumblr_ml7virBdrD1qexvcfo5_1280.jpg
[2013/08/21 11:46:03 | 000,393,549 | ---- | M] () -- C:\Users\UBALDO\Desktop\tumblr_ml7virBdrD1qexvcfo3_1280.jpg
[2013/08/21 11:46:00 | 000,327,489 | ---- | M] () -- C:\Users\UBALDO\Desktop\tumblr_ml7virBdrD1qexvcfo4_1280.jpg
[2013/08/21 11:45:25 | 000,474,943 | ---- | M] () -- C:\Users\UBALDO\Desktop\tumblr_ml7virBdrD1qexvcfo2_1280.jpg
[2013/08/21 11:15:44 | 000,016,985 | ---- | M] () -- C:\Users\UBALDO\Desktop\il_340x270_459269489_a8gx.jpg
[2013/08/21 08:55:16 | 000,002,828 | -HS- | M] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2013/08/21 07:47:23 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/21 07:47:23 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/21 07:37:53 | 2814,849,024 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/20 22:13:34 | 000,478,030 | ---- | M] () -- C:\Users\UBALDO\Desktop\DESPICABLEHERSHEYWRAPPERS04-06.jpg
[2013/08/20 22:07:42 | 000,420,151 | ---- | M] () -- C:\Users\UBALDO\Desktop\DESPICABLEMEHERSHEYWRAPPERDESIGN03.jpg
[2013/08/20 22:07:29 | 000,412,518 | ---- | M] () -- C:\Users\UBALDO\Desktop\DESPICABLEMEHERSHEYWRAPPERDESIGN04.jpg
[2013/08/20 15:27:32 | 000,642,733 | ---- | M] () -- C:\Users\UBALDO\Desktop\DESPICABLEMEDESING01-02.jpg
[2013/08/20 15:25:34 | 000,285,846 | ---- | M] () -- C:\Users\UBALDO\Desktop\DESPICABLEMEDESIGN03.jpg
[2013/08/20 15:24:08 | 006,681,315 | ---- | M] () -- C:\Users\UBALDO\Desktop\DESPICABLEMEDESIGN03.pspimage
[2013/08/20 15:14:53 | 001,059,028 | ---- | M] () -- C:\Users\UBALDO\Desktop\DESPICABLEME2LOGO2.pspimage
[2013/08/20 15:14:11 | 001,063,691 | ---- | M] () -- C:\Users\UBALDO\Desktop\DESPICABLEMEHERSHEYWRAPPERDESIGN05.jpg
[2013/08/20 12:11:11 | 001,282,959 | ---- | M] () -- C:\Users\UBALDO\Desktop\minions-file.jpg
[2013/08/20 12:07:19 | 001,955,905 | ---- | M] () -- C:\Users\UBALDO\Desktop\Despicable-Me-2-Movie.jpg
[2013/08/20 11:49:29 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/08/20 11:49:29 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/08/20 11:36:09 | 005,368,235 | ---- | M] () -- C:\Users\UBALDO\Desktop\Despicable Me 2 (2013).jpg
[2013/08/20 10:45:58 | 000,155,447 | ---- | M] () -- C:\Users\UBALDO\Desktop\americangirls.jpg
[2013/08/19 15:25:48 | 001,054,483 | ---- | M] () -- C:\Users\UBALDO\Desktop\Despicable-Me-2-Minions.jpg
[2013/08/19 14:16:51 | 000,411,965 | ---- | M] () -- C:\Users\UBALDO\Desktop\despicable_me_minion_goggles_wallpaper-1600x1200.jpg
[2013/08/19 14:03:21 | 000,261,557 | ---- | M] () -- C:\Users\UBALDO\Desktop\MINIONGOGGLES003.png
[2013/08/19 13:50:55 | 000,025,773 | ---- | M] () -- C:\Users\UBALDO\Desktop\MINIONGOGGLES3.png
[2013/08/19 13:46:45 | 000,027,355 | ---- | M] () -- C:\Users\UBALDO\Desktop\MINIONGOGGLES2.png
[2013/08/19 13:05:12 | 000,032,189 | ---- | M] () -- C:\Users\UBALDO\Desktop\GOGLES.png
[2013/08/19 12:52:21 | 000,221,782 | ---- | M] () -- C:\Users\UBALDO\Desktop\MINIONGOGGLES.ai
[2013/08/19 11:35:38 | 000,383,947 | ---- | M] () -- C:\Users\UBALDO\Desktop\Jean_texture_by_Babybird_Stock.jpg
[2013/08/19 11:35:10 | 000,532,954 | ---- | M] () -- C:\Users\UBALDO\Desktop\depositphotos_1602251-Texture-Jean.jpg
[2013/08/19 11:19:02 | 000,653,262 | ---- | M] () -- C:\Users\UBALDO\Desktop\il_fullxfull_479007725_623z.jpg
[2013/08/19 11:18:23 | 000,106,511 | ---- | M] () -- C:\Users\UBALDO\Desktop\il_570xN_479320819_8pfw.jpg
[2013/08/19 10:49:32 | 000,276,268 | ---- | M] () -- C:\Users\UBALDO\Desktop\DESPICABLEMEDESIGN04.jpg
[2013/08/19 10:47:19 | 000,319,977 | ---- | M] () -- C:\Users\UBALDO\Desktop\il_fullxfull_491908957_6wdr.jpg
[2013/08/19 10:01:26 | 004,195,563 | ---- | M] () -- C:\Users\UBALDO\Desktop\DESPICABLEMEDESIGN04.pspimage
[2013/08/19 08:59:47 | 000,389,307 | ---- | M] () -- C:\Users\UBALDO\Desktop\LEGODESIGN01.jpg
[2013/08/19 07:22:04 | 000,152,785 | ---- | M] () -- C:\Users\UBALDO\Desktop\Lego-cake-pops-Livinglocurto.jpg
[2013/08/19 07:00:09 | 000,834,593 | ---- | M] () -- C:\Users\UBALDO\Desktop\DESPICABLEME2LOGO.pspimage
[2013/08/19 06:55:52 | 000,235,511 | ---- | M] () -- C:\Users\UBALDO\Desktop\il_fullxfull_336979509.jpg
[2013/08/18 22:01:21 | 000,085,136 | ---- | M] () -- C:\Users\UBALDO\Desktop\Despicable-Me-2-Ilumination-Evil-Minion-Wallpaper.jpg
[2013/08/18 21:52:04 | 000,887,448 | ---- | M] () -- C:\Users\UBALDO\Desktop\despicable-me-2-wallpaper.jpg
[2013/08/18 21:51:01 | 001,391,813 | ---- | M] () -- C:\Users\UBALDO\Desktop\despicable_me_2_minions-wide.jpg
[2013/08/18 21:39:54 | 000,086,539 | ---- | M] () -- C:\Users\UBALDO\Desktop\il_570xN_483415756_jwqr.jpg
[2013/08/18 21:39:39 | 000,093,695 | ---- | M] () -- C:\Users\UBALDO\Desktop\il_570xN_489102084_5dda.jpg
[2013/08/18 21:38:56 | 000,097,911 | ---- | M] () -- C:\Users\UBALDO\Desktop\il_570xN_487155558_i2n1.jpg
[2013/08/15 03:11:38 | 000,741,188 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/08/15 03:11:38 | 000,624,606 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/08/15 03:11:38 | 000,106,724 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/08/12 22:13:53 | 000,403,347 | ---- | M] () -- C:\Users\UBALDO\Desktop\il_fullxfull_482474610_kl9k.jpg
[2013/08/11 09:01:46 | 000,611,256 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/07/31 09:43:19 | 000,454,103 | ---- | M] () -- C:\Users\UBALDO\Desktop\MONSTERINC.jpg
[2013/07/31 09:42:44 | 000,890,939 | ---- | M] () -- C:\Users\UBALDO\Desktop\PHINEASANDFERB.jpg
[2013/07/31 09:42:00 | 000,499,704 | ---- | M] () -- C:\Users\UBALDO\Desktop\JAKEANDTHENEVERLAND.jpg
[2013/07/27 10:20:46 | 000,001,456 | ---- | M] () -- C:\Users\UBALDO\AppData\Local\Adobe Save for Web 12.0 Prefs
[2013/07/25 22:13:58 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/07/25 22:12:27 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/07/25 22:12:08 | 003,958,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/07/25 22:12:08 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/07/25 22:12:04 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/07/25 22:12:04 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/07/25 22:12:03 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/07/25 22:12:03 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/07/25 20:12:04 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/07/25 20:12:00 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/07/25 20:12:00 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/07/25 20:12:00 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/07/25 20:11:59 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/07/25 19:39:38 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/07/25 18:59:38 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/07/25 02:25:54 | 001,888,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2013/07/25 01:57:27 | 001,620,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/08/22 09:18:45 | 000,869,418 | ---- | C] () -- C:\Users\UBALDO\Desktop\CHUCKECHEESETOPPERS.jpg
