Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ScorpioScreensaver, Adpeak, LevelQualityWatcher not fully removed.


  • This topic is locked This topic is locked
22 replies to this topic

#1 JCDvain

JCDvain

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:00 PM

Posted 29 November 2013 - 01:23 PM

Hi, before I start, I saw that someone else had the same exact problem as me just with a different OS, so here I am to hopefully get this stubborn Adware/Malware removed.

 

Let me start off with Scorpion Saver since it keeps acting very weird in my system. It re-installs itself apparently.. When I restart my system, I will check in my Programs to only see "Scorpion Saver Services" installed, again. I've deleted keys in regedit that contained "Scorpion Saver" or "Adpeak" and It still keeps coming back, and it's definitely doing something to my Chrome browser as well because Malwarebytes Anti-Malware keeps detecting "extensions" that are infected.

 

Sounds were coming out of my speakers, AVG didn't detect anything so I uninstalled it and installed Norton which detected and removed a few infected folders/files. I runned Malwarebytes Anti-Malware and it detected a bunch of stuff which I selected to be Removed and Malwarebytes would freeze... 

 

Level Quality Watcher is a folder that I cannot remove at all. It says I have no Admin Rights etc. This folder was not in my hard drive until after Scorpion Saver was detected in my system. It's also in the Processes and I can only see using Norton.. pretty weird.  

 

My computer is now running somewhat like it was before all this, now that I deleted the remaining keys in the regedit containing 'Adpeak' but still not 100% sure because my pc is still slow. Hopefully you guys can help me pin point these really annoying Adware and remove it for good!

 

Thanks in advance, here is my latest Malwarebytes Log. 

Attached Files


Edited by JCDvain, 29 November 2013 - 01:33 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:00 PM

Posted 29 November 2013 - 09:13 PM



Hello JCDvain

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.





I need to get some reports to get a base to start from so I need you to run these programs first.



-Download DDS-
  • Please download DDS from one of the links below and save it to your desktop:

    dds_scr.gif
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3
    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
      • DDS.txt
      • Attach.txt
    • A window will open instructing you save & post the logs
    • Save the logs to a convenient place such as your desktop
    • Copy the contents of both logs & post in your next reply
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 JCDvain

JCDvain
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:00 PM

Posted 30 November 2013 - 06:19 AM

Here is my DDS log

 

​DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 9.0.8112.16520  BrowserJavaVersion: 10.45.2
Run by Romeo J. Chacon at 4:08:46 on 2013-11-30
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.6141.2903 [GMT -7:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe
C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uSearch Bar = Preserve
mStart Page = hxxp://www.google.com
uProxyServer = hxxp=;ftp=;https=;
mWinlogon: Userinit = userinit.exe,
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\CoIEPlg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\IPS\IPSBHO.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\CoIEPlg.dll
uRun: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe                                                                                                                                                                                        
mRun: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot                                                                                                                                                                                                   
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-001021-0002-0021-ABCDEFFEDCBC} - <orphaned>
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab
TCP: NameServer = 10.0.15.1
TCP: Interfaces\{4ACB95D9-BB19-4ADD-B41D-22FEE2D3A345} : DHCPNameServer = 10.0.15.1
TCP: Interfaces\{8D477229-9972-47DE-89BB-1212F250F3EC} : DHCPNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{A7CDDBEE-220A-4787-887E-BB33BB6A4C0B} : DHCPNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{E0D6F654-A7A3-4822-8B88-BCEB0FFC46D1} : DHCPNameServer = 172.20.10.1
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
IFEO: pdvdlp.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO: powerdvd13.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO: realconverter.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO: realplay.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO: realtrimmer.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
x64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hide
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-mPolicies-Explorer: NoActiveDesktop = dword:1
x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-IFEO: chrome.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
x64-IFEO: icloud.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
x64-IFEO: icloudweb.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
x64-IFEO: itunes.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
x64-IFEO: pdvdlp.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
.
Note: multiple IFEO entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R0 SCMNdisP;General NDIS Protocol Driver;C:\Windows\System32\drivers\SCMNdisP.sys [2012-11-30 25312]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\1501000.012\SymDS64.sys [2013-11-28 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\1501000.012\SymEFA64.sys [2013-11-28 1147480]
R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20131114.001\BHDrvx64.sys [2013-11-1 1524824]
R1 ccSet_N360;N360 Settings Manager;C:\Windows\System32\drivers\N360x64\1501000.012\ccSetx64.sys [2013-11-28 162392]
R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20131128.001\IDSviA64.sys [2013-11-28 521816]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\1501000.012\Ironx64.sys [2013-11-28 264280]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\System32\drivers\N360x64\1501000.012\symtdiv.sys [2013-11-28 507992]
R2 {09F57980-3432-4AFC-957D-27AC45FAE1F5};Power Control [2013/11/27 00:49:00];C:\Program Files (x86)\CyberLink\PowerDVD13\Common\NavFilter\000.fcl [2013-7-6 130320]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
R2 Level Quality Watcher;Level Quality Watcher;C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe run options=01110010000000000000000000000000 sourceguid=4681 --> C:\Program Files\Level Quality Watcher\v1.01\levelqualitywatcher64.exe run options=01110010000000000000000000000000 sourceguid=4681 [?]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-11-26 418376]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe [2013-11-28 264360]
R2 PSI_SVC_2_x64;Protexis Licensing V2 x64;C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2010-11-30 336824]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-8-14 39056]
R2 TuneUp.UtilitiesSvc;AVG PC TuneUp Service;C:\Program Files (x86)\AVG\AVG PC Tuneup\TuneUpUtilitiesService64.exe [2013-10-8 2099000]
R3 BCMH43XX;Broadcom 802.11 USB Network Adapter Driver;C:\Windows\System32\drivers\bcmwlhigh664.sys [2012-11-30 1229568]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-11-28 137648]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-11-26 25928]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\AVG\AVG PC Tuneup\TuneUpUtilitiesDriver64.sys [2013-9-18 14112]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2013-9-11 1012344]
R3 WsAudioDevice_383S(1);WsAudioDevice_383S(1);C:\Windows\System32\drivers\WsAudioDevice_383S(1).sys [2013-1-12 29288]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-11-26 701512]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-4-11 89920]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-11-25 79360]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;C:\Windows\System32\drivers\hitmanpro37.sys [2013-11-28 32512]
S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2013-7-25 23040]
S3 NPF;Netgroup Packet Filter;C:\Windows\System32\drivers\npf.sys [2012-11-30 47632]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S4 CyberLink PowerDVD 13 Media Server Monitor Service;CyberLink PowerDVD 13 Media Server Monitor Service;C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe [2013-11-27 77576]
S4 CyberLink PowerDVD 13 Media Server Service;CyberLink PowerDVD 13 Media Server Service;C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe [2013-11-27 327432]
S4 WSWNDA3100v2;WSWNDA3100v2;C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe [2012-11-30 303360]
.
=============== File Associations ===============
.
FileExt: .js: JSFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M  ====================
.
2013-11-28 15:10:02 67632 ----a-w- C:\Windows\System32\msln.exe
2013-11-28 11:34:16 177752 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2013-11-28 11:05:24 32512 ----a-w- C:\Windows\System32\drivers\hitmanpro37.sys
2013-11-27 14:48:42 201872 ----a-w- C:\Windows\SysWow64\rmoc3260.dll
2013-11-27 14:48:34 6656 ----a-w- C:\Windows\SysWow64\pndx5016.dll
2013-11-27 14:48:34 5632 ----a-w- C:\Windows\SysWow64\pndx5032.dll
2013-11-27 14:48:33 272896 ----a-w- C:\Windows\SysWow64\pncrt.dll
2013-11-27 14:48:31 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2013-11-27 14:48:31 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2013-11-26 19:27:05 0 ----a-w- C:\autoexec.bat
2013-11-23 17:42:12 6674208 ----a-w- C:\Windows\System32\nvcpl.dll
2013-11-23 17:42:12 3490080 ----a-w- C:\Windows\System32\nvsvc64.dll
2013-11-23 17:42:10 922912 ----a-w- C:\Windows\System32\nvvsvc.exe
2013-11-23 17:42:10 63776 ----a-w- C:\Windows\System32\nvshext.dll
2013-11-23 17:42:10 219424 ----a-w- C:\Windows\System32\nvmctray.dll
2013-11-19 13:47:25 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-19 13:47:25 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-11-14 11:55:24 1884448 ----a-w- C:\Windows\System32\nvdispco6433182.dll
2013-11-14 11:55:24 1511712 ----a-w- C:\Windows\System32\nvdispgenco6433182.dll
2013-11-13 07:46:03 82896128 ----a-w- C:\Windows\System32\mrt.exe
2013-10-23 10:30:23 1884448 ----a-w- C:\Windows\System32\nvdispco6433165.dll
2013-10-23 10:30:23 1511712 ----a-w- C:\Windows\System32\nvdispgenco6433165.dll
2013-10-16 17:18:44 338944 ----a-w- C:\Windows\SysWow64\AdpeakProxy.dll
2013-10-16 00:48:05 1884448 ----a-w- C:\Windows\System32\nvdispco6433158.dll
2013-10-16 00:48:05 1511712 ----a-w- C:\Windows\System32\nvdispgenco6433158.dll
2013-10-13 15:58:41 17847296 ----a-w- C:\Windows\System32\mshtml.dll
2013-10-13 15:09:57 10926080 ----a-w- C:\Windows\System32\ieframe.dll
2013-10-13 14:55:42 2334720 ----a-w- C:\Windows\System32\jscript9.dll
2013-10-13 14:48:43 1346560 ----a-w- C:\Windows\System32\urlmon.dll
2013-10-13 14:47:43 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-10-13 14:46:53 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-10-13 14:46:27 237056 ----a-w- C:\Windows\System32\url.dll
2013-10-13 14:44:28 85504 ----a-w- C:\Windows\System32\jsproxy.dll
2013-10-13 14:42:38 816640 ----a-w- C:\Windows\System32\jscript.dll
2013-10-13 14:42:36 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-10-13 14:42:11 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-10-13 14:39:50 2147840 ----a-w- C:\Windows\System32\iertutil.dll
2013-10-13 14:38:57 729088 ----a-w- C:\Windows\System32\msfeeds.dll
2013-10-13 14:36:11 96768 ----a-w- C:\Windows\System32\mshtmled.dll
2013-10-13 14:35:12 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-10-13 14:29:31 248320 ----a-w- C:\Windows\System32\ieui.dll
2013-10-13 10:42:12 12344832 ----a-w- C:\Windows\SysWow64\mshtml.dll
2013-10-13 10:08:04 9739264 ----a-w- C:\Windows\SysWow64\ieframe.dll
2013-10-13 09:48:06 1806848 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-10-13 09:37:03 1104896 ----a-w- C:\Windows\SysWow64\urlmon.dll
2013-10-13 09:35:52 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-10-13 09:35:38 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-10-13 09:33:57 231936 ----a-w- C:\Windows\SysWow64\url.dll
2013-10-13 09:32:00 65024 ----a-w- C:\Windows\SysWow64\jsproxy.dll
2013-10-13 09:30:20 717824 ----a-w- C:\Windows\SysWow64\jscript.dll
2013-10-13 09:30:14 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-10-13 09:29:02 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-10-13 09:27:43 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll
2013-10-13 09:27:40 1796096 ----a-w- C:\Windows\SysWow64\iertutil.dll
2013-10-13 09:26:08 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll
2013-10-13 09:25:39 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-10-13 09:20:51 176640 ----a-w- C:\Windows\SysWow64\ieui.dll
2013-10-11 04:23:42 462848 ----a-w- C:\Windows\System32\IKEEXT.DLL
2013-10-11 04:23:21 781824 ----a-w- C:\Windows\System32\FWPUCLNT.DLL
2013-10-11 02:07:57 596480 ----a-w- C:\Windows\SysWow64\FWPUCLNT.DLL
2013-10-08 20:46:30 40248 ----a-w- C:\Windows\System32\TURegOpt.exe
2013-10-08 20:46:22 42808 ----a-w- C:\Windows\System32\uxtuneup.dll
2013-10-08 20:46:22 35640 ----a-w- C:\Windows\SysWow64\uxtuneup.dll
2013-10-08 20:46:22 29496 ----a-w- C:\Windows\System32\authuitu.dll
2013-10-08 20:46:22 25400 ----a-w- C:\Windows\SysWow64\authuitu.dll
2013-10-08 14:50:37 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-08 14:46:52 264616 ----a-w- C:\Windows\SysWow64\javaws.exe
2013-10-08 14:46:47 175016 ----a-w- C:\Windows\SysWow64\javaw.exe
2013-10-08 14:46:23 174504 ----a-w- C:\Windows\SysWow64\java.exe
2013-10-03 15:03:41 389632 ----a-w- C:\Windows\System32\gdi32.dll
2013-10-03 15:02:58 1278976 ----a-w- C:\Windows\System32\crypt32.dll
2013-10-03 12:46:36 304128 ----a-w- C:\Windows\SysWow64\gdi32.dll
2013-10-03 12:45:45 993792 ----a-w- C:\Windows\SysWow64\crypt32.dll
2013-09-27 08:57:55 1884448 ----a-w- C:\Windows\System32\nvdispco6433140.dll
2013-09-27 08:57:55 1511712 ----a-w- C:\Windows\System32\nvdispgenco6433140.dll
2013-09-27 03:18:30 1147480 ----a-r- C:\Windows\System32\drivers\N360x64\1501000.012\SymEFA64.sys
2013-09-27 02:45:56 264280 ----a-r- C:\Windows\System32\drivers\N360x64\1501000.012\Ironx64.sys
2013-09-27 02:26:03 858200 ----a-r- C:\Windows\System32\drivers\N360x64\1501000.012\srtsp64.sys
2013-09-26 03:28:00 590936 ----a-r- C:\Windows\System32\drivers\N360x64\1501000.012\symnets.sys
2013-09-26 03:28:00 507992 ----a-r- C:\Windows\System32\drivers\N360x64\1501000.012\symtdiv.sys
2013-09-26 02:50:25 162392 ----a-r- C:\Windows\System32\drivers\N360x64\1501000.012\ccSetx64.sys
2013-09-12 08:58:10 1884448 ----a-w- C:\Windows\System32\nvdispco6432723.dll
2013-09-12 08:58:10 1511712 ----a-w- C:\Windows\System32\nvdispgenco6432723.dll
2013-09-12 04:21:54 863344 ----a-w- C:\Windows\SysWow64\msvcr110_clr0400.dll
2013-09-12 04:21:54 501872 ----a-w- C:\Windows\SysWow64\msvcp110_clr0400.dll
2013-09-12 04:21:54 28776 ----a-w- C:\Windows\SysWow64\aspnet_counters.dll
2013-09-12 04:21:54 18000 ----a-w- C:\Windows\SysWow64\msvcr100_clr0400.dll
2013-09-12 02:39:06 855664 ----a-w- C:\Windows\System32\msvcr110_clr0400.dll
2013-09-12 02:39:06 614000 ----a-w- C:\Windows\System32\msvcp110_clr0400.dll
2013-09-12 02:39:06 30312 ----a-w- C:\Windows\System32\aspnet_counters.dll
2013-09-12 02:39:06 18000 ----a-w- C:\Windows\System32\msvcr100_clr0400.dll
2013-09-10 02:47:38 23568 ----a-r- C:\Windows\System32\drivers\N360x64\1501000.012\SymELAM.sys
2013-09-10 02:47:26 493656 ----a-r- C:\Windows\System32\drivers\N360x64\1501000.012\SymDS64.sys
2013-09-10 01:49:49 36952 ----a-r- C:\Windows\System32\drivers\N360x64\1501000.012\srtspx64.sys
2013-09-04 02:31:51 404992 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-09-04 01:47:56 32 ----a-w- C:\Windows\SysWow64\msvcsv60.dll
.
============= FINISH:  4:08:59.69 ===============
 
