Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BiloickTheAds 1.4 Chrome extension


  • Please log in to reply
21 replies to this topic

#1 Doomzday1

Doomzday1

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:58 PM

Posted 07 February 2014 - 11:30 AM

An extension called BiloickTheAds has installed in Google Chrome, i've tried removing it but i can't as it dosen't has the common delete option of an extension and it can't be disabled because its "installed by enterprise policy", i uninstalled suspicious programs such as "GSenabler" and tried looking for the extension's ID in the registry editor and erasing the corresponding entry but the extension is still there, any help would be appreciated.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 11.0.9600.16428  BrowserJavaVersion: 10.51.2
Run by Usuario at 13:14:21 on 2014-02-07
Microsoft Windows 7 Ultimate   6.1.7601.1.936.86.3082.18.7641.4971 [GMT -3:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
D:\Tools\Software Bluetooth\bin\btwdins.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
C:\Windows\Explorer.EXE
D:\Tools\Malwarebytes' Anti-Malware\mbamscheduler.exe
D:\Tools\Malwarebytes' Anti-Malware\mbamservice.exe
D:\Tools\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
D:\Juegos\Steam Cracked\Steam.exe
C:\Users\Usuario\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\Usuario\AppData\Local\Akamai\netsession_win.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\System32\StikyNot.exe
C:\Users\Usuario\AppData\Roaming\uTorrent\uTorrent.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Users\Usuario\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Usuario\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Usuario\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Usuario\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Usuario\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Usuario\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Users\Usuario\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Usuario\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Usuario\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Usuario\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Usuario\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Usuario\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Usuario\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\mmc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uProxyOverride = <local>
uURLSearchHooks: <No Name>:  - LocalServer32 - <no file>
mURLSearchHooks: <No Name>:  - LocalServer32 - <no file>
mURLSearchHooks: GagetBox: {3B81079D-2AC9-425f-A494-A1C7D93AFA3C} - 
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - <orphaned>
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: IVONA Reader: {8664889D-ED18-4713-918F-E2BB69D8452B} - C:\Program Files (x86)\IVONA\IVONA Reader\integr\IR_iexplorer2.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
EB: GagetBox: {3B81079D-2AC9-425f-A494-A1C7D93AFA3C} - 
uRun: [Steam] "D:\Juegos\Steam Cracked\steam.exe" -silent
uRun: [Akamai NetSession Interface] "C:\Users\Usuario\AppData\Local\Akamai\netsession_win.exe"
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [uTorrent] "C:\Users\Usuario\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
mRun: [iSkysoft Helper Compact.exe] C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BTTray.lnk - D:\Tools\Software Bluetooth\BTTray.exe
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: &Enviar a OneNote - C:\PROGRA~1\MICROS~2\Office15\ONBttnIE.dll/105
IE: E&xportar a Microsoft Excel - C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
Trusted Zone: aeriagames.com
Trusted Zone: aeriagames.com
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
TCP: Interfaces\{DDEA86BD-A966-4531-B9FA-AFE9345EA8A3} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - 
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - 
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
x64-BHO: gurEaatsaver: {300DE0E5-072D-9BA0-8068-8A35A939AC27} - 
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - <orphaned>
x64-BHO: {8664889D-ED18-4713-918F-E2BB69D8452B} - <orphaned>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - 
x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - 
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-STS: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\td4btdvz.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Roblox\Versions\version-bac2ef28b67142d0\NPRobloxProxy.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll
FF - plugin: C:\ProgramData\FileLab\Plugin\Framework\npFlPluginS.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\Usuario\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Users\Usuario\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\Usuario\AppData\Roaming\Electronic Arts\Game Face\npGameFacePlugin.dll
FF - plugin: C:\Users\Usuario\AppData\Roaming\Kalydo\KalydoPlayer\bin1\npkalydo.dll
FF - plugin: C:\Users\Usuario\AppData\Roaming\raidcall\plugins\nprcplugin.dll
FF - plugin: C:\Users\Usuario\AppData\Roaming\TrianglePlayer\NPTrianglePlayer.dll
FF - plugin: C:\Windows\System32\npDeployJava1.dll
FF - plugin: C:\Windows\System32\npkfx.dll
FF - plugin: C:\Windows\System32\npkfxcv.dll
FF - plugin: C:\Windows\System32\npkfxes.dll
FF - plugin: C:\Windows\System32\npkfxexp.dll
FF - plugin: C:\Windows\System32\npkfxjv.dll
FF - plugin: C:\Windows\System32\npkfxmi.dll
FF - plugin: C:\Windows\System32\npkfxmoz.dll
FF - plugin: C:\Windows\System32\npkfxmp.dll
FF - plugin: C:\Windows\System32\npkfxne.dll
FF - plugin: C:\Windows\System32\npkfxpa.dll
FF - plugin: C:\Windows\System32\npkfxrsen.dll
FF - plugin: C:\Windows\System32\npkfxrskr.dll
FF - plugin: C:\Windows\System32\npkfxsdk.dll
FF - plugin: C:\Windows\System32\npmproxy.dll
FF - plugin: C:\Windows\System32\npOGPPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npkfx.dll
FF - plugin: C:\Windows\SysWOW64\npkfxcv.dll
FF - plugin: C:\Windows\SysWOW64\npkfxes.dll
FF - plugin: C:\Windows\SysWOW64\npkfxexp.dll
FF - plugin: C:\Windows\SysWOW64\npkfxjv.dll
FF - plugin: C:\Windows\SysWOW64\npkfxmi.dll
FF - plugin: C:\Windows\SysWOW64\npkfxmoz.dll
FF - plugin: C:\Windows\SysWOW64\npkfxmp.dll
FF - plugin: C:\Windows\SysWOW64\npkfxne.dll
FF - plugin: C:\Windows\SysWOW64\npkfxpa.dll
FF - plugin: C:\Windows\SysWOW64\npkfxrsen.dll
FF - plugin: C:\Windows\SysWOW64\npkfxrskr.dll
FF - plugin: C:\Windows\SysWOW64\npkfxsdk.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - plugin: C:\Windows\SysWOW64\npOGPPlugin.dll
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-12-29 78976]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-12-29 38528]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2013-9-27 248240]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-11-24 283064]
R1 HssDRV6;Hotspot Shield Routing Driver 6;C:\Windows\System32\drivers\hssdrv6.sys [2012-6-1 41224]
R2 e9f32388;GS Supporter;C:\Windows\System32\rundll32.exe [2009-7-13 45568]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [2014-2-4 377616]
R2 MBAMScheduler;MBAMScheduler;D:\Tools\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-10-30 418376]
R2 MBAMService;MBAMService;D:\Tools\Malwarebytes' Anti-Malware\mbamservice.exe [2012-10-30 701512]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2011-4-27 134944]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2013-12-2 1593632]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2013-11-11 16939296]
R2 RzMaelstromVADStreamingService;Razer Surround Audio Service;C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe [2013-11-21 4263936]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2014-2-4 411936]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-12-29 46136]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-2-24 126952]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-2-24 389608]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-10-30 25928]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2012-6-7 121416]
R3 NisSrv;Inspección de red de Microsoft;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-10-23 348376]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-1-22 39200]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-12-29 452200]
R3 RZMAELSTROMVADService;Razer Surround Audio Enhancer Service;C:\Windows\System32\drivers\RzMaelstromVAD.sys [2013-11-21 40696]
R3 tapqqvipacc;TAP-Win32 Adapter V9-QQvipacc;C:\Windows\System32\drivers\tapqqvipacc.sys [2013-9-8 30720]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-12-29 47232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
S2 KMService;KMService;C:\Windows\System32\srvany.exe --> C:\Windows\System32\srvany.exe [?]
S2 npkfxsvc;npkfxsvc;C:\Windows\SysWOW64\npkfxsvc.exe [2012-11-21 197888]
S2 OpenVPNAccessClient;OpenVPN Access Client;"C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\capiws.exe" --> C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\capiws.exe [?]
S2 S3DSvc32;S3D Service (Win32);D:\Tools\iZ3d driver para jugar 3d\Win32\S3DCService.exe --> D:\Tools\iZ3d driver para jugar 3d\Win32\S3DCService.exe [?]
S2 S3DSvc64;S3D Service (Win64);D:\Tools\iZ3d driver para jugar 3d\Win64\S3DCService.exe --> D:\Tools\iZ3d driver para jugar 3d\Win64\S3DCService.exe [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S3 BEService;BattlEye Service;C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [2013-6-3 49152]
S3 cpuz135;cpuz135;D:\Tools\PC wizard\pcwiz_x64.sys [2012-11-4 24368]
S3 Desura Install Service;Desura Install Service;C:\Program Files (x86)\Common Files\Desura\desura_service.exe [2012-8-31 131912]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-12-20 103576]
S3 DIRECTIO;DIRECTIO;D:\Tools\PerformanceTest\DirectIo64.sys [2013-8-10 25704]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2012-10-3 130976]
S3 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2014-2-4 2222416]
S3 hxsyol;hxsyol;D:\Juegos\Aura Kingdom\AuraKingdom\avital\hxsy64.sys [2013-12-24 86352]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-13 111616]
S3 libusb0;libusb-win32 - Kernel Driver 05/23/2013 0.0.0.0;C:\Windows\System32\drivers\libusb0.sys [2013-5-23 52320]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
S3 npkfxs;npkfxs;C:\Windows\SysWOW64\npkfxs.sys [2012-10-15 24416]
S3 npkfxu;npkfxu;C:\Windows\SysWOW64\npkfxu.sys [2012-10-15 31552]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-10-1 178824]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2011-12-31 20992]
S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2009-12-30 31800]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-12-20 204568]
S3 tapoas;TAP-Win32 Adapter OAS;C:\Windows\System32\drivers\tapoas.sys [2012-7-15 30720]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-12-31 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]
S3 WatAdminSvc;Servicio de tecnologías de activación de Windows;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-12-30 1255736]
S4 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-3-25 490280]
S4 OverwolfUpdaterService;Overwolf Updater Service;C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe --> C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [?]
S4 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\System32\drivers\ScreamingBAudio64.sys [2010-7-1 38992]
S4 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-1-19 3027840]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile="C:\Program Files (x86)\IVONA\IVONA Reader\IVONA Reader.exe" -l -o "%1" -x [default=ConvInIVONAReader  - 'Open' doesn't exist]
.
=============== Created Last 30 ================
.
2014-02-07 15:45:58 10315576 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{327FC1CD-ED1A-4159-AE06-592B678A72F5}\mpengine.dll
2014-02-06 22:49:50 -------- d-sh--w- C:\$RECYCLE.BIN
2014-02-06 22:36:38 -------- d-----w- C:\ComboFix
2014-02-06 22:36:10 -------- d-----w- C:\Users\Usuario\AppData\Local\CrashDumps
2014-02-06 21:15:13 -------- d-----w- C:\Windows\ERUNT
2014-02-06 20:50:25 -------- d-----w- C:\AdwCleaner
2014-02-06 16:19:29 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-06 16:18:14 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-02-06 15:13:55 10315576 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-02-05 23:34:19 -------- d-----w- C:\ProgramData\Elder Scrolls Online
2014-02-05 18:26:20 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi
2014-02-05 05:22:13 -------- d-----w- C:\Program Files (x86)\Zenimax Online
2014-02-04 17:30:14 599840 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2014-02-04 17:28:55 923936 ----a-w- C:\Windows\System32\nvvsvc.exe
2014-02-04 17:28:55 6712608 ----a-w- C:\Windows\System32\nvcpl.dll
2014-02-04 17:28:55 63776 ----a-w- C:\Windows\System32\nvshext.dll
2014-02-04 17:28:55 386336 ----a-w- C:\Windows\System32\nvmctray.dll
2014-02-04 17:28:55 3559557 ----a-w- C:\Windows\System32\nvcoproc.bin
2014-02-04 17:28:55 3498272 ----a-w- C:\Windows\System32\nvsvc64.dll
2014-02-04 17:28:55 2559776 ----a-w- C:\Windows\System32\nvsvcr.dll
2014-02-04 17:28:30 61216 ----a-w- C:\Windows\System32\OpenCL.dll
2014-02-04 17:28:30 53024 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2014-02-04 16:20:13 -------- d-----w- C:\Users\Usuario\AppData\Local\Nem's Tools
2014-02-01 16:29:51 -------- d-----w- C:\Users\Usuario\AppData\Roaming\rcru
2014-01-31 19:47:10 -------- d-----w- C:\Users\Usuario\AppData\Local\Playfire_Ltd
2014-01-31 19:43:36 -------- d-----w- C:\Users\Usuario\AppData\Roaming\Vulcan
2014-01-31 19:43:36 -------- d-----w- C:\Users\Usuario\AppData\Local\Vulcan
2014-01-31 00:00:42 -------- d-----w- C:\ProgramData\jglehfbkpcjjepkdnmadmilfkmeeagge
2014-01-31 00:00:42 -------- d-----w- C:\ProgramData\BiloickTheAds
2014-01-29 16:26:54 -------- d-----w- C:\ProgramData\Codemasters
2014-01-27 15:21:27 -------- d-----w- C:\Users\Usuario\AppData\Local\Criterion Games
2014-01-27 02:19:22 -------- d-----w- C:\Users\Usuario\jagexcache1
2014-01-27 00:47:57 -------- d-----w- C:\Users\Usuario\jagexcache
2014-01-25 03:53:40 -------- d-----w- C:\Users\Usuario\AppData\Roaming\openvr
2014-01-23 14:02:18 -------- d-----w- C:\Windows\SysWow64\LauncherLog
2014-01-23 13:35:10 -------- d-----w- C:\Users\Usuario\AppData\Roaming\Proxifier
2014-01-23 13:34:49 91240 ----a-w- C:\Windows\SysWow64\ProxifierShellExt.dll
2014-01-23 13:34:49 76392 ----a-w- C:\Windows\System32\PrxerDrv.dll
2014-01-23 13:34:49 70248 ----a-w- C:\Windows\SysWow64\PrxerDrv.dll
2014-01-23 13:34:49 57448 ----a-w- C:\Windows\System32\PrxerNsp.dll
2014-01-23 13:34:49 56424 ----a-w- C:\Windows\SysWow64\PrxerNsp.dll
2014-01-23 13:34:49 11264 ----a-w- C:\Windows\SysWow64\SPORDER.DLL
2014-01-23 13:34:49 103016 ----a-w- C:\Windows\System32\ProxifierShellExt.dll
2014-01-23 13:18:36 -------- d-----w- C:\Users\Usuario\AppData\Roaming\PrivateTunnel
2014-01-23 13:14:34 965000 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{6ABB9763-DCFB-48E4-906B-35C5935BB7D2}\gapaengine.dll
2014-01-23 13:13:15 -------- d-----w- C:\ProgramData\FlyVPN
2014-01-23 01:22:59 -------- d-----w- C:\Users\Usuario\AppData\Roaming\RotMG Hacked Client v2
2014-01-22 22:09:03 39200 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys
2014-01-22 22:09:03 33056 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll
2014-01-22 15:18:04 -------- d-----w- C:\Program Files (x86)\CRS
2014-01-17 23:35:57 -------- d-----w- C:\Users\Usuario\AppData\Roaming\.technic
2014-01-17 23:00:23 -------- d-----w- C:\Users\Usuario\AppData\Roaming\.minecraft
2014-01-15 18:03:29 -------- d-----w- C:\ProgramData\Oracle
2014-01-15 18:03:12 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-01-15 08:50:17 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2014-01-15 08:50:17 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2014-01-15 08:50:17 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2014-01-15 08:50:17 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2014-01-15 08:50:17 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2014-01-15 08:50:17 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2014-01-15 08:50:17 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2014-01-15 08:50:15 3156480 ----a-w- C:\Windows\System32\win32k.sys
2014-01-15 08:50:13 376768 ----a-w- C:\Windows\System32\drivers\netio.sys
2014-01-14 13:11:39 -------- d-----w- C:\Users\Usuario\3079Saves
2014-01-12 14:18:58 -------- d-----w- C:\Users\Usuario\3089
2014-01-10 14:36:14 -------- d-----w- C:\Users\Usuario\AppData\Roaming\DarknessII
2014-01-08 16:26:13 -------- d-----w- C:\Users\Usuario\AppData\Local\Packages
2014-01-08 16:26:13 -------- d-----w- C:\ProgramData\gurEaatsaver
2014-01-08 16:26:12 -------- d-----w- C:\Program Files (x86)\gurEaatsaver
.
==================== Find3M  ====================
.
2014-02-05 03:45:20 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-05 03:45:20 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-02-04 20:37:13 214392 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2014-02-04 20:37:06 214392 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2014-01-25 23:52:29 282296 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2014-01-21 02:53:40 1048152 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2014-01-21 02:53:29 1179576 ----a-w- C:\Windows\System32\nvspcap64.dll
2014-01-19 07:33:29 270496 ------w- C:\Windows\System32\MpSigStub.exe
2013-12-27 18:42:16 35104 ----a-w- C:\Windows\System32\nvaudcap64v.dll
2013-12-18 19:41:25 159160 ----a-w- C:\Windows\System32\TesSafe.sys
2013-12-12 18:55:35 129304 ----a-w- C:\Windows\System32\xunyount64.dll
2013-11-28 13:38:22 31520 ----a-w- C:\Windows\System32\nvhdap64.dll
2013-11-28 13:38:18 197408 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll
2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll
2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll
2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-11-24 23:32:54 283064 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2013-11-22 08:36:08 1515296 ----a-w- C:\Windows\System32\nvhdagenco6420103.dll
2013-11-21 09:59:28 40696 ----a-w- C:\Windows\System32\drivers\RzMaelstromVAD.sys
2013-11-21 09:56:06 245760 ----a-w- C:\Windows\System32\DriverInstallCACMD.exe
2013-11-21 09:56:04 69632 ----a-w- C:\Windows\System32\DriverInstallCA.dll
2013-11-12 02:23:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-11-12 02:07:29 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
.
============= FINISH: 13:15:18.84 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:58 AM

Posted 10 February 2014 - 02:40 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
thisisujrt.gif Please download
Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.
===

Download correct tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM.
Let me know what problem persists.