[2013/08/22 08:31:52 | 000,065,306 | ---- | C] () -- C:\Users\UBALDO\Desktop\chuck_e_cheese_birthday_invitations_all_colors_click_for_additional_6cfd60e8.jpg
[2013/08/22 08:30:12 | 000,203,108 | ---- | C] () -- C:\Users\UBALDO\Desktop\il_fullxfull_337483218.jpg
[2013/08/21 19:32:24 | 000,039,287 | ---- | C] () -- C:\Users\UBALDO\Desktop\il_570xN_489944018_4jhw.jpg
[2013/08/21 15:54:44 | 000,501,097 | ---- | C] () -- C:\Users\UBALDO\Desktop\DESPICABLEMEWATERWRAPPERS1-3.jpg
[2013/08/21 15:06:36 | 000,173,316 | ---- | C] () -- C:\Users\UBALDO\Desktop\DESPICABLEMEWATERWRAPPERDESIGN05.jpg
[2013/08/21 15:05:04 | 000,834,661 | ---- | C] () -- C:\Users\UBALDO\Desktop\DESPICABLEMEWATERWRAPPERDESIGN03.jpg
[2013/08/21 15:04:07 | 000,184,913 | ---- | C] () -- C:\Users\UBALDO\Desktop\DESPICABLEMEWATERWRAPPERDESIGN04.jpg
[2013/08/21 11:47:34 | 000,425,488 | ---- | C] () -- C:\Users\UBALDO\Desktop\tumblr_ml7virBdrD1qexvcfo5_1280.jpg
[2013/08/21 11:46:55 | 000,393,549 | ---- | C] () -- C:\Users\UBALDO\Desktop\tumblr_ml7virBdrD1qexvcfo3_1280.jpg
[2013/08/21 11:46:08 | 000,327,489 | ---- | C] () -- C:\Users\UBALDO\Desktop\tumblr_ml7virBdrD1qexvcfo4_1280.jpg
[2013/08/21 11:45:41 | 000,474,943 | ---- | C] () -- C:\Users\UBALDO\Desktop\tumblr_ml7virBdrD1qexvcfo2_1280.jpg
[2013/08/21 11:16:02 | 000,016,985 | ---- | C] () -- C:\Users\UBALDO\Desktop\il_340x270_459269489_a8gx.jpg
[2013/08/20 22:13:34 | 000,478,030 | ---- | C] () -- C:\Users\UBALDO\Desktop\DESPICABLEHERSHEYWRAPPERS04-06.jpg
[2013/08/20 15:16:29 | 000,420,151 | ---- | C] () -- C:\Users\UBALDO\Desktop\DESPICABLEMEHERSHEYWRAPPERDESIGN03.jpg
[2013/08/20 15:14:11 | 001,063,691 | ---- | C] () -- C:\Users\UBALDO\Desktop\DESPICABLEMEHERSHEYWRAPPERDESIGN05.jpg
[2013/08/20 12:19:45 | 000,412,518 | ---- | C] () -- C:\Users\UBALDO\Desktop\DESPICABLEMEHERSHEYWRAPPERDESIGN04.jpg
[2013/08/20 12:11:22 | 001,282,959 | ---- | C] () -- C:\Users\UBALDO\Desktop\minions-file.jpg
[2013/08/20 12:07:35 | 001,955,905 | ---- | C] () -- C:\Users\UBALDO\Desktop\Despicable-Me-2-Movie.jpg
[2013/08/20 11:35:43 | 005,368,235 | ---- | C] () -- C:\Users\UBALDO\Desktop\Despicable Me 2 (2013).jpg
[2013/08/20 10:45:58 | 000,155,447 | ---- | C] () -- C:\Users\UBALDO\Desktop\americangirls.jpg
[2013/08/19 15:26:43 | 001,054,483 | ---- | C] () -- C:\Users\UBALDO\Desktop\Despicable-Me-2-Minions.jpg
[2013/08/19 14:16:50 | 000,411,965 | ---- | C] () -- C:\Users\UBALDO\Desktop\despicable_me_minion_goggles_wallpaper-1600x1200.jpg
[2013/08/19 14:03:14 | 000,261,557 | ---- | C] () -- C:\Users\UBALDO\Desktop\MINIONGOGGLES003.png
[2013/08/19 13:50:53 | 000,025,773 | ---- | C] () -- C:\Users\UBALDO\Desktop\MINIONGOGGLES3.png
[2013/08/19 13:46:44 | 000,027,355 | ---- | C] () -- C:\Users\UBALDO\Desktop\MINIONGOGGLES2.png
[2013/08/19 13:05:11 | 000,032,189 | ---- | C] () -- C:\Users\UBALDO\Desktop\GOGLES.png
[2013/08/19 12:52:21 | 000,221,782 | ---- | C] () -- C:\Users\UBALDO\Desktop\MINIONGOGGLES.ai
[2013/08/19 11:35:45 | 000,383,947 | ---- | C] () -- C:\Users\UBALDO\Desktop\Jean_texture_by_Babybird_Stock.jpg
[2013/08/19 11:35:18 | 000,532,954 | ---- | C] () -- C:\Users\UBALDO\Desktop\depositphotos_1602251-Texture-Jean.jpg
[2013/08/19 11:19:20 | 000,653,262 | ---- | C] () -- C:\Users\UBALDO\Desktop\il_fullxfull_479007725_623z.jpg
[2013/08/19 11:18:39 | 000,106,511 | ---- | C] () -- C:\Users\UBALDO\Desktop\il_570xN_479320819_8pfw.jpg
[2013/08/19 10:53:21 | 000,642,733 | ---- | C] () -- C:\Users\UBALDO\Desktop\DESPICABLEMEDESING01-02.jpg
[2013/08/19 10:47:41 | 000,319,977 | ---- | C] () -- C:\Users\UBALDO\Desktop\il_fullxfull_491908957_6wdr.jpg
[2013/08/19 10:02:30 | 000,285,846 | ---- | C] () -- C:\Users\UBALDO\Desktop\DESPICABLEMEDESIGN03.jpg
[2013/08/19 10:00:38 | 000,276,268 | ---- | C] () -- C:\Users\UBALDO\Desktop\DESPICABLEMEDESIGN04.jpg
[2013/08/19 09:53:48 | 001,059,028 | ---- | C] () -- C:\Users\UBALDO\Desktop\DESPICABLEME2LOGO2.pspimage
[2013/08/19 09:38:26 | 004,195,563 | ---- | C] () -- C:\Users\UBALDO\Desktop\DESPICABLEMEDESIGN04.pspimage
[2013/08/19 08:57:56 | 000,389,307 | ---- | C] () -- C:\Users\UBALDO\Desktop\LEGODESIGN01.jpg
[2013/08/19 07:22:17 | 000,152,785 | ---- | C] () -- C:\Users\UBALDO\Desktop\Lego-cake-pops-Livinglocurto.jpg
[2013/08/19 07:00:08 | 000,834,593 | ---- | C] () -- C:\Users\UBALDO\Desktop\DESPICABLEME2LOGO.pspimage
[2013/08/19 06:57:03 | 006,681,315 | ---- | C] () -- C:\Users\UBALDO\Desktop\DESPICABLEMEDESIGN03.pspimage
[2013/08/19 06:56:00 | 000,235,511 | ---- | C] () -- C:\Users\UBALDO\Desktop\il_fullxfull_336979509.jpg
[2013/08/18 22:01:29 | 000,085,136 | ---- | C] () -- C:\Users\UBALDO\Desktop\Despicable-Me-2-Ilumination-Evil-Minion-Wallpaper.jpg
[2013/08/18 21:52:09 | 000,887,448 | ---- | C] () -- C:\Users\UBALDO\Desktop\despicable-me-2-wallpaper.jpg
[2013/08/18 21:51:09 | 001,391,813 | ---- | C] () -- C:\Users\UBALDO\Desktop\despicable_me_2_minions-wide.jpg
[2013/08/18 21:40:14 | 000,086,539 | ---- | C] () -- C:\Users\UBALDO\Desktop\il_570xN_483415756_jwqr.jpg
[2013/08/18 21:39:46 | 000,093,695 | ---- | C] () -- C:\Users\UBALDO\Desktop\il_570xN_489102084_5dda.jpg
[2013/08/18 21:39:07 | 000,097,911 | ---- | C] () -- C:\Users\UBALDO\Desktop\il_570xN_487155558_i2n1.jpg
[2013/08/12 22:14:05 | 000,403,347 | ---- | C] () -- C:\Users\UBALDO\Desktop\il_fullxfull_482474610_kl9k.jpg
[2013/07/31 09:43:19 | 000,454,103 | ---- | C] () -- C:\Users\UBALDO\Desktop\MONSTERINC.jpg
[2013/07/31 09:42:43 | 000,890,939 | ---- | C] () -- C:\Users\UBALDO\Desktop\PHINEASANDFERB.jpg
[2013/07/31 09:42:00 | 000,499,704 | ---- | C] () -- C:\Users\UBALDO\Desktop\JAKEANDTHENEVERLAND.jpg
[2013/05/22 21:30:45 | 000,000,037 | -HS- | C] () -- C:\Users\UBALDO\AppData\Local\70149b02515b3bb20dd492.47983420
[2013/01/23 16:42:38 | 000,000,004 | ---- | C] () -- C:\Users\UBALDO\AppData\Roaming\skype.ini
[2012/12/07 10:13:06 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012/08/19 11:08:18 | 000,000,034 | ---- | C] () -- C:\Users\UBALDO\AppData\Roaming\mbam.context.scan
[2012/06/11 14:30:40 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2012/05/19 01:06:54 | 000,007,168 | ---- | C] () -- C:\Users\UBALDO\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/03/13 20:57:15 | 000,001,456 | ---- | C] () -- C:\Users\UBALDO\AppData\Local\Adobe Save for Web 12.0 Prefs
[2012/02/22 22:15:42 | 000,730,638 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/02/21 23:18:14 | 000,007,608 | ---- | C] () -- C:\Users\UBALDO\AppData\Local\Resmon.ResmonCfg
[2012/02/20 21:12:00 | 000,000,088 | RHS- | C] () -- C:\Windows\SysWow64\25FFC419EC.sys
[2012/02/20 20:57:40 | 000,002,828 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2011/11/26 01:25:09 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