 
Here is my Attach log
 
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Premium 
Boot Device: \Device\HarddiskVolume3
Install Date: 11/25/2012 1:53:17 AM
System Uptime: 11/29/2013 10:44:54 AM (18 hours ago)
.
Motherboard: Dell Inc |  | 0PP150
Processor: Intel® Core™2 Quad CPU    Q9550  @ 2.83GHz | Socket 775 | 3009/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 699 GiB total, 339.361 GiB free.
D: is FIXED (NTFS) - 0 GiB total, 0.06 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is FIXED (NTFS) - 0 GiB total, 0.068 GiB free.
H: is FIXED (NTFS) - 279 GiB total, 211.551 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP556: 11/29/2013 10:07:29 AM - Removed ScorpionSaver Services
RP557: 11/30/2013 - Scheduled Checkpoint
.
==== Image File Execution Options =============
.
IFEO: pdvdlp.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO: powerdvd13.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO: realconverter.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO: realplay.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO: realtrimmer.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO: rnxproc.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
IFEO: setup.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
x64-IFEO: chrome.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
x64-IFEO: icloud.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
x64-IFEO: icloudweb.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
x64-IFEO: itunes.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
x64-IFEO: pdvdlp.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
x64-IFEO: photostream.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
x64-IFEO: powerdvd13.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
x64-IFEO: presentationhost.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
x64-IFEO: realconverter.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
x64-IFEO: realplay.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
x64-IFEO: realtrimmer.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
x64-IFEO: rnxproc.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
x64-IFEO: setup.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
x64-IFEO: uninstall.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
x64-IFEO: wnda3100v2.exe - "C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
.
==== Installed Programs ======================
.
Adobe After Effects CS6
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop CS6
Adobe Shockwave Player 12.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASIO4ALL
AVG PC TuneUp 2014 (en-US)
AVG PC TuneUp Language Pack (en-US)
BGtechs Dynamics Pack VST v1.0
Bonjour
Boris Graffiti for Corel
Call of Duty Ghosts
Camtasia Studio 8
CCleaner
Contents
Corel PaintShop Pro X6
Corel VideoStudio Ultimate X5
Creative Audio Control Panel
Creative Software AutoUpdate
Creative Sound Blaster Properties x64 Edition
CyberLink PowerDVD 13
Edirol HQ Orchestral v1.01
Effects Suite 64-bit
FL Studio 11
Fliqlo Screen Saver
FlowStone FL 3.0
FrostWire 5.6.8
Google Chrome
Google Earth Plug-in
Google Update Helper
Grand Theft Auto IV
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
ICA
iCloud
IL Download Manager
IL Shared Libraries
IPM_PSP_COM
IPM_PSP_COM64
IPM_VS_Pro
ISCOM
iTunes
Java 7 Update 45
Java Auto Updater
Luxonix Purity VSTi v1.1.2
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4.5.1
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106
Microsoft_VC80_ATL_x86_x64
Microsoft_VC80_CRT_x86
Microsoft_VC80_CRT_x86_x64
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFC_x86_x64
Microsoft_VC80_MFCLOC_x86
Microsoft_VC80_MFCLOC_x86_x64
Microsoft_VC90_ATL_x86
Microsoft_VC90_ATL_x86_x64
Microsoft_VC90_CRT_x86
Microsoft_VC90_CRT_x86_x64
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFC_x86_x64
Microsoft_VC90_MFCLOC_x86
Microsoft_VC90_MFCLOC_x86_x64
Native Instruments Guitar Rig 4
Native Instruments Massive
Native Instruments Service Center
NETGEAR WNDA3100v2 wireless USB 2.0 adapter
Norton 360
NVIDIA 3D Vision Controller Driver 331.93
NVIDIA Control Panel 331.93
NVIDIA GeForce Experience 1.7.1
NVIDIA Graphics Driver 331.93
NVIDIA HD Audio Driver 1.3.26.4
NVIDIA Install Application
NVIDIA LED Visualizer 1.0
NVIDIA PhysX
NVIDIA PhysX System Software 9.13.0725
NVIDIA Update 9.3.21
NVIDIA Update Components
PDF Settings CS6
PhoneClean 2.2.2
PhoneClean 3.1.0
Platinum Hide IP
PowerISO
proDAD Mercalli 2.0
proDAD Route 4.0
proDAD Vitascene 2.0
PSPPContent
PSPPHelp
PSPPro64
QuickTime
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
RealUpgrade 1.1
REFLEX PRO V2
reFX Vanguard 1.7.2
rgc:audio z3ta+ 1.5
Rob Papen Albino 3
RocketDock 1.3.5
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Windows Media Encoder (KB2447961)
Setup
Share
Share64
SmartSound Common Data
SmartSound Quicktracks 5
Steinberg Hypersonic VSTi DXi v2.0
swMSM
Trapcode 3D Stroke
Trapcode Shine
Trapcode Suite 64-bit
TruePianos 1.5.0
TruePianos: Amber Module 1.4.0
TruePianos: Diamond Module 1.4.0
TruePianos: Emerald Module 1.4.0
TruePianos: Sapphire Module 1.4.0
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VSClassic
VSHelp
VSUltimate
Windows Media Encoder 9 Series
WinZip 16.5
Wondershare Streaming Audio Recorder(Build 2.0.3.3)
World of Warplanes
Xvid Video Codec
.
==== Event Viewer Messages From Past Week ========
.
11/29/2013 10:22:11 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the N360 service.
11/29/2013 10:07:58 AM, Error: Service Control Manager [7034]  - The AdpeakProxy service terminated unexpectedly.  It has done this 1 time(s).
11/28/2013 8:19:57 AM, Error: Service Control Manager [7022]  - The Windows Update service hung on starting.
11/28/2013 4:14:51 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Protexis Licensing V2 service to connect.
11/28/2013 4:14:51 AM, Error: Service Control Manager [7000]  - The Protexis Licensing V2 service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
11/28/2013 4:13:28 AM, Error: EventLog [6008]  - The previous system shutdown at 4:08:44 AM on 11/28/2013 was unexpected.
11/28/2013 4:08:20 AM, Error: nvstor64 [5]  - A parity error was detected on \Device\RaidPort1.
11/28/2013 3:50:56 AM, Error: EventLog [6008]  - The previous system shutdown at 3:44:58 AM on 11/28/2013 was unexpected.
11/28/2013 3:31:04 AM, Error: EventLog [6008]  - The previous system shutdown at 3:22:16 AM on 11/28/2013 was unexpected.
11/28/2013 12:09:32 PM, Error: Service Control Manager [7034]  - The CyberLink PowerDVD 13 Media Server Service service terminated unexpectedly.  It has done this 1 time(s).
.
==== End Of File ===========================
 