#3 Doomzday1

Doomzday1
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:58 PM

Posted 11 February 2014 - 12:24 PM

Hi, thanks for the reply. I forgot to mention i ran AdwCleaner the day i noticed the extension, i'll paste the result from then together with the new results.

 

AdwCleaner #1

 

# AdwCleaner v3.018 - Reporte Creado 06/02/2014 en 18:09:08
# Actualizado 28/01/2014 por Xplode
# Sistema Operativo : Windows 7 Ultimate Service Pack 1 (64 bits)
# Nombre de usuario : Usuario - USUARIO-PC
# Ejecutado desde : D:\Tools\AdwCleaner.exe
# Opción : Limpiar
 
***** [ Servicios ] *****
 
 
***** [ Archivos / Carpetas ] *****
 
Carpeta Borrar : C:\ProgramData\GadgetBox
Carpeta Borrar : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
Carpeta Borrar : C:\Program Files (x86)\myfree codec
Carpeta Borrar : C:\Program Files (x86)\Common Files\Tencent
Carpeta Borrar : C:\Program Files\Windows Sidebar\Shared Gadgets\gadgetbox.gadget
Carpeta Borrar : C:\Users\Usuario\AppData\Local\Babylon
Carpeta Borrar : C:\Users\Usuario\AppData\Local\thinstall
Carpeta Borrar : C:\Users\Usuario\AppData\Local\torch
Carpeta Borrar : C:\Users\Usuario\AppData\LocalLow\wxDfast
Carpeta Borrar : C:\Users\Usuario\AppData\Roaming\Tencent
Carpeta Borrar : C:\Users\Usuario\AppData\Roaming\thinstall
Carpeta Borrar : C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\myfree codec
 
***** [ Accesos directos ] *****
 
 
***** [ Registro ] *****
 
Valor Borrar : HKCU\Software\Mozilla\Firefox\Extensions [ClickPotatoLite@ClickPotatoLite.com]
Clave Borrar : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Clave Borrar : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Clave Borrar : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
Clave Borrar : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Clave Borrar : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Clave Borrar : HKLM\SOFTWARE\Classes\Prod.cap
Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\ClickPotatoLiteSA_RASAPI32
Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\ClickPotatoLiteSA_RASMANCS
Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_hamachi (1)_RASAPI32
Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_hamachi (1)_RASMANCS
Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_hamachi_RASAPI32
Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_hamachi_RASMANCS
Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_augart-video-converter_RASAPI32
Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_augart-video-converter_RASMANCS
Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_avisynth_RASAPI32
Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_avisynth_RASMANCS
Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_camtasia-studio (1)_RASAPI32
Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_camtasia-studio (1)_RASMANCS
Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_camtasia-studio_RASAPI32
Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_camtasia-studio_RASMANCS
Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_daemon-tools_RASAPI32
Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_daemon-tools_RASMANCS
Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_dungeon-lords_RASAPI32
Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_dungeon-lords_RASMANCS
Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_jdownloader_RASAPI32
Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_jdownloader_RASMANCS
Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_k-lite-codec-pack_RASAPI32
Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_k-lite-codec-pack_RASMANCS
Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_logmein-hamachi_RASAPI32
Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_logmein-hamachi_RASMANCS
Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_morphvox_RASAPI32
Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_morphvox_RASMANCS
Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_pc-wizard_RASAPI32
Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_pc-wizard_RASMANCS
Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_pixel-ruler_RASAPI32
Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_pixel-ruler_RASMANCS
Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_san-andreas-mod-installer_RASAPI32
Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_san-andreas-mod-installer_RASMANCS
Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_sodelscot-estandar_RASAPI32
Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_sodelscot-estandar_RASMANCS
Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_speedfan_RASAPI32
Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_speedfan_RASMANCS
Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_srt-to-ssa-converter_RASAPI32
Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_srt-to-ssa-converter_RASMANCS
Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_total-video-converter_RASAPI32
Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_total-video-converter_RASMANCS
Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_virtualdubmod_RASAPI32
Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_virtualdubmod_RASMANCS
Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_virtualdub_RASAPI32
Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_virtualdub_RASMANCS
Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_windows-movie-maker_RASAPI32
Clave Borrar : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_windows-movie-maker_RASMANCS
Clave Borrar : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Clave Borrar : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Clave Borrar : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415C-8A37-763AE183E7E4}
Clave Borrar : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Clave Borrar : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Clave Borrar : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
Clave Borrar : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Clave Borrar : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Clave Borrar : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Clave Borrar : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
Clave Borrar : HKLM\SOFTWARE\Classes\CLSID\{FD501041-8EBE-11CE-8183-00AA00577DA2}
Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{A36BCB13-778D-4A40-99C1-D686086D268F}
Clave Borrar : HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Clave Borrar : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Clave Borrar : HKLM\SOFTWARE\Classes\TypeLib\{CCA8F2AB-BE4E-41F0-A289-4D960CEA58EA}
Clave Borrar : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Clave Borrar : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Clave Borrar : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Clave Borrar : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Clave Borrar : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Clave Borrar : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Clave Borrar : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Clave Borrar : [x64] HKLM\SOFTWARE\Classes\Interface\{A36BCB13-778D-4A40-99C1-D686086D268F}
Clave Borrar : [x64] HKLM\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
Clave Borrar : [x64] HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Clave Borrar : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Clave Borrar : HKCU\Software\BI
Clave Borrar : HKCU\Software\Conduit
Clave Borrar : HKCU\Software\Headlight
Clave Borrar : HKCU\Software\Myfree Codec
Clave Borrar : HKCU\Software\Softonic
Clave Borrar : HKCU\Software\TENCENT
Clave Borrar : HKCU\Software\AppDataLow\Software\smartbar
Clave Borrar : HKLM\Software\Babylon
Clave Borrar : HKLM\Software\Freeze.com
Clave Borrar : HKLM\Software\Myfree Codec
Clave Borrar : HKLM\Software\systweak
Clave Borrar : HKLM\Software\TENCENT
Clave Borrar : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
Clave Borrar : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
 
***** [ Navegadores ] *****
 
-\\ Internet Explorer v11.0.9600.16428
 
 
-\\ Mozilla Firefox v24.0 (es-AR)
 
[ Archivo : C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\td4btdvz.default\prefs.js ]
 
 
-\\ Google Chrome v
 
[ Archivo : C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [11746 octets] - [06/02/2014 18:07:26]
AdwCleaner[S0].txt - [10675 octets] - [06/02/2014 18:09:08]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10736 octets] ##########

 

 
AdwCleaner #2
 
# AdwCleaner v3.018 - Reporte Creado 11/02/2014 en 13:32:13
# Actualizado 28/01/2014 por Xplode
# Sistema Operativo : Windows 7 Ultimate Service Pack 1 (64 bits)
# Nombre de usuario : Usuario - USUARIO-PC
# Ejecutado desde : C:\Users\Usuario\Downloads\adwcleaner.exe
# Opción : Limpiar
 
***** [ Servicios ] *****
 
 
***** [ Archivos / Carpetas ] *****
 
 
***** [ Accesos directos ] *****
 
 
***** [ Registro ] *****
 
 
***** [ Navegadores ] *****
 
-\\ Internet Explorer v11.0.9600.16428
 
 
-\\ Mozilla Firefox v24.0 (es-AR)
 
[ Archivo : C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\td4btdvz.default\prefs.js ]
 
 
-\\ Google Chrome v
 
[ Archivo : C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [11746 octets] - [06/02/2014 18:07:26]
AdwCleaner[R1].txt - [1039 octets] - [06/02/2014 19:29:18]
AdwCleaner[R2].txt - [1178 octets] - [11/02/2014 13:30:58]
AdwCleaner[S0].txt - [10845 octets] - [06/02/2014 18:09:08]
AdwCleaner[S1].txt - [1099 octets] - [06/02/2014 19:30:36]
AdwCleaner[S2].txt - [1098 octets] - [11/02/2014 13:32:13]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1158 octets] ##########
 