========== ZeroAccess Check ==========

[2013/01/27 23:46:25 | 000,002,048 | -HS- | M] () -- C:\$Recycle.bin\S-1-5-18\$b64e7e2ae3846a7bb6ba48b5c45758c7\@
[2013/01/27 23:46:25 | 000,000,000 | -HSD | M] -- C:\$Recycle.bin\S-1-5-18\$b64e7e2ae3846a7bb6ba48b5c45758c7\L
[2013/01/31 23:43:24 | 000,000,000 | -HSD | M] -- C:\$Recycle.bin\S-1-5-18\$b64e7e2ae3846a7bb6ba48b5c45758c7\U
[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
"ThreadingModel" = Both
"" = C:\$Recycle.Bin\S-1-5-21-3018435195-4205911245-3665918404-1000\$b64e7e2ae3846a7bb6ba48b5c45758c7\n.

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/02/26 22:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/02/26 21:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\$Recycle.Bin\S-1-5-18\$b64e7e2ae3846a7bb6ba48b5c45758c7\n.
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
  • 0

Advertisements


#2
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,591 posts
Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

  • 0

#3
ubaldo714

ubaldo714

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Good Morning,

Thank you for your help!


Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-08-2013
Ran by UBALDO (administrator) on 23-08-2013 09:16:53
Running from C:\Users\UBALDO\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
() C:\Windows\SysWOW64\PSIService.exe
(Protexis Inc.) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
() C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
(Ask) C:\Program Files (x86)\Ask.com\Updater\Updater.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11580520 2010-11-10] (Realtek Semiconductor)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$b64e7e2ae3846a7bb6ba48b5c45758c7\n. ATTENTION! ====> ZeroAccess?
HKCR\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-3018435195-4205911245-3665918404-1000\$b64e7e2ae3846a7bb6ba48b5c45758c7\n. ATTENTION! ====> ZeroAccess?
HKCU\...\Command Processor: "C:\Users\UBALDO\AppData\Local\crrjaym.exe" <======= ATTENTION
MountPoints2: {1fb66e9a-1808-11e1-85cf-806e6f6e6963} - "D:\Windows Utilities\Installer64\Install.exe"
MountPoints2: {2a70f8b6-fd8c-11e1-a2ba-c89cdc6f8efe} - H:\PcOptions.exe
MountPoints2: {2a70f8c5-fd8c-11e1-a2ba-c89cdc6f8efe} - H:\PcOptions.exe
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [348664 2012-08-08] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [340848 2011-04-02] (Egis Technology Inc.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-05-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Hotkey Utility] - C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [627304 2011-08-10] ()
HKLM-x32\...\Run: [EgisUpdate] - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [202608 2011-03-28] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [408432 2011-03-28] (Egis Technology Inc.)
HKLM-x32\...\Run: [ArcadeMovieService] - C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [185640 2011-08-31] (CyberLink Corp.)
HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1568976 2012-06-20] (Ask)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-07-29] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo....intl=us&.src=ym
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://google.com/
http://etsy.com/
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
DPF: HKLM-x32 {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl-esd.su...indows-i586.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86224 2012-05-08] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110032 2012-05-08] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [465360 2012-05-08] (Avira Operations GmbH & Co. KG)
S2 ATT MAHostService; C:\Program Files (x86)\ATT\8.2.1.6\ma\bin\MAHostService.exe [319488 2013-03-26] (Alcatel-Lucent)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [460288 2012-11-01] (Alcatel-Lucent)
R2 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [177704 2007-06-05] ()
S3 wampmysqld; c:\wamp\bin\mysql\mysql5.5.24\bin\mysqld.exe [8177664 2012-04-19] ()
S2 Wmi32Svc; C:\Windows\wmisvcs.exe [x]

==================== Drivers (Whitelisted) ====================

S3 androidusb; C:\Windows\System32\Drivers\smhwadb.sys [31744 2009-12-23] (Google Inc)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98848 2012-05-08] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132832 2012-05-08] (Avira GmbH)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [27760 2011-09-16] (Avira GmbH)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 MREMP50; C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MREMP50; C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MREMP50a64; C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [43008 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50a64; C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [40960 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
S3 smhwdev; C:\Windows\System32\DRIVERS\smhwdev.sys [114432 2010-01-13] (Huawei Technologies Co., Ltd.)
S3 smhwser; C:\Windows\System32\DRIVERS\smhwser.sys [122624 2010-02-03] (QUALCOMM Incorporated)
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-23 09:16 - 2013-08-23 09:16 - 00000000 ____D C:\FRST
2013-08-22 13:28 - 2013-08-22 13:28 - 00048096 _____ C:\Users\UBALDO\Desktop\Extras.Txt
2013-08-22 13:25 - 2013-08-22 13:25 - 00101300 _____ C:\Users\UBALDO\Desktop\OTL.Txt
2013-08-22 13:08 - 2013-08-22 13:08 - 00602112 _____ (OldTimer Tools) C:\Users\UBALDO\Desktop\OTL.exe
2013-08-21 09:11 - 2013-08-21 09:37 - 00000000 ____D C:\Users\UBALDO\Desktop\PLANES NAME
2013-08-19 12:52 - 2013-08-19 12:52 - 00221782 _____ C:\Users\UBALDO\Desktop\MINIONGOGGLES.ai
2013-08-19 09:53 - 2013-08-20 15:14 - 01059028 _____ C:\Users\UBALDO\Desktop\DESPICABLEME2LOGO2.pspimage
2013-08-19 09:38 - 2013-08-19 10:01 - 04195563 _____ C:\Users\UBALDO\Desktop\DESPICABLEMEDESIGN04.pspimage
2013-08-19 07:00 - 2013-08-19 07:00 - 00834593 _____ C:\Users\UBALDO\Desktop\DESPICABLEME2LOGO.pspimage
2013-08-19 06:57 - 2013-08-20 15:24 - 06681315 _____ C:\Users\UBALDO\Desktop\DESPICABLEMEDESIGN03.pspimage
2013-08-18 14:03 - 2013-08-18 12:23 - 11817814 _____ C:\Users\UBALDO\Downloads\Teen.Wolf.S03E03.HDTV.TVLEAKS.COM.avi.dtd40hi.partial
2013-08-18 13:44 - 2013-08-21 07:37 - 00000168 _____ C:\Windows\setupact.log
2013-08-18 13:44 - 2013-08-18 13:44 - 00003630 _____ C:\Windows\PFRO.log
2013-08-18 13:44 - 2013-08-18 13:44 - 00000000 _____ C:\Windows\setuperr.log
2013-08-15 03:16 - 2013-07-25 22:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-15 03:16 - 2013-07-25 22:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-15 03:16 - 2013-07-25 22:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-15 03:16 - 2013-07-25 22:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-15 03:16 - 2013-07-25 22:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-15 03:16 - 2013-07-25 22:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-15 03:16 - 2013-07-25 22:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-15 03:16 - 2013-07-25 22:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-15 03:16 - 2013-07-25 22:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-15 03:16 - 2013-07-25 22:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-15 03:16 - 2013-07-25 22:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-15 03:16 - 2013-07-25 22:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-15 03:16 - 2013-07-25 22:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-15 03:16 - 2013-07-25 22:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-15 03:16 - 2013-07-25 20:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-15 03:16 - 2013-07-25 20:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-15 03:16 - 2013-07-25 20:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-15 03:16 - 2013-07-25 20:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-15 03:16 - 2013-07-25 20:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-15 03:16 - 2013-07-25 20:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-15 03:16 - 2013-07-25 20:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-15 03:16 - 2013-07-25 20:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-15 03:16 - 2013-07-25 20:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-15 03:16 - 2013-07-25 20:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-15 03:16 - 2013-07-25 20:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-15 03:16 - 2013-07-25 20:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-15 03:16 - 2013-07-25 20:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-15 03:16 - 2013-07-25 20:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-15 03:16 - 2013-07-25 19:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-15 03:16 - 2013-07-25 19:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-15 03:16 - 2013-07-25 18:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-14 05:30 - 2013-07-25 02:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-14 05:30 - 2013-07-25 01:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-14 05:30 - 2013-07-18 18:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 05:30 - 2013-07-18 18:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-14 05:30 - 2013-07-08 23:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-14 05:30 - 2013-07-08 22:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-14 05:30 - 2013-07-08 22:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-14 05:30 - 2013-07-08 22:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 05:30 - 2013-07-08 22:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 05:30 - 2013-07-08 22:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 05:30 - 2013-07-08 22:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 05:30 - 2013-07-08 22:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-14 05:30 - 2013-07-08 22:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-14 05:30 - 2013-07-08 22:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-14 05:30 - 2013-07-08 21:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-14 05:30 - 2013-07-08 21:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-14 05:30 - 2013-07-08 21:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-14 05:30 - 2013-07-08 21:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-14 05:30 - 2013-07-08 21:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-14 05:30 - 2013-07-08 21:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-14 05:30 - 2013-07-08 21:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-14 05:30 - 2013-07-08 19:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-14 05:30 - 2013-07-08 19:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-14 05:30 - 2013-07-08 19:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-14 05:30 - 2013-07-08 19:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-14 05:30 - 2013-07-05 23:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 05:30 - 2013-06-14 21:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-08 14:55 - 2013-08-08 14:55 - 00002381 _____ C:\Users\UBALDO\Desktop\PACKAGEETSY.txt
2013-07-31 14:20 - 2013-07-31 14:20 - 00000053 _____ C:\Users\UBALDO\Desktop\DAD.txt
2013-07-26 12:16 - 2013-08-22 11:45 - 01211106 _____ C:\Windows\WindowsUpdate.log