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:00 PM

Posted 30 November 2013 - 07:04 AM



Hello JCDvain

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 JCDvain

JCDvain
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:00 PM

Posted 30 November 2013 - 07:28 AM

AdwCleaner log
 
# AdwCleaner v3.013 - Report created 30/11/2013 at 05:21:38
# Updated 24/11/2013 by Xplode
# Operating System : Windows ™ Vista Home Premium Service Pack 2 (64 bits)
# Username : Romeo J. Chacon - STUDIO
# Running from : C:\Users\Romeo J. Chacon\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16520
 
 
-\\ Google Chrome v31.0.1650.57
 
[ File : C:\Users\Romeo J. Chacon\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R2].txt - [796 octets] - [30/11/2013 05:20:48]
AdwCleaner[S2].txt - [718 octets] - [30/11/2013 05:21:38]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [777 octets] ##########
 
 
Running Junkware Removal Tool now... 


#6 JCDvain

JCDvain
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:00 PM

Posted 30 November 2013 - 07:38 AM

Junkware Removal Tool log 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows ™ Vista Home Premium x64
Ran by Romeo J. Chacon on Sat 11/30/2013 at  5:30:54.09
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 11/30/2013 at  5:37:07.59
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#7 JCDvain

JCDvain
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:00 PM

Posted 30 November 2013 - 07:40 AM

Level Quality Watcher is still undeletable in my "Program Files



#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:00 PM

Posted 30 November 2013 - 10:30 AM


Hello JCDvain

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 JCDvain

JCDvain
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:00 PM

Posted 30 November 2013 - 11:24 AM

Gringo, I was finally able to delete that fricking "Level Quality Watcher" folder with no problem this time! :D

 

My system seems to be doing a lot better, Combofix deleted a lot of things.

 

Here is the log

 

ComboFix 13-11-27.01 - Romeo J. Chacon 11/30/2013   9:03.1.4 - x64
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.6141.4295 [GMT -7:00]
Running from: c:\users\Romeo J. Chacon\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Romeo J. Chacon\AppData\Roaming\Microsoft\~DFK73f8f3a.tmp
c:\users\Romeo J. Chacon\AppData\Roaming\Microsoft\1eaadjc.dll
c:\users\Romeo J. Chacon\AppData\Roaming\Microsoft\bass.dll
c:\users\Romeo J. Chacon\AppData\Roaming\Microsoft\engine_vx.dll
c:\users\Romeo J. Chacon\AppData\Roaming\Microsoft\kfgresk.dll
c:\users\Romeo J. Chacon\AppData\Roaming\Microsoft\mjcriu.dll
c:\users\Romeo J. Chacon\AppData\Roaming\Microsoft\peaadje.dll
c:\users\Romeo J. Chacon\AppData\Roaming\Microsoft\qwadjb.dll
c:\users\Romeo J. Chacon\AppData\Roaming\Microsoft\rsaadjd.dll
c:\windows\SysWow64\msvcsv60.dll
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Level Quality Watcher
-------\Service_NPF
.
.
(((((((((((((((((((((((((   Files Created from 2013-10-28 to 2013-11-30  )))))))))))))))))))))))))))))))
.
.
2013-11-30 16:12 . 2013-11-30 16:16 -------- d-----w- c:\users\Romeo J. Chacon\AppData\Local\temp
2013-11-30 16:12 . 2013-11-30 16:12 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-11-30 15:01 . 2013-11-30 15:01 -------- d-----w- c:\users\Romeo J. Chacon\AppData\Roaming\RealNetworks
2013-11-30 15:01 . 2013-11-30 15:01 -------- d-----w- c:\program files (x86)\RealNetworks
2013-11-30 15:00 . 2013-11-30 15:00 -------- d-----w- c:\programdata\RealNetworks
2013-11-30 15:00 . 2013-11-30 15:00 -------- d-----w- c:\program files (x86)\Common Files\xing shared
2013-11-30 15:00 . 2013-11-30 15:00 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2013-11-30 15:00 . 2013-11-30 15:00 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2013-11-30 12:20 . 2013-11-30 12:21 -------- d-----w- C:\AdwCleaner
2013-11-29 15:07 . 2013-10-16 17:18 338944 ----a-w- c:\windows\SysWow64\AdpeakProxy.dll
2013-11-28 13:53 . 2013-11-28 15:10 67632 ----a-w- c:\windows\system32\msln.exe
2013-11-28 12:03 . 2013-11-28 12:03 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2013-11-28 11:34 . 2013-11-28 11:34 177752 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2013-11-28 11:34 . 2013-11-28 11:34 -------- d-----w- c:\program files\Common Files\Symantec Shared
2013-11-28 11:33 . 2013-11-28 11:33 -------- d-----w- c:\windows\system32\drivers\N360x64
2013-11-28 11:33 . 2013-11-28 11:33 -------- d-----w- c:\program files (x86)\Norton 360
2013-11-28 11:32 . 2013-11-28 11:32 -------- d-----w- c:\program files (x86)\NortonInstaller
2013-11-28 11:05 . 2013-11-28 11:05 32512 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys
2013-11-28 09:58 . 2013-11-28 09:58 -------- d-----w- c:\windows\ERUNT
2013-11-28 09:06 . 2013-11-28 11:34 -------- d-----w- c:\programdata\Norton
2013-11-28 09:06 . 2013-11-28 09:14 -------- d-----w- c:\users\Romeo J. Chacon\AppData\Local\NPE
2013-11-27 16:42 . 2013-11-28 09:47 -------- d-----w- c:\users\Romeo J. Chacon\AppData\Local\GCC
2013-11-27 16:42 . 2013-11-27 22:02 -------- d-----w- c:\users\Romeo J. Chacon\AppData\Roaming\DictAddon
2013-11-27 15:30 . 2013-11-27 15:30 -------- d-----w- c:\windows\Migration
2013-11-27 07:48 . 2013-11-27 07:51 -------- d-----w- c:\users\Public\CyberLink
2013-11-27 07:47 . 2013-11-27 07:47 -------- d-----w- c:\program files (x86)\CyberLink
2013-11-26 19:42 . 2013-11-26 19:42 -------- d-----w- c:\users\Romeo J. Chacon\AppData\Roaming\Malwarebytes
2013-11-26 19:42 . 2013-11-26 19:42 -------- d-----w- c:\programdata\Malwarebytes
2013-11-26 19:42 . 2013-11-30 00:48 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-11-26 19:42 . 2013-04-04 21:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-11-26 17:31 . 2013-11-26 17:31 -------- d-----w- c:\program files\Level Quality Watcher
2013-11-23 07:33 . 2013-11-14 11:55 1884448 ----a-w- c:\windows\system32\nvdispco6433182.dll
2013-11-23 07:33 . 2013-11-14 11:55 1511712 ----a-w- c:\windows\system32\nvdispgenco6433182.dll
2013-11-23 07:31 . 2013-11-23 07:31 -------- d-----w- c:\users\Romeo J. Chacon\AppData\Local\NVIDIA Corporation
2013-11-13 07:47 . 2013-10-13 14:52 887808 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2013-11-13 07:47 . 2013-10-13 14:51 499200 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll
2013-11-13 07:47 . 2013-10-13 09:39 678912 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll
2013-11-13 07:47 . 2013-10-13 09:38 387584 ----a-w- c:\program files (x86)\Internet Explorer\jsdbgui.dll
2013-11-13 07:47 . 2013-10-13 09:38 104448 ----a-w- c:\program files (x86)\Internet Explorer\jsdebuggeride.dll
2013-11-13 07:47 . 2013-10-13 15:58 17847296 ----a-w- c:\windows\system32\mshtml.dll
2013-11-13 07:47 . 2013-10-13 15:09 10926080 ----a-w- c:\windows\system32\ieframe.dll
2013-11-13 06:00 . 2013-11-13 06:00 -------- d-----w- c:\program files\iPod
2013-11-13 06:00 . 2013-11-13 06:00 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-13 06:00 . 2013-11-13 06:00 -------- d-----w- c:\program files (x86)\iTunes
2013-11-13 05:38 . 2013-10-11 04:23 462848 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-11-13 05:38 . 2013-10-11 04:23 781824 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-11-13 05:38 . 2013-10-11 02:07 596480 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL
2013-11-13 05:38 . 2013-10-03 15:02 1278976 ----a-w- c:\windows\system32\crypt32.dll
2013-11-13 05:38 . 2013-10-03 12:45 993792 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-11-13 05:38 . 2013-10-03 15:03 389632 ----a-w- c:\windows\system32\gdi32.dll
2013-11-13 05:38 . 2013-10-03 12:46 304128 ----a-w- c:\windows\SysWow64\gdi32.dll
2013-11-13 05:38 . 2013-09-04 02:31 404992 ----a-w- c:\windows\system32\drivers\afd.sys
2013-11-05 21:58 . 2013-11-05 21:58 -------- d-----w- c:\programdata\Steam
2013-11-02 22:48 . 2013-10-23 10:30 1884448 ----a-w- c:\windows\system32\nvdispco6433165.dll
2013-11-02 22:48 . 2013-10-23 10:30 1511712 ----a-w- c:\windows\system32\nvdispgenco6433165.dll
2013-11-02 22:48 . 2013-01-29 08:35 1510176 ----a-w- c:\windows\system32\nvhdagenco64.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-23 19:26 . 2013-05-25 03:49 15218504 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2013-11-23 19:26 . 2012-11-25 16:04 61216 ----a-w- c:\windows\system32\OpenCL.dll
2013-11-23 19:26 . 2012-11-25 16:04 53024 ----a-w- c:\windows\SysWow64\OpenCL.dll
2013-11-23 19:26 . 2012-10-11 04:23 18208624 ----a-w- c:\windows\system32\nvd3dumx.dll
2013-11-23 19:26 . 2012-10-11 04:23 3069608 ----a-w- c:\windows\system32\nvapi64.dll
2013-11-23 17:42 . 2012-11-25 16:04 6674208 ----a-w- c:\windows\system32\nvcpl.dll
2013-11-23 17:42 . 2012-11-25 16:04 3490080 ----a-w- c:\windows\system32\nvsvc64.dll
2013-11-23 17:42 . 2012-11-25 16:04 922912 ----a-w- c:\windows\system32\nvvsvc.exe
2013-11-23 17:42 . 2012-11-25 16:04 63776 ----a-w- c:\windows\system32\nvshext.dll
2013-11-23 17:42 . 2012-11-25 16:04 219424 ----a-w- c:\windows\system32\nvmctray.dll
2013-11-19 13:47 . 2012-11-25 16:42 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-19 13:47 . 2012-11-25 16:42 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-11-13 07:46 . 2006-11-02 12:35 82896128 ----a-w- c:\windows\system32\mrt.exe
2013-10-16 00:48 . 2013-10-22 18:30 1884448 ----a-w- c:\windows\system32\nvdispco6433158.dll
2013-10-16 00:48 . 2013-10-22 18:30 1511712 ----a-w- c:\windows\system32\nvdispgenco6433158.dll
2013-10-08 20:46 . 2013-09-19 04:46 40248 ----a-w- c:\windows\system32\TURegOpt.exe
2013-10-08 20:46 . 2013-10-26 01:01 42808 ----a-w- c:\windows\system32\uxtuneup.dll
2013-10-08 20:46 . 2013-10-26 01:01 35640 ----a-w- c:\windows\SysWow64\uxtuneup.dll
2013-10-08 20:46 . 2013-09-19 04:46 29496 ----a-w- c:\windows\system32\authuitu.dll
2013-10-08 20:46 . 2013-09-19 04:46 25400 ----a-w- c:\windows\SysWow64\authuitu.dll
2013-10-08 14:50 . 2013-10-18 18:41 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-09-27 08:57 . 2013-10-03 10:24 1884448 ----a-w- c:\windows\system32\nvdispco6433140.dll
2013-09-27 08:57 . 2013-10-03 10:24 1511712 ----a-w- c:\windows\system32\nvdispgenco6433140.dll
2013-09-12 08:58 . 2013-09-20 06:57 1884448 ----a-w- c:\windows\system32\nvdispco6432723.dll
2013-09-12 08:58 . 2013-09-20 06:57 1511712 ----a-w- c:\windows\system32\nvdispgenco6432723.dll
2013-09-12 04:21 . 2013-09-12 04:21 863344 ----a-w- c:\windows\SysWow64\msvcr110_clr0400.dll
2013-09-12 04:21 . 2013-09-12 04:21 501872 ----a-w- c:\windows\SysWow64\msvcp110_clr0400.dll
2013-09-12 04:21 . 2013-09-12 04:21 28776 ----a-w- c:\windows\SysWow64\aspnet_counters.dll
2013-09-12 04:21 . 2013-09-12 04:21 18000 ----a-w- c:\windows\SysWow64\msvcr100_clr0400.dll
2013-09-12 02:39 . 2013-09-12 02:39 855664 ----a-w- c:\windows\system32\msvcr110_clr0400.dll
2013-09-12 02:39 . 2013-09-12 02:39 614000 ----a-w- c:\windows\system32\msvcp110_clr0400.dll
2013-09-12 02:39 . 2013-09-12 02:39 30312 ----a-w- c:\windows\system32\aspnet_counters.dll
2013-09-12 02:39 . 2013-09-12 02:39 18000 ----a-w- c:\windows\system32\msvcr100_clr0400.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-04-05 59720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"P17RunE"="P17RunE.dll" [2008-03-28 14848]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2013-11-30 295512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\pdvdlp.exe]
"Debugger"="c:\program files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\powerdvd13.exe]
"Debugger"="c:\program files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\realconverter.exe]
"Debugger"="c:\program files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\realplay.exe]
"Debugger"="c:\program files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\realplayer.exe]
"Debugger"="c:\program files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\realtrimmer.exe]
"Debugger"="c:\program files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\rnxproc.exe]
"Debugger"="c:\program files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\setup.exe]
"Debugger"="c:\program files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Themes
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-11-23 06:33 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-25 13:47]
.
2013-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-25 16:43]
.
2013-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-25 16:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2013-09-25 472984]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyServer = http=;ftp=;https=;
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 10.0.15.1
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\21.1.0.18\N360.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\21.1.0.18\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\system32\drivers\N360x64\1501000.012\SYMTDIV.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton 360\Engine\21.1.0.18;c:\program files (x86)\Norton 360\Engine64\21.1.0.18"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{09F57980-3432-4AFC-957D-27AC45FAE1F5}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD13\Common\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-60110655-3644300223-3656621447-1000\Software\SecuROM\License information*]
"datasecu"=hex:ac,fe,60,08,a5,2c,96,38,2d,c2,23,f0,2d,2d,92,21,25,ca,b7,27,88,
   ba,74,5a,c7,20,7a,23,cd,3d,09,5a,28,77,90,f7,b1,66,82,88,af,55,44,29,48,85,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files (x86)\Norton 360\Engine\21.1.0.18\N360.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
c:\program files (x86)\Norton 360\Engine\21.1.0.18\N360.exe
c:\windows\SysWOW64\DllHost.exe
c:\windows\SysWOW64\rundll32.exe
.
**************************************************************************
.
Completion time: 2013-11-30  09:19:52 - machine was rebooted
ComboFix-quarantined-files.txt  2013-11-30 16:19
.
Pre-Run: 364,820,643,840 bytes free
Post-Run: 364,149,428,224 bytes free
.
- - End Of File - - C00D3FA1CBF5CE2DA7FC2E003F4A3971
A36C5E4F47E84449FF07ED3517B43A31