 
Junkware Removal Tool
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows 7 Ultimate x64
Ran by Usuario on 11/02/14 at 13:40:56.29
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11/02/14 at 13:47:22.05
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
Farbar Recovery Scan Tool
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-02-2014 01
Ran by Usuario (administrator) on USUARIO-PC on 11-02-2014 14:10:11
Running from C:\Users\Usuario\Downloads
Windows 7 Ultimate Service Pack 1 (X64) OS Language: Spanish Modern Sort
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Broadcom Corporation.) D:\Tools\Software Bluetooth\bin\btwdins.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(A-Volute) C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Akamai Technologies, Inc.) C:\Users\Usuario\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Akamai Technologies, Inc.) C:\Users\Usuario\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11613288 2010-11-19] (Realtek Semiconductor)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [Nvtmru] - "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\nvspcap64.dll [1179576 2014-01-20] (NVIDIA Corporation)
HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-01-20] (NVIDIA Corporation)
HKLM-x32\...\Run: [JMB36X IDE Setup] - C:\Windows\RaidTool\xInsIDE.exe [43608 2010-09-07] ()
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [Razer Synapse] - C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [442712 2013-11-17] (Razer Inc.)
HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] - C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3813712 2014-02-04] (LogMeIn Inc.)
HKU\S-1-5-21-2930568964-3896399684-787456249-1000\...\Run: [Steam] - D:\Juegos\Steam Cracked\steam.exe [1813184 2014-02-07] (Valve Corporation)
HKU\S-1-5-21-2930568964-3896399684-787456249-1000\...\Run: [Akamai NetSession Interface] - C:\Users\Usuario\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKU\S-1-5-21-2930568964-3896399684-787456249-1000\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-2930568964-3896399684-787456249-1000\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-2930568964-3896399684-787456249-1000\...\Run: [uTorrent] - C:\Users\Usuario\AppData\Roaming\uTorrent\uTorrent.exe [905296 2014-01-25] (BitTorrent Inc.)
AppInit_DLLs: => File Not Found
AppInit_DLLs: C:\PROGRA~2\GSSUPP~1\ASSIST~2.DLL => C:\Program Files (x86)\GS Supporter\Assistant_x64.dll [2759168 2014-01-08] ()
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x12FE12765859CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = es-ar
URLSearchHook: HKLM-x32 - Default Value = {3B81079D-2AC9-425f-A494-A1C7D93AFA3C}
URLSearchHook: HKLM-x32 - GagetBox - {3B81079D-2AC9-425f-A494-A1C7D93AFA3C} - C:\Program Files (x86)\GadgetBox\gadgetBoxTB.dll No File
URLSearchHook: HKCU - Default Value = {3B81079D-2AC9-425f-A494-A1C7D93AFA3C}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: gurEaatsaver - {300DE0E5-072D-9BA0-8068-8A35A939AC27} - C:\Program Files (x86)\gurEaatsaver\ir5Hw4FW.x64.dll No File
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: No Name - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -  No File
BHO: No Name - {8664889D-ED18-4713-918F-E2BB69D8452B} -  No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: No Name - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -  No File
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: IVONA Reader - {8664889D-ED18-4713-918F-E2BB69D8452B} - C:\Program Files (x86)\IVONA\IVONA Reader\integr\IR_iexplorer2.dll (IVONA Software Sp. z o.o.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {8664889D-ED18-4713-918F-E2BB69D8452B} -  No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll No File
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll No File
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll No File
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll No File
Winsock: Catalog5 10 C:\Windows\SysWOW64\PrxerNsp.dll [56424] ()
Winsock: Catalog5-x64 10 %SystemRoot%\system32\PrxerNsp.dll [57448] ()
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\td4btdvz.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @java.com/DTPlugin,version=10.9.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @ASC/FileLabPlugin;version=1.1.33 - C:\ProgramData\FileLab\Plugin\Framework\npFlPluginS.dll (FileLab)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.118.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.132.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.3 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.3.1 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll No File
FF Plugin-x32: @nprotect.com/keycrypt - C:\Windows\system32\npkfxmp.dll No File
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @ogplanet.com/npOGPPlugin - C:\Windows\system32\npOGPPlugin.dll No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @qq.com/TXSSO - C:\Program Files (x86)\Common Files\Tencent\TXSSO\1.2.1.89\Bin\npSSOAxCtrlForPTLogin.dll No File
FF Plugin-x32: @raidcall.en/RCplugin - C:\Users\Usuario\AppData\Roaming\rcru\plugins\nprcplugin.dll (Raidcall)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @Webzen.com/NPBrowserExt - C:\Program Files (x86)\WEBZEN\BrowserExtension\NPWZCmnCtrl.dll No File
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @eximion.com/KalydoPlayer - C:\Users\Usuario\AppData\Roaming\Kalydo\KalydoPlayer\bin1\npkalydo.dll (Eximion B.V.)
FF Plugin HKCU: @nsroblox.roblox.com/launcher - C:\Program Files (x86)\Roblox\Versions\version-bac2ef28b67142d0\\NPRobloxProxy.dll ( ROBLOX Corporation)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Usuario\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Usuario\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @TrianglePlayer - C:\Users\Usuario\AppData\Roaming\TrianglePlayer\NPTrianglePlayer.dll ()
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Usuario\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\creativecommons.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\drae.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mercadolibre-ar.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-ar.xml
FF Extension: Adblock Plus - C:\Users\Usuario\AppData\Roaming\Mozilla\Firefox\Profiles\td4btdvz.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-02]
FF HKCU\...\Firefox\Extensions: [{b011b92d-cb28-4d63-9cb1-d844192476e0}] - C:\Program Files (x86)\a2zlyr\132.xpi
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Usuario\AppData\Local\Google\Chrome\Application\32.0.1700.102\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Usuario\AppData\Local\Google\Chrome\Application\32.0.1700.102\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Usuario\AppData\Local\Google\Chrome\Application\32.0.1700.102\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL No File
CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll No File
CHR Plugin: (ESN Sonar API) - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
CHR Plugin: (Java™ Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (Unity Player) - C:\Users\Usuario\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Google Update) - C:\Users\Usuario\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Extension: (YouTube) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-09]
CHR Extension: (Búsqueda de Google) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-09]
CHR Extension: (Realm of the Mad God) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhjfmaldpppkmjjgkmadddbanpabfflp [2014-01-22]
CHR Extension: (AdBlock) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-02-07]
CHR Extension: (YouTube Center) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\heajdnnooakmbbclhphfffkpafehdmgk [2014-02-06]
CHR Extension: (Extension Defender) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkakdehcmmnojcdalpkfgmhphnicaonm [2014-02-06]
CHR Extension: (Google Wallet) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Battlelog Emblem Editor Extended) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\noagedoiolkfaoaknohhepocfeooibjb [2014-01-22]
CHR Extension: (Gmail) - C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-09]
CHR HKLM-x32\...\Chrome\Extension: [ciljpgjahkpnilhbolpaphfjhlejnplm] - C:\Program Files (x86)\a2zlyr\132.crx [2012-11-09]
CHR HKLM-x32\...\Chrome\Extension: [fhocdmhohpjjbaamenhbaidaoihaiflb] - C:\ProgramData\wxDfast\fhocdmhohpjjbaamenhbaidaoihaiflb.crx [2012-11-09]
CHR StartMenuInternet: Google Chrome - C:\Users\Usuario\AppData\Local\Google\Chrome\Application\chrome.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2012-01-19] (Adobe Systems)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2013-06-03] ()
R2 btwdins; D:\Tools\Software Bluetooth\bin\btwdins.exe [266295 2005-08-29] (Broadcom Corporation.)
S2 e9f32388; C:\Program Files (x86)\GS Supporter\AssistantSvc.dll [146768 2014-01-08] ()
S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] ()
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377616 2014-02-04] (LogMeIn, Inc.)
S2 MBAMScheduler; D:\Tools\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; D:\Tools\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [5204224 2013-11-06] (INCA Internet Co., Ltd.)
S2 npkfxsvc; C:\Windows\SysWOW64\npkfxsvc.exe [197888 2012-11-21] (INCA Internet Co., Ltd.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-20] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16939296 2014-01-20] (NVIDIA Corporation)
S4 PinnacleUpdateSvc; D:\Tools\Pinnacle Game Profiler\pinnacle_updater.exe [430080 2011-05-09] (PowerUp Software, LLC)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-02-10] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [173616 2007-02-07] ()
R2 RzMaelstromVADStreamingService; C:\ProgramData\Razer\Synapse\Devices\Razer Surround\Driver\RzMaelstromVADStreamingService.exe [4263936 2013-11-21] (A-Volute)
S2 OpenVPNAccessClient; "C:\Program Files (x86)\OpenVPN Technologies\PrivateTunnel\core\capiws.exe" [X]
S4 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [X]
S2 S3DSvc32; D:\Tools\iZ3d driver para jugar 3d\Win32\S3DCService.exe [X]
S2 S3DSvc64; D:\Tools\iZ3d driver para jugar 3d\Win64\S3DCService.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
S3 1394hub; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 cpuz135; D:\Tools\PC wizard\pcwiz_x64.sys [24368 2012-08-11] (CPUID)
S3 DIRECTIO; D:\Tools\PerformanceTest\DirectIo64.sys [25704 2012-08-13] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-11-24] (Disc Soft Ltd)
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [41224 2012-06-01] (AnchorFree Inc.)
S3 hxsyol; D:\Juegos\Aura Kingdom\AuraKingdom\avital\hxsy64.sys [86352 2013-11-26] ()
S3 libusb0; C:\Windows\System32\DRIVERS\libusb0.sys [52320 2013-05-23] (http://libusb-win32.sourceforge.net)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
S3 npkfxs; c:\windows\syswow64\npkfxs.sys [24416 2013-07-07] (INCA Internet Co.,Ltd.)
S3 npkfxu; c:\windows\syswow64\npkfxu.sys [31552 2013-07-07] (INCA Internet Co.,Ltd.)
S3 NPPTNT2; C:\Windows\SysWOW64\npptNT2.sys [4682 2004-12-31] (INCA Internet Co., Ltd.)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
R3 RZMAELSTROMVADService; C:\Windows\System32\drivers\RzMaelstromVAD.sys [40696 2013-11-21] (Windows ® Win 7 DDK provider)
S3 tapoas; C:\Windows\System32\DRIVERS\tapoas.sys [30720 2012-07-15] (The OpenVPN Project)
R3 tapqqvipacc; C:\Windows\System32\DRIVERS\tapqqvipacc.sys [30720 2013-09-08] (The OpenVPN Project)
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B}; C:\Program Files (x86)\CyberLink\PowerDVD\000.fcl [13560 2006-11-02] (Cyberlink Corp.)
S2 AODDriver4.01; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S2 AODDriver4.2.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz134; \??\D:\PC Wizard\PC Wizard 2010\pcwiz_x64.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S1 iZ3DInjectionDriver; \??\D:\Tools\iZ3d driver para jugar 3d\Win64\S3DInjectionDriver.sys [X]
S3 slb; \??\D:\Juegos\Scarlet Blade\ScarletBlade\avital\scarlb64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 X6va001; \??\C:\Users\Usuario\AppData\Local\Temp\00132A1.tmp [X]
S3 X6va009; \??\C:\Windows\SysWOW64\Drivers\X6va009 [X]
S3 X6va010; \??\C:\Windows\SysWOW64\Drivers\X6va010 [X]
S3 X6va012; \??\C:\Windows\SysWOW64\Drivers\X6va012 [X]
S3 X6va015; \??\C:\Windows\SysWOW64\Drivers\X6va015 [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-02-11 14:10 - 2014-02-11 14:10 - 00024155 _____ () C:\Users\Usuario\Downloads\FRST.txt
2014-02-11 14:10 - 2014-02-11 14:10 - 00000000 ____D () C:\FRST
2014-02-11 13:47 - 2014-02-11 13:47 - 00000619 _____ () C:\Users\Usuario\Desktop\JRT.txt
2014-02-11 13:29 - 2014-02-11 13:29 - 02151424 _____ (Farbar) C:\Users\Usuario\Downloads\FRST64.exe
2014-02-11 13:29 - 2014-02-11 13:29 - 01037530 _____ (Thisisu) C:\Users\Usuario\Downloads\JRT.exe
2014-02-11 13:28 - 2014-02-11 13:28 - 01166132 _____ () C:\Users\Usuario\Downloads\adwcleaner.exe
2014-02-11 00:42 - 2014-02-11 00:42 - 00000000 ____D () C:\Users\Usuario\Documents\Puzzler
2014-02-10 12:28 - 2014-02-10 12:28 - 00642560 _____ (ashongsoft.com) C:\Users\Usuario\Downloads\GiFResizer.exe
2014-02-09 11:41 - 2014-02-09 11:41 - 00045393 _____ () C:\Users\Usuario\Downloads\[kickass.to]horriblesubs.log.horizon.19.1080p.mkv.torrent
2014-02-07 13:15 - 2014-02-07 13:19 - 00018125 _____ () C:\Users\Usuario\Desktop\attach.txt
2014-02-07 13:15 - 2014-02-07 13:18 - 00029612 _____ () C:\Users\Usuario\Desktop\dds.txt
2014-02-06 19:36 - 2014-02-10 17:59 - 00000000 ____D () C:\Users\Usuario\AppData\Local\CrashDumps
2014-02-06 19:36 - 2014-02-06 19:50 - 00000000 ____D () C:\ComboFix
2014-02-06 19:36 - 2014-02-06 19:36 - 00000000 ____D () C:\Qoobox
2014-02-06 18:15 - 2014-02-06 18:15 - 00000000 ____D () C:\Windows\ERUNT
2014-02-06 17:50 - 2014-02-11 13:32 - 00000000 ____D () C:\AdwCleaner
2014-02-06 13:19 - 2014-02-06 13:59 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-06 13:18 - 2014-02-06 13:18 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-02-05 20:37 - 2014-02-05 20:37 - 00001586 _____ () C:\Users\Usuario\Desktop\Elder Scrolls Online Beta.lnk
2014-02-05 20:34 - 2014-02-05 20:34 - 00000000 ____D () C:\Users\Usuario\Documents\Elder Scrolls Online
2014-02-05 20:34 - 2014-02-05 20:34 - 00000000 ____D () C:\ProgramData\Elder Scrolls Online
2014-02-05 15:26 - 2014-02-05 15:26 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-02-05 02:22 - 2014-02-05 02:23 - 00000000 ____D () C:\Program Files (x86)\Zenimax Online
2014-02-04 18:18 - 2014-02-04 18:18 - 00000673 _____ () C:\Users\Usuario\Desktop\Need for Speed Rivals.lnk