==================== One Month Modified Files and Folders =======

2013-08-23 09:16 - 2013-08-23 09:16 - 01576474 _____ (Farbar) C:\Users\UBALDO\Desktop\FRST64.exe
2013-08-23 09:16 - 2013-08-23 09:16 - 00000000 ____D C:\FRST
2013-08-23 08:48 - 2012-08-10 10:39 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-23 07:34 - 2013-07-26 12:16 - 01211106 _____ C:\Windows\WindowsUpdate.log
2013-08-22 13:28 - 2013-08-22 13:28 - 00048096 _____ C:\Users\UBALDO\Desktop\Extras.Txt
2013-08-22 13:25 - 2013-08-22 13:25 - 00101300 _____ C:\Users\UBALDO\Desktop\OTL.Txt
2013-08-22 13:08 - 2013-08-22 13:08 - 00602112 _____ (OldTimer Tools) C:\Users\UBALDO\Desktop\OTL.exe
2013-08-22 10:14 - 2012-02-20 21:13 - 00000000 ____D C:\Users\UBALDO\AppData\Local\Corel
2013-08-22 09:38 - 2013-03-23 11:45 - 00000000 ____D C:\Users\UBALDO\Desktop\CARSNAMES
2013-08-21 21:49 - 2012-06-22 14:15 - 00000000 ____D C:\Users\UBALDO\AppData\Local\CrashDumps
2013-08-21 15:21 - 2013-01-30 12:00 - 00000000 ____D C:\Users\UBALDO\Desktop\SKYLANDERSNAMESLOGOS
2013-08-21 09:37 - 2013-08-21 09:11 - 00000000 ____D C:\Users\UBALDO\Desktop\PLANES NAME
2013-08-21 08:55 - 2012-02-20 21:11 - 00000000 ____D C:\Users\UBALDO\Documents\My PSP Files
2013-08-21 08:55 - 2012-02-20 20:57 - 00002828 ___SH C:\Windows\SysWOW64\KGyGaAvL.sys
2013-08-21 07:47 - 2009-07-13 21:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-21 07:47 - 2009-07-13 21:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-21 07:40 - 2012-02-20 19:45 - 00000000 ____D C:\ProgramData\clear.fi
2013-08-21 07:37 - 2013-08-18 13:44 - 00000168 _____ C:\Windows\setupact.log
2013-08-21 07:37 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-20 15:24 - 2013-08-19 06:57 - 06681315 _____ C:\Users\UBALDO\Desktop\DESPICABLEMEDESIGN03.pspimage
2013-08-20 15:14 - 2013-08-19 09:53 - 01059028 _____ C:\Users\UBALDO\Desktop\DESPICABLEME2LOGO2.pspimage
2013-08-20 11:49 - 2012-08-10 10:39 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-20 11:49 - 2012-08-10 10:39 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-20 11:49 - 2011-08-02 20:41 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-19 12:52 - 2013-08-19 12:52 - 00221782 _____ C:\Users\UBALDO\Desktop\MINIONGOGGLES.ai
2013-08-19 10:01 - 2013-08-19 09:38 - 04195563 _____ C:\Users\UBALDO\Desktop\DESPICABLEMEDESIGN04.pspimage
2013-08-19 07:00 - 2013-08-19 07:00 - 00834593 _____ C:\Users\UBALDO\Desktop\DESPICABLEME2LOGO.pspimage
2013-08-18 15:02 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\NDF
2013-08-18 14:48 - 2012-09-13 05:39 - 00000000 ____D C:\Users\UBALDO\AppData\Local\Google
2013-08-18 13:52 - 2009-07-13 22:08 - 00032546 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-18 13:44 - 2013-08-18 13:44 - 00003630 _____ C:\Windows\PFRO.log
2013-08-18 13:44 - 2013-08-18 13:44 - 00000000 _____ C:\Windows\setuperr.log
2013-08-18 13:36 - 2013-04-04 21:14 - 00000000 ____D C:\Program Files (x86)\HP
2013-08-18 13:33 - 2013-04-04 21:57 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2013-08-18 13:32 - 2013-02-03 17:21 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-18 13:27 - 2011-08-02 20:21 - 00000000 ____D C:\Program Files (x86)\Acer Games
2013-08-18 13:19 - 2007-07-11 18:49 - 00000000 ____D C:\Windows\Panther
2013-08-18 13:12 - 2013-07-04 09:35 - 00000000 ____D C:\Users\UBALDO\Desktop\INVITATIONSFORWEBSITE
2013-08-18 12:23 - 2013-08-18 14:03 - 11817814 _____ C:\Users\UBALDO\Downloads\Teen.Wolf.S03E03.HDTV.TVLEAKS.COM.avi.dtd40hi.partial
2013-08-18 11:59 - 2013-02-12 18:12 - 00000000 ____D C:\Users\UBALDO\Desktop\BURN NOTICE
2013-08-15 08:15 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2013-08-15 03:11 - 2009-07-13 22:13 - 00741188 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-11 09:01 - 2009-07-13 21:45 - 00611256 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-09 09:54 - 2012-02-20 18:21 - 00130696 _____ C:\Users\UBALDO\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-09 09:41 - 2012-02-22 22:16 - 00000000 ____D C:\Users\UBALDO\AppData\Roaming\SoftGrid Client
2013-08-08 14:55 - 2013-08-08 14:55 - 00002381 _____ C:\Users\UBALDO\Desktop\PACKAGEETSY.txt
2013-08-02 13:07 - 2013-06-07 15:30 - 00000744 _____ C:\Users\UBALDO\Desktop\casalindatransation060713.txt
2013-07-31 14:20 - 2013-07-31 14:20 - 00000053 _____ C:\Users\UBALDO\Desktop\DAD.txt
2013-07-31 13:28 - 2013-05-28 11:31 - 00000000 ____D C:\Users\UBALDO\Desktop\PHP WEBSITE
2013-07-27 10:20 - 2012-03-13 20:57 - 00001456 _____ C:\Users\UBALDO\AppData\Local\Adobe Save for Web 12.0 Prefs
2013-07-25 22:13 - 2013-08-15 03:16 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-25 22:13 - 2013-08-15 03:16 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-25 22:13 - 2013-08-15 03:16 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-25 22:12 - 2013-08-15 03:16 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-25 22:12 - 2013-08-15 03:16 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-25 22:12 - 2013-08-15 03:16 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-25 22:12 - 2013-08-15 03:16 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-25 22:12 - 2013-08-15 03:16 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-25 22:12 - 2013-08-15 03:16 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-25 22:12 - 2013-08-15 03:16 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-25 22:12 - 2013-08-15 03:16 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-25 22:12 - 2013-08-15 03:16 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-25 22:12 - 2013-08-15 03:16 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-25 22:12 - 2013-08-15 03:16 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-25 20:35 - 2013-08-15 03:16 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-25 20:13 - 2013-08-15 03:16 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-25 20:13 - 2013-08-15 03:16 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-25 20:12 - 2013-08-15 03:16 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-25 20:12 - 2013-08-15 03:16 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-25 20:12 - 2013-08-15 03:16 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-25 20:12 - 2013-08-15 03:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-25 20:12 - 2013-08-15 03:16 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-25 20:12 - 2013-08-15 03:16 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-25 20:12 - 2013-08-15 03:16 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-25 20:12 - 2013-08-15 03:16 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-25 20:12 - 2013-08-15 03:16 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-25 20:11 - 2013-08-15 03:16 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-25 20:11 - 2013-08-15 03:16 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-25 19:49 - 2013-08-15 03:16 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-25 19:39 - 2013-08-15 03:16 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-25 18:59 - 2013-08-15 03:16 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-25 02:25 - 2013-08-14 05:30 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-25 01:57 - 2013-08-14 05:30 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$b64e7e2ae3846a7bb6ba48b5c45758c7
C:\$Recycle.Bin\S-1-5-18\$b64e7e2ae3846a7bb6ba48b5c45758c7\@

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$b64e7e2ae3846a7bb6ba48b5c45758c7
C:\$Recycle.Bin\S-1-5-18\$b64e7e2ae3846a7bb6ba48b5c45758c7\@

Files to move or delete:
====================
C:\Users\UBALDO\AppData\Roaming\skype.ini

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-22 07:36

==================== End Of Log ============================






Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-08-2013
Ran by UBALDO at 2013-08-23 09:18:08
Running from C:\Users\UBALDO\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================


clear.fi (x32 Version: 1.5.1717_38186)
clear.fi (x32 Version: 9.0.8031)
64 Bit HP CIO Components Installer (Version: 6.2.1)
Acer eRecovery Management (x32 Version: 5.00.3502)
Acer Registration (x32 Version: 1.04.3503)
Acer ScreenSaver (x32 Version: 1.1.0609.2011)
Acer Updater (x32 Version: 1.02.3500)
Adobe AIR (x32 Version: 2.7.1.19610)
Adobe Community Help (x32 Version: 3.0.0)
Adobe Community Help (x32 Version: 3.0.0.400)
Adobe Dreamweaver CS5 (x32 Version: 11.0)
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94)
Adobe Media Player (x32 Version: 1.8)
Adobe Reader X MUI (x32 Version: 10.0.0)
Alien Skin Eye Candy 6
Alien Skin Xenofex 2 Demo (x32)
AMD APP SDK Runtime (Version: 2.4.650.9)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Media Foundation Decoders (Version: 1.0.60524.2309)
Apple Application Support (x32 Version: 2.3.2)
Ask Toolbar (x32 Version: 1.15.11.0)
ATI AVIVO64 Codecs (Version: 11.6.0.10524)
ATI Catalyst Install Manager (Version: 3.0.829.0)
ATT Management Agent (x32 Version: 8.2.1.6)
Avira Free Antivirus (x32 Version: 12.1.9.2500)
Avira SearchFree Toolbar plus Web Protection Updater (HKCU Version: 1.3.0.23930)
Bonjour (Version: 3.0.0.10)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center (x32 Version: 2011.0524.2352.41027)
Catalyst Control Center InstallProxy (x32 Version: 2011.0524.2352.41027)
Catalyst Control Center Localization All (x32 Version: 2011.0524.2352.41027)
CCC Help Chinese Standard (x32 Version: 2011.0524.2351.41027)
CCC Help Chinese Traditional (x32 Version: 2011.0524.2351.41027)
CCC Help Czech (x32 Version: 2011.0524.2351.41027)
CCC Help Danish (x32 Version: 2011.0524.2351.41027)
CCC Help Dutch (x32 Version: 2011.0524.2351.41027)
CCC Help English (x32 Version: 2011.0524.2351.41027)
CCC Help Finnish (x32 Version: 2011.0524.2351.41027)
CCC Help French (x32 Version: 2011.0524.2351.41027)
CCC Help German (x32 Version: 2011.0524.2351.41027)
CCC Help Greek (x32 Version: 2011.0524.2351.41027)
CCC Help Hungarian (x32 Version: 2011.0524.2351.41027)
CCC Help Italian (x32 Version: 2011.0524.2351.41027)
CCC Help Japanese (x32 Version: 2011.0524.2351.41027)
CCC Help Korean (x32 Version: 2011.0524.2351.41027)
CCC Help Norwegian (x32 Version: 2011.0524.2351.41027)
CCC Help Polish (x32 Version: 2011.0524.2351.41027)
CCC Help Portuguese (x32 Version: 2011.0524.2351.41027)
CCC Help Russian (x32 Version: 2011.0524.2351.41027)
CCC Help Spanish (x32 Version: 2011.0524.2351.41027)
CCC Help Swedish (x32 Version: 2011.0524.2351.41027)
CCC Help Thai (x32 Version: 2011.0524.2351.41027)
CCC Help Turkish (x32 Version: 2011.0524.2351.41027)
ccc-utility64 (Version: 2011.0524.2352.41027)
CCleaner (Version: 4.02)
clear.fi (x32 Version: 1.5.2212.35)
clear.fi Client (x32 Version: 1.05.3002)
Corel Paint Shop Pro Photo X2 (x32 Version: 12.001.0000)
Corel PaintShop Pro X4 (x32 Version: 14.0.0.332)
D3DX10 (x32 Version: 15.4.2368.0902)
en Skin Blow Up 2
FileZilla Client 3.7.1 (HKCU Version: 3.7.1)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922)
Hotkey Utility (x32 Version: 2.05.3505)
ICA (x32 Version: 14.0.0.332)
Identity Card (x32 Version: 1.00.3501)
IPM_PSP_COM (x32 Version: 14.0.0.332)
Java 2 Runtime Environment, SE v1.4.1 (x32)
Java 7 Update 10 (x32 Version: 7.0.100)
Java Auto Updater (x32 Version: 2.1.9.0)
Java Web Start (x32)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - English (x32 Version: 14.0.5131.5000)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft_VC80_CRT_x86 (x32 Version: 1.00.0000)
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
MyWinLocker (Version: 4.0.14.25)
MyWinLocker 4 (x32 Version: 4.0.14.25)
MyWinLocker Suite (x32 Version: 4.0.14.15)
Nero Control Center 10 (x32 Version: 10.2.11100.1.1)
Nero ControlCenter 10 Help (CHM) (x32 Version: 10.5.10000)
Nero Core Components 10 (x32 Version: 2.0.18100.8.8)
Nero DiscSpeed 10 (x32 Version: 6.2.10500.2.100)
Nero DiscSpeed 10 Help (CHM) (x32 Version: 10.5.10000)
Nero Express 10 (x32 Version: 10.2.12000.21.100)
Nero Express 10 Help (CHM) (x32 Version: 10.5.10200)
Nero Multimedia Suite 10 Essentials (x32 Version: 10.5.10300)
Nero StartSmart 10 (x32 Version: 10.2.11600.14.100)
Nero StartSmart 10 Help (CHM) (x32 Version: 10.5.10000)
Nero Update (x32 Version: 1.0.0018)
PSPPContent (x32 Version: 14.0.0.332)
PSPPHelp (x32 Version: 14.0.0.332)
PSPPro64 (Version: 14.0.0.332)
Realtek Ethernet Controller Driver (x32 Version: 7.45.516.2011)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6242)
Setup (x32 Version: 14.0.0.332)
Shredder (Version: 2.0.8.9)
Shredder (x32 Version: 2.0.8.9)
Times Reader (x32 Version: 2.055)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update Installer for WildTangent Games App (x32)
VirtualDJ PRO Full (x32 Version: 7.0.5)
WampServer 2.2 (x32)
Welcome Center (x32 Version: 1.02.3504)
Windows Live (x32 Version: 15.4.3502.0922)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3508.1109)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3508.1109)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Messenger (x32 Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
WinRAR 4.11 (32-bit) (x32 Version: 4.11.0)