 



#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:00 PM

Posted 30 November 2013 - 11:39 AM


Hello JCDvain

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\program files\Level Quality Watcher

File::
c:\windows\SysWow64\AdpeakProxy.dll

 
Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
CFScriptB-4.gif
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
    • report from Combofix
    • let me know of any problems you may have had
    • How is the computer doing now after running the script?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 JCDvain

JCDvain
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:00 PM

Posted 30 November 2013 - 12:04 PM

Here is the log:
 
ComboFix 13-11-27.01 - Romeo J. Chacon 11/30/2013   9:51.2.4 - x64
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.6141.4499 [GMT -7:00]
Running from: c:\users\Romeo J. Chacon\Desktop\ComboFix.exe
Command switches used :: c:\users\Romeo J. Chacon\Desktop\CFScript.txt
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\SysWow64\AdpeakProxy.dll"
.
.
(((((((((((((((((((((((((   Files Created from 2013-10-28 to 2013-11-30  )))))))))))))))))))))))))))))))
.
.
2013-11-30 16:59 . 2013-11-30 16:59 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-11-30 16:59 . 2013-11-30 16:59 -------- d-----w- c:\users\ROMEOJ~1~CHA\AppData\Local\temp
2013-11-30 16:59 . 2013-11-30 16:59 -------- d-----w- c:\users\Romeo J. Chacon\AppData\Local\temp
2013-11-30 16:59 . 2013-11-30 16:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-11-30 15:01 . 2013-11-30 15:01 -------- d-----w- c:\users\Romeo J. Chacon\AppData\Roaming\RealNetworks
2013-11-30 15:01 . 2013-11-30 15:01 -------- d-----w- c:\program files (x86)\RealNetworks
2013-11-30 15:00 . 2013-11-30 15:00 -------- d-----w- c:\programdata\RealNetworks
2013-11-30 15:00 . 2013-11-30 15:00 -------- d-----w- c:\program files (x86)\Common Files\xing shared
2013-11-30 15:00 . 2013-11-30 15:00 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2013-11-30 15:00 . 2013-11-30 15:00 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2013-11-30 12:20 . 2013-11-30 12:21 -------- d-----w- C:\AdwCleaner
2013-11-29 15:07 . 2013-10-16 17:18 338944 ----a-w- c:\windows\SysWow64\AdpeakProxy.dll
2013-11-28 13:53 . 2013-11-28 15:10 67632 ----a-w- c:\windows\system32\msln.exe
2013-11-28 12:03 . 2013-11-28 12:03 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2013-11-28 11:34 . 2013-11-28 11:34 177752 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2013-11-28 11:34 . 2013-11-28 11:34 -------- d-----w- c:\program files\Common Files\Symantec Shared
2013-11-28 11:33 . 2013-11-28 11:33 -------- d-----w- c:\windows\system32\drivers\N360x64
2013-11-28 11:33 . 2013-11-28 11:33 -------- d-----w- c:\program files (x86)\Norton 360
2013-11-28 11:32 . 2013-11-28 11:32 -------- d-----w- c:\program files (x86)\NortonInstaller
2013-11-28 11:05 . 2013-11-28 11:05 32512 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys
2013-11-28 09:58 . 2013-11-28 09:58 -------- d-----w- c:\windows\ERUNT
2013-11-28 09:06 . 2013-11-28 11:34 -------- d-----w- c:\programdata\Norton
2013-11-28 09:06 . 2013-11-28 09:14 -------- d-----w- c:\users\Romeo J. Chacon\AppData\Local\NPE
2013-11-27 16:42 . 2013-11-28 09:47 -------- d-----w- c:\users\Romeo J. Chacon\AppData\Local\GCC
2013-11-27 16:42 . 2013-11-27 22:02 -------- d-----w- c:\users\Romeo J. Chacon\AppData\Roaming\DictAddon
2013-11-27 15:30 . 2013-11-27 15:30 -------- d-----w- c:\windows\Migration
2013-11-27 07:48 . 2013-11-27 07:51 -------- d-----w- c:\users\Public\CyberLink
2013-11-27 07:47 . 2013-11-27 07:47 -------- d-----w- c:\program files (x86)\CyberLink
2013-11-26 19:42 . 2013-11-26 19:42 -------- d-----w- c:\users\Romeo J. Chacon\AppData\Roaming\Malwarebytes
2013-11-26 19:42 . 2013-11-26 19:42 -------- d-----w- c:\programdata\Malwarebytes
2013-11-26 19:42 . 2013-11-30 00:48 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-11-26 19:42 . 2013-04-04 21:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-11-23 07:33 . 2013-11-14 11:55 1884448 ----a-w- c:\windows\system32\nvdispco6433182.dll
2013-11-23 07:33 . 2013-11-14 11:55 1511712 ----a-w- c:\windows\system32\nvdispgenco6433182.dll
2013-11-23 07:31 . 2013-11-23 07:31 -------- d-----w- c:\users\Romeo J. Chacon\AppData\Local\NVIDIA Corporation
2013-11-13 07:47 . 2013-10-13 14:52 887808 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2013-11-13 07:47 . 2013-10-13 14:51 499200 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll
2013-11-13 07:47 . 2013-10-13 09:39 678912 ----a-w- c:\program files (x86)\Internet Explorer\iedvtool.dll
2013-11-13 07:47 . 2013-10-13 09:38 387584 ----a-w- c:\program files (x86)\Internet Explorer\jsdbgui.dll
2013-11-13 07:47 . 2013-10-13 09:38 104448 ----a-w- c:\program files (x86)\Internet Explorer\jsdebuggeride.dll
2013-11-13 07:47 . 2013-10-13 15:58 17847296 ----a-w- c:\windows\system32\mshtml.dll
2013-11-13 07:47 . 2013-10-13 15:09 10926080 ----a-w- c:\windows\system32\ieframe.dll
2013-11-13 06:00 . 2013-11-13 06:00 -------- d-----w- c:\program files\iPod
2013-11-13 06:00 . 2013-11-13 06:00 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-13 06:00 . 2013-11-13 06:00 -------- d-----w- c:\program files (x86)\iTunes
2013-11-13 05:38 . 2013-10-11 04:23 462848 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-11-13 05:38 . 2013-10-11 04:23 781824 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-11-13 05:38 . 2013-10-11 02:07 596480 ----a-w- c:\windows\SysWow64\FWPUCLNT.DLL
2013-11-13 05:38 . 2013-10-03 15:02 1278976 ----a-w- c:\windows\system32\crypt32.dll
2013-11-13 05:38 . 2013-10-03 12:45 993792 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-11-13 05:38 . 2013-10-03 15:03 389632 ----a-w- c:\windows\system32\gdi32.dll
2013-11-13 05:38 . 2013-10-03 12:46 304128 ----a-w- c:\windows\SysWow64\gdi32.dll
2013-11-13 05:38 . 2013-09-04 02:31 404992 ----a-w- c:\windows\system32\drivers\afd.sys
2013-11-05 21:58 . 2013-11-05 21:58 -------- d-----w- c:\programdata\Steam
2013-11-02 22:48 . 2013-10-23 10:30 1884448 ----a-w- c:\windows\system32\nvdispco6433165.dll
2013-11-02 22:48 . 2013-10-23 10:30 1511712 ----a-w- c:\windows\system32\nvdispgenco6433165.dll
2013-11-02 22:48 . 2013-01-29 08:35 1510176 ----a-w- c:\windows\system32\nvhdagenco64.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-23 19:26 . 2013-05-25 03:49 15218504 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2013-11-23 19:26 . 2012-11-25 16:04 61216 ----a-w- c:\windows\system32\OpenCL.dll
2013-11-23 19:26 . 2012-11-25 16:04 53024 ----a-w- c:\windows\SysWow64\OpenCL.dll
2013-11-23 19:26 . 2012-10-11 04:23 18208624 ----a-w- c:\windows\system32\nvd3dumx.dll
2013-11-23 19:26 . 2012-10-11 04:23 3069608 ----a-w- c:\windows\system32\nvapi64.dll
2013-11-23 17:42 . 2012-11-25 16:04 6674208 ----a-w- c:\windows\system32\nvcpl.dll
2013-11-23 17:42 . 2012-11-25 16:04 3490080 ----a-w- c:\windows\system32\nvsvc64.dll
2013-11-23 17:42 . 2012-11-25 16:04 922912 ----a-w- c:\windows\system32\nvvsvc.exe
2013-11-23 17:42 . 2012-11-25 16:04 63776 ----a-w- c:\windows\system32\nvshext.dll
2013-11-23 17:42 . 2012-11-25 16:04 219424 ----a-w- c:\windows\system32\nvmctray.dll
2013-11-19 13:47 . 2012-11-25 16:42 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-11-19 13:47 . 2012-11-25 16:42 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-11-13 07:46 . 2006-11-02 12:35 82896128 ----a-w- c:\windows\system32\mrt.exe
2013-10-16 00:48 . 2013-10-22 18:30 1884448 ----a-w- c:\windows\system32\nvdispco6433158.dll
2013-10-16 00:48 . 2013-10-22 18:30 1511712 ----a-w- c:\windows\system32\nvdispgenco6433158.dll
2013-10-08 20:46 . 2013-09-19 04:46 40248 ----a-w- c:\windows\system32\TURegOpt.exe
2013-10-08 20:46 . 2013-10-26 01:01 42808 ----a-w- c:\windows\system32\uxtuneup.dll
2013-10-08 20:46 . 2013-10-26 01:01 35640 ----a-w- c:\windows\SysWow64\uxtuneup.dll
2013-10-08 20:46 . 2013-09-19 04:46 29496 ----a-w- c:\windows\system32\authuitu.dll
2013-10-08 20:46 . 2013-09-19 04:46 25400 ----a-w- c:\windows\SysWow64\authuitu.dll
2013-10-08 14:50 . 2013-10-18 18:41 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-09-27 08:57 . 2013-10-03 10:24 1884448 ----a-w- c:\windows\system32\nvdispco6433140.dll
2013-09-27 08:57 . 2013-10-03 10:24 1511712 ----a-w- c:\windows\system32\nvdispgenco6433140.dll
2013-09-12 08:58 . 2013-09-20 06:57 1884448 ----a-w- c:\windows\system32\nvdispco6432723.dll
2013-09-12 08:58 . 2013-09-20 06:57 1511712 ----a-w- c:\windows\system32\nvdispgenco6432723.dll
2013-09-12 04:21 . 2013-09-12 04:21 863344 ----a-w- c:\windows\SysWow64\msvcr110_clr0400.dll
2013-09-12 04:21 . 2013-09-12 04:21 501872 ----a-w- c:\windows\SysWow64\msvcp110_clr0400.dll
2013-09-12 04:21 . 2013-09-12 04:21 28776 ----a-w- c:\windows\SysWow64\aspnet_counters.dll
2013-09-12 04:21 . 2013-09-12 04:21 18000 ----a-w- c:\windows\SysWow64\msvcr100_clr0400.dll
2013-09-12 02:39 . 2013-09-12 02:39 855664 ----a-w- c:\windows\system32\msvcr110_clr0400.dll
2013-09-12 02:39 . 2013-09-12 02:39 614000 ----a-w- c:\windows\system32\msvcp110_clr0400.dll
2013-09-12 02:39 . 2013-09-12 02:39 30312 ----a-w- c:\windows\system32\aspnet_counters.dll
2013-09-12 02:39 . 2013-09-12 02:39 18000 ----a-w- c:\windows\system32\msvcr100_clr0400.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2013-04-05 59720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"P17RunE"="P17RunE.dll" [2008-03-28 14848]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2013-11-30 295512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\pdvdlp.exe]
"Debugger"="c:\program files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\powerdvd13.exe]
"Debugger"="c:\program files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\realconverter.exe]
"Debugger"="c:\program files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\realplay.exe]
"Debugger"="c:\program files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\realplayer.exe]
"Debugger"="c:\program files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\realtrimmer.exe]
"Debugger"="c:\program files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\rnxproc.exe]
"Debugger"="c:\program files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\setup.exe]
"Debugger"="c:\program files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Themes
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-11-23 06:33 1210320 ----a-w- c:\program files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-11-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-25 13:47]
.
2013-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-25 16:43]
.
2013-11-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-11-25 16:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2013-09-25 472984]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyServer = http=;ftp=;https=;
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 10.0.15.1
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files (x86)\Norton 360\Engine\21.1.0.18\N360.exe\" /s \"N360\" /m \"c:\program files (x86)\Norton 360\Engine\21.1.0.18\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\system32\drivers\N360x64\1501000.012\SYMTDIV.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton 360\Engine\21.1.0.18;c:\program files (x86)\Norton 360\Engine64\21.1.0.18"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{09F57980-3432-4AFC-957D-27AC45FAE1F5}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD13\Common\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-60110655-3644300223-3656621447-1000\Software\SecuROM\License information*]
"datasecu"=hex:ac,fe,60,08,a5,2c,96,38,2d,c2,23,f0,2d,2d,92,21,25,ca,b7,27,88,
   ba,74,5a,c7,20,7a,23,cd,3d,09,5a,28,77,90,f7,b1,66,82,88,af,55,44,29,48,85,\
"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Nico Mak Computing\WinZip]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,6f,00,66,00,\
.
Completion time: 2013-11-30  10:01:02
ComboFix-quarantined-files.txt  2013-11-30 17:01
.
Pre-Run: 364,481,097,728 bytes free
Post-Run: 364,416,368,640 bytes free
.
- - End Of File - - 6C156281867BE74047D1877CEDC0C1B5
A36C5E4F47E84449FF07ED3517B43A31


#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:00 PM

Posted 30 November 2013 - 12:12 PM



Hello JCDvain

Lets get a deeper look into the system and lets see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 JCDvain

JCDvain
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:00 PM

Posted 30 November 2013 - 12:38 PM

It didn't ask me to clean or remove anything, I'm guessing everything is good now? I hope so :-)

 

Here is the OTL log:

 

OTL logfile created on: 11/30/2013 10:29:57 AM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Romeo J. Chacon\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
6.00 Gb Total Physical Memory | 4.27 Gb Available Physical Memory | 71.24% Memory free
12.18 Gb Paging File | 10.55 Gb Available in Paging File | 86.61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 698.54 Gb Total Space | 339.41 Gb Free Space | 48.59% Space Free | Partition Type: NTFS
Drive D: | 100.00 Mb Total Space | 61.34 Mb Free Space | 61.35% Space Free | Partition Type: NTFS
Drive G: | 100.00 Mb Total Space | 70.05 Mb Free Space | 70.05% Space Free | Partition Type: NTFS
Drive H: | 279.36 Gb Total Space | 211.55 Gb Free Space | 75.73% Space Free | Partition Type: NTFS
 