2014-02-04 14:30 - 2014-02-04 14:30 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-02-04 14:30 - 2014-01-15 19:35 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-02-04 14:29 - 2014-02-11 13:33 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-02-04 14:28 - 2014-01-15 20:13 - 00061216 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-02-04 14:28 - 2014-01-15 20:13 - 00053024 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2014-02-04 14:28 - 2014-01-15 18:53 - 06712608 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-02-04 14:28 - 2014-01-15 18:53 - 03498272 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-02-04 14:28 - 2014-01-15 18:53 - 02559776 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-02-04 14:28 - 2014-01-15 18:53 - 00923936 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-02-04 14:28 - 2014-01-15 18:53 - 00386336 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-02-04 14:28 - 2014-01-15 18:53 - 00063776 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-02-04 14:28 - 2014-01-13 19:31 - 03559557 _____ () C:\Windows\system32\nvcoproc.bin
2014-02-04 14:25 - 2014-01-15 20:13 - 31421216 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-02-04 14:25 - 2014-01-15 20:13 - 25255200 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-02-04 14:25 - 2014-01-15 20:13 - 23672096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-02-04 14:25 - 2014-01-15 20:13 - 18184976 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-02-04 14:25 - 2014-01-15 20:13 - 17714760 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-02-04 14:25 - 2014-01-15 20:13 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-02-04 14:25 - 2014-01-15 20:13 - 15690744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-02-04 14:25 - 2014-01-15 20:13 - 14668008 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-02-04 14:25 - 2014-01-15 20:13 - 12668192 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-02-04 14:25 - 2014-01-15 20:13 - 11631544 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-02-04 14:25 - 2014-01-15 20:13 - 11583616 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-02-04 14:25 - 2014-01-15 20:13 - 09723944 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-02-04 14:25 - 2014-01-15 20:13 - 09686304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-02-04 14:25 - 2014-01-15 20:13 - 03142432 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-02-04 14:25 - 2014-01-15 20:13 - 03087112 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-02-04 14:25 - 2014-01-15 20:13 - 02956576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-02-04 14:25 - 2014-01-15 20:13 - 02782496 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-02-04 14:25 - 2014-01-15 20:13 - 02711656 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-02-04 14:25 - 2014-01-15 20:13 - 02410784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-02-04 14:25 - 2014-01-15 20:13 - 01885472 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433467.dll
2014-02-04 14:25 - 2014-01-15 20:13 - 01515296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433467.dll
2014-02-04 14:25 - 2014-01-15 20:13 - 00947808 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2014-02-04 14:25 - 2014-01-15 20:13 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-02-04 14:25 - 2014-01-15 20:13 - 00892192 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-02-04 14:25 - 2014-01-15 20:13 - 00863520 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-02-04 14:25 - 2014-01-15 20:13 - 00859936 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-02-04 14:25 - 2014-01-15 20:13 - 00832424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-02-04 14:25 - 2014-01-15 20:13 - 00483104 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-02-04 14:25 - 2014-01-15 20:13 - 00408352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-02-04 14:25 - 2014-01-15 20:13 - 00378656 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2014-02-04 14:25 - 2014-01-15 20:13 - 00353504 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-02-04 14:25 - 2014-01-15 20:13 - 00333600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-02-04 14:25 - 2014-01-15 20:13 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-02-04 14:25 - 2014-01-15 20:13 - 00174296 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-02-04 14:25 - 2014-01-15 20:13 - 00148016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-02-04 14:25 - 2014-01-15 20:13 - 00024544 _____ () C:\Windows\system32\nvinfo.pb
2014-02-04 14:25 - 2013-11-28 10:38 - 00197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2014-02-04 14:25 - 2013-11-28 10:38 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2014-02-04 14:25 - 2013-11-22 05:36 - 01515296 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2014-02-04 13:20 - 2014-02-04 13:20 - 00000000 ____D () C:\Users\Usuario\AppData\Local\Nem's Tools
2014-02-04 13:18 - 2014-02-04 13:18 - 00604819 _____ (Ryan Gregg ) C:\Users\Usuario\Downloads\gcfscape185.exe
2014-02-04 12:13 - 2014-02-04 12:13 - 00001293 _____ () C:\Users\Usuario\Desktop\Ghost Stories English Dubbed Ep01.mkv - Acceso directo.lnk
2014-02-04 12:13 - 2014-02-04 12:13 - 00001189 _____ () C:\Users\Usuario\Desktop\A Tale of Two Sisters.lnk
2014-02-04 00:15 - 2014-02-04 00:15 - 00020711 _____ () C:\Users\Usuario\Downloads\[kickass.to]ghost.stories.english.dubbed.1.20.complete.sum1.here.silverrg.torrent
2014-02-03 16:33 - 2014-02-03 16:33 - 00041736 _____ () C:\Users\Usuario\Downloads\[kickass.to]a.tale.of.two.sisters.2003.1080p.bluray.x264.cinefile.torrent
2014-02-03 13:58 - 2014-02-03 13:58 - 00037859 _____ () C:\Users\Usuario\Downloads\[kickass.to]rune.co.op.vista.portable.halls.of.valhalla.torrent
2014-02-02 12:12 - 2014-02-02 12:12 - 00000000 ____D () C:\Users\Usuario\Documents\Ghost Games
2014-02-02 05:00 - 2014-02-02 05:00 - 00045453 _____ () C:\Users\Usuario\Downloads\[kickass.to]horriblesubs.log.horizon.16.1080p.mkv.torrent
2014-02-02 05:00 - 2014-02-02 05:00 - 00045313 _____ () C:\Users\Usuario\Downloads\[kickass.to]horriblesubs.log.horizon.18.1080p.mkv.torrent
2014-02-02 05:00 - 2014-02-02 05:00 - 00045167 _____ () C:\Users\Usuario\Downloads\[HorribleSubs] Log Horizon - 17 [1080p].mkv.torrent
2014-02-02 05:00 - 2014-02-02 05:00 - 00012672 _____ () C:\Users\Usuario\Downloads\[kickass.to]horriblesubs.log.horizon.15.480p.mkv.torrent
2014-02-02 04:57 - 2014-02-02 04:57 - 00038719 _____ () C:\Users\Usuario\Downloads\[kickass.to]need.for.speed.rivals.pc.game.nosteam.torrent
2014-02-01 13:29 - 2014-02-01 13:29 - 00000000 ____D () C:\Users\Usuario\AppData\Roaming\rcru
2014-01-31 20:57 - 2014-01-31 20:57 - 02012453 _____ () C:\Users\Usuario\Downloads\114002.user.js
2014-01-31 20:42 - 2014-01-31 20:42 - 02525151 _____ () C:\Users\Usuario\Downloads\YouTubeCenter.user.js
2014-01-31 16:47 - 2014-01-31 16:47 - 00000000 ____D () C:\Users\Usuario\AppData\Local\Playfire_Ltd
2014-01-31 16:43 - 2014-01-31 16:43 - 00000000 ____D () C:\Users\Usuario\AppData\Roaming\Vulcan
2014-01-31 16:43 - 2014-01-31 16:43 - 00000000 ____D () C:\Users\Usuario\AppData\Local\Vulcan
2014-01-30 21:00 - 2014-02-06 12:59 - 00000000 ____D () C:\ProgramData\BiloickTheAds
2014-01-30 21:00 - 2014-01-30 21:00 - 00000000 ____D () C:\ProgramData\jglehfbkpcjjepkdnmadmilfkmeeagge
2014-01-30 20:28 - 2014-01-30 20:28 - 00020968 _____ () C:\Users\Usuario\Downloads\[kickass.to]breaking.bad.s04.season.4.1080p.web.dl.reenc.deejayahmed.littlefairyrg.torrent
2014-01-29 14:45 - 2014-01-29 14:45 - 00000000 ____D () C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-01-29 13:26 - 2014-01-29 13:26 - 00000000 ____D () C:\ProgramData\Codemasters
2014-01-28 23:20 - 2014-01-28 23:20 - 00016620 _____ () C:\Users\Usuario\Downloads\[kickass.to]kairo.2001.english.subs.torrent
2014-01-28 03:01 - 2014-01-28 03:01 - 00295605 _____ () C:\Users\Usuario\Downloads\BPAdvCFGv040.rar
2014-01-27 20:17 - 2014-01-27 20:17 - 00007892 _____ () C:\Users\Usuario\Downloads\[kickass.to]grid.2.reloaded.torrent
2014-01-27 12:21 - 2014-01-27 12:21 - 00000000 ____D () C:\Users\Usuario\AppData\Local\Criterion Games
2014-01-27 07:42 - 2014-01-28 03:11 - 00001289 _____ () C:\Users\Public\Desktop\Burnout Paradise The Ultimate Box.lnk
2014-01-27 02:20 - 2014-01-27 02:20 - 00723018 _____ () C:\Users\Usuario\Downloads\RSBot-5058.jar
2014-01-26 23:19 - 2014-01-27 02:20 - 00000047 _____ () C:\Users\Usuario\jagex_cl_runescape_LIVE1.dat
2014-01-26 23:19 - 2014-01-26 23:19 - 00000000 ____D () C:\Users\Usuario\jagexcache1
2014-01-26 21:47 - 2014-01-29 11:18 - 00000046 _____ () C:\Users\Usuario\jagex_cl_runescape_LIVE.dat
2014-01-26 21:47 - 2014-01-26 21:47 - 00000000 ____D () C:\Users\Usuario\jagexcache
2014-01-25 23:26 - 2014-01-25 23:26 - 00021050 _____ () C:\Users\Usuario\Downloads\[kickass.to]breaking.bad.s03.season.3.1080p.web.dl.reenc.deejayahmed.littlefairyrg.torrent
2014-01-25 16:14 - 2014-01-25 16:21 - 24300720 _____ (Passmark Software ) C:\Users\Usuario\Downloads\petst.exe
2014-01-25 15:47 - 2014-01-25 15:47 - 00000835 _____ () C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2014-01-25 01:26 - 2014-01-25 01:28 - 10999116 _____ () C:\Users\Usuario\Downloads\eversion173.zip
2014-01-25 00:53 - 2014-01-25 00:53 - 00000000 ____D () C:\Users\Usuario\AppData\Roaming\openvr
2014-01-24 17:37 - 2014-01-24 17:37 - 00000701 _____ () C:\Users\Usuario\Documents\Usuario - Acceso directo.lnk
2014-01-23 18:26 - 2014-01-23 18:28 - 24097311 _____ () C:\Users\Usuario\Downloads\vlc-2.1.2-win32.exe
2014-01-23 12:03 - 2014-01-23 12:03 - 00000000 _____ () C:\Windows\SysWOW64\2014-1-23 12_3_54_Rev_255208_navi.log
2014-01-23 11:26 - 2014-01-23 11:52 - 38077409 _____ () C:\Users\Usuario\Downloads\vpngate-client-2014.01.23-build-9412.128748.zip
2014-01-23 11:02 - 2014-01-23 11:02 - 00000000 ____D () C:\Windows\SysWOW64\LauncherLog
2014-01-23 10:35 - 2014-01-23 10:35 - 00000000 ____D () C:\Users\Usuario\AppData\Roaming\Proxifier
2014-01-23 10:34 - 2012-11-22 18:57 - 00103016 _____ (Initex) C:\Windows\system32\ProxifierShellExt.dll
2014-01-23 10:34 - 2012-11-22 18:57 - 00091240 _____ (Initex) C:\Windows\SysWOW64\ProxifierShellExt.dll
2014-01-23 10:34 - 2012-11-22 18:57 - 00076392 _____ (Initex) C:\Windows\system32\PrxerDrv.dll
2014-01-23 10:34 - 2012-11-22 18:57 - 00070248 _____ (Initex) C:\Windows\SysWOW64\PrxerDrv.dll
2014-01-23 10:34 - 2012-11-22 18:57 - 00057448 _____ () C:\Windows\system32\PrxerNsp.dll
2014-01-23 10:34 - 2012-11-22 18:57 - 00056424 _____ () C:\Windows\SysWOW64\PrxerNsp.dll
2014-01-23 10:34 - 1997-06-06 15:52 - 00011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SPORDER.DLL
2014-01-23 10:32 - 2014-01-23 10:34 - 03830776 _____ (Initex ) C:\Users\Usuario\Downloads\ProxifierSetup.exe
2014-01-23 10:22 - 2014-01-23 10:22 - 01688304 _____ (www.flyvpn.com) C:\Users\Usuario\Downloads\FlyClient_3.0.1.8.exe
2014-01-23 10:18 - 2014-01-23 10:19 - 00006715 _____ () C:\Users\Usuario\ovpntray.log
2014-01-23 10:18 - 2014-01-23 10:18 - 00000000 ____D () C:\Users\Usuario\AppData\Roaming\PrivateTunnel
2014-01-23 10:13 - 2014-01-23 10:13 - 00000000 ____D () C:\ProgramData\FlyVPN
2014-01-22 23:41 - 2014-01-22 23:41 - 00001940 _____ () C:\Users\Usuario\Downloads\[kickass.to]pwnboxer.v01.01.070302.readme.torrent
2014-01-22 22:22 - 2014-01-25 20:45 - 00000000 ____D () C:\Users\Usuario\AppData\Roaming\RotMG Hacked Client v2
2014-01-22 22:21 - 2014-01-22 22:21 - 04325955 _____ () C:\Users\Usuario\Downloads\Realm_2014-01-18.zip
2014-01-22 19:09 - 2013-12-27 15:42 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-01-22 19:09 - 2013-12-27 15:42 - 00033056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-01-22 12:18 - 2014-01-22 12:18 - 00000000 ____D () C:\Program Files (x86)\CRS
2014-01-22 00:08 - 2014-01-22 00:08 - 00015608 _____ () C:\Users\Usuario\Downloads\wwiiol0001349.exe.torrent
2014-01-20 23:31 - 2014-01-20 23:31 - 00044065 _____ () C:\Users\Usuario\Downloads\KUF2_SETUP (1).torrent
2014-01-20 23:29 - 2014-01-20 23:29 - 00044065 _____ () C:\Users\Usuario\Downloads\KUF2_SETUP.torrent
2014-01-19 12:32 - 2014-01-19 12:37 - 24517382 _____ () C:\Users\Usuario\Downloads\Sword Art Online Girls Ops c03 [tap-trans].zip
2014-01-18 22:21 - 2014-01-18 22:21 - 00020781 _____ () C:\Users\Usuario\Downloads\[kickass.to]breaking.bad.s02.season.2.1080p.bluray.reenc.deejayahmed.littlefairyrg.torrent
2014-01-18 22:20 - 2014-01-18 22:22 - 22868880 _____ () C:\Users\Usuario\Downloads\Sword Art Online Girls Ops c04 [tap-trans].zip
2014-01-18 13:04 - 2014-01-18 13:04 - 00104938 _____ () C:\Users\Usuario\Downloads\276458.rar
2014-01-18 12:57 - 2014-01-18 12:57 - 00013103 _____ () C:\Users\Usuario\Desktop\Descargas.lnk
2014-01-18 12:51 - 2014-01-18 12:51 - 00391774 _____ () C:\Users\Usuario\Downloads\DSfix22-19-2-2.zip
2014-01-18 12:41 - 2014-01-18 12:41 - 00120154 _____ () C:\Users\Usuario\Downloads\286396.zip
2014-01-17 23:03 - 2014-01-17 23:03 - 00019913 _____ () C:\Users\Usuario\Downloads\[kickass.to]breaking.bad.s01.season.1.720p.brrip.x264.visionx.torrent
2014-01-17 20:35 - 2014-01-17 20:41 - 00000000 ____D () C:\Users\Usuario\AppData\Roaming\.technic
2014-01-17 20:00 - 2014-01-17 21:00 - 00000000 ____D () C:\Users\Usuario\AppData\Roaming\.minecraft
2014-01-16 02:18 - 2014-01-16 02:18 - 00027272 _____ () C:\Users\Usuario\Downloads\[kickass.to]horriblesubs.log.horizon.15.720p.mkv.torrent
2014-01-15 20:08 - 2014-01-15 20:36 - 166815243 _____ () C:\Users\Usuario\Downloads\[mikudb] 5150.rar
2014-01-15 15:03 - 2014-01-15 15:03 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-15 15:03 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-15 15:03 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-15 15:03 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-15 15:03 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-15 15:02 - 2014-01-15 15:03 - 00005174 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-15 10:03 - 2014-01-15 10:03 - 00000000 ____D () C:\Users\Usuario\Documents\MGR
2014-01-15 09:58 - 2014-01-15 09:58 - 00000936 _____ () C:\Users\Usuario\Desktop\Metal Gear Rising Revengeance.lnk
2014-01-15 05:50 - 2013-11-26 22:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 05:50 - 2013-11-26 22:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 05:50 - 2013-11-26 22:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 05:50 - 2013-11-26 22:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 05:50 - 2013-11-26 22:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 05:50 - 2013-11-26 22:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 05:50 - 2013-11-26 22:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 05:50 - 2013-11-26 08:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 05:50 - 2013-11-26 07:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-14 10:11 - 2014-01-14 10:26 - 00000000 ____D () C:\Users\Usuario\3079Saves
2014-01-14 09:58 - 2014-01-14 09:58 - 00029015 _____ () C:\Users\Usuario\Downloads\[kickass.to]3079.v2.20.multios.walmart.torrent
2014-01-14 02:01 - 2014-01-14 02:01 - 00014524 _____ () C:\Users\Usuario\Downloads\[kickass.to]super.meat.boy.v1.5.windows.exe.torrent
2014-01-12 21:35 - 2014-01-12 21:35 - 00013093 _____ () C:\Users\Usuario\Downloads\[kickass.to]the.binding.of.isaac.wrath.of.the.lamb.v1.48.theta.torrent
2014-01-12 15:38 - 2014-01-12 15:38 - 00000000 ____D () C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape
2014-01-12 11:18 - 2014-01-12 12:23 - 00000000 ____D () C:\Users\Usuario\3089
2014-01-12 10:51 - 2014-01-12 10:51 - 00001696 _____ () C:\Users\Usuario\Downloads\[kickass.to]3089.v1.0.2.fas.torrent
 