==================== Restore Points =========================

12-08-2013 18:31:18 Windows Backup
15-08-2013 10:00:43 Windows Update
18-08-2013 20:22:22 Removed Apple Mobile Device Support
18-08-2013 20:27:43 Removed Fooz Kids Platform
18-08-2013 20:33:08 Removed Apple Software Update
18-08-2013 20:34:20 Removed HiJackThis
18-08-2013 20:34:49 Removed Apple Software Update
18-08-2013 20:35:59 Removed HP Update
18-08-2013 20:36:57 Removed VirtualDJ PRO Full
18-08-2013 20:54:52 Removed Google Talk Plugin
19-08-2013 02:00:16 Windows Backup

==================== Hosts content: ==========================

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {08E7CBA2-B60F-4681-A591-9E3F8BED7EDC} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-20] (Microsoft Corporation)
Task: {270BBE39-594B-4269-BEB0-45FB675C4ECA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-20] (Adobe Systems Incorporated)
Task: {54CEAF8E-2921-45B1-A857-1250B72DF53F} - System32\Tasks\Adobe Reader Speed Launcher => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [2010-11-15] (Adobe Systems Incorporated)
Task: {5D60633C-AE63-4950-8749-1DB5BA2F6DC6} - System32\Tasks\{057549E8-133B-43B5-88A9-4828CD8EB66B} => C:\Users\UBALDO\Desktop\Programs\Adobe Photoshop CS5\Photoshop.exe [2010-01-15] (Adobe Systems, Incorporated)
Task: {60423995-8F30-43E7-88F9-1E50AE980B89} - System32\Tasks\AdobeAAMUpdater-1.0-UBALDO-PC-UBALDO => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {6093D090-1A7D-4BFB-9F53-F6308B3054CC} - System32\Tasks\{D7573F2E-6FE8-4968-A841-A477B5D97EE2} => C:\Users\UBALDO\Desktop\Programs\Adobe Photoshop CS5\Photoshop.exe [2010-01-15] (Adobe Systems, Incorporated)
Task: {73E12D2B-2104-431B-BC3C-B7E26B8BD49A} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {81ECAFCF-A5B2-436B-986D-EFCFD9CFB24C} - System32\Tasks\{80401C46-7A34-4FCC-8F1E-63F6EFAE7078} => C:\Users\UBALDO\Desktop\Programs\Adobe Photoshop CS5\Photoshop.exe [2010-01-15] (Adobe Systems, Incorporated)
Task: {85CD11EA-0A88-4AF7-AB48-2F4AADCC3210} - System32\Tasks\DMREngine => C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe [2011-10-12] (CyberLink)
Task: {86274DC4-4836-44D2-AF76-1D08C001CE78} - System32\Tasks\clear.fiAgent => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe [2011-10-12] (CyberLink Corp.)
Task: {91A0E4A4-513B-4663-964A-F8B63DA37E56} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2009-07-13] (Microsoft Corporation)
Task: {9E91E86E-1E72-40EF-8462-A62756F4E387} - System32\Tasks\task19572119 => C:\Windows\Temp\kb151574.exe No File
Task: {B76DE36E-FB77-4EEA-BCC8-4F507A6A02D3} - System32\Tasks\clear.fi => C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fi.exe [2011-10-12] (Acer Incorporated)
Task: {B878D675-2890-42E8-9121-14634DF03464} - System32\Tasks\{ACF326A7-5F56-4A26-A798-62CD2D786D25} => C:\Users\UBALDO\Desktop\Adobe Photoshop CS5\Photoshop.exe No File
Task: {CAED8900-222C-453C-88DF-9772CC12DBCB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-05-24] (Piriform Ltd)
Task: {E0D4E940-9002-4553-AA04-7309FAD99ECA} - System32\Tasks\task14400265 => C:\Windows\Temp\kb664124.exe No File
Task: {EC32B888-EBD6-4EBA-ADD7-0287BC6774E2} - System32\Tasks\Adobe ARM => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04] (Adobe Systems Incorporated)
Task: {ECC0F9A1-81AF-417A-A9FC-26E256E73AED} - System32\Tasks\{58DED1EE-A66A-4C72-B168-DE1CA2020806} => I:\Programs\Adobe Photoshop CS5\Photoshop.exe No File
Task: {F0BE399E-0425-4AF5-89F4-05A3423153E7} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe [2012-11-09] ()
Task: {F2056B0C-8BE8-4FD2-AB38-AC5A66D59D24} - System32\Tasks\{B91783E3-07E5-4C1F-9550-0155FB143E98} => I:\Programs\Adobe Photoshop CS5\Photoshop.exe No File
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/22/2013 00:48:18 PM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 10.0.9200.16660 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 10ec

Start Time: 01ce9e7df4d6822b

Termination Time: 0

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id:

Error: (08/21/2013 11:52:12 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7893

Error: (08/21/2013 11:52:12 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7893

Error: (08/21/2013 11:52:12 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/21/2013 09:49:17 PM) (Source: Application Error) (User: )
Description: Faulting application name: CLMSService.exe, version: 2.0.0.4217, time stamp: 0x4dfb25b4
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18015, time stamp: 0x50b83c8a
Exception code: 0xc0000005
Fault offset: 0x00006a6d
Faulting process id: 0xdc0
Faulting application start time: 0xCLMSService.exe0
Faulting application path: CLMSService.exe1
Faulting module path: CLMSService.exe2
Report Id: CLMSService.exe3

Error: (08/21/2013 09:43:29 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9610

Error: (08/21/2013 09:43:29 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9610

Error: (08/21/2013 09:43:29 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/21/2013 07:31:50 PM) (Source: Application Error) (User: )
Description: Faulting application name: PmmUpdate.exe, version: 1.1.41.0, time stamp: 0x4d907469
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x6f01006e
Faulting process id: 0x508
Faulting application start time: 0xPmmUpdate.exe0
Faulting application path: PmmUpdate.exe1
Faulting module path: PmmUpdate.exe2
Report Id: PmmUpdate.exe3

Error: (08/21/2013 07:24:03 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8908


System errors:
=============
Error: (08/21/2013 07:38:26 AM) (Source: Service Control Manager) (User: )
Description: The ATT MAHostService service terminated unexpectedly. It has done this 3 time(s).

Error: (08/21/2013 07:38:26 AM) (Source: Service Control Manager) (User: )
Description: The ATT MAHostService service terminated with the following error:
%%-1

Error: (08/21/2013 07:38:25 AM) (Source: Service Control Manager) (User: )
Description: The ATT MAHostService service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (08/21/2013 07:38:25 AM) (Source: Service Control Manager) (User: )
Description: The ATT MAHostService service terminated with the following error:
%%-1

Error: (08/21/2013 07:38:22 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (08/21/2013 07:38:22 AM) (Source: Service Control Manager) (User: )
Description: The ATT MAHostService service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

Error: (08/21/2013 07:38:04 AM) (Source: Service Control Manager) (User: )
Description: The Wmi32Svc service failed to start due to the following error:
%%2

Error: (08/21/2013 07:38:01 AM) (Source: Service Control Manager) (User: )
Description: The ATT MAHostService service terminated with the following error:
%%-1

Error: (08/21/2013 07:38:00 AM) (Source: Service Control Manager) (User: )
Description: The Windows Firewall service terminated with service-specific error %%5.