Computer Name: STUDIO | User Name: Romeo J. Chacon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Romeo J. Chacon\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe ()
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\SysWOW64\APOMngr.DLL ()
MOD - C:\Windows\SysWOW64\CmdRtr.DLL ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (AVG)
SRV:64bit: - (PSI_SVC_2_x64) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (arvato digital services llc)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\AVG\AVG PC Tuneup\TuneUpUtilitiesService64.exe (AVG)
SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (AVG)
SRV - (N360) -- C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe (Symantec Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (RealNetworks Downloader Resolver Service) -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe ()
SRV - (CyberLink PowerDVD 13 Media Server Service) -- C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe (CyberLink)
SRV - (CyberLink PowerDVD 13 Media Server Monitor Service) -- C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe (CyberLink)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (WSWNDA3100v2) -- C:\Program Files (x86)\NETGEAR\WNDA3100v2\WifiSvc.exe ()
SRV - (PSI_SVC_2) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (hitmanpro37) -- C:\Windows\SysNative\drivers\hitmanpro37.sys ()
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SYMEFA64.SYS (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\N360x64\1501000.012\Ironx64.SYS (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SRTSP64.SYS (Symantec Corporation)
DRV:64bit: - (SYMTDIv) -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SYMTDIV.SYS (Symantec Corporation)
DRV:64bit: - (ccSet_N360) -- C:\Windows\SysNative\drivers\N360x64\1501000.012\ccSetx64.sys (Symantec Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SYMDS64.SYS (Symantec Corporation)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SRTSPX64.SYS (Symantec Corporation)
DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\DRIVERS\netaapl64.sys (Apple Inc.)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (SCDEmu) -- C:\Windows\SysNative\drivers\scdemu.sys (Power Software Ltd)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (BCMH43XX) -- C:\Windows\SysNative\DRIVERS\bcmwlhigh664.sys (Broadcom Corporation)
DRV:64bit: - (WsAudioDevice_383S(1) -- C:\Windows\SysNative\drivers\WsAudioDevice_383S(1).sys (Wondershare)
DRV:64bit: - (P17) -- C:\Windows\SysNative\drivers\P17.sys (Creative Technology Ltd.)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (SCMNdisP) -- C:\Windows\SysNative\DRIVERS\scmndisp.sys (Windows ® Codename Longhorn DDK provider)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\DRIVERS\nvm60x64.sys (NVIDIA Corporation)
DRV - (NAVEX15) -- C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20131129.009\ex64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20131129.009\eng64.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20131128.001\IDSviA64.sys (Symantec Corporation)
DRV - (BHDrvx64) -- C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20131114.001\BHDrvx64.sys (Symantec Corporation)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\AVG\AVG PC Tuneup\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - ({09F57980-3432-4AFC-957D-27AC45FAE1F5}) -- C:\Program Files (x86)\CyberLink\PowerDVD13\Common\NavFilter\000.fcl (CyberLink Corp.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-60110655-3644300223-3656621447-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKU\S-1-5-21-60110655-3644300223-3656621447-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-60110655-3644300223-3656621447-1000\..\SearchScopes,DefaultScope = {4C3D1D8F-1031-468F-ADFF-40EF88619FF7}
IE - HKU\S-1-5-21-60110655-3644300223-3656621447-1000\..\SearchScopes\{4C3D1D8F-1031-468F-ADFF-40EF88619FF7}: "URL" = https://www.google.com/search?q={searchTerms}
IE - HKU\S-1-5-21-60110655-3644300223-3656621447-1000\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=o0&geo=US&ver=21&locale=en_US&gct=kwd&qsrc=2869
IE - HKU\S-1-5-21-60110655-3644300223-3656621447-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-60110655-3644300223-3656621447-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=;ftp=;https=;
 
IE - HKU\S-1-5-21-60110655-3644300223-3656621447-1001\..\SearchScopes,DefaultScope = 
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.3.51: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.3: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.3.51: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2013/11/28 04:35:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/11/30 08:01:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ [2013/11/30 09:14:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/11/30 08:01:01 | 000,000,000 | ---D | M]
 
[2013/11/26 10:35:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Romeo J. Chacon\AppData\Roaming\Mozilla\Firefox\extensions
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Widevine Content Decryption Module (Enabled) = C:\Users\Romeo J. Chacon\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.376\_platform_specific\win_x86\widevinecdmadapter.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll
CHR - plugin: Screen Capture Plugin (Enabled) = C:\Users\Romeo J. Chacon\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.5.3_0\plugins/screen_capture.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.4 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: AdobeExManDetect (Enabled) = C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll
CHR - plugin: AdobeAAMDetect (Enabled) = C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll
CHR - plugin: Java Deployment Toolkit 7.0.450.18 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll
CHR - plugin: Java™ Platform SE 7 U45 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
CHR - plugin: RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
CHR - plugin: RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
CHR - plugin: RealDownloader Plugin (Enabled) = C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Awesome Screenshot: Capture & Annotate = C:\Users\Romeo J. Chacon\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.4.5_0\
CHR - Extension: Awesome Screenshot: Capture & Annotate = C:\Users\Romeo J. Chacon\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.4.6_0\
CHR - Extension: Awesome Screenshot: Capture & Annotate = C:\Users\Romeo J. Chacon\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.4.7_0\
CHR - Extension: Awesome Screenshot: Capture & Annotate = C:\Users\Romeo J. Chacon\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.4.8_0\
CHR - Extension: Awesome Screenshot: Capture & Annotate = C:\Users\Romeo J. Chacon\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.5.1_0\
CHR - Extension: Awesome Screenshot: Capture & Annotate = C:\Users\Romeo J. Chacon\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.5.2_0\
CHR - Extension: Awesome Screenshot: Capture & Annotate = C:\Users\Romeo J. Chacon\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.5.3_0\
CHR - Extension: Google Drive = C:\Users\Romeo J. Chacon\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Missing e = C:\Users\Romeo J. Chacon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcjbagclppcgdbpobcpoojdjdmcjhpid\2.14.3_0\
CHR - Extension: YouTube = C:\Users\Romeo J. Chacon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Chromoji - Emoji for Google Chrome™ = C:\Users\Romeo J. Chacon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cahedbegdkagmcjfolhdlechbkeaieki\1.2.8_0\
CHR - Extension: Google Search = C:\Users\Romeo J. Chacon\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Vimeo™ Download Videos = C:\Users\Romeo J. Chacon\AppData\Local\Google\Chrome\User Data\Default\Extensions\geeljcibkkackafmeepgadbfgmpjmdeg\2.9.4_0\
CHR - Extension: Vimeo™ Download Videos = C:\Users\Romeo J. Chacon\AppData\Local\Google\Chrome\User Data\Default\Extensions\geeljcibkkackafmeepgadbfgmpjmdeg\3.0.0_0\
CHR - Extension: AdBlock = C:\Users\Romeo J. Chacon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.10_0\
CHR - Extension: AdBlock = C:\Users\Romeo J. Chacon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.11_0\
CHR - Extension: AdBlock = C:\Users\Romeo J. Chacon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.14_0\
CHR - Extension: AdBlock = C:\Users\Romeo J. Chacon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.16_0\
CHR - Extension: AdBlock = C:\Users\Romeo J. Chacon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.6_0\
CHR - Extension: AdBlock = C:\Users\Romeo J. Chacon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.7_0\
CHR - Extension: AdBlock = C:\Users\Romeo J. Chacon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.7_1\
CHR - Extension: AdBlock = C:\Users\Romeo J. Chacon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.8_0\
CHR - Extension: AdBlock = C:\Users\Romeo J. Chacon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.8_1\
CHR - Extension: Auto Replay for YouTube = C:\Users\Romeo J. Chacon\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb\1.9.28_0\
CHR - Extension: Norton Identity Protection = C:\Users\Romeo J. Chacon\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.6.0.27_0\
CHR - Extension: Google Wallet = C:\Users\Romeo J. Chacon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\
CHR - Extension: Google Wallet = C:\Users\Romeo J. Chacon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Google Wallet = C:\Users\Romeo J. Chacon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: No name found = C:\Users\Romeo J. Chacon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofmfjnicflkkpmkoleeipcbglpmhghca\1_0\
CHR - Extension: Gmail = C:\Users\Romeo J. Chacon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Awesome Screenshot: Capture & Annotate = C:\Users\Romeo J. Chacon\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.4.5_0\
CHR - Extension: Awesome Screenshot: Capture & Annotate = C:\Users\Romeo J. Chacon\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.4.6_0\
CHR - Extension: Awesome Screenshot: Capture & Annotate = C:\Users\Romeo J. Chacon\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.4.7_0\
CHR - Extension: Awesome Screenshot: Capture & Annotate = C:\Users\Romeo J. Chacon\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.4.8_0\
CHR - Extension: Awesome Screenshot: Capture & Annotate = C:\Users\Romeo J. Chacon\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.5.1_0\
CHR - Extension: Awesome Screenshot: Capture & Annotate = C:\Users\Romeo J. Chacon\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.5.2_0\
CHR - Extension: Awesome Screenshot: Capture & Annotate = C:\Users\Romeo J. Chacon\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.5.3_0\
CHR - Extension: Google Drive = C:\Users\Romeo J. Chacon\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Missing e = C:\Users\Romeo J. Chacon\AppData\Local\Google\Chrome\User Data\Default\Extensions\bcjbagclppcgdbpobcpoojdjdmcjhpid\2.14.3_0\
CHR - Extension: YouTube = C:\Users\Romeo J. Chacon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Chromoji - Emoji for Google Chrome™ = C:\Users\Romeo J. Chacon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cahedbegdkagmcjfolhdlechbkeaieki\1.2.8_0\
CHR - Extension: Google Search = C:\Users\Romeo J. Chacon\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Vimeo™ Download Videos = C:\Users\Romeo J. Chacon\AppData\Local\Google\Chrome\User Data\Default\Extensions\geeljcibkkackafmeepgadbfgmpjmdeg\2.9.4_0\
CHR - Extension: Vimeo™ Download Videos = C:\Users\Romeo J. Chacon\AppData\Local\Google\Chrome\User Data\Default\Extensions\geeljcibkkackafmeepgadbfgmpjmdeg\3.0.0_0\
CHR - Extension: AdBlock = C:\Users\Romeo J. Chacon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.10_0\
CHR - Extension: AdBlock = C:\Users\Romeo J. Chacon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.11_0\
CHR - Extension: AdBlock = C:\Users\Romeo J. Chacon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.14_0\
CHR - Extension: AdBlock = C:\Users\Romeo J. Chacon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.16_0\
CHR - Extension: AdBlock = C:\Users\Romeo J. Chacon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.6_0\
CHR - Extension: AdBlock = C:\Users\Romeo J. Chacon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.7_0\
CHR - Extension: AdBlock = C:\Users\Romeo J. Chacon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.7_1\
CHR - Extension: AdBlock = C:\Users\Romeo J. Chacon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.8_0\
CHR - Extension: AdBlock = C:\Users\Romeo J. Chacon\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.8_1\
CHR - Extension: Auto Replay for YouTube = C:\Users\Romeo J. Chacon\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb\1.9.28_0\
CHR - Extension: Norton Identity Protection = C:\Users\Romeo J. Chacon\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2014.6.0.27_0\
CHR - Extension: Google Wallet = C:\Users\Romeo J. Chacon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\
CHR - Extension: Google Wallet = C:\Users\Romeo J. Chacon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: Google Wallet = C:\Users\Romeo J. Chacon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: No name found = C:\Users\Romeo J. Chacon\AppData\Local\Google\Chrome\User Data\Default\Extensions\ofmfjnicflkkpmkoleeipcbglpmhghca\1_0\
CHR - Extension: Gmail = C:\Users\Romeo J. Chacon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013/11/30 09:15:43 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\IPS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-60110655-3644300223-3656621447-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\CoIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [P17RunE] C:\Windows\SysWow64\P17RunE.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-60110655-3644300223-3656621447-1000..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\S-1-5-21-60110655-3644300223-3656621447-1000..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O4 - HKU\S-1-5-21-60110655-3644300223-3656621447-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-60110655-3644300223-3656621447-1001..\Run: [WindowsWelcomeCenter] C:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-60110655-3644300223-3656621447-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-60110655-3644300223-3656621447-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-60110655-3644300223-3656621447-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-60110655-3644300223-3656621447-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-60110655-3644300223-3656621447-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-60110655-3644300223-3656621447-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-60110655-3644300223-3656621447-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-60110655-3644300223-3656621447-1001\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-21-60110655-3644300223-3656621447-1001\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-21-60110655-3644300223-3656621447-1001\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-21-60110655-3644300223-3656621447-1001\..Trusted Domains: sony.com ([]* in )
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.15.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4ACB95D9-BB19-4ADD-B41D-22FEE2D3A345}: DhcpNameServer = 10.0.15.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8D477229-9972-47DE-89BB-1212F250F3EC}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A7CDDBEE-220A-4787-887E-BB33BB6A4C0B}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E0D6F654-A7A3-4822-8B88-BCEB0FFC46D1}: DhcpNameServer = 172.20.10.1
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Romeo J. Chacon\Pictures\Backrounds\Twilight two 1920x1200.jpg
O24 - Desktop BackupWallPaper: C:\Users\Romeo J. Chacon\Pictures\Backrounds\Twilight two 1920x1200.jpg
O27 - HKLM IFEO\pdvdlp.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27 - HKLM IFEO\powerdvd13.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27 - HKLM IFEO\realconverter.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27 - HKLM IFEO\realplay.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27 - HKLM IFEO\realplayer.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27 - HKLM IFEO\realtrimmer.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27 - HKLM IFEO\rnxproc.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O27 - HKLM IFEO\setup.exe: Debugger - C:\Program Files (x86)\AVG\AVG PC TuneUp\TUAutoReactivator64.exe (AVG)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013/11/26 12:27:05 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/11/30 10:27:11 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Romeo J. Chacon\Desktop\OTL.exe
[2013/11/30 10:01:08 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/11/30 10:01:04 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/11/30 10:01:04 | 000,000,000 | ---D | C] -- C:\Users\Romeo J. Chacon\AppData\Local\temp
[2013/11/30 09:01:20 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/11/30 09:01:20 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/11/30 09:01:20 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/11/30 09:00:13 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/11/30 08:59:51 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/11/30 08:58:54 | 005,150,163 | R--- | C] (Swearware) -- C:\Users\Romeo J. Chacon\Desktop\ComboFix.exe
[2013/11/30 08:01:38 | 000,000,000 | ---D | C] -- C:\Users\Romeo J. Chacon\AppData\Roaming\RealNetworks
[2013/11/30 08:01:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RealNetworks
[2013/11/30 08:00:57 | 000,000,000 | ---D | C] -- C:\ProgramData\RealNetworks
[2013/11/30 08:00:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2013/11/30 08:00:38 | 000,201,872 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
[2013/11/30 08:00:29 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll
[2013/11/30 08:00:29 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll
[2013/11/30 08:00:28 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2013/11/30 08:00:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
[2013/11/30 05:28:47 | 001,034,531 | ---- | C] (Thisisu) -- C:\Users\Romeo J. Chacon\Desktop\JRT.exe
[2013/11/30 05:20:33 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/11/30 04:08:07 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Romeo J. Chacon\Desktop\dds.scr
[2013/11/29 08:07:04 | 000,338,944 | ---- | C] (Adpeak, Inc.) -- C:\Windows\SysWow64\AdpeakProxy.dll
[2013/11/28 16:10:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\World of Warplanes
[2013/11/28 08:28:26 | 030,361,888 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2013/11/28 08:28:26 | 025,257,248 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2013/11/28 08:28:26 | 022,951,200 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2013/11/28 08:28:26 | 018,293,096 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2013/11/28 08:28:26 | 011,566,648 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2013/11/28 08:28:26 | 011,441,664 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2013/11/28 08:28:26 | 009,663,656 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2013/11/28 08:28:26 | 009,619,872 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2013/11/28 08:28:26 | 003,132,704 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2013/11/28 08:28:26 | 003,125,024 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2013/11/28 08:28:26 | 002,747,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2013/11/28 08:28:26 | 002,697,248 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2013/11/28 08:28:26 | 001,884,448 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6433193.dll
[2013/11/28 08:28:26 | 001,511,712 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6433193.dll
[2013/11/28 08:28:25 | 017,560,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2013/11/28 08:28:25 | 015,862,272 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2013/11/28 08:28:25 | 002,947,872 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2013/11/28 06:53:35 | 000,067,632 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\msln.exe
[2013/11/28 05:03:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2013/11/28 04:34:16 | 000,177,752 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2013/11/28 04:34:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2013/11/28 04:33:49 | 001,147,480 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SymEFA64.sys
[2013/11/28 04:33:49 | 000,858,200 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1501000.012\srtsp64.sys
[2013/11/28 04:33:49 | 000,590,936 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1501000.012\symnets.sys
[2013/11/28 04:33:49 | 000,507,992 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1501000.012\symtdiv.sys
[2013/11/28 04:33:49 | 000,493,656 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SymDS64.sys
[2013/11/28 04:33:49 | 000,264,280 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1501000.012\Ironx64.sys
[2013/11/28 04:33:49 | 000,036,952 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1501000.012\srtspx64.sys
[2013/11/28 04:33:49 | 000,023,568 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SymELAM.sys
[2013/11/28 04:33:48 | 000,162,392 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1501000.012\ccSetx64.sys
[2013/11/28 04:33:21 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64
[2013/11/28 04:33:21 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64\1501000.012
[2013/11/28 04:33:20 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2013/11/28 04:33:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton 360
[2013/11/28 04:32:52 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2013/11/28 04:32:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2013/11/28 02:58:40 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/11/28 02:06:01 | 000,000,000 | ---D | C] -- C:\Users\Romeo J. Chacon\AppData\Local\NPE
[2013/11/28 02:06:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2013/11/27 10:49:29 | 000,000,000 | ---D | C] -- C:\Users\Romeo J. Chacon\Documents\Adobe
[2013/11/27 09:42:52 | 000,000,000 | ---D | C] -- C:\Users\Romeo J. Chacon\AppData\Local\GCC
[2013/11/27 09:42:46 | 000,000,000 | ---D | C] -- C:\Users\Romeo J. Chacon\AppData\Roaming\DictAddon
[2013/11/27 08:30:39 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2013/11/27 00:48:38 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 13
[2013/11/27 00:47:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CyberLink
[2013/11/26 12:42:31 | 000,000,000 | ---D | C] -- C:\Users\Romeo J. Chacon\AppData\Roaming\Malwarebytes
[2013/11/26 12:42:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/11/26 12:42:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/11/26 12:42:23 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/11/26 12:42:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/11/26 10:30:59 | 000,000,000 | ---D | C] -- C:\Users\Romeo J. Chacon\AppData\Roaming\Mozilla
[2013/11/23 00:33:01 | 001,884,448 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6433182.dll
[2013/11/23 00:33:01 | 001,511,712 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6433182.dll
[2013/11/23 00:31:16 | 000,000,000 | ---D | C] -- C:\Users\Romeo J. Chacon\AppData\Local\NVIDIA Corporation
[2013/11/13 00:48:04 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/11/13 00:48:04 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/11/13 00:48:02 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/11/13 00:48:02 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/11/13 00:48:02 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/11/13 00:48:02 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/11/13 00:48:02 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/11/13 00:48:02 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/11/13 00:48:01 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/11/13 00:48:01 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/11/13 00:48:01 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/11/13 00:48:00 | 002,334,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/11/13 00:48:00 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/11/13 00:48:00 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/11/13 00:48:00 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/11/12 23:00:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/11/12 23:00:04 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/11/12 23:00:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/11/12 23:00:02 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/11/12 22:38:31 | 000,781,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FWPUCLNT.DLL
[2013/11/12 22:38:31 | 000,596,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\FWPUCLNT.DLL
[2013/11/12 22:38:28 | 001,278,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013/11/12 22:38:18 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
[2013/11/05 14:58:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Steam
[2013/11/05 00:33:24 | 000,000,000 | ---D | C] -- C:\Users\Romeo J. Chacon\Documents\Battlefield 4
[2013/11/02 15:48:24 | 001,884,448 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6433165.dll
[2013/11/02 15:48:24 | 001,511,712 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6433165.dll
[2013/11/02 15:48:24 | 001,510,176 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdagenco64.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Romeo J. Chacon\AppData\Roaming\*.tmp files -> C:\Users\Romeo J. Chacon\AppData\Roaming\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/11/30 10:27:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Romeo J. Chacon\Desktop\OTL.exe
[2013/11/30 09:57:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/11/30 09:21:14 | 000,759,542 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/11/30 09:21:14 | 000,642,724 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/11/30 09:21:14 | 000,119,916 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/11/30 09:16:12 | 000,003,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/30 09:16:12 | 000,003,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/30 09:15:43 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013/11/30 09:14:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/30 08:58:57 | 005,150,163 | R--- | M] (Swearware) -- C:\Users\Romeo J. Chacon\Desktop\ComboFix.exe
[2013/11/30 08:00:38 | 000,201,872 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
[2013/11/30 08:00:29 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll
[2013/11/30 08:00:29 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll
[2013/11/30 08:00:28 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2013/11/30 05:28:48 | 001,034,531 | ---- | M] (Thisisu) -- C:\Users\Romeo J. Chacon\Desktop\JRT.exe
[2013/11/30 05:19:01 | 001,091,882 | ---- | M] () -- C:\Users\Romeo J. Chacon\Desktop\AdwCleaner.exe
[2013/11/30 04:08:21 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Romeo J. Chacon\Desktop\dds.scr
[2013/11/29 06:42:30 | 136,530,931 | ---- | M] () -- C:\Users\Romeo J. Chacon\Desktop\DFF2.zip
[2013/11/29 06:34:23 | 008,305,450 | ---- | M] () -- C:\Users\Romeo J. Chacon\Desktop\Krewella - Live For The Night.mp3
[2013/11/29 06:22:19 | 055,852,800 | ---- | M] () -- C:\Users\Romeo J. Chacon\Desktop\DFF3.zip
[2013/11/28 16:10:22 | 000,000,750 | ---- | M] () -- C:\Users\Public\Desktop\World of Warplanes.lnk
[2013/11/28 14:17:25 | 000,000,132 | ---- | M] () -- C:\Users\Romeo J. Chacon\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2013/11/28 12:52:34 | 000,001,456 | ---- | M] () -- C:\Users\Romeo J. Chacon\AppData\Local\Adobe Save for Web 13.0 Prefs
[2013/11/28 12:46:16 | 000,144,896 | ---- | M] () -- C:\Users\Romeo J. Chacon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/11/28 08:41:08 | 002,411,074 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\Cat.DB
[2013/11/28 08:10:02 | 000,067,632 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\msln.exe
[2013/11/28 04:34:16 | 000,177,752 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2013/11/28 04:34:16 | 000,008,222 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2013/11/28 04:34:16 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2013/11/28 04:05:24 | 000,032,512 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro37.sys
[2013/11/27 15:20:45 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/27 15:20:45 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/27 09:04:43 | 000,000,132 | ---- | M] () -- C:\Users\Romeo J. Chacon\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2013/11/27 08:32:42 | 000,752,854 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013/11/27 00:52:27 | 000,000,680 | ---- | M] () -- C:\Users\Romeo J. Chacon\AppData\Local\d3d9caps.dat
[2013/11/26 12:42:24 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/11/26 12:27:05 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2013/11/26 10:12:43 | 000,001,100 | ---- | M] () -- C:\Users\Romeo J. Chacon\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 5.6.8.lnk
[2013/11/25 16:31:37 | 000,020,410 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\VT20131125.019
[2013/11/23 12:26:48 | 030,361,888 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2013/11/23 12:26:48 | 025,257,248 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2013/11/23 12:26:48 | 022,951,200 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2013/11/23 12:26:48 | 018,293,096 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2013/11/23 12:26:48 | 018,208,624 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2013/11/23 12:26:48 | 017,560,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2013/11/23 12:26:48 | 015,862,272 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2013/11/23 12:26:48 | 015,218,504 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2013/11/23 12:26:48 | 011,566,648 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2013/11/23 12:26:48 | 011,441,664 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2013/11/23 12:26:48 | 009,663,656 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2013/11/23 12:26:48 | 009,619,872 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2013/11/23 12:26:48 | 003,132,704 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2013/11/23 12:26:48 | 003,125,024 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2013/11/23 12:26:48 | 003,069,608 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2013/11/23 12:26:48 | 002,947,872 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2013/11/23 12:26:48 | 002,747,680 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2013/11/23 12:26:48 | 002,697,248 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2013/11/23 12:26:48 | 001,884,448 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6433193.dll
[2013/11/23 12:26:48 | 001,511,712 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6433193.dll
[2013/11/23 12:26:48 | 000,061,216 | ---- | M] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2013/11/23 12:26:48 | 000,053,024 | ---- | M] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2013/11/23 12:26:48 | 000,023,754 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2013/11/23 10:42:12 | 006,674,208 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2013/11/23 10:42:12 | 003,490,080 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2013/11/23 10:42:10 | 000,219,424 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2013/11/23 10:42:10 | 000,063,776 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2013/11/19 06:47:25 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/11/19 06:47:25 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/11/14 04:55:24 | 001,884,448 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco6433182.dll
[2013/11/14 04:55:24 | 001,511,712 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco6433182.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Romeo J. Chacon\AppData\Roaming\*.tmp files -> C:\Users\Romeo J. Chacon\AppData\Roaming\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/11/30 09:01:20 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/11/30 09:01:20 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/11/30 09:01:20 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/11/30 09:01:20 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/11/30 09:01:20 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/11/30 05:19:01 | 001,091,882 | ---- | C] () -- C:\Users\Romeo J. Chacon\Desktop\AdwCleaner.exe
[2013/11/29 06:41:58 | 136,530,931 | ---- | C] () -- C:\Users\Romeo J. Chacon\Desktop\DFF2.zip
[2013/11/29 06:34:09 | 008,305,450 | ---- | C] () -- C:\Users\Romeo J. Chacon\Desktop\Krewella - Live For The Night.mp3
[2013/11/29 06:21:22 | 055,852,800 | ---- | C] () -- C:\Users\Romeo J. Chacon\Desktop\DFF3.zip
[2013/11/28 16:10:22 | 000,000,750 | ---- | C] () -- C:\Users\Public\Desktop\World of Warplanes.lnk
[2013/11/28 13:17:47 | 000,000,132 | ---- | C] () -- C:\Users\Romeo J. Chacon\AppData\Roaming\Adobe PNG Format CS6 Prefs
[2013/11/28 08:28:26 | 000,023,754 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2013/11/28 04:57:55 | 000,020,410 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\VT20131125.019
[2013/11/28 04:34:21 | 002,411,074 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\Cat.DB
[2013/11/28 04:34:16 | 000,008,222 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2013/11/28 04:34:16 | 000,000,854 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2013/11/28 04:33:37 | 000,003,433 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SymEFA.inf
[2013/11/28 04:33:37 | 000,002,852 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SymDS.inf
[2013/11/28 04:33:37 | 000,001,440 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SymNet.inf
[2013/11/28 04:33:37 | 000,001,437 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\srtsp64.inf
[2013/11/28 04:33:37 | 000,001,420 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\srtspx64.inf
[2013/11/28 04:33:37 | 000,001,098 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\symELAM.inf
[2013/11/28 04:33:37 | 000,000,855 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\ccSetx64.inf
[2013/11/28 04:33:37 | 000,000,767 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\Iron.inf
[2013/11/28 04:33:21 | 000,014,818 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SymVTcer.dat
[2013/11/28 04:33:21 | 000,009,939 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SymELAM64.cat
[2013/11/28 04:33:21 | 000,008,202 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\ccSetx64.cat
[2013/11/28 04:33:21 | 000,008,196 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\srtspx64.cat
[2013/11/28 04:33:21 | 000,008,194 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SymEFA64.cat
[2013/11/28 04:33:21 | 000,008,192 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\symnet64.cat
[2013/11/28 04:33:21 | 000,008,192 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\srtsp64.cat
[2013/11/28 04:33:21 | 000,008,188 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\SymDS64.cat
[2013/11/28 04:33:21 | 000,008,184 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\iron.cat
[2013/11/28 04:33:21 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1501000.012\isolate.ini
[2013/11/28 04:05:24 | 000,032,512 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro37.sys
[2013/11/27 10:58:58 | 000,001,456 | ---- | C] () -- C:\Users\Romeo J. Chacon\AppData\Local\Adobe Save for Web 13.0 Prefs
[2013/11/27 10:43:40 | 000,000,979 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6 (64 Bit).lnk
[2013/11/27 10:42:59 | 000,001,042 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6.lnk
[2013/11/27 10:42:21 | 000,001,004 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6.lnk
[2013/11/27 10:40:50 | 000,001,188 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk
[2013/11/26 12:42:24 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/11/26 12:27:05 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2013/11/26 10:12:43 | 000,001,100 | ---- | C] () -- C:\Users\Romeo J. Chacon\Application Data\Microsoft\Internet Explorer\Quick Launch\FrostWire 5.6.8.lnk
[2013/11/12 22:38:32 | 000,217,074 | ---- | C] () -- C:\Windows\SysNative\WFP.TMF
[2013/09/17 13:00:12 | 000,000,535 | ---- | C] () -- C:\Windows\eReg.dat
[2013/05/24 20:51:15 | 000,752,854 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/12/21 02:12:26 | 000,000,048 | ---- | C] () -- C:\Windows\cdplayer.ini
[2012/12/16 02:41:43 | 000,645,632 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012/12/16 02:41:42 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012/12/02 19:03:12 | 000,000,680 | ---- | C] () -- C:\Users\Romeo J. Chacon\AppData\Local\d3d9caps.dat
[2012/11/29 18:31:19 | 000,001,456 | ---- | C] () -- C:\Users\Romeo J. Chacon\AppData\Local\Adobe Save for Web 12.0 Prefs
[2012/11/29 16:24:05 | 000,000,032 | ---- | C] () -- C:\Windows\msocreg32.dat
[2012/11/27 08:32:01 | 000,237,568 | R--- | C] () -- C:\Windows\SysWow64\qtmlClient.dll
[2012/11/27 08:32:01 | 000,000,000 | ---- | C] () -- C:\Windows\Graffiti5.4.ini
[2012/11/26 11:35:47 | 000,000,132 | ---- | C] () -- C:\Users\Romeo J. Chacon\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2012/11/25 17:27:00 | 000,144,896 | ---- | C] () -- C:\Users\Romeo J. Chacon\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/11/25 08:31:20 | 000,166,912 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2012/11/25 08:31:20 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2012/11/25 07:51:03 | 000,000,732 | ---- | C] () -- C:\Users\Romeo J. Chacon\AppData\Local\d3d9caps64.dat
[2012/07/02 13:11:02 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\theowl.dll
[2012/02/02 20:00:58 | 000,139,264 | ---- | C] () -- C:\Windows\SysWow64\TCPClient.dll
 
========== ZeroAccess Check ==========
 
[2006/11/02 08:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 10:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 10:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/04/11 09:22:50 | 000,891,392 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2009/04/11 09:23:09 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/20 19:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\wbemess.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:542623CC
 
< End of report >

 



#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:00 PM

Posted 01 December 2013 - 10:43 AM


Hello JCDvain

I would like you to run this custom script for me now and when it is complete please give me the report and a status update for the computer.

Run OTL Script
  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the customFix.png text box.
    :OTL
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
    O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
     IE - HKU\S-1-5-21-60110655-3644300223-3656621447-1000\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=o0&geo=US&ver=21&locale=en_US&gct=kwd&qsrc=2869
    [2013/11/29 08:07:04 | 000,338,944 | ---- | C] (Adpeak, Inc.) -- C:\Windows\SysWow64\AdpeakProxy.dll
     
    :Files
    ipconfig /flushdns /c
    
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    [reboot]
    
  • Then click the Run Fix button at the top.
  • Click btnOK.png.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

    Note** if the report does not popup after the computer reboots you can find it here in this folder - C:\_OTL\MovedFiles

    It will be named - mmddyyyy_hhmmss.log

    Where mmddyyyy_hhmmss - are numbers representing the date and time the fix was run.


Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 JCDvain

JCDvain
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:00 PM

Posted 01 December 2013 - 11:02 AM

My system has been doing a lot better since Combofix , but here is the new log. 
 
Here is the log 
 
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-60110655-3644300223-3656621447-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found.
C:\Windows\SysWOW64\AdpeakProxy.dll moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Romeo J. Chacon\Desktop\cmd.bat deleted successfully.
C:\Users\Romeo J. Chacon\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYJAVA]
 
User: All Users
 
User: AppData
 
User: Default
 
User: Default User
 
User: Public
 
User: Romeo J. Chacon
->Java cache emptied: 0 bytes
 
User: ROMEOJ~1~CHA
 
User: UpdatusUser
 
Total Java Files Cleaned = 0.00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: AppData
 
User: Default
->Flash cache emptied: 56504 bytes
 
User: Default User
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Romeo J. Chacon
->Flash cache emptied: 1554 bytes
 
User: ROMEOJ~1~CHA
 
User: UpdatusUser
 
Total Flash Files Cleaned = 0.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 12012013_085607





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users