==================== One Month Modified Files and Folders =======
 
2014-02-11 14:10 - 2014-02-11 14:10 - 00024155 _____ () C:\Users\Usuario\Downloads\FRST.txt
2014-02-11 14:10 - 2014-02-11 14:10 - 00000000 ____D () C:\FRST
2014-02-11 13:59 - 2011-12-29 18:59 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2930568964-3896399684-787456249-1000UA.job
2014-02-11 13:52 - 2012-11-11 02:35 - 00001038 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-11 13:47 - 2014-02-11 13:47 - 00000619 _____ () C:\Users\Usuario\Desktop\JRT.txt
2014-02-11 13:45 - 2013-02-26 21:33 - 00000838 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-11 13:41 - 2009-07-14 01:45 - 00017360 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-11 13:41 - 2009-07-14 01:45 - 00017360 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-11 13:40 - 2013-02-10 13:56 - 00000000 ____D () C:\Users\Usuario\AppData\Roaming\uTorrent
2014-02-11 13:40 - 2011-12-29 19:12 - 00000000 ____D () C:\Users\Usuario\AppData\Roaming\Skype
2014-02-11 13:38 - 2013-01-03 17:14 - 00000000 ____D () C:\Users\Usuario\AppData\Local\LogMeIn Hamachi
2014-02-11 13:38 - 2011-12-29 19:38 - 02036096 _____ () C:\Windows\WindowsUpdate.log
2014-02-11 13:34 - 2013-09-13 15:41 - 00072585 _____ () C:\Windows\setupact.log
2014-02-11 13:34 - 2012-11-11 02:35 - 00001034 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-11 13:33 - 2014-02-04 14:29 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-02-11 13:33 - 2009-07-14 02:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-11 13:32 - 2014-02-06 17:50 - 00000000 ____D () C:\AdwCleaner
2014-02-11 13:29 - 2014-02-11 13:29 - 02151424 _____ (Farbar) C:\Users\Usuario\Downloads\FRST64.exe
2014-02-11 13:29 - 2014-02-11 13:29 - 01037530 _____ (Thisisu) C:\Users\Usuario\Downloads\JRT.exe
2014-02-11 13:28 - 2014-02-11 13:28 - 01166132 _____ () C:\Users\Usuario\Downloads\adwcleaner.exe
2014-02-11 02:32 - 2012-05-15 12:53 - 00000000 ____D () C:\Users\Usuario\AppData\Local\ArmA 2 OA
2014-02-11 00:42 - 2014-02-11 00:42 - 00000000 ____D () C:\Users\Usuario\Documents\Puzzler
2014-02-10 23:42 - 2011-12-30 12:31 - 00214392 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-02-10 23:38 - 2011-12-30 12:31 - 00189248 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-02-10 23:38 - 2011-12-30 12:31 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-02-10 23:25 - 2011-12-30 14:11 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-02-10 20:38 - 2013-12-10 20:58 - 00000000 ____D () C:\Users\Usuario\AppData\Roaming\Awesomium
2014-02-10 17:59 - 2014-02-06 19:36 - 00000000 ____D () C:\Users\Usuario\AppData\Local\CrashDumps
2014-02-10 14:17 - 2012-10-03 18:33 - 00000000 ____D () C:\Users\Usuario\AppData\Roaming\vlc
2014-02-10 12:28 - 2014-02-10 12:28 - 00642560 _____ (ashongsoft.com) C:\Users\Usuario\Downloads\GiFResizer.exe
2014-02-09 11:41 - 2014-02-09 11:41 - 00045393 _____ () C:\Users\Usuario\Downloads\[kickass.to]horriblesubs.log.horizon.19.1080p.mkv.torrent
2014-02-08 14:16 - 2009-07-14 00:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-02-08 09:59 - 2011-12-29 18:59 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2930568964-3896399684-787456249-1000Core.job
2014-02-07 14:02 - 2011-12-29 10:44 - 00000000 ____D () C:\Users\Usuario\AppData\Local\VirtualStore
2014-02-07 13:19 - 2014-02-07 13:15 - 00018125 _____ () C:\Users\Usuario\Desktop\attach.txt
2014-02-07 13:18 - 2014-02-07 13:15 - 00029612 _____ () C:\Users\Usuario\Desktop\dds.txt
2014-02-06 19:53 - 2011-12-29 18:59 - 00000000 ____D () C:\Users\Usuario\AppData\Local\Apps\2.0
2014-02-06 19:50 - 2014-02-06 19:36 - 00000000 ____D () C:\ComboFix
2014-02-06 19:49 - 2009-07-13 23:34 - 00000243 _____ () C:\Windows\system.ini
2014-02-06 19:48 - 2013-09-14 12:22 - 00191064 _____ () C:\Windows\PFRO.log
2014-02-06 19:48 - 2009-07-13 23:34 - 94633984 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-02-06 19:48 - 2009-07-13 23:34 - 24117248 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-02-06 19:48 - 2009-07-13 23:34 - 07077888 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-02-06 19:48 - 2009-07-13 23:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-02-06 19:48 - 2009-07-13 23:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-02-06 19:47 - 2013-02-05 13:17 - 00000000 ____D () C:\Windows\erdnt
2014-02-06 19:36 - 2014-02-06 19:36 - 00000000 ____D () C:\Qoobox
2014-02-06 18:15 - 2014-02-06 18:15 - 00000000 ____D () C:\Windows\ERUNT
2014-02-06 16:58 - 2013-12-19 23:49 - 00004974 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Usuario-PC-Usuario Usuario-PC
2014-02-06 16:38 - 2014-01-08 13:26 - 00000000 ____D () C:\Program Files (x86)\gurEaatsaver
2014-02-06 13:59 - 2014-02-06 13:19 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-02-06 13:18 - 2014-02-06 13:18 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-02-06 12:59 - 2014-01-30 21:00 - 00000000 ____D () C:\ProgramData\BiloickTheAds
2014-02-06 12:59 - 2014-01-08 13:26 - 00000000 ____D () C:\ProgramData\gurEaatsaver
2014-02-06 12:44 - 2014-01-08 13:00 - 00000000 ____D () C:\ProgramData\9cdc5d25c4bd87ea
2014-02-05 20:37 - 2014-02-05 20:37 - 00001586 _____ () C:\Users\Usuario\Desktop\Elder Scrolls Online Beta.lnk
2014-02-05 20:34 - 2014-02-05 20:34 - 00000000 ____D () C:\Users\Usuario\Documents\Elder Scrolls Online
2014-02-05 20:34 - 2014-02-05 20:34 - 00000000 ____D () C:\ProgramData\Elder Scrolls Online
2014-02-05 15:26 - 2014-02-05 15:26 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-02-05 15:24 - 2009-07-14 02:08 - 00032630 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-05 02:23 - 2014-02-05 02:22 - 00000000 ____D () C:\Program Files (x86)\Zenimax Online
2014-02-05 00:45 - 2013-02-26 21:33 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-05 00:45 - 2013-02-26 21:33 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-05 00:45 - 2013-02-26 21:33 - 00003776 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-04 21:54 - 2011-12-30 21:37 - 00000000 ____D () C:\Windows\Minidump
2014-02-04 21:54 - 2011-12-29 19:36 - 00303745 ____N () C:\Windows\Minidump\020414-27019-01.dmp
2014-02-04 18:18 - 2014-02-04 18:18 - 00000673 _____ () C:\Users\Usuario\Desktop\Need for Speed Rivals.lnk
2014-02-04 14:30 - 2014-02-04 14:30 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-02-04 14:30 - 2013-08-12 16:58 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-02-04 14:28 - 2013-11-10 21:05 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-02-04 14:28 - 2013-11-10 21:05 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-02-04 14:28 - 2009-07-14 00:20 - 00000000 ____D () C:\Windows\Help
2014-02-04 13:20 - 2014-02-04 13:20 - 00000000 ____D () C:\Users\Usuario\AppData\Local\Nem's Tools
2014-02-04 13:18 - 2014-02-04 13:18 - 00604819 _____ (Ryan Gregg ) C:\Users\Usuario\Downloads\gcfscape185.exe
2014-02-04 12:13 - 2014-02-04 12:13 - 00001293 _____ () C:\Users\Usuario\Desktop\Ghost Stories English Dubbed Ep01.mkv - Acceso directo.lnk
2014-02-04 12:13 - 2014-02-04 12:13 - 00001189 _____ () C:\Users\Usuario\Desktop\A Tale of Two Sisters.lnk
2014-02-04 00:56 - 2012-08-31 13:58 - 00000000 ___RD () C:\Users\Usuario\Dropbox
2014-02-04 00:56 - 2012-08-31 13:56 - 00000000 ____D () C:\Users\Usuario\AppData\Roaming\Dropbox
2014-02-04 00:55 - 2012-08-31 13:57 - 00000000 ____D () C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-02-04 00:16 - 2009-07-14 06:31 - 00752040 _____ () C:\Windows\system32\perfh00A.dat
2014-02-04 00:16 - 2009-07-14 06:31 - 00166524 _____ () C:\Windows\system32\perfc00A.dat
2014-02-04 00:16 - 2009-07-14 02:13 - 01720772 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-04 00:15 - 2014-02-04 00:15 - 00020711 _____ () C:\Users\Usuario\Downloads\[kickass.to]ghost.stories.english.dubbed.1.20.complete.sum1.here.silverrg.torrent
2014-02-03 16:33 - 2014-02-03 16:33 - 00041736 _____ () C:\Users\Usuario\Downloads\[kickass.to]a.tale.of.two.sisters.2003.1080p.bluray.x264.cinefile.torrent
2014-02-03 13:58 - 2014-02-03 13:58 - 00037859 _____ () C:\Users\Usuario\Downloads\[kickass.to]rune.co.op.vista.portable.halls.of.valhalla.torrent
2014-02-02 20:07 - 2012-01-01 18:48 - 00000000 ____D () C:\Users\Usuario\Documents\My Games
2014-02-02 20:06 - 2013-10-08 01:19 - 00194919 _____ () C:\Windows\DirectX.log
2014-02-02 12:12 - 2014-02-02 12:12 - 00000000 ____D () C:\Users\Usuario\Documents\Ghost Games
2014-02-02 05:00 - 2014-02-02 05:00 - 00045453 _____ () C:\Users\Usuario\Downloads\[kickass.to]horriblesubs.log.horizon.16.1080p.mkv.torrent
2014-02-02 05:00 - 2014-02-02 05:00 - 00045313 _____ () C:\Users\Usuario\Downloads\[kickass.to]horriblesubs.log.horizon.18.1080p.mkv.torrent
2014-02-02 05:00 - 2014-02-02 05:00 - 00045167 _____ () C:\Users\Usuario\Downloads\[HorribleSubs] Log Horizon - 17 [1080p].mkv.torrent
2014-02-02 05:00 - 2014-02-02 05:00 - 00012672 _____ () C:\Users\Usuario\Downloads\[kickass.to]horriblesubs.log.horizon.15.480p.mkv.torrent
2014-02-02 04:57 - 2014-02-02 04:57 - 00038719 _____ () C:\Users\Usuario\Downloads\[kickass.to]need.for.speed.rivals.pc.game.nosteam.torrent
2014-02-01 13:29 - 2014-02-01 13:29 - 00000000 ____D () C:\Users\Usuario\AppData\Roaming\rcru
2014-01-31 20:57 - 2014-01-31 20:57 - 02012453 _____ () C:\Users\Usuario\Downloads\114002.user.js
2014-01-31 20:42 - 2014-01-31 20:42 - 02525151 _____ () C:\Users\Usuario\Downloads\YouTubeCenter.user.js
2014-01-31 16:47 - 2014-01-31 16:47 - 00000000 ____D () C:\Users\Usuario\AppData\Local\Playfire_Ltd
2014-01-31 16:43 - 2014-01-31 16:43 - 00000000 ____D () C:\Users\Usuario\AppData\Roaming\Vulcan
2014-01-31 16:43 - 2014-01-31 16:43 - 00000000 ____D () C:\Users\Usuario\AppData\Local\Vulcan
2014-01-31 16:32 - 2012-02-27 23:15 - 00000000 ____D () C:\ProgramData\Package Cache
2014-01-30 21:00 - 2014-01-30 21:00 - 00000000 ____D () C:\ProgramData\jglehfbkpcjjepkdnmadmilfkmeeagge
2014-01-30 21:00 - 2013-05-23 17:47 - 00002758 __RSH () C:\ProgramData\ntuser.pol
2014-01-30 21:00 - 2009-07-14 00:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-01-30 20:28 - 2014-01-30 20:28 - 00020968 _____ () C:\Users\Usuario\Downloads\[kickass.to]breaking.bad.s04.season.4.1080p.web.dl.reenc.deejayahmed.littlefairyrg.torrent
2014-01-30 11:42 - 2013-02-11 16:54 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-01-30 11:42 - 2011-12-29 19:12 - 00000000 ____D () C:\ProgramData\Skype
2014-01-29 21:25 - 2012-02-01 11:22 - 00000440 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-01-29 15:07 - 2011-12-30 14:12 - 00000000 ____D () C:\ProgramData\Origin
2014-01-29 14:45 - 2014-01-29 14:45 - 00000000 ____D () C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-01-29 13:26 - 2014-01-29 13:26 - 00000000 ____D () C:\ProgramData\Codemasters
2014-01-29 12:41 - 2013-07-06 19:48 - 00000024 _____ () C:\Users\Usuario\random.dat
2014-01-29 11:18 - 2014-01-26 21:47 - 00000046 _____ () C:\Users\Usuario\jagex_cl_runescape_LIVE.dat
2014-01-29 04:54 - 2011-12-29 19:02 - 00002374 _____ () C:\Users\Usuario\Desktop\Google Chrome.lnk
2014-01-28 23:20 - 2014-01-28 23:20 - 00016620 _____ () C:\Users\Usuario\Downloads\[kickass.to]kairo.2001.english.subs.torrent
2014-01-28 03:11 - 2014-01-27 07:42 - 00001289 _____ () C:\Users\Public\Desktop\Burnout Paradise The Ultimate Box.lnk
2014-01-28 03:01 - 2014-01-28 03:01 - 00295605 _____ () C:\Users\Usuario\Downloads\BPAdvCFGv040.rar
2014-01-27 20:17 - 2014-01-27 20:17 - 00007892 _____ () C:\Users\Usuario\Downloads\[kickass.to]grid.2.reloaded.torrent
2014-01-27 12:21 - 2014-01-27 12:21 - 00000000 ____D () C:\Users\Usuario\AppData\Local\Criterion Games
2014-01-27 03:13 - 2013-07-17 20:14 - 00000000 ____D () C:\Users\Usuario\AppData\Roaming\RSBot
2014-01-27 02:20 - 2014-01-27 02:20 - 00723018 _____ () C:\Users\Usuario\Downloads\RSBot-5058.jar
2014-01-27 02:20 - 2014-01-26 23:19 - 00000047 _____ () C:\Users\Usuario\jagex_cl_runescape_LIVE1.dat
2014-01-26 23:19 - 2014-01-26 23:19 - 00000000 ____D () C:\Users\Usuario\jagexcache1
2014-01-26 23:19 - 2011-12-29 10:43 - 00000000 ____D () C:\Users\Usuario
2014-01-26 21:47 - 2014-01-26 21:47 - 00000000 ____D () C:\Users\Usuario\jagexcache
2014-01-26 11:19 - 2011-12-30 14:12 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-01-25 23:26 - 2014-01-25 23:26 - 00021050 _____ () C:\Users\Usuario\Downloads\[kickass.to]breaking.bad.s03.season.3.1080p.web.dl.reenc.deejayahmed.littlefairyrg.torrent
2014-01-25 20:52 - 2011-12-30 12:32 - 00282296 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-01-25 20:45 - 2014-01-22 22:22 - 00000000 ____D () C:\Users\Usuario\AppData\Roaming\RotMG Hacked Client v2
2014-01-25 16:21 - 2014-01-25 16:14 - 24300720 _____ (Passmark Software ) C:\Users\Usuario\Downloads\petst.exe
2014-01-25 15:47 - 2014-01-25 15:47 - 00000835 _____ () C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2014-01-25 01:28 - 2014-01-25 01:26 - 10999116 _____ () C:\Users\Usuario\Downloads\eversion173.zip
2014-01-25 00:53 - 2014-01-25 00:53 - 00000000 ____D () C:\Users\Usuario\AppData\Roaming\openvr
2014-01-24 17:37 - 2014-01-24 17:37 - 00000701 _____ () C:\Users\Usuario\Documents\Usuario - Acceso directo.lnk
2014-01-23 18:28 - 2014-01-23 18:26 - 24097311 _____ () C:\Users\Usuario\Downloads\vlc-2.1.2-win32.exe
2014-01-23 12:03 - 2014-01-23 12:03 - 00000000 _____ () C:\Windows\SysWOW64\2014-1-23 12_3_54_Rev_255208_navi.log
2014-01-23 11:52 - 2014-01-23 11:26 - 38077409 _____ () C:\Users\Usuario\Downloads\vpngate-client-2014.01.23-build-9412.128748.zip
2014-01-23 11:02 - 2014-01-23 11:02 - 00000000 ____D () C:\Windows\SysWOW64\LauncherLog
2014-01-23 10:35 - 2014-01-23 10:35 - 00000000 ____D () C:\Users\Usuario\AppData\Roaming\Proxifier
2014-01-23 10:34 - 2014-01-23 10:32 - 03830776 _____ (Initex ) C:\Users\Usuario\Downloads\ProxifierSetup.exe
2014-01-23 10:22 - 2014-01-23 10:22 - 01688304 _____ (www.flyvpn.com) C:\Users\Usuario\Downloads\FlyClient_3.0.1.8.exe
2014-01-23 10:19 - 2014-01-23 10:18 - 00006715 _____ () C:\Users\Usuario\ovpntray.log
2014-01-23 10:18 - 2014-01-23 10:18 - 00000000 ____D () C:\Users\Usuario\AppData\Roaming\PrivateTunnel
2014-01-23 10:13 - 2014-01-23 10:13 - 00000000 ____D () C:\ProgramData\FlyVPN
2014-01-22 23:41 - 2014-01-22 23:41 - 00001940 _____ () C:\Users\Usuario\Downloads\[kickass.to]pwnboxer.v01.01.070302.readme.torrent
2014-01-22 22:21 - 2014-01-22 22:21 - 04325955 _____ () C:\Users\Usuario\Downloads\Realm_2014-01-18.zip
2014-01-22 12:38 - 2012-01-01 16:19 - 00000000 ____D () C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-01-22 12:18 - 2014-01-22 12:18 - 00000000 ____D () C:\Program Files (x86)\CRS
2014-01-22 00:08 - 2014-01-22 00:08 - 00015608 _____ () C:\Users\Usuario\Downloads\wwiiol0001349.exe.torrent
2014-01-20 23:53 - 2013-11-11 12:22 - 01179576 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-01-20 23:53 - 2013-11-11 12:22 - 01048152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-01-20 23:31 - 2014-01-20 23:31 - 00044065 _____ () C:\Users\Usuario\Downloads\KUF2_SETUP (1).torrent
2014-01-20 23:29 - 2014-01-20 23:29 - 00044065 _____ () C:\Users\Usuario\Downloads\KUF2_SETUP.torrent
2014-01-19 15:59 - 2011-12-29 11:34 - 00000000 ____D () C:\Users\Usuario\AppData\Local\Adobe
2014-01-19 12:37 - 2014-01-19 12:32 - 24517382 _____ () C:\Users\Usuario\Downloads\Sword Art Online Girls Ops c03 [tap-trans].zip
2014-01-19 04:33 - 2011-12-29 13:34 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-01-19 00:52 - 2013-04-01 02:52 - 00000000 ____D () C:\Users\Usuario\AppData\Roaming\Mp3tag
2014-01-18 22:22 - 2014-01-18 22:20 - 22868880 _____ () C:\Users\Usuario\Downloads\Sword Art Online Girls Ops c04 [tap-trans].zip
2014-01-18 22:21 - 2014-01-18 22:21 - 00020781 _____ () C:\Users\Usuario\Downloads\[kickass.to]breaking.bad.s02.season.2.1080p.bluray.reenc.deejayahmed.littlefairyrg.torrent
2014-01-18 13:04 - 2014-01-18 13:04 - 00104938 _____ () C:\Users\Usuario\Downloads\276458.rar
2014-01-18 12:57 - 2014-01-18 12:57 - 00013103 _____ () C:\Users\Usuario\Desktop\Descargas.lnk
2014-01-18 12:51 - 2014-01-18 12:51 - 00391774 _____ () C:\Users\Usuario\Downloads\DSfix22-19-2-2.zip
2014-01-18 12:41 - 2014-01-18 12:41 - 00120154 _____ () C:\Users\Usuario\Downloads\286396.zip
2014-01-17 23:03 - 2014-01-17 23:03 - 00019913 _____ () C:\Users\Usuario\Downloads\[kickass.to]breaking.bad.s01.season.1.720p.brrip.x264.visionx.torrent
2014-01-17 21:00 - 2014-01-17 20:00 - 00000000 ____D () C:\Users\Usuario\AppData\Roaming\.minecraft
2014-01-17 20:41 - 2014-01-17 20:35 - 00000000 ____D () C:\Users\Usuario\AppData\Roaming\.technic
2014-01-17 12:50 - 2011-12-29 19:36 - 00303105 ____N () C:\Windows\Minidump\011714-21886-01.dmp
2014-01-16 22:02 - 2011-12-29 19:36 - 00303105 ____N () C:\Windows\Minidump\011614-19578-01.dmp
2014-01-16 03:31 - 2009-07-14 01:45 - 00458216 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-16 03:09 - 2013-07-16 03:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-16 03:09 - 2011-12-29 11:20 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-01-16 03:09 - 2009-07-13 23:34 - 00000507 _____ () C:\Windows\win.ini
2014-01-16 03:01 - 2011-12-30 22:17 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-16 02:18 - 2014-01-16 02:18 - 00027272 _____ () C:\Users\Usuario\Downloads\[kickass.to]horriblesubs.log.horizon.15.720p.mkv.torrent
2014-01-15 20:36 - 2014-01-15 20:08 - 166815243 _____ () C:\Users\Usuario\Downloads\[mikudb] 5150.rar
2014-01-15 20:13 - 2014-02-04 14:28 - 00061216 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-01-15 20:13 - 2014-02-04 14:28 - 00053024 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2014-01-15 20:13 - 2014-02-04 14:25 - 31421216 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-01-15 20:13 - 2014-02-04 14:25 - 25255200 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-01-15 20:13 - 2014-02-04 14:25 - 23672096 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-01-15 20:13 - 2014-02-04 14:25 - 18184976 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2014-01-15 20:13 - 2014-02-04 14:25 - 17714760 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-01-15 20:13 - 2014-02-04 14:25 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-01-15 20:13 - 2014-02-04 14:25 - 15690744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-01-15 20:13 - 2014-02-04 14:25 - 14668008 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2014-01-15 20:13 - 2014-02-04 14:25 - 12668192 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-01-15 20:13 - 2014-02-04 14:25 - 11631544 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-01-15 20:13 - 2014-02-04 14:25 - 11583616 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-01-15 20:13 - 2014-02-04 14:25 - 09723944 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-01-15 20:13 - 2014-02-04 14:25 - 09686304 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-01-15 20:13 - 2014-02-04 14:25 - 03142432 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-01-15 20:13 - 2014-02-04 14:25 - 03087112 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2014-01-15 20:13 - 2014-02-04 14:25 - 02956576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-01-15 20:13 - 2014-02-04 14:25 - 02782496 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-01-15 20:13 - 2014-02-04 14:25 - 02711656 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2014-01-15 20:13 - 2014-02-04 14:25 - 02410784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-01-15 20:13 - 2014-02-04 14:25 - 01885472 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433467.dll
2014-01-15 20:13 - 2014-02-04 14:25 - 01515296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433467.dll
2014-01-15 20:13 - 2014-02-04 14:25 - 00947808 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2014-01-15 20:13 - 2014-02-04 14:25 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-01-15 20:13 - 2014-02-04 14:25 - 00892192 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-01-15 20:13 - 2014-02-04 14:25 - 00863520 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-01-15 20:13 - 2014-02-04 14:25 - 00859936 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-01-15 20:13 - 2014-02-04 14:25 - 00832424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-01-15 20:13 - 2014-02-04 14:25 - 00483104 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-01-15 20:13 - 2014-02-04 14:25 - 00408352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-01-15 20:13 - 2014-02-04 14:25 - 00378656 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2014-01-15 20:13 - 2014-02-04 14:25 - 00353504 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-01-15 20:13 - 2014-02-04 14:25 - 00333600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-01-15 20:13 - 2014-02-04 14:25 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-01-15 20:13 - 2014-02-04 14:25 - 00174296 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-01-15 20:13 - 2014-02-04 14:25 - 00148016 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-01-15 20:13 - 2014-02-04 14:25 - 00024544 _____ () C:\Windows\system32\nvinfo.pb
2014-01-15 19:35 - 2014-02-04 14:30 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-01-15 18:53 - 2014-02-04 14:28 - 06712608 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2014-01-15 18:53 - 2014-02-04 14:28 - 03498272 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2014-01-15 18:53 - 2014-02-04 14:28 - 02559776 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2014-01-15 18:53 - 2014-02-04 14:28 - 00923936 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2014-01-15 18:53 - 2014-02-04 14:28 - 00386336 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2014-01-15 18:53 - 2014-02-04 14:28 - 00063776 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2014-01-15 15:03 - 2014-01-15 15:03 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-15 15:03 - 2014-01-15 15:02 - 00005174 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-15 15:03 - 2013-03-11 17:05 - 00000000 ____D () C:\Program Files (x86)\Java
2014-01-15 10:03 - 2014-01-15 10:03 - 00000000 ____D () C:\Users\Usuario\Documents\MGR
2014-01-15 09:58 - 2014-01-15 09:58 - 00000936 _____ () C:\Users\Usuario\Desktop\Metal Gear Rising Revengeance.lnk
2014-01-14 10:26 - 2014-01-14 10:11 - 00000000 ____D () C:\Users\Usuario\3079Saves
2014-01-14 09:58 - 2014-01-14 09:58 - 00029015 _____ () C:\Users\Usuario\Downloads\[kickass.to]3079.v2.20.multios.walmart.torrent
2014-01-14 02:01 - 2014-01-14 02:01 - 00014524 _____ () C:\Users\Usuario\Downloads\[kickass.to]super.meat.boy.v1.5.windows.exe.torrent
2014-01-13 19:31 - 2014-02-04 14:28 - 03559557 _____ () C:\Windows\system32\nvcoproc.bin
2014-01-12 21:42 - 2012-01-26 18:26 - 00000000 ____D () C:\Users\Usuario\AppData\Local\SKIDROW
2014-01-12 21:35 - 2014-01-12 21:35 - 00013093 _____ () C:\Users\Usuario\Downloads\[kickass.to]the.binding.of.isaac.wrath.of.the.lamb.v1.48.theta.torrent
2014-01-12 15:38 - 2014-01-12 15:38 - 00000000 ____D () C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape
2014-01-12 15:38 - 2012-10-14 22:50 - 00002096 _____ () C:\Users\Usuario\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RuneScape.lnk
2014-01-12 12:23 - 2014-01-12 11:18 - 00000000 ____D () C:\Users\Usuario\3089
2014-01-12 10:51 - 2014-01-12 10:51 - 00001696 _____ () C:\Users\Usuario\Downloads\[kickass.to]3089.v1.0.2.fas.torrent
 