Error: (08/20/2013 10:36:32 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}


Microsoft Office Sessions:
=========================
Error: (08/22/2013 00:48:18 PM) (Source: Application Hang)(User: )
Description: iexplore.exe10.0.9200.1666010ec01ce9e7df4d6822b0C:\Program Files\Internet Explorer\iexplore.exe

Error: (08/21/2013 11:52:12 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7893

Error: (08/21/2013 11:52:12 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7893

Error: (08/21/2013 11:52:12 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/21/2013 09:49:17 PM) (Source: Application Error)(User: )
Description: CLMSService.exe2.0.0.42174dfb25b4KERNELBASE.dll6.1.7601.1801550b83c8ac000000500006a6ddc001ce9e7c6433e110C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLMSService.exeC:\Windows\syswow64\KERNELBASE.dll333ce390-0ae6-11e3-a263-c89cdc6f8efe

Error: (08/21/2013 09:43:29 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9610

Error: (08/21/2013 09:43:29 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9610

Error: (08/21/2013 09:43:29 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (08/21/2013 07:31:50 PM) (Source: Application Error)(User: )
Description: PmmUpdate.exe1.1.41.04d907469unknown0.0.0.000000000c00000056f01006e50801ce9e7c59ea920eC:\Program Files (x86)\EgisTec IPS\PmmUpdate.exeunknownff6d787d-0ad2-11e3-a263-c89cdc6f8efe

Error: (08/21/2013 07:24:03 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8908


==================== Memory info ===========================

Percentage of memory in use: 46%
Total physical RAM: 3579.27 MB
Available physical RAM: 1926.67 MB
Total Pagefile: 7156.71 MB
Available Pagefile: 4796.03 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:911.88 GB) (Free:846.1 GB) NTFS
Drive d: (UBALDO DESIGNS) (Fixed) (Total:43.95 GB) (Free:16.62 GB) NTFS
Drive e: (BACKUP/RESTORE) (Fixed) (Total:68.36 GB) (Free:0.02 GB) NTFS
Drive g: (PICTURES/MUSIC) (Fixed) (Total:36.74 GB) (Free:23.69 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: C317959C)
Partition 1: (Not Active) - (Size=20 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=912 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 149 GB) (Disk ID: 76A429FA)
Partition 1: (Not Active) - (Size=44 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=68 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=37 GB) - (Type=07 NTFS)

==================== End Of Log ============================
  • 0

#4
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,591 posts
Download the enclosed file. [attachment=66139:fixlist.txt]

Save it next to FRST.

Run FRST and click on the Fix button.

The tool will make a log next to FRST, (Fixlog.txt). Please post it to your reply

Please download Farbar Service Scanner and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

  • 0

#5
ubaldo714

ubaldo714

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Good Afternoon,

FSS LOG ----

Farbar Service Scanner Version: 18-08-2013
Ran by UBALDO (administrator) on 23-08-2013 at 14:16:54
Running from "C:\Users\UBALDO\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LPPJVKS4"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.


Firewall Disabled Policy:
==================
"HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile" registry key does not exist.


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.

Action Center Notification Icon =====> Unable to open HKLM\...\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A} key. The key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============
Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.
Checking FirewallRules of SharedAccess: ATTENTION!=====> Unable to open "SharedAccess\Defaults\FirewallPolicy\FirewallRules" registry key. The key does not exist.
Checking Start type of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****



FIX LOG -

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-08-2013
Ran by UBALDO at 2013-08-23 14:16:06 Run:1
Running from C:\Users\UBALDO\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] C:\$Recycle.Bin\S-1-5-18\$b64e7e2ae3846a7bb6ba48b5c45758c7\n. ATTENTION! ====> ZeroAccess?
HKCR\...409d6c4515e9\InprocServer32: [Default-shell32] C:\$Recycle.Bin\S-1-5-21-3018435195-4205911245-3665918404-1000\$b64e7e2ae3846a7bb6ba48b5c45758c7\n. ATTENTION! ====> ZeroAccess?
HKCU\...\Command Processor: "C:\Users\UBALDO\AppData\Local\crrjaym.exe" <======= ATTENTION
C:\$Recycle.Bin\S-1-5-18\$b64e7e2ae3846a7bb6ba48b5c45758c7
C:\Users\UBALDO\AppData\Roaming\skype.ini
Task: {9E91E86E-1E72-40EF-8462-A62756F4E387} - System32\Tasks\task19572119 => C:\Windows\Temp\kb151574.exe No File
Task: {CAED8900-222C-453C-88DF-9772CC12DBCB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-05-24] (Piriform Ltd)
Task: {E0D4E940-9002-4553-AA04-7309FAD99ECA} - System32\Tasks\task14400265 => C:\Windows\Temp\kb664124.exe No File
End
*****************

HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => Value was restored successfully.
HKCU\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} => Key deleted successfully.
HKCU\Software\Microsoft\Command Processor\\AutoRun => Value deleted successfully.
C:\$Recycle.Bin\S-1-5-18\$b64e7e2ae3846a7bb6ba48b5c45758c7 => Moved successfully.
C:\Users\UBALDO\AppData\Roaming\skype.ini => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9E91E86E-1E72-40EF-8462-A62756F4E387} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9E91E86E-1E72-40EF-8462-A62756F4E387} => Key deleted successfully.
C:\Windows\System32\Tasks\task19572119 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\task19572119 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CAED8900-222C-453C-88DF-9772CC12DBCB} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CAED8900-222C-453C-88DF-9772CC12DBCB} => Key deleted successfully.
C:\Windows\System32\Tasks\CCleanerSkipUAC => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleanerSkipUAC => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E0D4E940-9002-4553-AA04-7309FAD99ECA} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E0D4E940-9002-4553-AA04-7309FAD99ECA} => Key deleted successfully.
C:\Windows\System32\Tasks\task14400265 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\task14400265 => Key deleted successfully.

==== End of Fixlog ====
  • 0

#6
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,591 posts
Download Services Repair tool, available here, and save it to your Desktop. Right click on it and select Run As Administrator, follow the prompts. It should reboot when it finishes. If not reboot it yourself.

After a restart, run Farbar Service Scanner and post the new report.
  • 0

#7
ubaldo714

ubaldo714

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Good Afternoon,


Once my computer finished booting this came up

Windows Firewall has blocked some features of this program

CLMSService

CyberLink

C:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\clmsservice.exe




Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-08-2013 01
Ran by UBALDO (administrator) on 24-08-2013 14:18:06
Running from C:\Users\UBALDO\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
() C:\Windows\SysWOW64\PSIService.exe
(Protexis Inc.) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe
() C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
(Ask) C:\Program Files (x86)\Ask.com\Updater\Updater.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLMSService.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11580520 2010-11-10] (Realtek Semiconductor)
MountPoints2: {1fb66e9a-1808-11e1-85cf-806e6f6e6963} - "D:\Windows Utilities\Installer64\Install.exe"
MountPoints2: {2a70f8b6-fd8c-11e1-a2ba-c89cdc6f8efe} - H:\PcOptions.exe
MountPoints2: {2a70f8c5-fd8c-11e1-a2ba-c89cdc6f8efe} - H:\PcOptions.exe
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [348664 2012-08-08] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [340848 2011-04-02] (Egis Technology Inc.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-05-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Hotkey Utility] - C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [627304 2011-08-10] ()
HKLM-x32\...\Run: [EgisUpdate] - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [202608 2011-03-28] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [408432 2011-03-28] (Egis Technology Inc.)
HKLM-x32\...\Run: [ArcadeMovieService] - C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [185640 2011-08-31] (CyberLink Corp.)
HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1568976 2012-06-20] (Ask)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-07-29] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo....intl=us&.src=ym
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://google.com/
http://etsy.com/
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/...rc=IE-SearchBox
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar plus Web Protection - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
DPF: HKLM-x32 {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl-esd.su...indows-i586.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

==================== Services (Whitelisted) =================

R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86224 2012-05-08] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110032 2012-05-08] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [465360 2012-05-08] (Avira Operations GmbH & Co. KG)
S2 ATT MAHostService; C:\Program Files (x86)\ATT\8.2.1.6\ma\bin\MAHostService.exe [319488 2013-03-26] (Alcatel-Lucent)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [460288 2012-11-01] (Alcatel-Lucent)
R2 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [177704 2007-06-05] ()
S3 wampmysqld; c:\wamp\bin\mysql\mysql5.5.24\bin\mysqld.exe [8177664 2012-04-19] ()
S2 Wmi32Svc; C:\Windows\wmisvcs.exe [x]