Files to move or delete:
====================
C:\ProgramData\hash.dat
C:\Users\Usuario\jagex_cl_runescape_LIVE.dat
C:\Users\Usuario\jagex_cl_runescape_LIVE1.dat
C:\Users\Usuario\random.dat
 
 
Some content of TEMP:
====================
C:\Users\Usuario\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-02-08 04:03
 
==================== End Of Log ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-02-2014 01
Ran by Usuario at 2014-02-11 14:11:05
Running from C:\Users\Usuario\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
 
==================== Installed Programs ======================
 
µTorrent (HKCU Version: 3.3.2.30488 - BitTorrent Inc.)
3DMark Vantage (x32 Version: 1.1.0 - Futuremark Corporation)
Actualización de NVIDIA 11.10.11 (Version: 11.10.11 - NVIDIA Corporation) Hidden
Adobe Bridge 1.0 (x32 Version: 001.000.000 - Adobe Systems) Hidden
Adobe Common File Installer (x32 Version: 1.00.0000 - Adobe System Incorporated) Hidden
Adobe Flash Player 12 ActiveX (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Help Center 1.0 (x32 Version: 001.000.000 - Adobe Systems) Hidden
Adobe Photoshop CS2 (x32 Version: 9.0 - Adobe Systems, Inc.)
Adobe Photoshop CS2 (x32 Version: 9.0 - Adobe Systems, Inc.) Hidden
Adobe Reader XI (11.0.06) - Español (x32 Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (x32 Version: 12.0.3.133 - Adobe Systems, Inc.)
Adobe Stock Photos 1.0 (x32 Version: 001.000.000 - Adobe Systems) Hidden
Aeria Ignite (x32 Version: 1.13.3296 - Aeria Games & Entertainment)
Aeria Ignite (x32 Version: 1.13.3296 - Aeria Games & Entertainment) Hidden
Akamai NetSession Interface (HKCU Version:  - Akamai Technologies, Inc)
Akamai NetSession Interface (x32 Version:  - )
Alien Swarm (x32 Version:  - Valve)
Android SDK Tools (x32 Version: 1.16 - Google Inc.)
Apple Application Support (x32 Version: 2.1.9 - Apple Inc.)
Apple Mobile Device Support (Version: 5.2.0.6 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
applicationupdater (HKCU Version:  - Sony Online Entertainment)
ARMA 2 (x32 Version:  - Bohemia Interactive)
ARMA 2 Dedicated Server (x32 Version:  - Bohemia Interactive)
Arma 2: DayZ Mod (x32 Version:  - )
Arma 2: Operation Arrowhead - Dedicated Server (x32 Version:  - Bohemia Interactive)
ARMA 2: Operation Arrowhead (x32 Version:  - Bohemia Interactive)
Asmedia ASM104x USB 3.0 Host Controller Driver (x32 Version: 1.10.0.0 - Asmedia Technology)
Augart Video Converter 2.5.0 (x32 Version:  - AugartSoft.com)
Aura Kingdom (x32 Version:  - )
Auto Clicker v1.2 (x32 Version: 1.2 - MurGee.com)
Batman™: Arkham Origins (x32 Version:  - WB Games Montreal)
Battlefield 1942™ (x32 Version: 1.6.20.0 - Electronic Arts)
Battlefield 4™ (x32 Version: 1.1.0.0 - Electronic Arts)
Battlelog Web Plugins (x32 Version: 2.3.2 - EA Digital Illusions CE AB)
BattlEye for OA Uninstall (x32 Version:  - )
BattlEye Uninstall (x32 Version:  - )
Blacklight: Retribution (x32 Version:  - Zombie, Inc.)
Borderlands.2.Incl.All.24.DLC.[1.7].W.B.Repack (x32 Version:  - )
Burnout™ Paradise: The Ultimate Box (x32 Version: 1.1.0.0 - Electronic Arts)
calibre (x32 Version: 0.8.70 - Kovid Goyal)
Camtasia Studio 7 (x32 Version: 7.1.0 - TechSmith Corporation)
CCleaner (Version: 4.09 - Piriform)
Cheat Engine 6.1 (x32 Version:  - Dark Byte)
China English Patch (x32 Version: 1.0.0.0 - LokiReborn)
Clownfish for Skype (x32 Version:  - )
Compresor WinRAR (x32 Version:  - )
Construct 2 r114 (Version: 1.0.114.0 - Scirra)
ContentSAFER for Wizmax (x32 Version:  - )
Cool Edit Pro 2.1 (x32 Version:  - )
DAEMON Tools Lite (x32 Version: 4.48.1.0347 - Disc Soft Ltd)
Dark Souls Prepare to Die Edition (x32 Version: 1.0.0000.130 - NAMCO BANDAI Games Europe S.A.S.)
Dark Souls Prepare to Die Edition (x32 Version: 1.0.0000.130 - NAMCO BANDAI Games Europe S.A.S.) Hidden
DayZ Commander (x32 Version: 0.9.108 - Dotjosh Studios)
Dear Esther (x32 Version:  - )
Definition Update for Microsoft Office 2013 (KB2760587) 64-Bit Edition (Version:  - Microsoft)
Desura (x32 Version: 100.53 - Desura)
Dragon Nest Europe (x32 Version:  - )
Driver Fusion (x32 Version:  - )
Dropbox (HKCU Version: 2.4.11 - Dropbox, Inc.)
Dxtory 2.0.108 (x32 Version: 2.0.108 - Dxtory Software)
Efz_fix (Version:  - )
EmoDio (x32 Version: 1.0 - SAMSUNG)
EmoDio (x32 Version: 1.0 - SAMSUNG) Hidden
ESN Sonar (x32 Version: 0.70.4 - ESN Social Software AB)
FileLab Plugin 1.1.33 (x32 Version: 1.1.33 - FileLab)
Fraps (remove only) (x32 Version:  - )
Futuremark SystemInfo (x32 Version: 4.0.0.0 - Futuremark Corporation)
GameMaker: Studio (x32 Version:  - )
GameRanger (HKCU Version:  - GameRanger Technologies)
GameSpy Arcade (x32 Version:  - )
GCFScape 1.8.5 (Version:  - Ryan Gregg)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
GeoGebraPrim (HKCU Version:  - International GeoGebra Institute)
Ghost Recon Online (EU) (HKCU Version: 1.33.9333.1 - Ubisoft)
Ghost Recon Online (NCSA-Live) (HKCU Version: 1.33.9333.1 - Ubisoft)
GhostMouse (x32 Version: Free V3.2.1 - ghost-mouse.com)
Global Agenda (x32 Version:  - Hi-Rez Studios)
Google Chrome (HKCU Version: 32.0.1700.102 - Google Inc.)
Google Drive (x32 Version: 1.13.5782.599 - Google, Inc.)
Google Earth Plug-in (x32 Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Grand Theft Auto Vice City (x32 Version: 1.00.000 - )
Grand Theft Auto: Episodes from Liberty City (x32 Version:  - Rockstar)
GS Supporter 1.80 (x32 Version:  - Verified Publisher) <==== ATTENTION
GTA San Andreas (x32 Version: 1.00.00001 - Rockstar Games)
Guild Wars 2 (x32 Version:  - NCsoft Corporation, Ltd.)
Half-Life 2 (x32 Version:  - Valve)
HandBrake 0.9.9.1 (x32 Version: 0.9.9.1 - )
Herramienta de carga de Windows Live (x32 Version: 14.0.8014.1029 - Microsoft Corporation)
High-Definition Video Playback 10 (x32 Version: 7.0.11400.29.0 - Nero AG) Hidden
Hitman Absolution (x32 Version:  - )
How to Survive (x32 Version:  - )
IconChanger (x32 Version:  - )
Insurgency (x32 Version:  - New World Interactive)
iTunes (Version: 10.6.3.25 - Apple Inc.)
IVONA 2 (x32 Version: 1.6.51 - IVONA Software Sp. z o.o.)
IVONA Reader (x32 Version:  - IVONA Software Sp. z o.o.)
iZ3D Driver Remove (x32 Version: 1.12(4016) - iZ3D Inc.)
Java 7 Update 51 (x32 Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java SE Development Kit 7 Update 13 (x32 Version: 1.7.0.130 - Oracle)
JDownloader 0.9 (x32 Version: 0.9 - AppWork GmbH)
JMicron JMB36X Driver (x32 Version: 1.17.62.0 - JMicron Technology Corp.)
Kalydo Player 4.07.02 (HKCU Version: 4.07.02 - Eximion B.V.)
K-Lite Mega Codec Pack 9.9.0 (x32 Version: 9.9.0 - )
Left 4 Dead 2 (x32 Version:  - Valve)
LogMeIn Hamachi (x32 Version: 2.2.0.130 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.130 - LogMeIn, Inc.) Hidden
Magicka (x32 Version:  - Arrowhead Game Studios)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Metal Gear Rising REVENGEANCE (x32 Version: 6.0 - Black Box)
Metal Gear Solid (x32 Version:  - )
Microsoft .NET Framework 1.1 (x32 Version:  - )
Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 4 Client Profile ESN Language Pack (Version: 4.0.30320 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Access MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Access Setup Metadata MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Antimalware Service ES-ES Language Pack (Version: 3.0.8402.2 - Microsoft Corporation) Hidden
Microsoft Application Compatibility Toolkit 5.6 (x32 Version: 5.6.7324.0 - Microsoft Corporation)
Microsoft AppLocale (x32 Version: 1.0.0 - MS)
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (x32 Version: 3.5.30730.0 - Microsoft Corporation)
Microsoft DCF MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Excel MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (x32 Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Groove MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Lync MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office 32-bit Components 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Español (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft OneNote MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Primary Interoperability Assemblies 2005 (x32 Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Publisher MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Client ES-ES Language Pack (Version: 2.1.1116.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (x32 Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (x32 Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Windows Application Compatibility Database (Version:  - )
Microsoft Word MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 3.1 (x32 Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (x32 Version: 4.0.30901.0 - Microsoft Corporation)
Mirror's Edge™ (x32 Version: 1.0.1.0 - Electronic Arts)
mkv2vob (x32 Version: 2.4.9 - 3r1c)
MKVToolNix 6.4.1 (x32 Version: 6.4.1 - Moritz Bunkus)
Monaco (x32 Version:  - Pocketwatch Games)
Mozilla Firefox 24.0 (x86 es-AR) (x32 Version: 24.0 - Mozilla)
Mp3tag v2.54 (x32 Version: v2.54 - Florian Heidenreich)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (x32 Version: 4.20.9818.0 - Microsoft Corporation)
My Game Long Name (Version:  - Epic Games, Inc.)
Natural Selection 2 (x32 Version:  - Unknown Worlds Entertainment)
NCsoft Launcher (x32 Version: 1.5.19002 - NCsoft)
Nero 10 Menu TemplatePack Basic (x32 Version: 10.0.10600.6.0 - Nero AG) Hidden
Nero 10 Movie ThemePack Basic (x32 Version: 10.0.10600.6.0 - Nero AG) Hidden
Nero BackItUp 10 (x32 Version: 5.4.11600.19.100 - Nero AG)
Nero BackItUp 10 Help (CHM) (x32 Version: 1.0.10700 - Nero AG) Hidden
Nero Burning ROM 10 (x32 Version: 10.0.11100.10.100 - Nero AG)
Nero BurningROM 10 Help (CHM) (x32 Version: 1.0.10700 - Nero AG) Hidden
Nero BurnRights 10 (x32 Version: 4.0.11000.12.100 - Nero AG)
Nero BurnRights 10 Help (CHM) (x32 Version: 1.0.10600 - Nero AG) Hidden
Nero Control Center 10 (x32 Version: 10.0.12000.1.4 - Nero AG) Hidden
Nero ControlCenter 10 Help (CHM) (x32 Version: 1.0.10700 - Nero AG) Hidden
Nero Core Components 10 (x32 Version: 2.0.13700.0.1 - Nero AG) Hidden
Nero CoverDesigner 10 (x32 Version: 5.0.10900.11.100 - Nero AG)
Nero CoverDesigner 10 Help (CHM) (x32 Version: 1.0.10600 - Nero AG) Hidden
Nero DiscSpeed 10 (x32 Version: 6.0.10800.7.100 - Nero AG)
Nero DiscSpeed 10 Help (CHM) (x32 Version: 1.0.10600 - Nero AG) Hidden
Nero Dolby Files 10 (x32 Version: 2.0.11000.0.10 - Nero AG) Hidden
Nero Express 10 (x32 Version: 10.0.11000.10.100 - Nero AG)
Nero Express 10 Help (CHM) (x32 Version: 1.0.10700 - Nero AG) Hidden
Nero InfoTool 10 (x32 Version: 7.0.10800.8.100 - Nero AG)
Nero InfoTool 10 Help (CHM) (x32 Version: 1.0.10600 - Nero AG) Hidden
Nero MediaHub 10 (x32 Version: 1.0.13400.11.100 - Nero AG)
Nero MediaHub 10 Help (CHM) (x32 Version: 1.0.10700 - Nero AG) Hidden
Nero Multimedia Suite 10 (x32 Version: 10.0.13100 - Nero AG)
Nero Recode 10 (x32 Version: 4.6.10900.4.100 - Nero AG)
Nero Recode 10 Help (CHM) (x32 Version: 1.0.10600 - Nero AG) Hidden
Nero RescueAgent 10 (x32 Version: 3.0.10900.9.100 - Nero AG)
Nero RescueAgent 10 Help (CHM) (x32 Version: 1.0.10700 - Nero AG) Hidden
Nero SoundTrax 10 (x32 Version: 4.6.10600.2.100 - Nero AG)
Nero SoundTrax 10 Help (CHM) (x32 Version: 1.0.10600 - Nero AG) Hidden
Nero StartSmart 10 (x32 Version: 10.0.11200.12.100 - Nero AG)
Nero StartSmart 10 Help (CHM) (x32 Version: 1.0.10700 - Nero AG) Hidden
Nero Update (x32 Version: 1.0.0017 - Nero AG)
Nero Vision 10 (x32 Version: 7.0.11100.8.100 - Nero AG)
Nero Vision 10 Help (CHM) (x32 Version: 1.0.10600 - Nero AG) Hidden
Nero WaveEditor 10 (x32 Version: 5.6.10600.2.100 - Nero AG)
Nero WaveEditor 10 Help (CHM) (x32 Version: 1.0.10600 - Nero AG) Hidden
Neverwinter (x32 Version:  - Cryptic Studios)
Nexon Game Manager (x32 Version:  - )
Nexus Mod Manager (Version: 0.46.0 - Black Tree Gaming)
Notepad++ (x32 Version: 6.4.5 - Notepad++ Team)
nProtect KeyCrypt V6.0 (x32 Version:  - )
NVIDIA Controlador de 3D Vision 334.67 (Version: 334.67 - NVIDIA Corporation)
NVIDIA Controlador de audio HD 1.3.30.1 (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Controlador de gráficos 334.67 (Version: 334.67 - NVIDIA Corporation)
NVIDIA Controlador de la controladora 3D Vision 334.67 (Version: 334.67 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.8.2 (Version: 1.8.2 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.145.1024 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA ShadowPlay 11.10.11 (Version: 11.10.11 - NVIDIA Corporation) Hidden
NVIDIA Software del sistema PhysX 9.13.1220 (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3467 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 11.10.11 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.20 (Version: 1.2.20 - NVIDIA Corporation)
OGPlanet Game Launcher (x32 Version: 1.0.0 - OGPlanet, Inc.)
OpenAL (x32 Version:  - )
Operation Flashpoint: Dragon Rising (x32 Version:  - Codemasters Studios)
Operation Flashpoint: Red River (x32 Version:  - Codemasters Action Studio)
Origin (x32 Version: 8.5.0.4550 - Electronic Arts, Inc.)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Overwolf (x32 Version: 0.33.199 - Overwolf)
Paint.NET v3.5.10 (Version: 3.60.0 - dotPDN LLC)
Pando Media Booster (x32 Version: 2.6.0.8 - Pando Networks Inc.)
Panel de control de NVIDIA 334.67 (Version: 334.67 - NVIDIA Corporation) Hidden
Paquete de controladores de Windows - Nokia pccsmcfd  (10/12/2007 6.85.4.0) (Version: 10/12/2007 6.85.4.0 - Nokia)
Paquete de idioma de Microsoft .NET Framework 4 Client Profile ESN (Version: 4.0.30320 - Microsoft Corporation)
Path of Exile (x32 Version:  - Grinding Gear Games)
PC Connectivity Solution (x32 Version: 8.15.0.0 - Nokia)
PC Wizard 2012.2.11 (x32 Version:  - CPUID)
PerformanceTest v8.0 (Version: 8.0.1029.0 - Passmark Software)
PHANTASY STAR ONLINE 2 (x32 Version:  - SEGA)
Pinnacle Game Profiler (x32 Version: 6.7.3 - PowerUp Software)
Playfire (x32 Version: 0.0.53.0 - Playfire) Hidden
Portal 2 (x32 Version:  - Valve)
PowerDVD (x32 Version: 7.30.0000 - CyberLink)
PowerDVD (x32 Version: 7.30.0000 - CyberLink) Hidden
PrivateTunnel (x32 Version: 2.0.0.0 - OpenVPN Technologies)
Proxifier version 3.21 (x32 Version: 3.21 - Initex)
PunkBuster Services (x32 Version: 0.993 - Even Balance, Inc.)
Puzzler World  (x32 Version:  - Ideas Pad)
RaidCall (x32 Version: 7.2.0-1.0.5185.1 - raidcall.com)
Razer Surround (x32 Version: 1.05.00 - Razer Inc.)
Razer Synapse 2.0 (x32 Version: 1.16.6 - Razer Inc.)
Realm of the Mad God (x32 Version:  - )
Realtek Ethernet Controller Driver (x32 Version: 7.43.321.2011 - Realtek)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6251 - Realtek Semiconductor Corp.)
Red Orchestra 2: Heroes of Stalingrad (x32 Version:  - Tripwire)
Revo Uninstaller Pro (Version:  - VS Revo Group)
ROBLOX Player (x32 Version:  - ROBLOX Corporation)
Rockstar Games Social Club (x32 Version: 1.0.9.5 - Rockstar Games)
Rogue Legacy version 0.0.0.9 (x32 Version: 0.0.0.9 - WaLMaRT)
ROOT´óʦ (x32 Version: 1.7.2.4200 - ÉîÛÚÊÐÐÅÒ»ÍøÂçÓÐÏÞ¹«Ë¾)
RuneScape Launcher 1.2.3 (x32 Version: 1.2.3 - Jagex Ltd)
Saints Row IV (x32 Version: 1.0.5.0 - )
Samsung Kies (x32 Version: 2.5.2.13021_10 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.2.13021_10 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG Mobile Composite Device Software (Version:  - )
Samsung Mobile Modem Device Software (Version:  - )
Samsung Mobile phone USB driver Drive Software (Version:  - )
Samsung New PC Studio (x32 Version: 1.00.0000 - Samsung Electronics Co., Ltd.)
Samsung New PC Studio (x32 Version: 1.00.0000 - Samsung Electronics Co., Ltd.) Hidden
Samsung Story Album Viewer (x32 Version: 1.0.0.13052_1 - Nombre de su organización)
Samsung Story Album Viewer (x32 Version: 1.0.0.13052_1 - Nombre de su organización) Hidden
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.)
SamsungConnectivityCableDriver (x32 Version: 6.83.6.2.1 - Samsung)
San Andreas Mod Installer (x32 Version: 1.1 - cpmusick)
Sanctum 2 (x32 Version:  - Coffee Stain Studios)
Scribblenauts Unlimited (x32 Version:  - )
SHIELD Streaming (Version: 1.7.306 - NVIDIA Corporation) Hidden
Sid Meier's Civilization V (x32 Version:  - 2K Games, Inc.)
SixaxisPairTool 0.2.3 (x32 Version: 0.2.3 - Dancing Pixel Studios)
Skype™ 6.11 (x32 Version: 6.11.102 - Skype Technologies S.A.)
Sniper Elite: Nazi Zombie Army 2 (x32 Version:  - )
Sniper Elite: Nazi Zombie Army 2 (x32 Version: 1.0 - Rebellion)
Source SDK Base 2007 (x32 Version:  - Valve)
Source SDK Base 2013 Multiplayer (x32 Version:  - )
Sp5 (x32 Version: 5.1.4324.0 - Microsoft) Hidden
Sp5Intl (x32 Version: 5.1.4324.0 - Microsoft) Hidden
Sp5TTInt (x32 Version: 5.1.4324.0 - Microsoft) Hidden
SpCommon (x32 Version: 5.1.4324.0 - Microsoft) Hidden
SpPhones (x32 Version: 6.0.3122.0 - Microsoft) Hidden
Star Wars - Battlefront II (x32 Version:  - Pandemic Studios)
Steam (x32 Version: 1.0.0.0 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab CYRI (x32 Version: 4.5.1.0 - Husdawg, LLC)
TeamSpeak 3 Client (Version: 3.0.13.1 - TeamSpeak Systems GmbH)
TeamViewer 7 (x32 Version: 7.0.12541 - TeamViewer)
TERA (x32 Version: 1.41 - En Masse Entertainment)
The Elder Scrolls Online Beta (x32 Version: 0.3.4 - )
The Lord of the Rings: War in the North (x32 Version:  - Snowblind Studios)
The Stanley Parable (x32 Version: The Stanley Parable - )
Total Video Converter 3.71 100812 (x32 Version:  - EffectMatrix Inc.)
Ubisoft Game Launcher (x32 Version: 1.0.0.0 - UBISOFT)
Ultimate IP Changer version 1.1 (x32 Version: 1.1 - Olcinium)
Uninstall GunDog (x32 Version:  - )
Uninstall TrianglePlayer (x32 Version: 2012 - Fuzhou Zhuo Yue Wu Xian Software Development Company Limited)
Unity Web Player (HKCU Version:  - Unity Technologies ApS)
Update for Microsoft .NET Framework 4.5 (KB2750147) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4.5 (KB2805221) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4.5 (KB2805226) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft Access 2013 (KB2768008) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Access 2013 (KB2827233) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft InfoPath 2013 (KB2837648) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2817678) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2726954) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2726996) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2738038) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760224) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760242) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760267) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760539) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760553) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760610) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2767845) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2768016) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817314) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817316) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817490) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817626) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2826004) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2827225) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2827227) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2827230) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2827239) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2837626) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2837637) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2837638) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2837655) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2850066) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2850063) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Outlook 2013 (KB2850061) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2767850) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Project 2013 (KB2727085) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Publisher 2013 (KB2837635) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft SkyDrive Pro (KB2817495) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft SkyDrive Pro (KB2837652) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Visio 2013 (KB2817306) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2768338) 64-Bit Edition (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2837647) 64-Bit Edition (Version:  - Microsoft)
Uplay (x32 Version: 2.0 - Ubisoft)
Vector Magic (x32 Version:  - )
VirtualDJ Home FREE (x32 Version: 7.0.5 - Atomix Productions)
VLC media player 2.0.3 (x32 Version: 2.0.3 - VideoLAN)
VobSub 2.23 (x32 Version: 2.23 - Gabest)
WEBZEN Browser Extension (x32 Version: 1.01.020 - WEBZEN)
WIDCOMM Bluetooth Software (x32 Version: 5.0.1.801 - Logitech)
WinDirStat 1.1.2 (HKCU Version:  - )
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0 - Microsoft Corporation)
Windows Movie Maker 2.6 (x32 Version: 2.6.4037.0 - Microsoft Corporation)
WinRAR 5.00 (64-bit) (Version: 5.00.0 - win.rar GmbH)
 
==================== Restore Points  =========================
 
04-02-2014 17:27:27 Instalación del paquete de controladores de dispositivo: NVIDIA Adaptadores de pantalla
04-02-2014 17:29:56 Instalación del paquete de controladores de dispositivo: NVIDIA Controladoras de bus serie universal
06-02-2014 15:13:26 Windows Update
10-02-2014 15:07:15 Windows Update
 
==================== Hosts content: ==========================
 
2009-07-13 23:34 - 2014-02-06 19:49 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {2041E4CA-123E-46A2-83D1-B9AF7821788D} - System32\Tasks\AutoKMSCustom => C:\Windows\AutoKMS\AutoKMS.exe [2013-11-11] ()
Task: {2E09C77A-30F9-4CA2-BE52-93A35153C940} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2930568964-3896399684-787456249-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {35013146-9996-43BD-B227-566427AE99BD} - System32\Tasks\{DE50D0D4-A17A-487D-8DD1-193DAC2D79E3} => Chrome.exe http://www.skype.com/go/downloading?source=lightinstaller&amp;ver=5.5.0.124.259&amp;LastError=12002
Task: {382EF6BA-C54C-4DB6-B358-ACFCE203BD1D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2930568964-3896399684-787456249-1000UA => C:\Users\Usuario\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-29] (Google Inc.)
Task: {4E36AB92-639F-4FB0-8A7E-03E2AD0BD8AA} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2930568964-3896399684-787456249-1000
Task: {520F6865-40C1-4704-A0DE-198A02B7A45E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {60564E27-A488-4C4F-92AF-79C2249CE269} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2930568964-3896399684-787456249-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {7872CA1A-22D6-4F79-83D9-FB4E79FC411F} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {80A58055-763C-42C2-B4C7-A7475C7E6332} - System32\Tasks\TunnelBear => D:\Tools\TunnelBear\TunnelBear.exe
Task: {90DCC152-7951-4CF6-8446-76ED1EACAA7A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-11] (Google Inc.)
Task: {96F67806-CC92-460B-8A25-D27C82180BE5} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-05] (Adobe Systems Incorporated)
Task: {9C80D2F3-9EAD-4DD4-91EA-7B35307D9A7D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2930568964-3896399684-787456249-1000Core => C:\Users\Usuario\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-29] (Google Inc.)
Task: {9D84C6A6-B283-4C46-A3C7-EC57243B97DA} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Usuario-PC-Usuario Usuario-PC => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2013-09-10] (Microsoft Corporation)
Task: {B9A81004-43BA-4363-9ABF-193B87201967} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {B9E4A1F1-2DB6-4BC3-94FF-7658A05233FF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-11-11] (Google Inc.)
Task: {D997C8EF-F144-4FCE-B745-127417DFC146} - System32\Tasks\RunOW => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe
Task: {E086CAF7-97A0-48E7-9DFF-2A5DB645A8EF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-12-17] (Piriform Ltd)
Task: {E8A88556-8808-4FCC-8CB3-A854D9636611} - System32\Tasks\{59D05B07-6A11-49C2-A282-DC429BA8CDFB} => Chrome.exe http://ui.skype.com/ui/0/6.11.0.102/es/abandoninstall?page=tsProgressBar
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2930568964-3896399684-787456249-1000Core.job => C:\Users\Usuario\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2930568964-3896399684-787456249-1000UA.job => C:\Users\Usuario\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-10-17 11:25 - 2013-10-17 11:25 - 08866472 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-01-23 10:34 - 2012-11-22 18:57 - 00057448 _____ () C:\Windows\system32\PrxerNsp.dll
2012-06-18 12:24 - 2012-06-18 12:24 - 00222720 _____ () D:\Tools\Notepad++\NppShell_05.dll
2011-12-30 12:31 - 2014-02-10 23:38 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2011-12-29 11:36 - 2007-02-07 16:29 - 00173616 _____ () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:DocumentSummaryInformation
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:SummaryInformation
AlternateDataStreams: C:\Windows\SysWOW64\zlib.dll:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}
AlternateDataStreams: C:\ProgramData\TEMP:05E9FFE5
AlternateDataStreams: C:\ProgramData\TEMP:233BFF24
AlternateDataStreams: C:\ProgramData\TEMP:DBC416F8
AlternateDataStreams: C:\Users\Usuario\Documents:{726B6F7C-E889-4EFE-8CA3-AEF4943DBD38}
AlternateDataStreams: C:\Users\Usuario\Mis documentos:{726B6F7C-E889-4EFE-8CA3-AEF4943DBD38}
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
 
==================== Disabled items from MSCONFIG ==============
 
MSCONFIG\startupfolder: C:^Users^Usuario^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk => C:\Windows\pss\Adobe Gamma.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Usuario^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Recorte de pantalla y Selector de OneNote 2010.lnk => C:\Windows\pss\Recorte de pantalla y Selector de OneNote 2010.lnk.Startup
MSCONFIG\startupreg: 4StoryPrePatch => D:\Juegos\4Story\PrePatch.exe
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Aeria Ignite => "C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe" silent
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: Clownfish => 
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: IVONA Reader => "C:\Program Files (x86)\IVONA\IVONA Reader\IVONA Reader.exe.exe" -t -nosplash
MSCONFIG\startupreg: KiesAirMessage => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: LanguageShortcut => "C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe"
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: MurGee.com Auto Clicker => C:\Program Files (x86)\Auto Clicker\AutoClicker.exe :silent
MSCONFIG\startupreg: NBAgent => "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
MSCONFIG\startupreg: NCsoft Launcher => C:\Program Files (x86)\NCSoft\Launcher\NCLauncher.exe /Minimized
MSCONFIG\startupreg: OfficeSyncProcess => "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
MSCONFIG\startupreg: PlayNC Launcher => 
MSCONFIG\startupreg: RemoteControl => "C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe"
MSCONFIG\startupreg: RESTART_STICKY_NOTES => C:\Windows\System32\StikyNot.exe
MSCONFIG\startupreg: SMSTray => D:\Tools\Emodio\SMSTray.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
 
==================== Faulty Device Manager Devices =============
 
Name: Driver inject our D3D and OGL wrappers
Description: Driver inject our D3D and OGL wrappers
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: iZ3DInjectionDriver
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
Name: Hamachi Network Interface
Description: Hamachi Network Interface
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: LogMeIn, Inc.
Service: hamachi
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: TAP-Win32 Adapter OAS
Description: TAP-Win32 Adapter OAS
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: TAP-Win32 Provider OAS
Service: tapoas
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: AODDriver4.01
Description: AODDriver4.01
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer: 
Service: AODDriver4.01
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
 
System errors:
=============
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2014-02-06 19:47:04.509
  Description: Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\ComboFix\catchme.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo da?ado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.
 
  Date: 2014-02-06 19:47:04.438
  Description: Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\ComboFix\catchme.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo da?ado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.
 
  Date: 2014-02-06 19:47:04.365
  Description: Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\ComboFix\catchme.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo da?ado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.
 
  Date: 2014-02-06 19:47:04.292
  Description: Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\ComboFix\catchme.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo da?ado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.
 
  Date: 2013-11-11 12:01:32.818
  Description: Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo da?ado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.
 
  Date: 2013-11-11 12:01:32.740
  Description: Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo da?ado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.
 
  Date: 2013-11-11 12:00:59.046
  Description: Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo da?ado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.
 
  Date: 2013-11-11 12:00:58.983
  Description: Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo da?ado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.
 
  Date: 2013-11-11 12:00:58.905
  Description: Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo da?ado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.
 
  Date: 2013-11-11 12:00:58.843
  Description: Windows no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume2\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys porque el hash del archivo no se encuentra en el sistema. Puede que un cambio reciente de hardware o software haya instalado un archivo da?ado o con una firma incorrecta, o que exista un software malintencionado de origen desconocido.
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 25%
Total physical RAM: 7641.35 MB
Available physical RAM: 5715.71 MB
Total Pagefile: 15280.88 MB
Available Pagefile: 13324.14 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:200.95 GB) (Free:78.95 GB) NTFS
Drive d: () (Fixed) (Total:730.47 GB) (Free:53.58 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 896539BE)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=201 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=730 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================
 
 
 
As of now, the extension isn't removed, the problem persists.
 


#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:58 AM

Posted 11 February 2014 - 02:36 PM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

HKLM-x32\...\Run: [] - [X]
AppInit_DLLs: => File Not Found
AppInit_DLLs: C:\PROGRA~2\GSSUPP~1\ASSIST~2.DLL => C:\Program Files (x86)\GS Supporter\Assistant_x64.dll [2759168 2014-01-08] ()
URLSearchHook: HKLM-x32 - Default Value = {3B81079D-2AC9-425f-A494-A1C7D93AFA3C}
URLSearchHook: HKLM-x32 - GagetBox - {3B81079D-2AC9-425f-A494-A1C7D93AFA3C} - C:\Program Files (x86)\GadgetBox\gadgetBoxTB.dll No File
BHO: gurEaatsaver - {300DE0E5-072D-9BA0-8068-8A35A939AC27} - C:\Program Files (x86)\gurEaatsaver\ir5Hw4FW.x64.dll No File
FF Plugin-x32: @nprotect.com/keycrypt - C:\Windows\system32\npkfxmp.dll No File
FF HKCU\...\Firefox\Extensions: [{b011b92d-cb28-4d63-9cb1-d844192476e0}] - C:\Program Files (x86)\a2zlyr\132.xpi
CHR HKLM-x32\...\Chrome\Extension: [ciljpgjahkpnilhbolpaphfjhlejnplm] - C:\Program Files (x86)\a2zlyr\132.crx [2012-11-09]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S2 e9f32388; C:\Program Files (x86)\GS Supporter\AssistantSvc.dll [146768 2014-01-08] ()

C:\Program Files (x86)\GS Supporter
C:\Program Files (x86)\a2zlyr\132.xpi

end

Save the files as fixlist.txt in to the same folder as FRST
Run FRST and click Fix only once and wait
The tool will create a log (Fixlog.txt) please post it to your reply.

Please let me know what problem persists.

#5 Doomzday1

Doomzday1
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:58 PM

Posted 12 February 2014 - 11:11 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-02-2014 01
Ran by Usuario at 2014-02-12 13:06:00 Run:1
Running from C:\Users\Usuario\Desktop\FRST
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
 
HKLM-x32\...\Run: [] - [X]
AppInit_DLLs: => File Not Found
AppInit_DLLs: C:\PROGRA~2\GSSUPP~1\ASSIST~2.DLL => C:\Program Files (x86)\GS Supporter\Assistant_x64.dll [2759168 2014-01-08] ()
URLSearchHook: HKLM-x32 - Default Value = {3B81079D-2AC9-425f-A494-A1C7D93AFA3C}
URLSearchHook: HKLM-x32 - GagetBox - {3B81079D-2AC9-425f-A494-A1C7D93AFA3C} - C:\Program Files (x86)\GadgetBox\gadgetBoxTB.dll No File
BHO: gurEaatsaver - {300DE0E5-072D-9BA0-8068-8A35A939AC27} - C:\Program Files (x86)\gurEaatsaver\ir5Hw4FW.x64.dll No File
FF Plugin-x32: @nprotect.com/keycrypt - C:\Windows\system32\npkfxmp.dll No File
FF HKCU\...\Firefox\Extensions: [{b011b92d-cb28-4d63-9cb1-d844192476e0}] - C:\Program Files (x86)\a2zlyr\132.xpi
CHR HKLM-x32\...\Chrome\Extension: [ciljpgjahkpnilhbolpaphfjhlejnplm] - C:\Program Files (x86)\a2zlyr\132.crx [2012-11-09]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
S2 e9f32388; C:\Program Files (x86)\GS Supporter\AssistantSvc.dll [146768 2014-01-08] ()
 
C:\Program Files (x86)\GS Supporter
C:\Program Files (x86)\a2zlyr\132.xpi
 
end
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
"AppInit_DLLs: => File Not Found" => Value Data not found.
"C:\\PROGRA~2\\GSSUPP~1\\ASSIST~2.DLL" => Value Data removed successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\ => Value deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{3B81079D-2AC9-425f-A494-A1C7D93AFA3C} => Value deleted successfully.
HKCR\Wow6432Node\CLSID\{3B81079D-2AC9-425f-A494-A1C7D93AFA3C} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{300DE0E5-072D-9BA0-8068-8A35A939AC27} => Key deleted successfully.
HKCR\CLSID\{300DE0E5-072D-9BA0-8068-8A35A939AC27} => Key deleted successfully.
HKLM\Software\Wow6432Node\MozillaPlugins\@nprotect.com/keycrypt => Key deleted successfully.
C:\Windows\system32\npkfxmp.dll not found.
HKCU\Software\Mozilla\Firefox\Extensions\\{b011b92d-cb28-4d63-9cb1-d844192476e0} => Value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ciljpgjahkpnilhbolpaphfjhlejnplm => Key deleted successfully.
"C:\Program Files (x86)\a2zlyr\132.crx" => File/Directory not found.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
e9f32388 => Service deleted successfully.
 
"C:\Program Files (x86)\GS Supporter" directory move:
 
C:\Program Files (x86)\GS Supporter\Assistant.dll => Moved successfully.
Could not move "C:\Program Files (x86)\GS Supporter\AssistantSvc.dll" => Scheduled to move on reboot.
C:\Program Files (x86)\GS Supporter\Assistant_x64.dll => Moved successfully.
Could not move "C:\Program Files (x86)\GS Supporter" directory. => Scheduled to move on reboot.
 
"C:\Program Files (x86)\a2zlyr\132.xpi" => File/Directory not found.
 
=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-02-12 13:07:50)<=
 
C:\Program Files (x86)\GS Supporter\AssistantSvc.dll => Is moved successfully.
C:\Program Files (x86)\GS Supporter => Is moved successfully.
 
==== End of Fixlog ====
 
The extension is still there.


#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:58 AM

Posted 12 February 2014 - 01:55 PM

Let me see what we can find in the registry.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2


If your operating system is 64 bit download this tool:
SystemLook_x64.exe
  • Double-click SystemLook.exe
  • to run it.
  • Copy and paste the content
  • of the following bold text into the main textfield:
    :reg
    C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions

    :regfind
    BiloickTheAds
    Blockheads
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
  • Note: The log can also be found on your Desktop entitled SystemLook.txt.


#7 Doomzday1

Doomzday1
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:58 PM

Posted 12 February 2014 - 02:24 PM

Thanks for the continued help!

 

Here's the result from the scan:

 

SystemLook 30.07.11 by jpshortstuff
Log created at 16:22 on 12/02/2014 by Usuario
Administrator - Elevation successful
 
========== reg ==========
 
[C:\Users\Usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions]
Hive unrecognized.
 
========== regfind ==========
 
Searching for "BiloickTheAds"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BulOckkTheAds.BulOckkTheAds]
@="BiloickTheAds"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BulOckkTheAds.BulOckkTheAds.1.4]
@="BiloickTheAds"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{555B709E-D8C1-E3D6-18AF-7066E33F2EEB}]
@="BiloickTheAds"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{555B709E-D8C1-E3D6-18AF-7066E33F2EEB}\InprocServer32]
@="C:\ProgramData\BiloickTheAds\eSIplyE.x64.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{555B709E-D8C1-E3D6-18AF-7066E33F2EEB}]
@="BiloickTheAds"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{555B709E-D8C1-E3D6-18AF-7066E33F2EEB}\InprocServer32]
@="C:\ProgramData\BiloickTheAds\eSIplyE.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{555B709E-D8C1-E3D6-18AF-7066E33F2EEB}]
@="BiloickTheAds"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{555B709E-D8C1-E3D6-18AF-7066E33F2EEB}\InprocServer32]
@="C:\ProgramData\BiloickTheAds\eSIplyE.dll"
 
Searching for "Blockheads"
No data found.
 
-= EOF =-


#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:58 AM

Posted 12 February 2014 - 02:29 PM

; Purpose: Remove traces in the registry.
;
; Instructions: Copy and paste this text IN BOLD into a text editor such as Notepad.
;
; Save this text as Fix.reg. Make sure the "Save as type:" is "All Files (*.*)" and save it to your desktop.
 

Windows Registry Editor Version 5.00
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BulOckkTheAds.BulOckkTheAds]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\BulOckkTheAds.BulOckkTheAds.1.4]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{555B709E-D8C1-E3D6-18AF-7066E33F2EEB}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{555B709E-D8C1-E3D6-18AF-7066E33F2EEB}\InprocServer32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{555B709E-D8C1-E3D6-18AF-7066E33F2EEB}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{555B709E-D8C1-E3D6-18AF-7066E33F2EEB}\InprocServer32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{555B709E-D8C1-E3D6-18AF-7066E33F2EEB}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{555B709E-D8C1-E3D6-18AF-7066E33F2EEB}\InprocServer32]



; Double-click on Fix.reg. When it asks you to merge the information to the registry click Yes.

On a Vista or Windows 7 operating system, right click the Fix.reg and run as Administrator.

Delete the Fix.reg file when done.

Restart the computer to reset the registry.

How is it now?

#9 Doomzday1

Doomzday1
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:58 PM

Posted 12 February 2014 - 02:45 PM

Okay, i did that, but the extension is still here.



#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:58 AM

Posted 13 February 2014 - 08:15 AM

Nothing shows up in your logs.
Need additional information.

Navigate to this site.
http://malwaretips.com/blogs/installed-enterprise-policy-removal/

Refer to these sections.

STEP 1: Uninstall the program that has installed the “Installed by enterprise policy” extension on Google Chrome
STEP 2: Find the name of the “Installed by enterprise policy” malicious extension and write down its ID


Can you give me the ID number of that extension.
In the example it YoutubeAdBlocker and the ID Start with hfgk....

I would apprecidate this information. I will report it to the Developer of the AdwCleaner tool.

Post the information and wait for further instructions.

#11 Doomzday1

Doomzday1
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:58 PM

Posted 13 February 2014 - 10:03 AM

The ID of the extension is jglehfbkpcjjepkdnmadmilfkmeeagge, i read the information on the site but didn't follow any of the steps, waiting for your response.



#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:58 AM

Posted 13 February 2014 - 02:08 PM

Run the SystemLook too and enter the following in the main textfield:

:filefind
jglehfbkpcjjepkdnmadmilfkmeeagge
jglehfbkpcjjepkdnmadmilfkmeeagge.*

:regfind
jglehfbkpcjjepkdnmadmilfkmeeagge



Click the Look button. Post the result on you next reply.

#13 Doomzday1

Doomzday1
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:58 PM

Posted 13 February 2014 - 02:17 PM

SystemLook 30.07.11 by jpshortstuff
Log created at 16:14 on 13/02/2014 by Usuario
Administrator - Elevation successful
 
========== filefind ==========
 
Searching for "jglehfbkpcjjepkdnmadmilfkmeeagge"
No files found.
 
Searching for "jglehfbkpcjjepkdnmadmilfkmeeagge.*"
C:\ProgramData\jglehfbkpcjjepkdnmadmilfkmeeagge\jglehfbkpcjjepkdnmadmilfkmeeagge.crx --a---- 8801 bytes [00:00 31/01/2014] [00:00 31/01/2014] 88D6CE219ED2B2F25D8F5EC47FCB6C24
C:\Users\All Users\jglehfbkpcjjepkdnmadmilfkmeeagge\jglehfbkpcjjepkdnmadmilfkmeeagge.crx --a---- 8801 bytes [00:00 31/01/2014] [00:00 31/01/2014] 88D6CE219ED2B2F25D8F5EC47FCB6C24
 
========== regfind ==========
 
Searching for "jglehfbkpcjjepkdnmadmilfkmeeagge"
No data found.
 
-= EOF =-


#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,753 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:58 AM

Posted 13 February 2014 - 02:31 PM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start


C:\ProgramData\jglehfbkpcjjepkdnmadmilfkmeeagge
C:\Users\All Users\jglehfbkpcjjepkdnmadmilfkmeeagge

C:\ProgramData\jglehfbkpcjjepkdnmadmilfkmeeagge\jglehfbkpcjjepkdnmadmilfkmeeagge.crx
C:\Users\All Users\jglehfbkpcjjepkdnmadmilfkmeeagge\jglehfbkpcjjepkdnmadmilfkmeeagge.crx 

end

Save the files as fixlist.txt in to the same folder as FRST
Run FRST and click Fix only once and wait
The tool will create a log (Fixlog.txt) please post it to your reply.

Keep me posted.

#15 Doomzday1

Doomzday1
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:58 PM

Posted 13 February 2014 - 05:00 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-02-2014 01
Ran by Usuario at 2014-02-13 18:59:35 Run:2
Running from C:\Users\Usuario\Desktop\FRST
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
 
 
C:\ProgramData\jglehfbkpcjjepkdnmadmilfkmeeagge
C:\Users\All Users\jglehfbkpcjjepkdnmadmilfkmeeagge
 
C:\ProgramData\jglehfbkpcjjepkdnmadmilfkmeeagge\jglehfbkpcjjepkdnmadmilfkmeeagge.crx
C:\Users\All Users\jglehfbkpcjjepkdnmadmilfkmeeagge\jglehfbkpcjjepkdnmadmilfkmeeagge.crx 
 
end
*****************
 
C:\ProgramData\jglehfbkpcjjepkdnmadmilfkmeeagge => Moved successfully.
"C:\Users\All Users\jglehfbkpcjjepkdnmadmilfkmeeagge" => File/Directory not found.
"C:\ProgramData\jglehfbkpcjjepkdnmadmilfkmeeagge\jglehfbkpcjjepkdnmadmilfkmeeagge.crx" => File/Directory not found.
"C:\Users\All Users\jglehfbkpcjjepkdnmadmilfkmeeagge\jglehfbkpcjjepkdnmadmilfkmeeagge.crx" => File/Directory not found.
 
==== End of Fixlog ====





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users