==================== Drivers (Whitelisted) ====================

S3 androidusb; C:\Windows\System32\Drivers\smhwadb.sys [31744 2009-12-23] (Google Inc)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98848 2012-05-08] (Avira GmbH)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132832 2012-05-08] (Avira GmbH)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [27760 2011-09-16] (Avira GmbH)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 MREMP50; C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MREMP50; C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MREMP50a64; C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [43008 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50a64; C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [40960 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
S3 smhwdev; C:\Windows\System32\DRIVERS\smhwdev.sys [114432 2010-01-13] (Huawei Technologies Co., Ltd.)
S3 smhwser; C:\Windows\System32\DRIVERS\smhwser.sys [122624 2010-02-03] (QUALCOMM Incorporated)
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-24 14:11 - 2013-08-24 14:11 - 04009167 _____ C:\Users\UBALDO\Desktop\ServicesRepair.exe
2013-08-24 14:11 - 2013-08-24 14:11 - 00000000 ____D C:\Users\Public\Desktop\CC Support
2013-08-23 14:16 - 2013-08-23 14:17 - 00003718 _____ C:\Users\UBALDO\Desktop\FSS.txt
2013-08-23 09:18 - 2013-08-23 09:18 - 00020780 _____ C:\Users\UBALDO\Desktop\Addition.txt
2013-08-23 09:16 - 2013-08-23 09:16 - 00000000 ____D C:\FRST
2013-08-22 13:28 - 2013-08-22 13:28 - 00048096 _____ C:\Users\UBALDO\Desktop\Extras.Txt
2013-08-22 13:25 - 2013-08-22 13:25 - 00101300 _____ C:\Users\UBALDO\Desktop\OTL.Txt
2013-08-22 13:08 - 2013-08-22 13:08 - 00602112 _____ (OldTimer Tools) C:\Users\UBALDO\Desktop\OTL.exe
2013-08-21 09:11 - 2013-08-24 10:34 - 00000000 ____D C:\Users\UBALDO\Desktop\PLANES NAME
2013-08-19 12:52 - 2013-08-19 12:52 - 00221782 _____ C:\Users\UBALDO\Desktop\MINIONGOGGLES.ai
2013-08-19 09:53 - 2013-08-20 15:14 - 01059028 _____ C:\Users\UBALDO\Desktop\DESPICABLEME2LOGO2.pspimage
2013-08-19 09:38 - 2013-08-19 10:01 - 04195563 _____ C:\Users\UBALDO\Desktop\DESPICABLEMEDESIGN04.pspimage
2013-08-19 07:00 - 2013-08-19 07:00 - 00834593 _____ C:\Users\UBALDO\Desktop\DESPICABLEME2LOGO.pspimage
2013-08-19 06:57 - 2013-08-20 15:24 - 06681315 _____ C:\Users\UBALDO\Desktop\DESPICABLEMEDESIGN03.pspimage
2013-08-18 14:03 - 2013-08-18 12:23 - 11817814 _____ C:\Users\UBALDO\Downloads\Teen.Wolf.S03E03.HDTV.TVLEAKS.COM.avi.dtd40hi.partial
2013-08-18 13:44 - 2013-08-24 14:15 - 00000224 _____ C:\Windows\setupact.log
2013-08-18 13:44 - 2013-08-18 13:44 - 00003630 _____ C:\Windows\PFRO.log
2013-08-18 13:44 - 2013-08-18 13:44 - 00000000 _____ C:\Windows\setuperr.log
2013-08-15 03:16 - 2013-07-25 22:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-15 03:16 - 2013-07-25 22:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-15 03:16 - 2013-07-25 22:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-15 03:16 - 2013-07-25 22:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-15 03:16 - 2013-07-25 22:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-15 03:16 - 2013-07-25 22:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-15 03:16 - 2013-07-25 22:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-15 03:16 - 2013-07-25 22:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-15 03:16 - 2013-07-25 22:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-15 03:16 - 2013-07-25 22:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-15 03:16 - 2013-07-25 22:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-15 03:16 - 2013-07-25 22:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-15 03:16 - 2013-07-25 22:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-15 03:16 - 2013-07-25 22:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-15 03:16 - 2013-07-25 20:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-15 03:16 - 2013-07-25 20:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-15 03:16 - 2013-07-25 20:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-15 03:16 - 2013-07-25 20:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-15 03:16 - 2013-07-25 20:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-15 03:16 - 2013-07-25 20:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-15 03:16 - 2013-07-25 20:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-15 03:16 - 2013-07-25 20:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-15 03:16 - 2013-07-25 20:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-15 03:16 - 2013-07-25 20:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-15 03:16 - 2013-07-25 20:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-15 03:16 - 2013-07-25 20:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-15 03:16 - 2013-07-25 20:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-15 03:16 - 2013-07-25 20:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-15 03:16 - 2013-07-25 19:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-15 03:16 - 2013-07-25 19:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-15 03:16 - 2013-07-25 18:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-14 05:30 - 2013-07-25 02:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-14 05:30 - 2013-07-25 01:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-14 05:30 - 2013-07-18 18:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 05:30 - 2013-07-18 18:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-14 05:30 - 2013-07-08 23:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-14 05:30 - 2013-07-08 22:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-14 05:30 - 2013-07-08 22:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-14 05:30 - 2013-07-08 22:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 05:30 - 2013-07-08 22:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 05:30 - 2013-07-08 22:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 05:30 - 2013-07-08 22:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 05:30 - 2013-07-08 22:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-14 05:30 - 2013-07-08 22:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-14 05:30 - 2013-07-08 22:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-14 05:30 - 2013-07-08 21:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-14 05:30 - 2013-07-08 21:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-14 05:30 - 2013-07-08 21:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-14 05:30 - 2013-07-08 21:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-14 05:30 - 2013-07-08 21:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-14 05:30 - 2013-07-08 21:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-14 05:30 - 2013-07-08 21:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-14 05:30 - 2013-07-08 19:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-14 05:30 - 2013-07-08 19:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-14 05:30 - 2013-07-08 19:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-14 05:30 - 2013-07-08 19:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-14 05:30 - 2013-07-05 23:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 05:30 - 2013-06-14 21:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-08 14:55 - 2013-08-08 14:55 - 00002381 _____ C:\Users\UBALDO\Desktop\PACKAGEETSY.txt
2013-07-31 14:20 - 2013-07-31 14:20 - 00000053 _____ C:\Users\UBALDO\Desktop\DAD.txt
2013-07-26 12:16 - 2013-08-24 14:13 - 01223849 _____ C:\Windows\WindowsUpdate.log

==================== One Month Modified Files and Folders =======

2013-08-24 14:17 - 2013-08-24 14:17 - 01576734 _____ (Farbar) C:\Users\UBALDO\Desktop\FRST64.exe
2013-08-24 14:16 - 2012-02-20 19:45 - 00000000 ____D C:\ProgramData\clear.fi
2013-08-24 14:15 - 2013-08-18 13:44 - 00000224 _____ C:\Windows\setupact.log
2013-08-24 14:15 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-24 14:13 - 2013-07-26 12:16 - 01223849 _____ C:\Windows\WindowsUpdate.log
2013-08-24 14:12 - 2012-02-20 21:13 - 00000000 ____D C:\Users\UBALDO\AppData\Local\Corel
2013-08-24 14:11 - 2013-08-24 14:11 - 04009167 _____ C:\Users\UBALDO\Desktop\ServicesRepair.exe
2013-08-24 14:11 - 2013-08-24 14:11 - 00000000 ____D C:\Users\Public\Desktop\CC Support
2013-08-24 14:05 - 2012-08-10 10:39 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-24 10:34 - 2013-08-21 09:11 - 00000000 ____D C:\Users\UBALDO\Desktop\PLANES NAME
2013-08-24 09:15 - 2012-02-20 21:11 - 00000000 ____D C:\Users\UBALDO\Documents\My PSP Files
2013-08-24 09:15 - 2012-02-20 20:57 - 00002828 ___SH C:\Windows\SysWOW64\KGyGaAvL.sys
2013-08-24 08:59 - 2013-03-23 11:45 - 00000000 ____D C:\Users\UBALDO\Desktop\CARSNAMES
2013-08-23 21:53 - 2013-01-30 12:00 - 00000000 ____D C:\Users\UBALDO\Desktop\SKYLANDERSNAMESLOGOS
2013-08-23 14:17 - 2013-08-23 14:16 - 00003718 _____ C:\Users\UBALDO\Desktop\FSS.txt
2013-08-23 09:18 - 2013-08-23 09:18 - 00020780 _____ C:\Users\UBALDO\Desktop\Addition.txt
2013-08-23 09:16 - 2013-08-23 09:16 - 00000000 ____D C:\FRST
2013-08-22 13:28 - 2013-08-22 13:28 - 00048096 _____ C:\Users\UBALDO\Desktop\Extras.Txt
2013-08-22 13:25 - 2013-08-22 13:25 - 00101300 _____ C:\Users\UBALDO\Desktop\OTL.Txt
2013-08-22 13:08 - 2013-08-22 13:08 - 00602112 _____ (OldTimer Tools) C:\Users\UBALDO\Desktop\OTL.exe
2013-08-21 21:49 - 2012-06-22 14:15 - 00000000 ____D C:\Users\UBALDO\AppData\Local\CrashDumps
2013-08-21 07:47 - 2009-07-13 21:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-21 07:47 - 2009-07-13 21:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-20 15:24 - 2013-08-19 06:57 - 06681315 _____ C:\Users\UBALDO\Desktop\DESPICABLEMEDESIGN03.pspimage
2013-08-20 15:14 - 2013-08-19 09:53 - 01059028 _____ C:\Users\UBALDO\Desktop\DESPICABLEME2LOGO2.pspimage
2013-08-20 11:49 - 2012-08-10 10:39 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-20 11:49 - 2012-08-10 10:39 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-20 11:49 - 2011-08-02 20:41 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-19 12:52 - 2013-08-19 12:52 - 00221782 _____ C:\Users\UBALDO\Desktop\MINIONGOGGLES.ai
2013-08-19 10:01 - 2013-08-19 09:38 - 04195563 _____ C:\Users\UBALDO\Desktop\DESPICABLEMEDESIGN04.pspimage
2013-08-19 07:00 - 2013-08-19 07:00 - 00834593 _____ C:\Users\UBALDO\Desktop\DESPICABLEME2LOGO.pspimage
2013-08-18 15:02 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\NDF
2013-08-18 14:48 - 2012-09-13 05:39 - 00000000 ____D C:\Users\UBALDO\AppData\Local\Google
2013-08-18 13:52 - 2009-07-13 22:08 - 00032546 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-18 13:44 - 2013-08-18 13:44 - 00003630 _____ C:\Windows\PFRO.log
2013-08-18 13:44 - 2013-08-18 13:44 - 00000000 _____ C:\Windows\setuperr.log
2013-08-18 13:36 - 2013-04-04 21:14 - 00000000 ____D C:\Program Files (x86)\HP
2013-08-18 13:33 - 2013-04-04 21:57 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2013-08-18 13:32 - 2013-02-03 17:21 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-18 13:27 - 2011-08-02 20:21 - 00000000 ____D C:\Program Files (x86)\Acer Games
2013-08-18 13:19 - 2007-07-11 18:49 - 00000000 ____D C:\Windows\Panther
2013-08-18 13:12 - 2013-07-04 09:35 - 00000000 ____D C:\Users\UBALDO\Desktop\INVITATIONSFORWEBSITE
2013-08-18 12:23 - 2013-08-18 14:03 - 11817814 _____ C:\Users\UBALDO\Downloads\Teen.Wolf.S03E03.HDTV.TVLEAKS.COM.avi.dtd40hi.partial
2013-08-18 11:59 - 2013-02-12 18:12 - 00000000 ____D C:\Users\UBALDO\Desktop\BURN NOTICE
2013-08-15 08:15 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2013-08-15 03:11 - 2009-07-13 22:13 - 00741188 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-11 09:01 - 2009-07-13 21:45 - 00611256 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-09 09:54 - 2012-02-20 18:21 - 00130696 _____ C:\Users\UBALDO\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-09 09:41 - 2012-02-22 22:16 - 00000000 ____D C:\Users\UBALDO\AppData\Roaming\SoftGrid Client
2013-08-08 14:55 - 2013-08-08 14:55 - 00002381 _____ C:\Users\UBALDO\Desktop\PACKAGEETSY.txt
2013-08-02 13:07 - 2013-06-07 15:30 - 00000744 _____ C:\Users\UBALDO\Desktop\casalindatransation060713.txt
2013-07-31 14:20 - 2013-07-31 14:20 - 00000053 _____ C:\Users\UBALDO\Desktop\DAD.txt
2013-07-31 13:28 - 2013-05-28 11:31 - 00000000 ____D C:\Users\UBALDO\Desktop\PHP WEBSITE
2013-07-27 10:20 - 2012-03-13 20:57 - 00001456 _____ C:\Users\UBALDO\AppData\Local\Adobe Save for Web 12.0 Prefs
2013-07-25 22:13 - 2013-08-15 03:16 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-25 22:13 - 2013-08-15 03:16 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-25 22:13 - 2013-08-15 03:16 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-25 22:12 - 2013-08-15 03:16 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-25 22:12 - 2013-08-15 03:16 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-25 22:12 - 2013-08-15 03:16 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-25 22:12 - 2013-08-15 03:16 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-25 22:12 - 2013-08-15 03:16 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-25 22:12 - 2013-08-15 03:16 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-25 22:12 - 2013-08-15 03:16 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-25 22:12 - 2013-08-15 03:16 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-25 22:12 - 2013-08-15 03:16 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-25 22:12 - 2013-08-15 03:16 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-25 22:12 - 2013-08-15 03:16 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-25 20:35 - 2013-08-15 03:16 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-25 20:13 - 2013-08-15 03:16 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-25 20:13 - 2013-08-15 03:16 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-25 20:12 - 2013-08-15 03:16 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-25 20:12 - 2013-08-15 03:16 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-25 20:12 - 2013-08-15 03:16 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-25 20:12 - 2013-08-15 03:16 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-25 20:12 - 2013-08-15 03:16 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-25 20:12 - 2013-08-15 03:16 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-25 20:12 - 2013-08-15 03:16 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-25 20:12 - 2013-08-15 03:16 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-25 20:12 - 2013-08-15 03:16 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-25 20:11 - 2013-08-15 03:16 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-25 20:11 - 2013-08-15 03:16 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-25 19:49 - 2013-08-15 03:16 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-25 19:39 - 2013-08-15 03:16 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-25 18:59 - 2013-08-15 03:16 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-25 02:25 - 2013-08-14 05:30 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-25 01:57 - 2013-08-14 05:30 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL

Files to move or delete:
====================
C:\Users\UBALDO\AppData\Local\Temp\AskSLib.dll
C:\Users\UBALDO\AppData\Local\Temp\HitmanPro.exe
C:\Users\UBALDO\AppData\Local\Temp\setup.exe
C:\Users\UBALDO\AppData\Local\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\AskPartnerCobrandingTool.exe
C:\Users\UBALDO\AppData\Local\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\instApp.exe
C:\Users\UBALDO\AppData\Local\Temp\{86D4B82A-ABED-442A-BE86-96357B70F4FE}\RunIE.exe
C:\Users\UBALDO\AppData\Local\Temp\uninstaller-WTA-e7c7703b-dc00-48eb-a93e-9108f8cb2cee\Uninstaller.exe
C:\Users\UBALDO\AppData\Local\Temp\uninstaller-WTA-e1f3b8c6-24ef-4a5e-bd0f-6ba3eb89814d\Uninstaller.exe
C:\Users\UBALDO\AppData\Local\Temp\uninstaller-WTA-db654e01-e75a-45ff-b011-9bfb59afca33\Uninstaller.exe
C:\Users\UBALDO\AppData\Local\Temp\uninstaller-WTA-d4044c3a-7545-40fd-9e01-e6b891568d0b\Uninstaller.exe
C:\Users\UBALDO\AppData\Local\Temp\uninstaller-WTA-d1aa2316-497a-4741-b846-200742d5115a\Uninstaller.exe
C:\Users\UBALDO\AppData\Local\Temp\uninstaller-WTA-caaa03fb-314b-49c1-ad93-15170f377758\Uninstaller.exe
C:\Users\UBALDO\AppData\Local\Temp\uninstaller-WTA-be294de7-602c-4070-8eef-c80efd07aacd\Uninstaller.exe
C:\Users\UBALDO\AppData\Local\Temp\uninstaller-WTA-b1964929-91d3-4879-b7cc-8b0b737cfecc\Uninstaller.exe
C:\Users\UBALDO\AppData\Local\Temp\uninstaller-WTA-a65cc034-0a4c-4ab2-86c7-cde468a682b5\Uninstaller.exe
C:\Users\UBALDO\AppData\Local\Temp\uninstaller-WTA-a39593fc-5f96-4579-b4ef-77808b5a5a74\Uninstaller.exe
C:\Users\UBALDO\AppData\Local\Temp\uninstaller-WTA-8709ecc2-ca28-49f7-bb3c-58424db1789c\Uninstaller.exe
C:\Users\UBALDO\AppData\Local\Temp\uninstaller-WTA-5d738aef-ce5f-42f3-a36a-0ab4816b6d44\Uninstaller.exe
C:\Users\UBALDO\AppData\Local\Temp\uninstaller-WTA-4cd6c6ec-74b0-4e7e-8736-fdc95e416b77\Uninstaller.exe
C:\Users\UBALDO\AppData\Local\Temp\uninstaller-WTA-1fec74b6-458a-45ac-8117-0cf4e853d422\Uninstaller.exe
C:\Users\UBALDO\AppData\Local\Temp\uninstaller-WTA-12393211-d188-41da-8e84-15cb045dbe00\Uninstaller.exe
C:\Users\UBALDO\AppData\Local\Temp\uninstaller-WTA-114d48be-ebbc-4c55-8e18-7dcc983661fa\Uninstaller.exe
C:\Users\UBALDO\AppData\Local\Temp\uninstaller-WTA-01f7c69a-93fd-4aab-9773-4a422e6d1a1a\Uninstaller.exe
C:\Users\UBALDO\AppData\Local\Temp\clear.fiClient\cabarc.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-22 07:36

==================== End Of Log ============================
  • 0

#8
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,591 posts
You ran the Farbar Recovery Scan Tool (FRST64.exe). It is the Farbar Service Scanner (FSS.exe) the one I need you to run and post the report.
  • 0

#9
ubaldo714

ubaldo714

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Good Evening,

My apologies for the confusion.


Farbar Service Scanner Version: 18-08-2013
Ran by UBALDO (administrator) on 25-08-2013 at 19:36:36
Running from "C:\Users\UBALDO\Desktop"
Microsoft Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
  • 0

#10
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,591 posts
That log looks clear.

Lets scan.

Posted Image Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Download : ADWCleaner to your desktop.

NOTE: If using Internet Explorer and get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs and click on the AdwCleaner icon.

Posted Image

Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder. as AdwCleaner[S0].txt

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.
  • 0

#11
ubaldo714

ubaldo714

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Good Morning,

Thank you for all of your time and help!


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.4 (08.22.2013:1)
OS: Windows 7 Home Premium x64
Ran by UBALDO on Sun 08/25/2013 at 22:10:15.82
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\apnupdater



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\genericasktoolbar.dll
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\genericasktoolbar.toolbarwnd
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\genericasktoolbar.toolbarwnd.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\features\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\products\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskSLib_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\AskSLib_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskSLib_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\AskSLib_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}



~~~ Files

Successfully deleted: [File] C:\Windows\syswow64\sho1660.tmp
Successfully deleted: [File] C:\Windows\syswow64\sho3B1C.tmp
Successfully deleted: [File] C:\Windows\syswow64\shoAF8F.tmp



~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\UBALDO\appdata\local\{078F3A17-66F9-47AF-8642-3ED28D58C704}
Successfully deleted: [Empty Folder] C:\Users\UBALDO\appdata\local\{580C1E80-CD55-4BC7-81B1-E2FF1850D9DF}
Successfully deleted: [Empty Folder] C:\Users\UBALDO\appdata\local\{5BDCBA0C-D307-4B09-9726-6FB136E8FF2A}
Successfully deleted: [Empty Folder] C:\Users\UBALDO\appdata\local\{9F2DB805-716D-4598-9C05-1967C0A248C7}
Successfully deleted: [Empty Folder] C:\Users\UBALDO\appdata\local\{B528BEEE-3160-4548-BD65-132EF068DCB5}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 08/25/2013 at 22:21:21.01
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



ADWCLEANER LOG

# AdwCleaner v3.001 - Report created 26/08/2013 at 08:29:56
# Updated 24/08/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : UBALDO - UBALDO-PC
# Running from : C:\Users\UBALDO\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\Ask.com
Folder Deleted : C:\Users\UBALDO\AppData\Local\AskToolbar
Folder Deleted : C:\Users\UBALDO\AppData\LocalLow\AskToolbar
File Deleted : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F994E0D9-8335-48F1-99C2-A712C21F8D5F}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\Ask.com.tmp
Key Deleted : HKCU\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660


*************************

AdwCleaner[R0].txt - [3257 octets] - [26/08/2013 08:25:40]
AdwCleaner[S0].txt - [3077 octets] - [26/08/2013 08:29:56]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3137 octets] ##########


MALWAREBYTES -

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.26.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
UBALDO :: UBALDO-PC [administrator]

8/26/2013 10:30:13 AM
mbam-log-2013-08-26 (10-30-13).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 226292
Time elapsed: 9 minute(s), 9 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\UBALDO\Downloads\Princess_downloader_by_Fonts101.exe (PUP.Optional.Somoto) -> Quarantined and deleted successfully.

(end)
  • 0

#12
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,591 posts
How is the computer doing?
  • 0

#13
ubaldo714

ubaldo714

    New Member

  • Topic Starter
  • Member
  • Pip
  • 7 posts
Good Afternoon,

The computer is running better! :)

Thank you very much!
  • 0

#14
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,591 posts
Congratulations.

Since the tools we used to scan the computer, as well as tools to delete files and folders, are no longer needed, they should be removed, as well as the folders created by these tools.

Run OTL. Click on the Cleanup button and follow the prompts.

Remove the C:\FRST folder if pesent

Run AdwCleaner and uninstall.

Manually remove any tool left.

Here are some suggestions.

  • Always keep your JAVA updated. Older versions will make your computer vulnerable.
  • Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Miekiemoes.

Best wishes! Posted Image
  • 0

#15
JSntgRvr

JSntgRvr

    Global Moderator

  • Global Moderator
  • 11,591 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP