TechSpot

Please: patched.a.gen and sirefef

By FERAC
Jul 29, 2012
  1. Hi I did all your steps here are the logs. Please could you help me? Thank you very much

    MBAM

    Malwarebytes Anti-Malware 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.07.29.07

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    FAC :: PC [administrator]

    29/07/2012 08:54:50 a.m.
    mbam-log-2012-07-29 (08-54-50).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 214271
    Time elapsed: 3 minute(s), 10 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  2. FERAC

    FERAC TS Rookie Topic Starter Posts: 21

    GMER

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-07-29 11:18:48
    Windows 6.1.7601 Service Pack 1
    Running: ew5cejw4.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\bc77373509cf
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x49 0x7C 0x00 0x8B ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xD3 0x92 0x5C 0xF8 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x07 0x7F 0xCC 0xF4 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x37 0x8C 0xCD 0x16 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x04 0xE7 0xF2 0x64 ...
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\bc77373509cf (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x49 0x7C 0x00 0x8B ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xD3 0x92 0x5C 0xF8 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x64 0x54 0x28 0x27 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x37 0x8C 0xCD 0x16 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x04 0xE7 0xF2 0x64 ...

    ---- EOF - GMER 1.0.15 ----
     
  3. FERAC

    FERAC TS Rookie Topic Starter Posts: 21

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421
    Run by FAC at 11:19:55 on 2012-07-29
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.51.3082.18.7084.3866 [GMT -5:00]
    .
    AV: ESET NOD32 Antivirus 5.0 *Enabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
    SP: ESET NOD32 Antivirus 5.0 *Enabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
    C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
    C:\Program Files\Board\Board Server\BoardEngine.exe
    C:\Program Files (x86)\Board\Board Web Server\BoardSilverlightService.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Program Files (x86)\NEC Projector User Supportware\Image Express Utility Lite\IEU_Service.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
    C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
    C:\Windows\SysWOW64\vmnat.exe
    C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
    C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\SysWOW64\vmnetdhcp.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\taskmgr.exe
    C:\Program Files (x86)\Board\Board Web Server\BoardSilverlightServiceWorker.exe
    C:\Program Files (x86)\Board\Board Web Server\BoardSilverlightServiceWorker.exe
    C:\Program Files (x86)\Board\Board Web Server\BoardSilverlightServiceWorker.exe
    C:\Program Files (x86)\Board\Board Web Server\BoardSilverlightServiceWorker.exe
    C:\Program Files (x86)\Board\Board Web Server\BoardSilverlightServiceWorker.exe
    C:\Program Files (x86)\Board\Board Web Server\BoardSilverlightServiceWorker.exe
    C:\Program Files (x86)\Board\Board Web Server\BoardSilverlightServiceWorker.exe
    C:\Program Files (x86)\Board\Board Web Server\BoardSilverlightServiceWorker.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    C:\WINDOWS\System32\igfxtray.exe
    C:\WINDOWS\System32\hkcmd.exe
    C:\WINDOWS\System32\igfxpers.exe
    C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\Program Files (x86)\Red Gate\SQL Prompt 4\RedGate.SQLPrompt.TrayApp.exe
    C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Users\FAC\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\FAC\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\FAC\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\FAC\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\FAC\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\FAC\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\FAC\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\FAC\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\FAC\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\FAC\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Users\FAC\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\FAC\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\FAC\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\FAC\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\FAC\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\FAC\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\SysWOW64\NOTEPAD.EXE
    C:\Users\FAC\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\notepad.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uDefault_Page_URL = hxxp://www1.la.dell.com/content/default.aspx?c=pe&l=es&s=gen
    mWinlogon: Userinit=userinit.exe,
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: Aplicación auxiliar de inicio de sesión de Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
    BHO: SSOIEAddonBHO Class: {da5bce70-d057-4d63-943d-5f3927ec59f1} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    EB: Developer Tools: {1a6fe369-f28c-4ad9-a3e6-2bcb50807cf1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll
    uRun: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
    uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
    mRun: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
    mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
    mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
    mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SQLPRO~1.LNK - C:\Program Files (x86)\Red Gate\SQL Prompt 4\RedGate.SQLPrompt.TrayApp.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
    LSP: mswsock.dll
    LSP: %SystemRoot%\system32\vsocklib.dll
    DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    TCP: Interfaces\{27A3F84D-293F-4500-8062-4B28402863C9} : NameServer = 200.48.225.130,200.48.225.146
    TCP: Interfaces\{27A3F84D-293F-4500-8062-4B28402863C9}\1447C616E6479637 : DhcpNameServer = 200.48.225.130 200.48.225.146
    TCP: Interfaces\{27A3F84D-293F-4500-8062-4B28402863C9}\2554445435D2D494E494E4455425 : DhcpNameServer = 172.16.8.11 172.16.8.19
    TCP: Interfaces\{27A3F84D-293F-4500-8062-4B28402863C9}\54B4F4445435 : DhcpNameServer = 200.48.225.130 200.48.225.146
    TCP: Interfaces\{27A3F84D-293F-4500-8062-4B28402863C9}\84F4E474F435 : DhcpNameServer = 200.48.225.130 200.48.225.146
    TCP: Interfaces\{27A3F84D-293F-4500-8062-4B28402863C9}\D494450235E214E234 : DhcpNameServer = 192.168.1.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    Notify: FastAccess - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll
    AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
    LSA: Notification Packages = scecli FAPassSync
    IFEO: alchemy.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
    IFEO: avatarimport.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
    IFEO: avfximport.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
    IFEO: faconsu.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
    IFEO: fasecfacx.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
    {72853161-30C5-4D22-B7F9-0BBC1D38A37E}
    {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
    {9030D464-4C02-4ABF-8ECC-5164760863C6}
    {9FDDE16B-836F-4806-AB1F-1455CBEFF289}
    {AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    {B4F3A835-0E21-4959-BA22-42B3008E02FF}
    {DA5BCE70-D057-4D63-943D-5F3927EC59F1}
    {DBC80044-A445-435b-BC74-9C25C1C588A9}
    EB-X64: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - No File
    mRun-x64: [FATrayAlert REG_SZ C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe ]
    mRun-x64: [Dell Webcam Central REG_SZ "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 ]
    mRun-x64: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
    mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun-x64: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
    AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll
    SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook
    IFEO-X64: alchemy.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
    IFEO-X64: avatarimport.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
    IFEO-X64: avfximport.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
    IFEO-X64: faconsu.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
    IFEO-X64: fasecfacx.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
    .
    Note: multiple IFEO entries found. Please refer to Attach.txt
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]
    R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
    R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\system32\DRIVERS\stdcfltn.sys --> C:\Windows\system32\DRIVERS\stdcfltn.sys [?]
    R1 nvkflt;nvkflt;C:\Windows\system32\DRIVERS\nvkflt.sys --> C:\Windows\system32\DRIVERS\nvkflt.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-4-22 98208]
    R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-1-24 901184]
    R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-1-24 991296]
    R2 Board7;Board 7 Engine;C:\Program Files\Board\Board Server\BoardEngine.exe [2012-3-23 20480]
    R2 Board7Silverlight;Board 7 Web Engine;C:\Program Files (x86)\Board\Board Web Server\BoardSilverlightService.exe [2012-3-23 134656]
    R2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]
    R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-9-6 974944]
    R2 IEU_Service;NEC Projector USB Display Service;C:\Program Files (x86)\NEC Projector User Supportware\Image Express Utility Lite\IEU_Service.exe [2012-4-13 69120]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-5-3 2348352]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-29 382272]
    R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-1-19 3027840]
    R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2011-10-12 2072896]
    R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-4-21 2656280]
    R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-8-21 846448]
    R2 VMwareHostd;VMware Workstation Server;C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2011-8-22 11837440]
    R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Accelern.sys --> C:\Windows\system32\DRIVERS\Accelern.sys [?]
    R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-1-24 1298496]
    R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\system32\DRIVERS\btmaux.sys --> C:\Windows\system32\DRIVERS\btmaux.sys [?]
    R3 btmhsf;btmhsf;C:\Windows\system32\DRIVERS\btmhsf.sys --> C:\Windows\system32\DRIVERS\btmhsf.sys [?]
    R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
    R3 iBtFltCoex;iBtFltCoex;C:\Windows\system32\DRIVERS\iBtFltCoex.sys --> C:\Windows\system32\DRIVERS\iBtFltCoex.sys [?]
    R3 IntcDAud;Sonido Intel(R) para pantallas;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
    R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 NETwNs64;___ Controlador del adaptador Intel(R) Wireless WiFi Link para Windows 7 de 64 bits;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
    R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
    R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
    R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    R3 qicflt;upper Device Filter Driver;C:\Windows\system32\DRIVERS\qicflt.sys --> C:\Windows\system32\DRIVERS\qicflt.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-9-22 11856]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
    R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 epfwwfpr;epfwwfpr;C:\Windows\system32\DRIVERS\epfwwfpr.sys --> C:\Windows\system32\DRIVERS\epfwwfpr.sys [?]
    S2 gupdate;Google Update Servicio (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-7-12 116648]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-9 250056]
    S3 FACAP;facap, FastAccess Video Capture;C:\Windows\system32\DRIVERS\facap.sys --> C:\Windows\system32\DRIVERS\facap.sys [?]
    S3 gupdatem;Google Update Servicio (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-7-12 116648]
    S3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
    S3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
    S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
    S3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;C:\Windows\system32\DRIVERS\nvstusb.sys --> C:\Windows\system32\DRIVERS\nvstusb.sys [?]
    S3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2011-4-21 79360]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
    S3 WatAdminSvc;Servicio de tecnologías de activación de Windows;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S4 FAService;FAService;C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe [2010-11-1 2428552]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2012-07-29 04:42:38--------d-----w-C:\Users\FAC\AppData\Local\{ED932E98-07C1-4612-99BE-5F80BFA50CB4}
    2012-07-29 04:42:25--------d-----w-C:\Users\FAC\AppData\Local\{E61FEAB6-851D-4F72-8895-A140412C90B6}
    2012-07-29 00:40:06--------d-----w-C:\Users\FAC\AppData\Roaming\Malwarebytes
    2012-07-29 00:39:4824904----a-w-C:\Windows\System32\drivers\mbam.sys
    2012-07-29 00:39:48--------d-----w-C:\ProgramData\Malwarebytes
    2012-07-29 00:39:47--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-07-28 21:46:44--------d-----w-C:\Program Files (x86)\stinger
    2012-07-22 16:05:24--------d-----w-C:\Users\FAC\AppData\Roaming\runic games
    2012-07-22 14:56:06--------d-----w-C:\Program Files (x86)\THQ
    2012-07-22 13:17:09--------d-----w-C:\Program Files (x86)\Runic Games
    2012-07-22 12:47:21--------d-----w-C:\Users\FAC\AppData\Local\{8A321CB4-F715-428A-B1F1-6EDEE9C49CDC}
    2012-07-22 12:47:10--------d-----w-C:\Users\FAC\AppData\Local\{2D8A6715-0624-467B-BF6B-1C6AEF6B3961}
    2012-07-22 00:53:47--------d-----w-C:\Users\FAC\AppData\Local\FLT
    2012-07-22 00:53:47--------d-----w-C:\Users\FAC\AppData\Local\2012
    2012-07-15 13:32:03--------d-----w-C:\Users\FAC\AppData\Local\{89B1F2E4-9720-44FF-97F6-79923C36F6BE}
    2012-07-15 13:31:52--------d-----w-C:\Users\FAC\AppData\Local\{533E5A63-922A-4360-82A9-EDE670DAD33B}
    2012-07-15 01:31:26--------d-----w-C:\Users\FAC\AppData\Local\{0F6A4ED6-B520-4E90-ADA6-A8491720BAB0}
    2012-07-15 01:31:14--------d-----w-C:\Users\FAC\AppData\Local\{4A24130E-ED69-4BEA-A2FF-6AB9CE0AE6CB}
    2012-07-14 01:57:31--------d-----w-C:\Users\FAC\AppData\Local\{4D3B1C14-1DC2-4C32-9B92-0E592917E361}
    2012-07-14 01:57:20--------d-----w-C:\Users\FAC\AppData\Local\{1C847B92-75FC-4E42-9FDD-21A3A42A489F}
    2012-07-13 02:42:22--------d-----w-C:\Users\FAC\AppData\Local\{653EC06C-C034-4362-849A-36806534566F}
    2012-07-13 02:42:03--------d-----w-C:\Users\FAC\AppData\Local\{0930AB24-6963-4792-BC7A-2144B658AD6B}
    2012-07-12 11:01:39--------d-s---w-C:\Users\FAC\Google Drive
    2012-07-09 10:31:01--------d-----w-C:\Users\FAC\AppData\Local\{946A31AA-6745-4759-B9A2-5DF168FF0E29}
    2012-07-09 10:30:49--------d-----w-C:\Users\FAC\AppData\Local\{3E608C65-06F6-4BDF-9A36-BB4512C515F5}
    2012-07-08 22:30:24--------d-----w-C:\Users\FAC\AppData\Local\{6F8AC0ED-B43E-4E02-A694-0B4C315E251A}
    2012-07-08 22:30:12--------d-----w-C:\Users\FAC\AppData\Local\{FA59F42B-CF59-4277-B373-83CC033EA3C9}
    2012-07-08 02:15:32--------d-----w-C:\Users\FAC\AppData\Local\{A30E3A44-C51F-4784-8F46-A8DC214B9E84}
    2012-07-08 02:15:17--------d-----w-C:\Users\FAC\AppData\Local\{45D86823-9E61-47D0-BA61-FEB481C7FC50}
    2012-07-07 06:22:17--------d-----w-C:\Users\FAC\AppData\Local\{B7B5DC1F-64AD-458D-B9EE-614B51B2F6AF}
    2012-07-07 06:22:04--------d-----w-C:\Users\FAC\AppData\Local\{77C57E54-220A-4385-BB22-DFA130EFE193}
    2012-07-05 03:12:24--------d-----w-C:\Program Files (x86)\Telltale Games
    2012-07-04 02:28:54--------d-----w-C:\Users\FAC\AppData\Local\{7DD2A09A-33C2-4700-9B9A-679226663AB6}
    2012-07-04 02:28:39--------d-----w-C:\Users\FAC\AppData\Local\{6743AA27-EF15-421D-BD0D-CB7A21592D78}
    2012-07-02 07:44:25--------d-----w-C:\Users\FAC\AppData\Local\{DE71E766-F71E-421F-B561-BBD7CD0C840C}
    2012-07-02 07:43:48--------d-----w-C:\Users\FAC\AppData\Local\{AA5D7126-BA5E-497D-8364-9669F393928A}
    2012-07-01 12:19:29--------d-----w-C:\Users\FAC\AppData\Local\{9AFBBE61-47C4-40C8-B01F-528A131984C2}
    2012-07-01 12:19:18--------d-----w-C:\Users\FAC\AppData\Local\{FE825E6D-CF94-4CA8-AEBA-626CF0AD94A3}
    2012-06-30 16:59:37--------d-----w-C:\Users\FAC\AppData\Local\{6428FD0A-DA3A-4524-AF00-EC294C511DF1}
    2012-06-30 16:59:22--------d-----w-C:\Users\FAC\AppData\Local\{E8B5A077-FAC3-49F1-95D2-15B229F34C16}
    2012-06-30 00:12:24--------d-----w-C:\Users\FAC\AppData\Local\{431A41D7-1B0C-4BDC-BF4F-B07E3C6CC0A8}
    2012-06-30 00:12:11--------d-----w-C:\Users\FAC\AppData\Local\{5863B0A1-F7CD-49C1-A191-C9DEC405C34E}
    .
    ==================== Find3M ====================
    .
    2012-07-27 08:14:0270344----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-07-27 08:14:02426184----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-06-02 22:15:312622464----a-w-C:\Windows\System32\wucltux.dll
    2012-06-02 22:15:0899840----a-w-C:\Windows\System32\wudriver.dll
    2012-06-02 20:19:42186752----a-w-C:\Windows\System32\wuwebv.dll
    2012-06-02 20:15:1236864----a-w-C:\Windows\System32\wuapp.exe
    .
    ============= FINISH: 11:20:23.86 ===============
     
  4. FERAC

    FERAC TS Rookie Topic Starter Posts: 21

    DDS Attach
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 06/01/2012 08:32:28 p.m.
    System Uptime: 28/07/2012 07:47:42 p.m. (16 hours ago)
    .
    Motherboard: Dell Inc. | | 0NJT03
    Processor: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz | CPU | 780/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 451 GiB total, 24.521 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    J: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
    Description: facap, FastAccess Video Capture
    Device ID: ROOT\IMAGE\0000
    Manufacturer: Sensible Vision
    Name: facap, FastAccess Video Capture
    PNP Device ID: ROOT\IMAGE\0000
    Service: FACAP
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Image File Execution Options =============
    .
    IFEO: alchemy.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
    IFEO: avatarimport.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
    IFEO: avfximport.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
    IFEO: faconsu.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
    IFEO: fasecfacx.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
    IFEO: webcamdell2.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
    IFEO-X64: alchemy.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
    IFEO-X64: avatarimport.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
    IFEO-X64: avfximport.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
    IFEO-X64: faconsu.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
    IFEO-X64: fasecfacx.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
    IFEO-X64: webcamdell2.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
    .
    ==== Installed Programs ======================
    .
    .
    Update for Microsoft Office 2007 (KB2508958)
    AccelerometerP11
    ActiveState Komodo Edit 7.0.2
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Advanced Audio FX Engine
    µTorrent
    BDE_ENT
    Board 7 Client
    Board 7 Web Server
    Borland C++Builder 6
    BulletStorm
    Camtasia Studio 6
    CloneCD
    CodeSite Express 4.6.1
    CollabNet Subversion Client 1.6.12
    Control ActiveX de Windows Live Mesh para conexiones remotas
    Crystal Reports Basic for Visual Studio 2008
    D3DX10
    DAEMON Tools Lite
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Dell Webcam Central
    DevExpress Example Runner
    Embarcadero Delphi and C++Builder XE2 Help System
    Embarcadero RAD Studio XE2
    Foxit Reader 5.1
    Galería fotográfica de Windows Live
    GDR 1617 para SQL Server 2008 R2 (KB2494088)
    GOM Player
    Google Chrome
    Google Drive
    Google Update Helper
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
    Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
    Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB2538241)
    Image Express Utility Lite
    Intel(R) Management Engine Components
    Intel(R) Processor Graphics
    Intel(R) Wireless Display
    Java Auto Updater
    Java(TM) 6 Update 31
    Junk Mail filter update
    LMD-Tools Special Edition (CBuilder 6)
    Malwarebytes Anti-Malware version 1.62.0.1300
    MDF to ISO version 1.0
    Mesh Runtime
    Messenger Companion
    Microsoft .NET Compact Framework 2.0 SP2
    Microsoft .NET Compact Framework 3.5
    Microsoft Access database engine 2010 (English)
    Microsoft Application Error Reporting
    Microsoft Document Explorer 2008
    Microsoft Dynamics Sure Step 2010
    Microsoft Dynamics Sure Step 2012 Language Pack (English)
    Microsoft Dynamics Sure Step 2012 Language Pack (Spanish)
    Microsoft Games for Windows - LIVE
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Office 2007 Primary Interop Assemblies
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Project MUI (Spanish) 2007
    Microsoft Office Project Professional 2007
    Microsoft Office Proof (Basque) 2007
    Microsoft Office Proof (Catalan) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Galician) 2007
    Microsoft Office Proof (Portuguese (Brazil)) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Proofing (Spanish) 2007
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared MUI (Spanish) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
    Microsoft Office Visio MUI (Spanish) 2007
    Microsoft Office Visio Professional 2007
    Microsoft Office Visual Web Developer 2007
    Microsoft Office Visual Web Developer MUI (English) 2007
    Microsoft Office Word MUI (English) 2010
    Microsoft Report Viewer Redistributable 2008 (KB971119)
    Microsoft Report Viewer Redistributable 2008 SP1
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft SQL Server 2008 Management Objects
    Microsoft SQL Server 2008 R2
    Microsoft SQL Server 2008 R2 Policies
    Microsoft SQL Server 2008 R2 Setup (English)
    Microsoft SQL Server 2008 Setup Support Files
    Microsoft SQL Server Compact 3.5 for Devices ENU
    Microsoft SQL Server Compact 3.5 SP1 Design Tools English
    Microsoft SQL Server Compact 3.5 SP2 ENU
    Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU
    Microsoft SQL Server Database Publishing Wizard 1.3
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Microsoft Visual FoxPro 9.0 Professional - English
    Microsoft Visual FoxPro OLE DB Provider
    Microsoft Visual J# 2.0 Redistributable Package
    Microsoft Visual Studio 2005 Tools for Office Runtime
    Microsoft Visual Studio 2008 Professional Edition - ENU
    Microsoft Visual Studio 2008 Professional Edition - ENU Service Pack 1 (KB945140)
    Microsoft Visual Studio 2008 Remote Debugger - ENU Service Pack 1 (KB945140)
    Microsoft Visual Studio Tools for Applications 2.0 - ENU
    Microsoft Visual Studio Web Authoring Component
    Microsoft XNA Framework Redistributable 3.1
    MSDN Library for Visual Studio 2008 - ENU
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MySQL Workbench 5.2 CE
    Need for Speed™ The Run
    Notepad++
    NVIDIA PhysX
    NVIDIA Stereoscopic 3D Driver
    PostgreSQL OLE DB Provider
    PremiumSoft Navicat Premium 10.0
    Prezi Desktop
    Pro VCL Extensions Library 1.85
    Project64 1.6
    psqlODBC 09.00.0310
    RadPHP XE2
    Rage
    Realtek High Definition Audio Driver
    Saints Row The Third
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2584063)
    Security Update for 2007 Microsoft Office System (KB951550)
    Security Update for 2007 Microsoft Office System (KB951944)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
    Security Update for Microsoft Office Project 2007 (KB949046)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
    Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
    Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
    Security Update for Microsoft Visual Studio 2008 Professional Edition - ENU (KB2251487)
    Security Update for Microsoft Visual Studio 2008 Professional Edition - ENU (KB2669970)
    Security Update for Microsoft Visual Studio 2008 Professional Edition - ENU (KB972222)
    Security Update for Microsoft Visual Studio 2008 Professional Edition - ENU (KB973675)
    Skype Toolbars
    Skype™ 4.2
    SMPlayer 0.6.9
    SQL Prompt 4
    SQL Server 2008 R2 Common Files
    SQL Server 2008 R2 Management Studio
    SQL Server System CLR Types
    StarCraft II
    TeamViewer 7
    TMPGEnc Video Mastering Works
    tools-freebsd
    tools-linux
    tools-netware
    tools-solaris
    tools-windows
    tools-winPre2k
    Torchlight
    TuneUp Utilities 2012
    TuneUp Utilities Language Pack (en-US)
    Ubisoft Game Launcher
    Update for 2007 Microsoft Office System (KB2284654)
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553092)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
    Update for Microsoft Visual Studio Web Authoring Component (KB945140)
    VC Runtimes MSI
    VirtualCloneDrive
    Visual C++ 2008 IA64 Runtime - (v9.0.30729)
    Visual C++ 2008 IA64 Runtime - v9.0.30729.01
    Visual C++ 2008 x64 Runtime - (v9.0.30729)
    Visual C++ 2008 x64 Runtime - v9.0.30729.01
    Visual C++ 2008 x86 Runtime - (v9.0.30729)
    Visual C++ 2008 x86 Runtime - (v9.0.30729.4148)
    Visual C++ 2008 x86 Runtime - (v9.0.30729.6161)
    Visual C++ 2008 x86 Runtime - v9.0.30729.01
    Visual C++ 2008 x86 Runtime - v9.0.30729.4148
    Visual C++ 2008 x86 Runtime - v9.0.30729.6161
    Visual FoxPro 9.0 Baseline - English
    Visual FoxPro 9.0 Professional - English
    Visual FoxPro ODBC Driver
    Visual Studio 2005 Tools for Office Second Edition Runtime
    Visual Studio Tools for the Office system 3.0 Runtime
    Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258)
    VMware Workstation
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Mobile 5.0 SDK R2 for Pocket PC
    Windows Mobile 5.0 SDK R2 for Smartphone
    .
    ==== Event Viewer Messages From Past Week ========
    .
    28/07/2012 07:50:07 p.m., Error: Service Control Manager [7003] -
    28/07/2012 07:09:25 p.m., Error: Microsoft-Windows-WLAN-AutoConfig [10000] - El módulo de extensibilidad de WLAN no se pudo iniciar. Ruta de acceso del módulo: C:\Windows\System32\IWMSSvc.dll Código de error: 87
    28/07/2012 07:06:12 p.m., Error: Microsoft-Windows-WLAN-AutoConfig [10000] - El módulo de extensibilidad de WLAN no se pudo iniciar. Ruta de acceso del módulo: C:\Windows\System32\IWMSSvc.dll Código de error: 87
    28/07/2012 07:00:00 p.m., Error: Microsoft-Windows-DistributedCOM [10005] - Error de DCOM "1084" al intentar iniciar el servicio MSIServer con argumentos "" para ejecutar el servidor: {000C101C-0000-0000-C000-000000000046}
    28/07/2012 04:56:45 p.m., Error: Microsoft-Windows-DistributedCOM [10005] - Error de DCOM "1068" al intentar iniciar el servicio netprofm con argumentos "" para ejecutar el servidor: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    28/07/2012 04:52:04 p.m., Error: Microsoft-Windows-DistributedCOM [10005] - Error de DCOM "1084" al intentar iniciar el servicio WSearch con argumentos "" para ejecutar el servidor: {9E175B6D-F52A-11D8-B9A5-505054503030}
    28/07/2012 04:52:04 p.m., Error: Microsoft-Windows-DistributedCOM [10005] - Error de DCOM "1084" al intentar iniciar el servicio WSearch con argumentos "" para ejecutar el servidor: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    28/07/2012 04:52:03 p.m., Error: Microsoft-Windows-DistributedCOM [10005] - Error de DCOM "1068" al intentar iniciar el servicio fdPHost con argumentos "" para ejecutar el servidor: {D3DCB472-7261-43CE-924B-0704BD730D5F}
    28/07/2012 04:52:03 p.m., Error: Microsoft-Windows-DistributedCOM [10005] - Error de DCOM "1068" al intentar iniciar el servicio fdPHost con argumentos "" para ejecutar el servidor: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    28/07/2012 04:52:02 p.m., Error: Microsoft-Windows-DistributedCOM [10005] - Error de DCOM "1068" al intentar iniciar el servicio netman con argumentos "" para ejecutar el servidor: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    28/07/2012 04:52:01 p.m., Error: Microsoft-Windows-DistributedCOM [10005] - Error de DCOM "1084" al intentar iniciar el servicio EventSystem con argumentos "" para ejecutar el servidor: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    28/07/2012 04:51:56 p.m., Error: Microsoft-Windows-DistributedCOM [10005] - Error de DCOM "1084" al intentar iniciar el servicio ShellHWDetection con argumentos "" para ejecutar el servidor: {DD522ACC-F821-461A-A407-50B198B896DC}
    28/07/2012 04:51:23 p.m., Error: sptd [4] - El controlador detectó un error interno en la estructura de datos de .
    28/07/2012 04:48:39 p.m., Error: sptd [4] - El controlador detectó un error interno en la estructura de datos de .
    27/07/2012 09:35:16 p.m., Error: Disk [11] - El controlador detectó un error de controladora en \Device\Harddisk1\DR3.
    27/07/2012 09:35:15 p.m., Error: Disk [11] - El controlador detectó un error de controladora en \Device\Harddisk1\DR3.
    27/07/2012 09:35:14 p.m., Error: Disk [11] - El controlador detectó un error de controladora en \Device\Harddisk1\DR3.
    .
    ==== End Of File ===========================
     
  5. Broni

    Broni Malware Annihilator Posts: 52,905   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =========================================

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    =======================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
     
  6. FERAC

    FERAC TS Rookie Topic Starter Posts: 21

    Thank you very much for your quick response

    RogueKiller V7.6.4 [07/17/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User: FAC [Admin rights]
    Mode: Scan -- Date: 07/29/2012 14:38:01

    ¤¤¤ Bad processes: 0 ¤¤¤

    ¤¤¤ Registry Entries: 10 ¤¤¤
    [DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{27A3F84D-293F-4500-8062-4B28402863C9} : NameServer (200.48.225.130,200.48.225.146) -> FOUND
    [DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{27A3F84D-293F-4500-8062-4B28402863C9} : NameServer (200.48.225.130,200.48.225.146) -> FOUND
    [IFEO] HKLM\[...]\Image File Execution Options : alchemy.exe ("C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe") -> FOUND
    [IFEO] HKLM\[...]\Image File Execution Options : avatarimport.exe ("C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe") -> FOUND
    [IFEO] HKLM\[...]\Image File Execution Options : avfximport.exe ("C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe") -> FOUND
    [IFEO] HKLM\[...]\Image File Execution Options : faconsu.exe ("C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe") -> FOUND
    [IFEO] HKLM\[...]\Image File Execution Options : fasecfacx.exe ("C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe") -> FOUND
    [IFEO] HKLM\[...]\Image File Execution Options : webcamdell2.exe ("C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe") -> FOUND
    [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤
    [ZeroAccess][FILE] @ : c:\windows\installer\{dda59d07-63fd-4192-f593-a6e3c17885d9}\@ --> FOUND
    [ZeroAccess][FOLDER] U : c:\windows\installer\{dda59d07-63fd-4192-f593-a6e3c17885d9}\U --> FOUND
    [ZeroAccess][FOLDER] L : c:\windows\installer\{dda59d07-63fd-4192-f593-a6e3c17885d9}\L --> FOUND
    [ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_32\desktop.ini --> FOUND
    [ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_64\desktop.ini --> FOUND

    ¤¤¤ Driver: [NOT LOADED] ¤¤¤

    ¤¤¤ Infection : ZeroAccess ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    127.0.0.1 serial.alcohol-soft.com
    127.0.0.1 www.alcohol-soft.com
    127.0.0.1 serial.alcohol-soft.com
    127.0.0.1 images.alcohol-soft.com
    127.0.0.1 trial.alcohol-soft.com
    127.0.0.1 forum.alcohol-soft.com
    127.0.0.1 support.alcohol-soft.com
    127.0.0.1 users.alcohol-soft.com
    127.0.0.1 shop.alcohol-soft.com
    127.0.0.1 vodka.alcohol-soft.com
    127.0.0.1 *.alcohol-soft.com
    127.0.0.1 *.alcohol-soft.*
    127.0.0.1 alcohol-soft.com


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: ST9500420AS +++++
    --- User ---
    [MBR] a033947f3ecfe907bfc665dc4499862b
    [BSP] 142a624fe1fb6f27efadf7ef62d2a621 : Windows 7 MBR Code
    Partition table:
    0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 101 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 208896 | Size: 15000 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30928896 | Size: 461837 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[1].txt >>
    RKreport[1].txt
     
  7. Broni

    Broni Malware Annihilator Posts: 52,905   +344

    Go on...
     
  8. FERAC

    FERAC TS Rookie Topic Starter Posts: 21

    sorry forgot to paste this one too

    thanks


    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-07-29 14:52:13
    -----------------------------
    14:52:13.637 OS Version: Windows x64 6.1.7601 Service Pack 1
    14:52:13.637 Number of processors: 8 586 0x2A07
    14:52:13.637 ComputerName: PC UserName:
    14:52:16.508 Initialize success
    14:55:06.195 AVAST engine defs: 12072901
    14:55:18.235 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    14:55:18.237 Disk 0 Vendor: ST950042 D005 Size: 476940MB BusType: 3
    14:55:18.254 Disk 0 MBR read successfully
    14:55:18.256 Disk 0 MBR scan
    14:55:18.260 Disk 0 Windows 7 default MBR code
    14:55:18.262 Disk 0 Partition 1 00 DE Dell Utility MSDOS5.0 101 MB offset 63
    14:55:18.269 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 208896
    14:55:18.284 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 461837 MB offset 30928896
    14:55:18.311 Disk 0 scanning C:\Windows\system32\drivers
    14:55:31.042 Service scanning
    14:55:56.133 Modules scanning
    14:55:56.148 Disk 0 trace - called modules:
    14:55:56.180 ntoskrnl.exe CLASSPNP.SYS disk.sys stdcfltn.sys ACPI.sys iaStor.sys sptd.sys hal.dll
    14:55:56.195 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800718a790]
    14:55:56.211 3 CLASSPNP.SYS[fffff88001a0143f] -> nt!IofCallDriver -> [0xfffffa80070a0cb0]
    14:55:56.211 5 stdcfltn.sys[fffff88001d17c52] -> nt!IofCallDriver -> [0xfffffa8006f1e8c0]
    14:55:56.211 7 ACPI.sys[fffff8800100b7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8006f26050]
    14:55:59.284 AVAST engine scan C:\Windows
    14:56:02.875 AVAST engine scan C:\Windows\system32
    15:00:39.123 AVAST engine scan C:\Windows\system32\drivers
    15:00:54.888 AVAST engine scan C:\Users\FAC
    15:32:20.795 AVAST engine scan C:\ProgramData
    15:38:09.009 Scan finished successfully
    20:58:30.136 Disk 0 MBR has been saved successfully to "C:\Users\FAC\Desktop\MBR.dat"
    20:58:30.140 The log file has been saved successfully to "C:\Users\FAC\Desktop\aswMBR.txt"
     
  9. Broni

    Broni Malware Annihilator Posts: 52,905   +344

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

    Next...

    Re-run FRST again.
    Type the following in the edit box after "Search:".

    services.exe

    Click Search button and post the log (Search.txt) it makes to your reply.

    I'll expect two logs:
    - FRST.txt
    - Search.txt
     
  10. FERAC

    FERAC TS Rookie Topic Starter Posts: 21

    Thank you very much

    Scan result of Farbar Recovery Scan Tool Version: 25-07-2012 01
    Ran by SYSTEM at 29-07-2012 22:37:58
    Running from X:\
    Windows 7 Home Premium (X64) OS Language: Spanish Modern Sort
    The current controlset is ControlSet001

    ========================== Registry (Whitelisted) =============

    HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2531624 2010-12-17] (Synaptics Incorporated)
    HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [6561384 2010-12-14] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3 [2186856 2010-12-10] (Realtek Semiconductor)
    HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [167960 2011-02-12] (Intel Corporation)
    HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [391704 2011-02-12] (Intel Corporation)
    HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [418328 2011-02-12] (Intel Corporation)
    HKLM\...\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2010-12-17] ()
    HKLM\...\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray [1933584 2010-12-17] (Intel(R) Corporation)
    HKLM\...\Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp [10355200 2011-01-24] (Intel Corporation)
    HKLM\...\Run: [QuickSet] c:\Program Files\Dell\QuickSet\QuickSet.exe [4479648 2011-01-25] (Dell Inc.)
    HKLM\...\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [4526 2010-11-29] ()
    HKLM\...\Run: [RunDLLEntry] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry [17920 2009-02-26] (Creative Technology Ltd.)
    HKLM\...\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice [4030008 2011-09-06] (ESET)
    HKLM-x32\...\Run: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe [93832 2010-11-01] (Sensible Vision )
    HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [487562 2010-08-19] (Creative Technology Ltd)
    HKLM-x32\...\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s [89456 2011-03-07] (Elaborate Bytes AG)
    HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
    HKLM-x32\...\Run: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe" [103536 2011-08-22] (VMware, Inc.)
    HKU\FAC\...\Run: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount [33120 2009-11-15] (Alcohol Soft Development Team)
    HKU\FAC\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3672384 2012-04-11] (DT Soft Ltd)
    HKU\FAC\...\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart [12163848 2012-06-20] (Google)
    Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
    AppInit_DLLs: C:\Windows\system32\nvinitx.dll
    Tcpip\..\Interfaces\{27A3F84D-293F-4500-8062-4B28402863C9}: [NameServer]200.48.225.130,200.48.225.146
    IMEO\alchemy.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
    IMEO\avatarimport.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
    IMEO\avfximport.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
    IMEO\faconsu.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
    IMEO\fasecfacx.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
    IMEO\webcamdell2.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
    Lsa: [Notification Packages] scecli
    FAPassSync

    ==================== Services (Whitelisted) ======

    2 Bluetooth Device Monitor; "C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe" [901184 2011-01-24] (Intel Corporation)
    3 Bluetooth Media Service; "C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe" [1298496 2011-01-24] (Intel Corporation)
    2 Bluetooth OBEX Service; "C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe" [991296 2011-01-24] (Intel Corporation)
    2 Board7; "C:\Program Files\Board\Board Server\BoardEngine.exe" [20480 2012-03-23] (Board International SA)
    2 Board7Silverlight; "C:\Program Files (x86)\Board\Board Web Server\BoardSilverlightService.exe" [134656 2012-03-23] (Board International SA)
    2 ekrn; "C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe" [974944 2011-09-06] (ESET)
    2 IEU_Service; C:\Program Files (x86)\NEC Projector User Supportware\Image Express Utility Lite\IEU_Service.exe [69120 2012-04-13] (NEC Display Solutions, Ltd.)
    4 msvsmon90; "C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe" /service msvsmon90 [4737024 2008-07-29] (Microsoft Corporation)
    3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-12-17] ()
    2 TuneUp.UtilitiesSvc; "C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe" [2072896 2011-10-12] (TuneUp Software)
    2 UNS; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" [2656280 2010-12-20] (Intel Corporation)
    2 VMwareHostd; "C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe" -u "C:\ProgramData\VMware\hostd\config.xml" [31995 2012-01-08] ()
    2 MySQL; "C:\Program Files (x86)\OTRS\MySQL\bin\mysqld.exe" --defaults-file="C:\Program Files (x86)\OTRS\MySQL\my.ini" MySQL [x]

    ========================== Drivers (Whitelisted) =============

    2 eamonm; C:\Windows\System32\Drivers\eamonm.sys [202576 2011-08-09] (ESET)
    1 ehdrv; C:\Windows\System32\Drivers\ehdrv.sys [146432 2011-08-04] (ESET)
    3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [40648 2007-02-15] (SlySoft, Inc.)
    3 ElbyCDFL; C:\Windows\SysWow64\Drivers\ElbyCDFL.sys [40648 2007-02-15] (SlySoft, Inc.)
    2 epfwwfpr; C:\Windows\System32\Drivers\epfwwfpr.sys [137144 2011-08-04] (ESET)
    3 iBtFltCoex; C:\Windows\System32\Drivers\iBtFltCoex.sys [60416 2011-12-09] (Intel Corporation)
    1 nvkflt; C:\Windows\System32\Drivers\nvkflt.sys [249152 2012-02-29] (NVIDIA Corporation)
    3 NvStUSB; C:\Windows\System32\Drivers\NvStUSB.sys [121960 2010-12-12] ()
    0 sptd; C:\Windows\System32\Drivers\sptd.sys [560184 2012-04-13] (Duplex Secure Ltd.)
    3 TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2011-09-22] (TuneUp Software)
    1 vmm; \??\C:\Windows\system32\Controladores\vmm.sys [296816 2007-02-18] (Microsoft Corporation)

    ========================== NetSvcs (Whitelisted) ===========


    ============ One Month Created Files and Folders ==============

    2012-07-29 20:58 - 2012-07-29 20:58 - 00002098 ____A C:\Users\FAC\Desktop\aswMBR.txt
    2012-07-29 20:58 - 2012-07-29 20:58 - 00000512 ____A C:\Users\FAC\Desktop\MBR.dat
    2012-07-29 14:38 - 2012-07-29 14:38 - 00003342 ____A C:\Users\FAC\Desktop\RKreport[1].txt
    2012-07-29 14:37 - 2012-07-29 14:38 - 00000000 ____D C:\Users\FAC\Desktop\RK_Quarantine
    2012-07-29 11:21 - 2012-07-29 11:21 - 00027018 ____A C:\Users\FAC\Desktop\DDS.txt
    2012-07-29 11:21 - 2012-07-29 11:21 - 00016911 ____A C:\Users\FAC\Desktop\Attach.txt
    2012-07-29 08:57 - 2012-07-29 08:57 - 00607260 ____R (Swearware) C:\Users\FAC\Desktop\dds.scr
    2012-07-29 08:49 - 2012-07-29 08:49 - 01438391 ____A (Farbar) C:\Users\FAC\Desktop\FRST64.exe
    2012-07-29 08:39 - 2012-07-29 08:40 - 04731392 ____A (AVAST Software) C:\Users\FAC\Desktop\aswMBR.exe
    2012-07-29 08:39 - 2012-07-29 08:39 - 01552384 ____A C:\Users\FAC\Desktop\RogueKiller.exe
    2012-07-29 08:38 - 2012-07-29 08:38 - 02117108 ____A C:\Users\FAC\Desktop\tdsskiller.zip
    2012-07-29 02:57 - 2012-07-29 07:39 - 00000000 ____D C:\Users\FAC\Downloads\Prototype_2-FLT
    2012-07-28 23:42 - 2012-07-28 23:42 - 00000000 ____D C:\Users\FAC\AppData\Local\{ED932E98-07C1-4612-99BE-5F80BFA50CB4}
    2012-07-28 23:42 - 2012-07-28 23:42 - 00000000 ____D C:\Users\FAC\AppData\Local\{E61FEAB6-851D-4F72-8895-A140412C90B6}
    2012-07-28 22:37 - 2012-07-29 22:31 - 1557799640 ____A C:\Users\FAC\Downloads\The.Humble.Indie.Bundle.for.Windows.rar
    2012-07-28 22:13 - 2012-07-28 22:59 - 416214770 ____A (BonitaSoft) C:\Users\FAC\Downloads\BOS-5.7.2-win-setup.exe
    2012-07-28 20:38 - 2012-07-28 20:38 - 00005181 ____A C:\Users\FAC\Desktop\gmer.txt
    2012-07-28 19:42 - 2012-07-28 19:42 - 00302592 ____A C:\Users\FAC\Desktop\ew5cejw4.exe
    2012-07-28 19:40 - 2012-07-28 19:40 - 00000000 ____D C:\Users\FAC\AppData\Roaming\Malwarebytes
    2012-07-28 19:39 - 2012-07-28 19:39 - 00001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-07-28 19:39 - 2012-07-28 19:39 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-07-28 19:39 - 2012-07-03 13:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-07-28 19:35 - 2012-07-28 19:37 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\FAC\Desktop\mbam-setup-1.62.0.1300.exe
    2012-07-28 19:18 - 2012-07-29 04:52 - 00000000 ____D C:\Users\FAC\Downloads\PC_Hot.Wheels.World.Race -(direct.play)-(ToeD)
    2012-07-28 19:04 - 2012-07-28 19:04 - 00000054 ___RH C:\Users\FAC\Downloads\stinger.opt
    2012-07-28 16:46 - 2012-07-28 19:04 - 00000000 ____D C:\Program Files (x86)\stinger
    2012-07-28 16:38 - 2012-07-28 16:39 - 09691752 ____A (McAfee Inc.) C:\Users\FAC\Downloads\stinger.exe
    2012-07-28 16:28 - 2012-07-28 19:14 - 00000000 ____D C:\Users\FAC\Downloads\PC_Hot.Wheels.Stunt.Track.Challenge -.direct.play.-ToeD
    2012-07-28 16:24 - 2012-07-28 16:25 - 00000000 ____D C:\Users\FAC\Downloads\Hot Wheels Stunt Track Driver 1 & 2
    2012-07-28 16:23 - 2012-07-28 19:13 - 00000000 ____D C:\Users\FAC\Downloads\Hot Wheels Beat That [English][PCDVD][WwW.GamesTorrents.CoM]
    2012-07-28 16:21 - 2012-07-29 04:00 - 341615624 ____A C:\Users\FAC\Downloads\Hot.Wheels.Velocity.X_PC.7z
    2012-07-28 15:13 - 2012-07-28 15:13 - 00000000 ____D C:\Users\Public\Documents\astragon Software GmbH
    2012-07-28 15:00 - 2012-07-28 15:07 - 64397972 ____A C:\Users\FAC\Downloads\ESET.NOD32.Antivirus.v6.0.115.0.RC.x64.rar
    2012-07-28 14:59 - 2012-07-28 15:31 - 57957476 ____A C:\Users\FAC\Downloads\ESET.NOD32.Antivirus.v6.0.115.0.RC.x86.rar
    2012-07-24 20:25 - 2012-07-27 19:27 - 429195264 ____A C:\Users\FAC\Downloads\System_Management_Server_Train.ISO
    2012-07-24 20:10 - 2012-07-25 00:34 - 00000000 ____D C:\Users\FAC\Downloads\MICROSOFT.SYSTEMS.MANAGEMENT.SERVER.2003.WITH.SP1-RORiSO
    2012-07-22 11:05 - 2012-07-22 11:05 - 00000000 ____D C:\Users\FAC\AppData\Roaming\runic games
    2012-07-22 10:13 - 2012-07-22 10:13 - 00002128 ____A C:\Users\Public\Desktop\Saints Row The Third.lnk
    2012-07-22 09:58 - 2012-07-22 10:25 - 00000000 ____D C:\Users\FAC\Downloads\Two And half Men Season 9
    2012-07-22 09:56 - 2012-07-22 09:56 - 00000000 ____D C:\Program Files (x86)\THQ
    2012-07-22 09:31 - 2012-07-22 10:05 - 00000000 ____D C:\Users\FAC\Downloads\Sins.of.a.Solar.Empire.Rebellion-RELOADED
    2012-07-22 09:29 - 2012-07-22 09:33 - 00000000 ____D C:\Users\FAC\Downloads\Sins.of.a.Solar.Empire.Rebellion.Update.v1.03-RELOADED
    2012-07-22 08:25 - 2012-07-22 09:02 - 00000000 ____D C:\Users\FAC\Downloads\Torchlight v1.15
    2012-07-22 08:17 - 2012-07-22 08:17 - 00000000 ____D C:\Program Files (x86)\Runic Games
    2012-07-22 07:47 - 2012-07-22 07:47 - 00000000 ____D C:\Users\FAC\AppData\Local\{8A321CB4-F715-428A-B1F1-6EDEE9C49CDC}
    2012-07-22 07:47 - 2012-07-22 07:47 - 00000000 ____D C:\Users\FAC\AppData\Local\{2D8A6715-0624-467B-BF6B-1C6AEF6B3961}
    2012-07-21 19:53 - 2012-07-21 19:53 - 00000000 ____D C:\Users\FAC\AppData\Local\FLT
    2012-07-21 19:53 - 2012-07-21 19:53 - 00000000 ____D C:\Users\FAC\AppData\Local\2012
    2012-07-21 12:14 - 2012-07-21 12:31 - 272416288 ____A C:\Users\FAC\Downloads\SQL2012DevTrainingKit.Setup.exe
    2012-07-21 12:07 - 2012-07-21 17:33 - 00000000 ____D C:\Users\FAC\Downloads\Saints.Row.The.Third-SKIDROW
    2012-07-16 04:12 - 2012-07-16 04:28 - 00000000 ____D C:\Users\FAC\Downloads\AD
    2012-07-15 08:32 - 2012-07-15 08:32 - 00000000 ____D C:\Users\FAC\AppData\Local\{89B1F2E4-9720-44FF-97F6-79923C36F6BE}
    2012-07-15 08:31 - 2012-07-15 08:32 - 00000000 ____D C:\Users\FAC\AppData\Local\{533E5A63-922A-4360-82A9-EDE670DAD33B}
    2012-07-14 20:31 - 2012-07-14 20:31 - 00000000 ____D C:\Users\FAC\AppData\Local\{4A24130E-ED69-4BEA-A2FF-6AB9CE0AE6CB}
    2012-07-14 20:31 - 2012-07-14 20:31 - 00000000 ____D C:\Users\FAC\AppData\Local\{0F6A4ED6-B520-4E90-ADA6-A8491720BAB0}
    2012-07-13 20:57 - 2012-07-13 20:57 - 00000000 ____D C:\Users\FAC\AppData\Local\{4D3B1C14-1DC2-4C32-9B92-0E592917E361}
    2012-07-13 20:57 - 2012-07-13 20:57 - 00000000 ____D C:\Users\FAC\AppData\Local\{1C847B92-75FC-4E42-9FDD-21A3A42A489F}
    2012-07-12 21:42 - 2012-07-12 21:42 - 00000000 ____D C:\Users\FAC\AppData\Local\{653EC06C-C034-4362-849A-36806534566F}
    2012-07-12 21:42 - 2012-07-12 21:42 - 00000000 ____D C:\Users\FAC\AppData\Local\{0930AB24-6963-4792-BC7A-2144B658AD6B}
    2012-07-12 06:01 - 2012-07-28 19:50 - 00000000 ___SD C:\Users\FAC\Google Drive
    2012-07-12 06:01 - 2012-07-12 06:01 - 00001709 ____A C:\Users\FAC\Desktop\Google Drive.lnk
    2012-07-12 05:53 - 2012-07-12 05:53 - 00000000 ____D C:\Users\FAC\AppData\LocalGoogle
    2012-07-12 05:51 - 2012-07-29 22:01 - 00001030 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-07-12 05:51 - 2012-07-29 19:01 - 00001026 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-07-12 05:51 - 2012-07-12 06:00 - 00000000 ____D C:\Program Files (x86)\Google
    2012-07-09 05:31 - 2012-07-09 05:31 - 00000000 ____D C:\Users\FAC\AppData\Local\{946A31AA-6745-4759-B9A2-5DF168FF0E29}
    2012-07-09 05:30 - 2012-07-09 05:31 - 00000000 ____D C:\Users\FAC\AppData\Local\{3E608C65-06F6-4BDF-9A36-BB4512C515F5}
    2012-07-08 21:57 - 2012-07-08 22:05 - 00000000 ____D C:\Users\FAC\Downloads\Torchlight-SKIDROW
    2012-07-08 17:30 - 2012-07-08 17:30 - 00000000 ____D C:\Users\FAC\AppData\Local\{FA59F42B-CF59-4277-B373-83CC033EA3C9}
    2012-07-08 17:30 - 2012-07-08 17:30 - 00000000 ____D C:\Users\FAC\AppData\Local\{6F8AC0ED-B43E-4E02-A694-0B4C315E251A}
    2012-07-07 21:15 - 2012-07-07 21:15 - 00000000 ____D C:\Users\FAC\AppData\Local\{A30E3A44-C51F-4784-8F46-A8DC214B9E84}
    2012-07-07 21:15 - 2012-07-07 21:15 - 00000000 ____D C:\Users\FAC\AppData\Local\{45D86823-9E61-47D0-BA61-FEB481C7FC50}
    2012-07-07 19:13 - 2012-07-27 21:37 - 00000000 ____D C:\Users\FAC\Documents\JJ
    2012-07-07 19:12 - 2012-07-07 21:19 - 00000000 ____D C:\Users\FAC\Downloads\Ice Age (2002).LA ERA DE HIELO.Spanish.720p.Audio Latino AC3-rucucu
    2012-07-07 01:22 - 2012-07-07 01:22 - 00000000 ____D C:\Users\FAC\AppData\Local\{B7B5DC1F-64AD-458D-B9EE-614B51B2F6AF}
    2012-07-07 01:22 - 2012-07-07 01:22 - 00000000 ____D C:\Users\FAC\AppData\Local\{77C57E54-220A-4385-BB22-DFA130EFE193}
    2012-07-04 22:25 - 2012-07-04 22:25 - 00001823 ____A C:\Users\FAC\Desktop\WalkingDead.lnk
    2012-07-04 22:12 - 2012-07-04 22:12 - 00000000 ____D C:\Program Files (x86)\Telltale Games
    2012-07-03 21:28 - 2012-07-03 21:28 - 00000000 ____D C:\Users\FAC\AppData\Local\{7DD2A09A-33C2-4700-9B9A-679226663AB6}
    2012-07-03 21:28 - 2012-07-03 21:28 - 00000000 ____D C:\Users\FAC\AppData\Local\{6743AA27-EF15-421D-BD0D-CB7A21592D78}
    2012-07-02 05:03 - 2012-07-02 09:40 - 00000000 ____D C:\Users\FAC\Downloads\Lynda.com.SharePoint.2010.Essential.Training-QUASAR
    2012-07-02 04:40 - 2012-07-02 05:52 - 00000000 ____D C:\Users\FAC\Downloads\Lynda Java
    2012-07-02 04:20 - 2012-07-02 05:37 - 00000000 ____D C:\Users\FAC\Downloads\Lynda.Com.HTML5.Video.Tutorials[HemZone]
    2012-07-02 02:58 - 2012-07-02 04:42 - 119478286 ____A C:\Users\FAC\Downloads\C Sharp .Net 4 Book Collection (ASP.Net, MVC 3, WPF, WCF etc) - Part.3.rar
    2012-07-02 02:45 - 2012-07-02 02:54 - 00000000 ____D C:\Users\FAC\Downloads\Worx Professional ASP.NET MVC 3
    2012-07-02 02:44 - 2012-07-02 02:44 - 00000000 ____D C:\Users\FAC\AppData\Local\{DE71E766-F71E-421F-B561-BBD7CD0C840C}
    2012-07-02 02:43 - 2012-07-02 02:44 - 00000000 ____D C:\Users\FAC\AppData\Local\{AA5D7126-BA5E-497D-8364-9669F393928A}
    2012-07-02 02:16 - 2012-07-02 02:17 - 00000000 ____D C:\Users\FAC\Downloads\SQL Server 2008 Transact SQL Recipes
    2012-07-01 10:46 - 2012-07-02 04:15 - 00000000 ____D C:\Users\FAC\Downloads\London_2012_The_Official_Video_Game_of_the_Olympic_Games-FLT
    2012-07-01 10:07 - 2012-07-01 10:07 - 00000000 ____D C:\Users\FAC\Downloads\Legend of 1900
    2012-07-01 07:19 - 2012-07-01 07:19 - 00000000 ____D C:\Users\FAC\AppData\Local\{FE825E6D-CF94-4CA8-AEBA-626CF0AD94A3}
    2012-07-01 07:19 - 2012-07-01 07:19 - 00000000 ____D C:\Users\FAC\AppData\Local\{9AFBBE61-47C4-40C8-B01F-528A131984C2}
    2012-07-01 07:15 - 2012-07-07 01:41 - 00000000 ____D C:\Users\FAC\Downloads\The.Walking.Dead.Episode.2.Starved.for.Help-TiNYiSO
    2012-06-30 11:59 - 2012-06-30 12:00 - 00000000 ____D C:\Users\FAC\AppData\Local\{6428FD0A-DA3A-4524-AF00-EC294C511DF1}
    2012-06-30 11:59 - 2012-06-30 11:59 - 00000000 ____D C:\Users\FAC\AppData\Local\{E8B5A077-FAC3-49F1-95D2-15B229F34C16}
    2012-06-29 19:24 - 2012-06-29 22:49 - 35735399 ____A C:\Users\FAC\Downloads\Fieldrunners HD-Appstap.net.rar
    2012-06-29 19:12 - 2012-06-29 19:12 - 00000000 ____D C:\Users\FAC\AppData\Local\{5863B0A1-F7CD-49C1-A191-C9DEC405C34E}
    2012-06-29 19:12 - 2012-06-29 19:12 - 00000000 ____D C:\Users\FAC\AppData\Local\{431A41D7-1B0C-4BDC-BF4F-B07E3C6CC0A8}
    2012-06-29 19:01 - 2012-06-30 03:08 - 00000000 ____D C:\Users\FAC\Downloads\American.Reunion.UNRATED.DVDRip.XviD.SBT


    ============ 3 Months Modified Files ========================

    2012-07-29 22:31 - 2012-07-28 22:37 - 1557799640 ____A C:\Users\FAC\Downloads\The.Humble.Indie.Bundle.for.Windows.rar
    2012-07-29 22:30 - 2009-07-14 04:31 - 00749872 ____A C:\Windows\System32\perfh00A.dat
    2012-07-29 22:30 - 2009-07-14 04:31 - 00159906 ____A C:\Windows\System32\perfc00A.dat
    2012-07-29 22:30 - 2009-07-14 00:13 - 01678594 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-07-29 22:23 - 2012-04-09 23:15 - 00000838 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-07-29 22:01 - 2012-07-12 05:51 - 00001030 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2012-07-29 21:58 - 2009-07-14 00:10 - 01952947 ____A C:\Windows\WindowsUpdate.log
    2012-07-29 21:46 - 2012-01-07 05:25 - 00001038 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-657104428-2278183389-2821783934-1002UA.job
    2012-07-29 20:58 - 2012-07-29 20:58 - 00002098 ____A C:\Users\FAC\Desktop\aswMBR.txt
    2012-07-29 20:58 - 2012-07-29 20:58 - 00000512 ____A C:\Users\FAC\Desktop\MBR.dat
    2012-07-29 19:01 - 2012-07-12 05:51 - 00001026 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2012-07-29 14:38 - 2012-07-29 14:38 - 00003342 ____A C:\Users\FAC\Desktop\RKreport[1].txt
    2012-07-29 11:46 - 2012-01-07 05:25 - 00000986 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-657104428-2278183389-2821783934-1002Core.job
    2012-07-29 11:21 - 2012-07-29 11:21 - 00027018 ____A C:\Users\FAC\Desktop\DDS.txt
    2012-07-29 11:21 - 2012-07-29 11:21 - 00016911 ____A C:\Users\FAC\Desktop\Attach.txt
    2012-07-29 08:57 - 2012-07-29 08:57 - 00607260 ____R (Swearware) C:\Users\FAC\Desktop\dds.scr
    2012-07-29 08:49 - 2012-07-29 08:49 - 01438391 ____A (Farbar) C:\Users\FAC\Desktop\FRST64.exe
    2012-07-29 08:40 - 2012-07-29 08:39 - 04731392 ____A (AVAST Software) C:\Users\FAC\Desktop\aswMBR.exe
    2012-07-29 08:39 - 2012-07-29 08:39 - 01552384 ____A C:\Users\FAC\Desktop\RogueKiller.exe
    2012-07-29 08:38 - 2012-07-29 08:38 - 02117108 ____A C:\Users\FAC\Desktop\tdsskiller.zip
    2012-07-29 04:00 - 2012-07-28 16:21 - 341615624 ____A C:\Users\FAC\Downloads\Hot.Wheels.Velocity.X_PC.7z
    2012-07-28 22:59 - 2012-07-28 22:13 - 416214770 ____A (BonitaSoft) C:\Users\FAC\Downloads\BOS-5.7.2-win-setup.exe
    2012-07-28 20:38 - 2012-07-28 20:38 - 00005181 ____A C:\Users\FAC\Desktop\gmer.txt
    2012-07-28 19:57 - 2009-07-13 23:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-07-28 19:57 - 2009-07-13 23:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-07-28 19:48 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-07-28 19:47 - 2009-07-13 23:51 - 00057427 ____A C:\Windows\setupact.log
    2012-07-28 19:42 - 2012-07-28 19:42 - 00302592 ____A C:\Users\FAC\Desktop\ew5cejw4.exe
    2012-07-28 19:39 - 2012-07-28 19:39 - 00001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-07-28 19:37 - 2012-07-28 19:35 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\FAC\Desktop\mbam-setup-1.62.0.1300.exe
    2012-07-28 19:36 - 2011-05-13 11:46 - 00000836 ____A C:\Users\FAC\Desktop\Estrenos SUB.txt
    2012-07-28 19:04 - 2012-07-28 19:04 - 00000054 ___RH C:\Users\FAC\Downloads\stinger.opt
    2012-07-28 18:59 - 2012-05-31 12:13 - 00031744 ____A C:\Users\FAC\Desktop\Modelo 2 - Necesidades para el CUBO.xls
    2012-07-28 16:44 - 2012-05-10 23:33 - 00001024 ____A C:\Windows\olecli.log
    2012-07-28 16:43 - 2011-04-21 15:30 - 00080774 ____A C:\Windows\PFRO.log
    2012-07-28 16:39 - 2012-07-28 16:38 - 09691752 ____A (McAfee Inc.) C:\Users\FAC\Downloads\stinger.exe
    2012-07-28 15:31 - 2012-07-28 14:59 - 57957476 ____A C:\Users\FAC\Downloads\ESET.NOD32.Antivirus.v6.0.115.0.RC.x86.rar
    2012-07-28 15:08 - 2011-04-21 23:14 - 00582608 ____A C:\Windows\DirectX.log
    2012-07-28 15:07 - 2012-07-28 15:00 - 64397972 ____A C:\Users\FAC\Downloads\ESET.NOD32.Antivirus.v6.0.115.0.RC.x64.rar
    2012-07-27 19:27 - 2012-07-24 20:25 - 429195264 ____A C:\Users\FAC\Downloads\System_Management_Server_Train.ISO
    2012-07-27 03:14 - 2012-04-09 23:15 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-07-27 03:14 - 2012-03-18 22:51 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-07-22 10:13 - 2012-07-22 10:13 - 00002128 ____A C:\Users\Public\Desktop\Saints Row The Third.lnk
    2012-07-21 12:31 - 2012-07-21 12:14 - 272416288 ____A C:\Users\FAC\Downloads\SQL2012DevTrainingKit.Setup.exe
    2012-07-16 04:48 - 2011-11-25 06:28 - 00001203 ____A C:\Users\FAC\Desktop\NewAlbumReleases.txt
    2012-07-12 06:01 - 2012-07-12 06:01 - 00001709 ____A C:\Users\FAC\Desktop\Google Drive.lnk
    2012-07-08 21:51 - 2011-05-03 19:43 - 00002062 ___AH C:\Users\FAC\Documents\Default.rdp
    2012-07-07 19:08 - 2009-07-13 21:34 - 00000558 ____A C:\Windows\win.ini
    2012-07-04 22:25 - 2012-07-04 22:25 - 00001823 ____A C:\Users\FAC\Desktop\WalkingDead.lnk
    2012-07-03 22:43 - 2012-05-12 19:34 - 00000025 ____A C:\Windows\LastUser.ini
    2012-07-03 13:46 - 2012-07-28 19:39 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-07-02 04:42 - 2012-07-02 02:58 - 119478286 ____A C:\Users\FAC\Downloads\C Sharp .Net 4 Book Collection (ASP.Net, MVC 3, WPF, WCF etc) - Part.3.rar
    2012-06-29 22:49 - 2012-06-29 19:24 - 35735399 ____A C:\Users\FAC\Downloads\Fieldrunners HD-Appstap.net.rar
    2012-06-12 22:07 - 2012-06-10 16:34 - 980738048 ____A C:\Users\FAC\Downloads\Wrath of the Titans (Clash of the Titans 2) (V.O.S.E) 2012 DVDRip Xvid Mp3 TuCenTral.avi
    2012-06-12 22:04 - 2012-06-12 22:04 - 00036377 ____A C:\Users\FAC\Desktop\mp desde 15 mayo.xlsx
    2012-06-11 01:18 - 2012-06-11 00:46 - 198180864 ____A C:\Users\FAC\Downloads\AdventureWorks2012_Data.mdf
    2012-06-11 00:54 - 2012-06-11 00:54 - 00832264 ____A C:\Users\FAC\Downloads\Analysis Services Tutorial SQL Server 2012.zip
    2012-06-11 00:54 - 2012-06-11 00:54 - 00452044 ____A C:\Users\FAC\Downloads\AdventureWorks Multidimensional Models SQL Server 2012.zip
    2012-06-10 18:17 - 2012-06-10 18:10 - 26214332 ____A C:\Users\FAC\Downloads\YO SOY KURT COBAIN.mp4
    2012-06-10 17:02 - 2012-06-10 16:54 - 29041160 ____A C:\Users\FAC\Downloads\Yo Soy [ Peru ] Kurt Cobain.mp4
    2012-06-02 17:19 - 2012-06-21 20:31 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-02 17:19 - 2012-06-21 20:31 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-02 17:19 - 2012-06-21 20:31 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-02 17:19 - 2012-06-21 20:31 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-02 17:19 - 2012-06-21 20:31 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-02 17:15 - 2012-06-21 20:31 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-02 17:15 - 2012-06-21 20:31 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-02 15:19 - 2012-06-21 20:31 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-02 15:15 - 2012-06-21 20:31 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-02 09:15 - 2012-06-02 09:13 - 26809448 ____A (Microsoft Corporation) C:\Users\FAC\Downloads\AccessDatabaseEngine2010.exe
    2012-06-02 09:12 - 2012-06-02 09:09 - 26481656 ____A (Microsoft Corporation) C:\Users\FAC\Downloads\AccessDatabaseEngine2007.exe
    2012-06-02 08:50 - 2012-06-02 08:36 - 184897536 ____A C:\Users\FAC\Documents\Database1.accdb
    2012-05-25 17:35 - 2012-05-25 17:35 - 00009249 ____A C:\Users\FAC\Documents\siaf munilim.xlsx
    2012-05-24 23:47 - 2009-07-13 23:45 - 00422160 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-05-24 23:43 - 2012-01-06 23:08 - 57848688 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-05-24 08:57 - 2012-01-09 17:58 - 00001217 ____A C:\Windows\ODBC.INI
    2012-05-24 03:54 - 2012-01-09 09:47 - 00041079 ____A C:\Users\FAC\sanct.log
    2012-05-23 04:54 - 2012-05-23 04:54 - 00425545 ____A C:\Users\FAC\Documents\CAS Nombrado 201203.xlsx
    2012-05-23 03:56 - 2012-05-23 03:56 - 00000945 ____A C:\Users\Public\Desktop\µTorrent.lnk
    2012-05-20 09:53 - 2012-05-20 09:49 - 09585439 ____A C:\Users\FAC\Downloads\HUGE FILE TEXT EDITOR gvim73_46.exe
    2012-05-19 02:53 - 2012-05-19 02:53 - 00001351 ____A C:\Users\FAC\Desktop\SqlDbx.lnk
    2012-05-17 22:00 - 2012-05-17 22:02 - 19595047 ____A C:\Users\FAC\Desktop\BDBoard20120517 2159.rar
    2012-05-16 17:59 - 2012-05-16 17:59 - 00000698 ____A C:\Users\FAC\Downloads\launch.rtc
    2012-05-15 22:11 - 2012-05-15 22:11 - 00001103 ____A C:\Users\Public\Desktop\Board 7.lnk
    2012-05-15 16:21 - 2011-05-13 11:46 - 00008282 ____A C:\Users\FAC\Desktop\IPs IPPSA.txt
    2012-05-12 05:58 - 2012-05-12 05:58 - 01240668 ____A C:\Users\FAC\Downloads\SqlDbxPersonal.zip
    2012-05-09 19:04 - 2012-05-09 19:04 - 00000923 ____A C:\Users\Public\Desktop\PreziDesktop3.lnk
    2012-05-09 00:33 - 2012-05-09 00:30 - 18187892 ____A C:\Users\FAC\Downloads\Nirvana - Drain You (MTV Live and Loud 93) HD.mp4
    2012-05-08 23:57 - 2012-05-08 23:53 - 16383413 ____A C:\Users\FAC\Downloads\Nirvana Pennyroyal Tea (Live) French TV 1994 High Quality.mp4
    2012-05-08 23:56 - 2012-05-08 23:53 - 08441533 ____A C:\Users\FAC\Downloads\NIRVANA - Kurt Cobains Top 5 Best Drain You Screams.mp4
    2012-05-08 23:51 - 2012-05-08 23:45 - 41528996 ____A C:\Users\FAC\Downloads\Olaf - in Bloom Smell like teen spirit (día de la música).mp4
    2012-05-08 23:24 - 2012-05-08 23:22 - 18192186 ____A C:\Users\FAC\Downloads\Nirvana - Drain You [HD] (Live on French tv 1994).mp4
    2012-05-08 23:09 - 2012-05-08 22:47 - 115513677 ____A C:\Users\FAC\Downloads\OLAF en la FIL Arequipa 2011.mp4
    2012-05-08 22:53 - 2012-05-08 22:48 - 11783119 ____A C:\Users\FAC\Downloads\Somebody - Olaf - AQP 2012.mp4
    2012-05-08 22:52 - 2012-05-08 22:43 - 19358981 ____A C:\Users\FAC\Downloads\Sweet Child O Mine-JackettsRamiro.mp4
    2012-05-08 22:52 - 2012-05-08 22:43 - 16620726 ____A C:\Users\FAC\Downloads\Olaf - the man who sold the world.mp4
    2012-05-08 22:48 - 2012-05-08 22:42 - 13184410 ____A C:\Users\FAC\Downloads\where did you sleep last night-NirvanaOLAF.mp4
    2012-05-06 20:20 - 2012-05-06 20:16 - 10323088 ____A (Gretech Corporation) C:\Users\FAC\Downloads\GOMPLAYERENSETUP.EXE
    2012-05-03 17:13 - 2012-05-03 17:13 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
    2012-05-03 17:09 - 2012-05-03 17:09 - 00000005 ____A C:\Users\FAC\Documents\anulacion tarjeta credito.txt
    2012-05-03 11:23 - 2012-05-03 10:47 - 212446672 ____A (NVIDIA Corporation) C:\Users\FAC\Downloads\NVIDIA 296.10-notebook-win7-winvista-64bit-international-whql.exe
    2012-05-03 00:43 - 2012-05-03 00:40 - 15161419 ____A C:\Users\FAC\Downloads\Nirvana The Man Who Sold The World live Great Western Forum 12301993 AMT2.mp4
    2012-05-03 00:39 - 2012-05-03 00:33 - 23296827 ____A C:\Users\FAC\Downloads\Nirvana - The Man Who Sold The World MTV Live Loud, Seattle, WA.mp4


    ZeroAccess:
    C:\Windows\Installer\{dda59d07-63fd-4192-f593-a6e3c17885d9}
    C:\Windows\Installer\{dda59d07-63fd-4192-f593-a6e3c17885d9}\@
    C:\Windows\Installer\{dda59d07-63fd-4192-f593-a6e3c17885d9}\L
    C:\Windows\Installer\{dda59d07-63fd-4192-f593-a6e3c17885d9}\U
    C:\Windows\Installer\{dda59d07-63fd-4192-f593-a6e3c17885d9}\L\00000004.@
    C:\Windows\Installer\{dda59d07-63fd-4192-f593-a6e3c17885d9}\U\00000004.@
    C:\Windows\Installer\{dda59d07-63fd-4192-f593-a6e3c17885d9}\U\80000000.@
    C:\Windows\Installer\{dda59d07-63fd-4192-f593-a6e3c17885d9}\U\80000032.@
    C:\Windows\Installer\{dda59d07-63fd-4192-f593-a6e3c17885d9}\U\80000064.@

    ZeroAccess:
    C:\Windows\assembly\GAC_32\Desktop.ini

    ZeroAccess:
    C:\Windows\assembly\GAC_64\Desktop.ini

    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe 50BEA589F7D7958BDD2528A8F69D05CC ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ========================= Memory info ======================

    Percentage of memory in use: 10%
    Total physical RAM: 8106.17 MB
    Available physical RAM: 7256.67 MB
    Total Pagefile: 8104.32 MB
    Available Pagefile: 7262.46 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB

    ======================= Partitions =========================

    1 Drive c: (OS) (Fixed) (Total:451.01 GB) (Free:24.25 GB) NTFS
    3 Drive e: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:6.27 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    4 Drive f: (EF) (Removable) (Total:3.78 GB) (Free:1.91 GB) FAT32
    5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

    N£m Disco Estado Tama¤o Disp Din Gpt
    ---------- ---------- ------- ------- --- ---
    Disco 0 En l¡nea 465 GB 0 B
    Disco 1 En l¡nea 3875 MB 0 B

    Partitions of Disk 0:
    ===============

    N£m Partici¢n Tipo Tama¤o Desplazamiento
    ------------- ---------------- ------- ---------------
    Partici¢n 1 OEM 101 MB 31 KB
    Partici¢n 2 Principal 14 GB 102 MB
    Partici¢n 3 Principal 451 GB 14 GB

    ==================================================================================

    Disk: 0
    Partici¢n 1
    Tipo : DE
    Oculta : S¡
    Activa : No

    N£m Volumen Ltr Etiqueta Fs Tipo Tama¤o Estado Info
    ----------- --- ----------- ----- ---------- ------- --------- --------
    * Volumen 4 FAT32 Partici¢n 101 MB Correcto Oculto

    ==================================================================================

    Disk: 0
    Partici¢n 2
    Tipo : 07
    Oculta : No
    Activa : S¡

    N£m Volumen Ltr Etiqueta Fs Tipo Tama¤o Estado Info
    ----------- --- ----------- ----- ---------- ------- --------- --------
    * Volumen 1 E RECOVERY NTFS Partici¢n 14 GB Correcto

    ==================================================================================

    Disk: 0
    Partici¢n 3
    Tipo : 07
    Oculta : No
    Activa : No

    N£m Volumen Ltr Etiqueta Fs Tipo Tama¤o Estado Info
    ----------- --- ----------- ----- ---------- ------- --------- --------
    * Volumen 2 C OS NTFS Partici¢n 451 GB Correcto

    ==================================================================================

    Partitions of Disk 1:
    ===============

    N£m Partici¢n Tipo Tama¤o Desplazamiento
    ------------- ---------------- ------- ---------------
    Partici¢n 1 Principal 3874 MB 31 KB

    ==================================================================================

    Disk: 1
    Partici¢n 1
    Tipo : 0B
    Oculta : No
    Activa : S¡

    N£m Volumen Ltr Etiqueta Fs Tipo Tama¤o Estado Info
    ----------- --- ----------- ----- ---------- ------- --------- --------
    * Volumen 3 F EF FAT32 Extra¡ble 3874 MB Correcto

    ==================================================================================

    ==========================================================

    Last Boot: 2012-07-28 00:15

    ======================= End Of Log ==========================
     
  11. FERAC

    FERAC TS Rookie Topic Starter Posts: 21

    Search.txt

    Farbar Recovery Scan Tool Version: 25-07-2012 01
    Ran by SYSTEM at 2012-07-29 22:44:10
    Running from F:\

    ================== Search: "services.exe" ===================

    C:\WINDOWS\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 18:19] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    C:\WINDOWS\System32\services.exe
    [2009-07-13 18:19] - [2009-07-13 20:39] - 0329216 ____A (Microsoft Corporation) 50BEA589F7D7958BDD2528A8F69D05CC

    ====== End Of Search ======
     
  12. Broni

    Broni Malware Annihilator Posts: 52,905   +344

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Next....

    Restart normally.

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
    There are 4 different versions. If one of them won't run then download and try to run the other one.
    Vista and Win7 users need to right click Rkill and choose Run as Administrator
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    * Rkill.com
    * Rkill.scr
    * Rkill.exe
    • Double-click on the Rkill icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.
    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     

    Attached Files:

  13. FERAC

    FERAC TS Rookie Topic Starter Posts: 21

    Thanks!

    Fixlog

    Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 25-07-2012 01
    Ran by SYSTEM at 2012-07-29 23:35:24 Run:1
    Running from F:\

    ==============================================

    HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
    C:\Windows\System32\consrv.dll not found.
    C:\Windows\Installer\{dda59d07-63fd-4192-f593-a6e3c17885d9} moved successfully.
    C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
    C:\WINDOWS\System32\services.exe moved successfully.
    C:\WINDOWS\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\WINDOWS\System32\services.exe

    ==== End of Fixlog ====
     
  14. FERAC

    FERAC TS Rookie Topic Starter Posts: 21

    Combofix ran in safe mode only


    ComboFix 12-07-29.02 - FAC 29/07/2012 23:47:02.1.8 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.51.3082.18.7084.5004 [GMT -5:00]
    Running from: c:\users\FAC\Desktop\ComboFix.exe
    AV: ESET NOD32 Antivirus 5.0 *Enabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
    SP: ESET NOD32 Antivirus 5.0 *Enabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\install.exe
    c:\programdata\Roaming
    c:\windows\assembly\GAC_64\Desktop.ini
    c:\windows\olecli.log
    c:\windows\SysWow64\html
    c:\windows\SysWow64\html\calendar.html
    c:\windows\SysWow64\html\calendarbottom.html
    c:\windows\SysWow64\html\calendartop.html
    c:\windows\SysWow64\html\crystalexportdialog.htm
    c:\windows\SysWow64\html\crystalprinthost.html
    c:\windows\SysWow64\images
    c:\windows\SysWow64\images\toolbar\calendar.gif
    c:\windows\SysWow64\images\toolbar\crlogo.gif
    c:\windows\SysWow64\images\toolbar\export.gif
    c:\windows\SysWow64\images\toolbar\export_over.gif
    c:\windows\SysWow64\images\toolbar\exportd.gif
    c:\windows\SysWow64\images\toolbar\First.gif
    c:\windows\SysWow64\images\toolbar\first_over.gif
    c:\windows\SysWow64\images\toolbar\Firstd.gif
    c:\windows\SysWow64\images\toolbar\gotopage.gif
    c:\windows\SysWow64\images\toolbar\gotopage_over.gif
    c:\windows\SysWow64\images\toolbar\gotopaged.gif
    c:\windows\SysWow64\images\toolbar\grouptree.gif
    c:\windows\SysWow64\images\toolbar\grouptree_over.gif
    c:\windows\SysWow64\images\toolbar\grouptreed.gif
    c:\windows\SysWow64\images\toolbar\grouptreepressed.gif
    c:\windows\SysWow64\images\toolbar\Last.gif
    c:\windows\SysWow64\images\toolbar\last_over.gif
    c:\windows\SysWow64\images\toolbar\Lastd.gif
    c:\windows\SysWow64\images\toolbar\Next.gif
    c:\windows\SysWow64\images\toolbar\next_over.gif
    c:\windows\SysWow64\images\toolbar\Nextd.gif
    c:\windows\SysWow64\images\toolbar\Prev.gif
    c:\windows\SysWow64\images\toolbar\prev_over.gif
    c:\windows\SysWow64\images\toolbar\Prevd.gif
    c:\windows\SysWow64\images\toolbar\print.gif
    c:\windows\SysWow64\images\toolbar\print_over.gif
    c:\windows\SysWow64\images\toolbar\printd.gif
    c:\windows\SysWow64\images\toolbar\Refresh.gif
    c:\windows\SysWow64\images\toolbar\refresh_over.gif
    c:\windows\SysWow64\images\toolbar\refreshd.gif
    c:\windows\SysWow64\images\toolbar\Search.gif
    c:\windows\SysWow64\images\toolbar\search_over.gif
    c:\windows\SysWow64\images\toolbar\searchd.gif
    c:\windows\SysWow64\images\toolbar\up.gif
    c:\windows\SysWow64\images\toolbar\up_over.gif
    c:\windows\SysWow64\images\toolbar\upd.gif
    c:\windows\SysWow64\images\tree\begindots.gif
    c:\windows\SysWow64\images\tree\beginminus.gif
    c:\windows\SysWow64\images\tree\beginplus.gif
    c:\windows\SysWow64\images\tree\blank.gif
    c:\windows\SysWow64\images\tree\blankdots.gif
    c:\windows\SysWow64\images\tree\dots.gif
    c:\windows\SysWow64\images\tree\lastdots.gif
    c:\windows\SysWow64\images\tree\lastminus.gif
    c:\windows\SysWow64\images\tree\lastplus.gif
    c:\windows\SysWow64\images\tree\Magnify.gif
    c:\windows\SysWow64\images\tree\minus.gif
    c:\windows\SysWow64\images\tree\minusbox.gif
    c:\windows\SysWow64\images\tree\plus.gif
    c:\windows\SysWow64\images\tree\plusbox.gif
    c:\windows\SysWow64\images\tree\singleminus.gif
    c:\windows\SysWow64\images\tree\singleplus.gif
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-30 )))))))))))))))))))))))))))))))
    .
    .
    2012-07-30 04:53 . 2012-07-30 04:53--------d-----w-c:\users\UpdatusUser\AppData\Local\temp
    2012-07-30 04:53 . 2012-07-30 04:53--------d-----w-c:\users\Default\AppData\Local\temp
    2012-07-30 03:37 . 2012-07-30 03:37--------d-----w-C:\FRST
    2012-07-29 00:40 . 2012-07-29 00:40--------d-----w-c:\users\FAC\AppData\Roaming\Malwarebytes
    2012-07-29 00:39 . 2012-07-29 00:39--------d-----w-c:\programdata\Malwarebytes
    2012-07-29 00:39 . 2012-07-03 18:4624904----a-w-c:\windows\system32\drivers\mbam.sys
    2012-07-29 00:39 . 2012-07-29 00:39--------d-----w-c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-07-28 21:46 . 2012-07-29 00:04--------d-----w-c:\program files (x86)\stinger
    2012-07-22 16:05 . 2012-07-22 16:05--------d-----w-c:\users\FAC\AppData\Roaming\runic games
    2012-07-22 14:56 . 2012-07-22 14:56--------d-----w-c:\program files (x86)\THQ
    2012-07-22 13:17 . 2012-07-22 13:17--------d-----w-c:\program files (x86)\Runic Games
    2012-07-22 00:53 . 2012-07-22 00:53--------d-----w-c:\users\FAC\AppData\Local\FLT
    2012-07-22 00:53 . 2012-07-22 00:53--------d-----w-c:\users\FAC\AppData\Local\2012
    2012-07-12 11:01 . 2012-07-30 04:39--------d-s---w-c:\users\FAC\Google Drive
    2012-07-12 10:51 . 2012-07-12 11:00--------d-----w-c:\program files (x86)\Google
    2012-07-05 03:12 . 2012-07-05 03:12--------d-----w-c:\program files (x86)\Telltale Games
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-07-27 08:14 . 2012-04-10 04:15426184----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
    2012-07-27 08:14 . 2012-03-19 03:5170344----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-06-23 23:50 . 2012-06-23 23:5019736----a-w-c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2012-06-02 22:19 . 2012-06-22 01:3138424----a-w-c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-22 01:312428952----a-w-c:\windows\system32\wuaueng.dll
    2012-06-02 22:19 . 2012-06-22 01:3157880----a-w-c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-22 01:3144056----a-w-c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-22 01:31701976----a-w-c:\windows\system32\wuapi.dll
    2012-06-02 22:15 . 2012-06-22 01:312622464----a-w-c:\windows\system32\wucltux.dll
    2012-06-02 22:15 . 2012-06-22 01:3199840----a-w-c:\windows\system32\wudriver.dll
    2012-06-02 20:19 . 2012-06-22 01:31186752----a-w-c:\windows\system32\wuwebv.dll
    2012-06-02 20:15 . 2012-06-22 01:3136864----a-w-c:\windows\system32\wuapp.exe
    2012-05-28 03:51 . 2012-05-28 03:51165232---ha-w-c:\users\FAC\AppData\Roaming\Microsoft\Virtual PC\VPCKeyboard.dll
    2012-05-25 04:43 . 2012-01-07 04:0857848688----a-w-c:\windows\system32\MRT.exe
    2012-05-08 17:02 . 2012-05-25 04:348955792----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{0986B423-0547-4B21-9624-5AAC35267A68}\mpengine.dll
    2012-05-05 23:10 . 2012-05-05 23:1040960----a-r-c:\users\FAC\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
    2012-05-05 23:10 . 2012-05-05 23:1040960----a-r-c:\users\FAC\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2009-11-15 33120]
    "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-11 3672384]
    "GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2012-06-21 12163848]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2010-11-02 93832]
    "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-08-19 487562]
    "VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
    "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "vmware-tray"="c:\program files (x86)\VMware\VMware Workstation\vmware-tray.exe" [2011-08-22 103536]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    SQL Prompt Query Analyzer Integration.lnk - c:\program files (x86)\Red Gate\SQL Prompt 4\RedGate.SQLPrompt.TrayApp.exe [2012-1-9 81920]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]
    2010-11-02 03:40147080----a-w-c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Notification PackagesREG_MULTI_SZ scecli FAPassSync
    Security PackagesREG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
    "CloneCDTray"="c:\program files (x86)\SlySoft\CloneCD\CloneCDTray.exe" /s
    .
    R1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2011-08-04 146432]
    R1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys [2012-03-01 249152]
    R2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
    R2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-01-24 901184]
    R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-01-24 991296]
    R2 Board7;Board 7 Engine;c:\program files\Board\Board Server\BoardEngine.exe [2012-03-23 20480]
    R2 Board7Silverlight;Board 7 Web Engine;c:\program files (x86)\Board\Board Web Server\BoardSilverlightService.exe [2012-03-23 134656]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2011-08-09 202576]
    R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-09-06 974944]
    R2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2011-08-04 137144]
    R2 gupdate;Google Update Servicio (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-12 116648]
    R2 IEU_Service;NEC Projector USB Display Service;c:\program files (x86)\NEC Projector User Supportware\Image Express Utility Lite\IEU_Service.exe [2012-04-13 69120]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]
    R2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840]
    R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2011-10-12 2072896]
    R2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
    R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
    R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-08-22 846448]
    R2 VMwareHostd;VMware Workstation Server;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2011-08-22 11837440]
    R2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi10-shared.sys [x]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-27 250056]
    R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-01-24 1298496]
    R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-01-24 58128]
    R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-11-15 327168]
    R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2010-08-12 175168]
    R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [2008-09-25 238848]
    R3 gupdatem;Google Update Servicio (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-12 116648]
    R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-12-10 60416]
    R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976]
    R3 IntcDAud;Sonido Intel(R) para pantallas;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-16 317440]
    R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2010-12-15 174168]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
    R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
    R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\DRIVERS\nvstusb.sys [2010-12-12 121960]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys [2010-07-13 29288]
    R3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2011-04-22 79360]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
    R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-09-22 11856]
    R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
    R3 WatAdminSvc;Servicio de tecnologías de activación de Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-07 1255736]
    R3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-12-01 42392]
    R4 FAService;FAService;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe [2010-11-02 2428552]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
    S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-03-01 28992]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
    S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
    S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2010-08-20 21616]
    S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2011-08-08 116336]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-12-13 27760]
    S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
    S3 NETwNs64;___ Controlador del adaptador Intel(R) Wireless WiFi Link para Windows 7 de 64 bits;c:\windows\system32\DRIVERS\NETwNs64.sys [2010-12-22 8505856]
    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 82432]
    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 181760]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-07-30 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 08:14]
    .
    2012-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-12 10:51]
    .
    2012-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-12 10:51]
    .
    2012-07-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-657104428-2278183389-2821783934-1002Core.job
    - c:\users\FAC\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-07 10:25]
    .
    2012-07-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-657104428-2278183389-2821783934-1002UA.job
    - c:\users\FAC\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-07 10:25]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
    2012-06-21 00:02755224----a-w-c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
    2012-06-21 00:02755224----a-w-c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
    2012-06-21 00:02755224----a-w-c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
    2012-06-21 00:02755224----a-w-c:\program files (x86)\Google\Drive\googledrivesync64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-12-14 6561384]
    "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-12-11 2186856]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 167960]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 391704]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 418328]
    "FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-17 686704]
    "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-12-17 1933584]
    "BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-01-24 10355200]
    "QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2011-01-25 4479648]
    "IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
    "RunDLLEntry"="c:\windows\system32\AmbRunE.dll" [2009-02-26 17920]
    "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-06 4030008]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x1
    "AppInit_DLLs"=c:\windows\System32\nvinitx.dll
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
    LSP: %SystemRoot%\system32\vsocklib.dll
    TCP: Interfaces\{27A3F84D-293F-4500-8062-4B28402863C9}: NameServer = 200.48.225.130,200.48.225.146
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Toolbar-Locked - (no file)
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
    @Denied: (A) (Everyone)
    "Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
    "Key"="ActionsPane"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-07-30 00:07:19 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-07-30 05:07
    .
    Pre-Run: 37,167,136,768 bytes libres
    Post-Run: 37,358,067,712 bytes libres
    .
    - - End Of File - - 51DA236D9E3CFC2BC1AB9CC15B500F71
     
  15. Broni

    Broni Malware Annihilator Posts: 52,905   +344

    Looks good :)

    Any current issues?

    ==============================

    Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
    NOTE. If you already have MBAM installed, update it before running the scan.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    Be sure to restart the computer IF MBAM asks you to do so.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    ==============================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  16. FERAC

    FERAC TS Rookie Topic Starter Posts: 21

    Thanks a lot
    You truly are a great help

    No problems so far.

    No malware in Mbam

    This is OTL pt1

    OTL logfile created on: 30/07/2012 10:33:55 p.m. - Run 1
    OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\FAC\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 0000280A | Country: Perú | Language: ESR | Date Format: dd/MM/yyyy

    6.92 Gb Total Physical Memory | 4.69 Gb Available Physical Memory | 67.83% Memory free
    13.83 Gb Paging File | 10.56 Gb Available in Paging File | 76.32% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 451.01 Gb Total Space | 34.87 Gb Free Space | 7.73% Space Free | Partition Type: NTFS

    Computer Name: PC | User Name: FAC | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/07/30 22:28:42 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\FAC\Desktop\OTL.exe
    PRC - [2012/06/20 19:02:30 | 012,163,848 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
    PRC - [2012/05/23 03:56:17 | 000,880,496 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
    PRC - [2012/02/29 19:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    PRC - [2012/02/29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2012/01/19 06:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
    PRC - [2012/01/09 08:59:12 | 000,081,920 | ---- | M] (Red Gate Software Ltd.) -- C:\Program Files (x86)\Red Gate\SQL Prompt 4\RedGate.SQLPrompt.TrayApp.exe
    PRC - [2011/09/06 18:16:42 | 000,974,944 | ---- | M] (ESET) -- C:\Archivos de programa\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
    PRC - [2011/08/22 17:07:32 | 000,354,416 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\SysWOW64\vmnetdhcp.exe
    PRC - [2011/08/22 17:07:18 | 000,103,536 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
    PRC - [2011/08/22 17:06:56 | 000,432,752 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\SysWOW64\vmnat.exe
    PRC - [2011/08/22 16:34:52 | 011,837,440 | ---- | M] () -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
    PRC - [2011/08/22 15:28:42 | 000,079,872 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
    PRC - [2011/01/24 15:34:06 | 000,991,296 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
    PRC - [2011/01/24 15:34:04 | 001,298,496 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
    PRC - [2011/01/24 15:33:30 | 000,901,184 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
    PRC - [2011/01/24 15:33:24 | 000,979,008 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
    PRC - [2010/12/20 18:24:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    PRC - [2010/12/20 18:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    PRC - [2010/12/17 10:25:22 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe

    ========== Modules (No Company Name) ==========

    MOD - [2012/07/30 06:46:17 | 001,169,408 | ---- | M] () -- C:\Users\FAC\AppData\Local\Temp\_MEI20522\wx._core_.pyd
    MOD - [2012/07/30 06:46:17 | 001,056,256 | ---- | M] () -- C:\Users\FAC\AppData\Local\Temp\_MEI20522\wx._controls_.pyd
    MOD - [2012/07/30 06:46:17 | 001,018,368 | ---- | M] () -- C:\Users\FAC\AppData\Local\Temp\_MEI20522\windows._cacheinvalidation.pyd
    MOD - [2012/07/30 06:46:17 | 000,807,424 | ---- | M] () -- C:\Users\FAC\AppData\Local\Temp\_MEI20522\wx._windows_.pyd
    MOD - [2012/07/30 06:46:17 | 000,792,576 | ---- | M] () -- C:\Users\FAC\AppData\Local\Temp\_MEI20522\wx._gdi_.pyd
    MOD - [2012/07/30 06:46:17 | 000,731,136 | ---- | M] () -- C:\Users\FAC\AppData\Local\Temp\_MEI20522\wx._misc_.pyd
    MOD - [2012/07/30 06:46:17 | 000,645,120 | ---- | M] () -- C:\Users\FAC\AppData\Local\Temp\_MEI20522\_ssl.pyd
    MOD - [2012/07/30 06:46:17 | 000,585,728 | ---- | M] () -- C:\Users\FAC\AppData\Local\Temp\_MEI20522\unicodedata.pyd
    MOD - [2012/07/30 06:46:17 | 000,571,392 | ---- | M] () -- C:\Users\FAC\AppData\Local\Temp\_MEI20522\pysqlite2._sqlite.pyd
    MOD - [2012/07/30 06:46:17 | 000,354,304 | ---- | M] () -- C:\Users\FAC\AppData\Local\Temp\_MEI20522\pythoncom26.dll
    MOD - [2012/07/30 06:46:17 | 000,311,808 | ---- | M] () -- C:\Users\FAC\AppData\Local\Temp\_MEI20522\_hashlib.pyd
    MOD - [2012/07/30 06:46:17 | 000,263,168 | ---- | M] () -- C:\Users\FAC\AppData\Local\Temp\_MEI20522\win32com.shell.shell.pyd
    MOD - [2012/07/30 06:46:17 | 000,153,088 | ---- | M] () -- C:\Users\FAC\AppData\Local\Temp\_MEI20522\pyexpat.pyd
    MOD - [2012/07/30 06:46:17 | 000,121,856 | ---- | M] () -- C:\Users\FAC\AppData\Local\Temp\_MEI20522\wx._wizard.pyd
    MOD - [2012/07/30 06:46:17 | 000,111,104 | ---- | M] () -- C:\Users\FAC\AppData\Local\Temp\_MEI20522\win32file.pyd
    MOD - [2012/07/30 06:46:17 | 000,110,592 | ---- | M] () -- C:\Users\FAC\AppData\Local\Temp\_MEI20522\pywintypes26.dll
    MOD - [2012/07/30 06:46:17 | 000,096,256 | ---- | M] () -- C:\Users\FAC\AppData\Local\Temp\_MEI20522\win32api.pyd
    MOD - [2012/07/30 06:46:17 | 000,086,016 | ---- | M] () -- C:\Users\FAC\AppData\Local\Temp\_MEI20522\_elementtree.pyd
    MOD - [2012/07/30 06:46:17 | 000,073,728 | ---- | M] () -- C:\Users\FAC\AppData\Local\Temp\_MEI20522\_ctypes.pyd
    MOD - [2012/07/30 06:46:17 | 000,070,656 | ---- | M] () -- C:\Users\FAC\AppData\Local\Temp\_MEI20522\wx._html2.pyd
    MOD - [2012/07/30 06:46:17 | 000,040,448 | ---- | M] () -- C:\Users\FAC\AppData\Local\Temp\_MEI20522\_socket.pyd
    MOD - [2012/07/30 06:46:17 | 000,039,424 | ---- | M] () -- C:\Users\FAC\AppData\Local\Temp\_MEI20522\win32inet.pyd
    MOD - [2012/07/30 06:46:17 | 000,036,352 | ---- | M] () -- C:\Users\FAC\AppData\Local\Temp\_MEI20522\win32process.pyd
    MOD - [2012/07/30 06:46:17 | 000,022,528 | ---- | M] () -- C:\Users\FAC\AppData\Local\Temp\_MEI20522\win32pdh.pyd
    MOD - [2012/07/30 06:46:17 | 000,017,920 | ---- | M] () -- C:\Users\FAC\AppData\Local\Temp\_MEI20522\win32event.pyd
    MOD - [2012/07/30 06:46:17 | 000,011,776 | ---- | M] () -- C:\Users\FAC\AppData\Local\Temp\_MEI20522\win32crypt.pyd
    MOD - [2012/07/30 06:46:17 | 000,011,776 | ---- | M] () -- C:\Users\FAC\AppData\Local\Temp\_MEI20522\select.pyd
    MOD - [2012/07/09 23:09:00 | 000,438,296 | ---- | M] () -- C:\Users\FAC\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
    MOD - [2012/07/09 23:08:59 | 003,972,120 | ---- | M] () -- C:\Users\FAC\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
    MOD - [2012/07/09 23:07:39 | 000,554,520 | ---- | M] () -- C:\Users\FAC\AppData\Local\Google\Chrome\Application\20.0.1132.57\libglesv2.dll
    MOD - [2012/07/09 23:07:37 | 000,117,784 | ---- | M] () -- C:\Users\FAC\AppData\Local\Google\Chrome\Application\20.0.1132.57\libegl.dll
    MOD - [2012/07/09 23:07:22 | 000,140,328 | ---- | M] () -- C:\Users\FAC\AppData\Local\Google\Chrome\Application\20.0.1132.57\avutil-51.dll
    MOD - [2012/07/09 23:07:21 | 000,262,184 | ---- | M] () -- C:\Users\FAC\AppData\Local\Google\Chrome\Application\20.0.1132.57\avformat-54.dll
    MOD - [2012/07/09 23:07:19 | 002,386,984 | ---- | M] () -- C:\Users\FAC\AppData\Local\Google\Chrome\Application\20.0.1132.57\avcodec-54.dll
    MOD - [2012/07/09 21:17:27 | 009,255,112 | ---- | M] () -- C:\Users\FAC\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
    MOD - [2012/07/09 21:17:27 | 009,255,112 | ---- | M] () -- C:\Users\FAC\AppData\Local\Google\Chrome\APPLIC~1\200113~1.57\gcswf32.dll
    MOD - [2012/05/24 23:54:49 | 006,610,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\eeaa41950485f16229afc7b409c073cd\System.Data.ni.dll
    MOD - [2012/05/24 23:54:30 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll
    MOD - [2012/05/24 23:54:25 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll
    MOD - [2012/05/24 23:54:12 | 002,508,288 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\4b5650fad63958eabd448eeacde84612\System.Data.SqlXml.ni.dll
    MOD - [2012/05/24 23:54:10 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\a1a2e47980512815b030fce9a53cc4c8\System.Xml.ni.dll
    MOD - [2012/05/24 23:54:08 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
    MOD - [2012/05/24 23:54:07 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
    MOD - [2012/05/24 23:54:03 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
    MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
    MOD - [2010/12/17 10:25:22 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
    MOD - [2010/11/12 19:33:59 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_es_b77a5c561934e089\mscorlib.resources.dll
    MOD - [2010/11/04 20:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
    MOD - [2010/11/04 20:57:43 | 000,072,192 | ---- | M] () -- C:\Windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
    MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\PROGRA~2\MIF5BA~1\Office14\1033\GrooveIntlResource.dll
    MOD - [2009/07/14 04:29:44 | 000,163,840 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_es_b77a5c561934e089\System.Xml.resources.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2008/07/29 13:20:28 | 004,737,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)
    SRV - [2012/07/27 03:14:03 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/04/13 14:52:11 | 000,069,120 | ---- | M] (NEC Display Solutions, Ltd.) [Auto | Running] -- C:\Program Files (x86)\NEC Projector User Supportware\Image Express Utility Lite\IEU_Service.exe -- (IEU_Service)
    SRV - [2012/03/23 13:17:38 | 000,020,480 | ---- | M] (Board International SA) [Auto | Running] -- C:\Archivos de programa\Board\Board Server\BoardEngine.exe -- (Board7)
    SRV - [2012/03/23 13:15:28 | 000,134,656 | ---- | M] (Board International SA) [Auto | Running] -- C:\Program Files (x86)\Board\Board Web Server\BoardSilverlightService.exe -- (Board7Silverlight)
    SRV - [2012/02/29 19:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
    SRV - [2012/02/29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2012/01/19 06:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
    SRV - [2011/10/12 18:14:14 | 002,072,896 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
    SRV - [2011/09/06 18:16:42 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- C:\Archivos de programa\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
    SRV - [2011/08/22 17:07:32 | 000,354,416 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\WINDOWS\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
    SRV - [2011/08/22 17:06:56 | 000,432,752 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\WINDOWS\SysWOW64\vmnat.exe -- (VMware NAT Service)
    SRV - [2011/08/22 16:34:52 | 011,837,440 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe -- (VMwareHostd)
    SRV - [2011/08/22 15:28:42 | 000,079,872 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
    SRV - [2011/08/21 23:11:28 | 000,846,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService)
    SRV - [2011/04/21 22:56:23 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe -- (Sound Blaster X-Fi MB Licensing Service)
    SRV - [2011/03/28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
    SRV - [2011/01/24 15:34:06 | 000,991,296 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
    SRV - [2011/01/24 15:34:04 | 001,298,496 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
    SRV - [2011/01/24 15:33:30 | 000,901,184 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
    SRV - [2010/12/20 18:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
    SRV - [2010/12/20 18:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
    SRV - [2010/12/17 14:41:32 | 001,515,792 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Archivos de programa\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
    SRV - [2010/12/17 14:28:46 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Archivos de programa\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
    SRV - [2010/12/17 14:26:50 | 000,836,880 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Archivos de programa\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
    SRV - [2010/11/29 15:00:56 | 000,149,504 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
    SRV - [2010/11/01 22:40:28 | 002,428,552 | ---- | M] (Sensible Vision ) [Disabled | Stopped] -- C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe -- (FAService)
    SRV - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Archivos de programa\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/01/09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
    SRV - [2009/11/17 21:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Archivos de programa\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
    SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/04/13 12:28:43 | 000,560,184 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\sptd.sys -- (sptd)
    DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/02/29 19:02:00 | 000,249,152 | ---- | M] (NVIDIA Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\nvkflt.sys -- (nvkflt)
    DRV:64bit: - [2012/02/29 19:02:00 | 000,028,992 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
    DRV:64bit: - [2011/12/09 19:45:00 | 000,060,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)
    DRV:64bit: - [2011/11/15 01:13:00 | 000,327,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\btmhsf.sys -- (btmhsf)
    DRV:64bit: - [2011/08/22 17:07:58 | 000,062,064 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\drivers\vmx86.sys -- (vmx86)
    DRV:64bit: - [2011/08/22 17:06:14 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
    DRV:64bit: - [2011/08/22 15:12:26 | 000,045,680 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
    DRV:64bit: - [2011/08/22 15:12:26 | 000,020,080 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
    DRV:64bit: - [2011/08/21 23:11:26 | 000,039,024 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\drivers\hcmon.sys -- (hcmon)
    DRV:64bit: - [2011/08/21 23:01:22 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\vmusb.sys -- (vmusb)
    DRV:64bit: - [2011/08/09 13:57:12 | 000,202,576 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\SysNative\drivers\eamonm.sys -- (eamonm)
    DRV:64bit: - [2011/08/08 14:59:12 | 000,116,336 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\vmci.sys -- (vmci)
    DRV:64bit: - [2011/08/04 09:20:38 | 000,146,432 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\ehdrv.sys -- (ehdrv)
    DRV:64bit: - [2011/08/04 09:20:38 | 000,137,144 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
    DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/02/10 17:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
    DRV:64bit: - [2011/02/10 17:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
    DRV:64bit: - [2011/01/28 03:57:14 | 012,273,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2011/01/24 02:24:52 | 000,058,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\btmaux.sys -- (btmaux)
    DRV:64bit: - [2011/01/15 11:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\VClone.sys -- (VClone)
    DRV:64bit: - [2011/01/12 20:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2010/12/22 04:08:48 | 008,505,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
    DRV:64bit: - [2010/12/17 12:06:32 | 001,404,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2010/12/16 17:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
    DRV:64bit: - [2010/12/15 12:02:04 | 000,174,168 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\jmcr.sys -- (JMCR)
    DRV:64bit: - [2010/12/13 12:34:14 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Accelern.sys -- (Acceler)
    DRV:64bit: - [2010/12/12 09:18:36 | 000,121,960 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\nvstusb.sys -- (NvStUSB)
    DRV:64bit: - [2010/12/01 05:02:22 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\WDKMD.sys -- (wdkmd)
    DRV:64bit: - [2010/11/29 15:00:04 | 000,016,120 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\drivers\TurboB.sys -- (TurboB)
    DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 04:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2010/10/19 19:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\HECIx64.sys -- (MEIx64)
    DRV:64bit: - [2010/10/15 19:28:18 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
    DRV:64bit: - [2010/08/20 04:05:12 | 000,021,616 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\stdcfltn.sys -- (stdcfltn)
    DRV:64bit: - [2010/08/12 10:51:30 | 000,175,168 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
    DRV:64bit: - [2010/07/12 21:38:06 | 000,029,288 | ---- | M] (Quanta Computer) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\qicflt.sys -- (qicflt)
    DRV:64bit: - [2010/03/19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
    DRV:64bit: - [2010/02/27 10:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\Impcd.sys -- (Impcd)
    DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 19:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
    DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2008/09/24 20:36:14 | 000,238,848 | ---- | M] (Sensible Vision ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\facap.sys -- (FACAP)
    DRV:64bit: - [2007/02/18 00:22:48 | 000,296,816 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysNative\Controladores\VMM.sys -- (vmm)
    DRV:64bit: - [2007/02/15 19:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\ElbyCDFL.sys -- (ElbyCDFL)
    DRV:64bit: - [2007/01/29 06:20:34 | 000,079,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\VMNetSrv.sys -- (VPCNetS2)
    DRV:64bit: - [2006/11/01 12:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\WimFltr.sys -- (WimFltr)
    DRV - [2011/09/22 13:08:26 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
    DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\drivers\wimmount.sys -- (WIMMount)
    DRV - [2007/02/15 19:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysWOW64\drivers\ElbyCDFL.sys -- (ElbyCDFL)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9ED34756-207A-4BCF-8B3A-04434208AFB3}
    IE:64bit: - HKLM\..\SearchScopes\{9ED34756-207A-4BCF-8B3A-04434208AFB3}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {95BE5539-601F-4493-B419-8CD16FE5EC8C}
    IE - HKLM\..\SearchScopes\{95BE5539-601F-4493-B419-8CD16FE5EC8C}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-657104428-2278183389-2821783934-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKU\S-1-5-21-657104428-2278183389-2821783934-1002\..\SearchScopes,DefaultScope = {95BE5539-601F-4493-B419-8CD16FE5EC8C}
    IE - HKU\S-1-5-21-657104428-2278183389-2821783934-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    ========== FireFox ==========

    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\FAC\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\FAC\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fassoxpcom@sensiblevision.com: C:\Program Files (x86)\Sensible Vision\Fast Access\xpcom_fasso\ [2011/04/21 23:08:12 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012/01/10 15:00:35 | 000,000,000 | ---D | M]


    ========== Chrome ==========

    CHR - homepage: https://www.google.com/
    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
    CHR - homepage: https://www.google.com/
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\FAC\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\FAC\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\FAC\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
    CHR - plugin: Shockwave Flash (Disabled) = C:\Users\FAC\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
    CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
    CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
    CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
    CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: Google Update (Enabled) = C:\Users\FAC\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll
    CHR - Extension: YouTube = C:\Users\FAC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
    CHR - Extension: Google Search = C:\Users\FAC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: Do Not Track Plus = C:\Users\FAC\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd\2.2.0.510_0\
    CHR - Extension: Lord of Ultima = C:\Users\FAC\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdheeblenjmceeppomdgokgilmkonced\1.0.12_0\
    CHR - Extension: Fieldrunners = C:\Users\FAC\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpikhjbfbffdblahfidklcohlaeabak\1.0.0.5_0\
    CHR - Extension: Gmail = C:\Users\FAC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

    O1 HOSTS File: ([2012/07/30 00:02:33 | 000,000,027 | ---- | M]) - C:\WINDOWS\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Archivos de programa\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
    O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Archivos de programa\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    O2:64bit: - BHO: (SSOIEAddonBHO Class) - {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files (x86)\Sensible Vision\Fast Access\x64\FAIESSO.dll (Sensible Vision )
    O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL (Microsoft Corporation)
    O2 - BHO: (SSOIEAddonBHO Class) - {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll (Sensible Vision )
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
    O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
    O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\WINDOWS\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
    O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\WINDOWS\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [RunDLLEntry] C:\Windows\SysNative\AmbRunE.DLL (Creative Technology Ltd.)
    O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
    O4 - HKLM..\Run: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe (Sensible Vision )
    O4 - HKLM..\Run: [vmware-tray] C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
    O4 - HKU\S-1-5-21-657104428-2278183389-2821783934-1002..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
    O4 - HKU\S-1-5-21-657104428-2278183389-2821783934-1002..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
    O4 - HKU\S-1-5-21-657104428-2278183389-2821783934-1002..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
    O4 - HKU\S-1-5-21-657104428-2278183389-2821783934-1006..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-657104428-2278183389-2821783934-1006..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-657104428-2278183389-2821783934-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-657104428-2278183389-2821783934-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\S-1-5-21-657104428-2278183389-2821783934-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 File not found
    O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 File not found
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 File not found
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 File not found
    O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Archivos de programa\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Archivos de programa\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Archivos de programa\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Archivos de programa\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\WINDOWS\SysNative\vsocklib.dll (VMware, Inc.)
    O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\WINDOWS\SysNative\vsocklib.dll (VMware, Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\SysWOW64\vsocklib.dll (VMware, Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\SysWOW64\vsocklib.dll (VMware, Inc.)
    O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
    O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab (DLC Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{27A3F84D-293F-4500-8062-4B28402863C9}: NameServer = 200.48.225.130,200.48.225.146
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
    O20:64bit: - AppInit_DLLs: (C:\WINDOWS\System32\nvinitx.dll) - C:\WINDOWS\SysNative\nvinitx.dll (NVIDIA Corporation)
    O20 - AppInit_DLLs: (C:\WINDOWS\SysWOW64\nvinit.dll) - C:\WINDOWS\SysWOW64\nvinit.dll (NVIDIA Corporation)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O20 - Winlogon\Notify\FastAccess: DllName - (C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll) - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll ()
    O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Archivos de programa\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
     
  17. FERAC

    FERAC TS Rookie Topic Starter Posts: 21

    otl pt2

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/07/30 22:28:35 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\FAC\Desktop\OTL.exe
    [2012/07/30 06:46:09 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/07/30 00:07:21 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2012/07/29 23:44:43 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/07/29 23:44:43 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/07/29 23:44:43 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/07/29 23:40:59 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/07/29 23:40:36 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/07/29 23:32:02 | 004,721,417 | R--- | C] (Swearware) -- C:\Users\FAC\Desktop\ComboFix.exe
    [2012/07/29 22:37:50 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/07/29 14:37:38 | 000,000,000 | ---D | C] -- C:\Users\FAC\Desktop\RK_Quarantine
    [2012/07/29 08:57:20 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\FAC\Desktop\dds.scr
    [2012/07/29 08:49:33 | 001,438,391 | ---- | C] (Farbar) -- C:\Users\FAC\Desktop\FRST64.exe
    [2012/07/29 08:39:43 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\FAC\Desktop\aswMBR.exe
    [2012/07/28 23:42:38 | 000,000,000 | ---D | C] -- C:\Users\FAC\AppData\Local\{ED932E98-07C1-4612-99BE-5F80BFA50CB4}
    [2012/07/28 23:42:25 | 000,000,000 | ---D | C] -- C:\Users\FAC\AppData\Local\{E61FEAB6-851D-4F72-8895-A140412C90B6}
    [2012/07/28 19:40:06 | 000,000,000 | ---D | C] -- C:\Users\FAC\AppData\Roaming\Malwarebytes
    [2012/07/28 19:39:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/07/28 19:39:48 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2012/07/28 19:39:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/07/28 19:39:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2012/07/28 19:35:25 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\FAC\Desktop\mbam-setup-1.62.0.1300.exe
    [2012/07/28 16:46:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\stinger
    [2012/07/28 15:13:25 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\astragon Software GmbH
    [2012/07/22 11:05:24 | 000,000,000 | ---D | C] -- C:\Users\FAC\AppData\Roaming\runic games
    [2012/07/22 10:13:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ
    [2012/07/22 09:56:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\THQ
    [2012/07/22 08:19:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Torchlight
    [2012/07/22 08:17:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Runic Games
    [2012/07/22 07:47:21 | 000,000,000 | ---D | C] -- C:\Users\FAC\AppData\Local\{8A321CB4-F715-428A-B1F1-6EDEE9C49CDC}
    [2012/07/22 07:47:10 | 000,000,000 | ---D | C] -- C:\Users\FAC\AppData\Local\{2D8A6715-0624-467B-BF6B-1C6AEF6B3961}
    [2012/07/21 19:53:47 | 000,000,000 | ---D | C] -- C:\Users\FAC\AppData\Local\FLT
    [2012/07/21 19:53:47 | 000,000,000 | ---D | C] -- C:\Users\FAC\AppData\Local\2012
    [2012/07/15 08:32:03 | 000,000,000 | ---D | C] -- C:\Users\FAC\AppData\Local\{89B1F2E4-9720-44FF-97F6-79923C36F6BE}
    [2012/07/15 08:31:52 | 000,000,000 | ---D | C] -- C:\Users\FAC\AppData\Local\{533E5A63-922A-4360-82A9-EDE670DAD33B}
    [2012/07/14 20:31:26 | 000,000,000 | ---D | C] -- C:\Users\FAC\AppData\Local\{0F6A4ED6-B520-4E90-ADA6-A8491720BAB0}
    [2012/07/14 20:31:14 | 000,000,000 | ---D | C] -- C:\Users\FAC\AppData\Local\{4A24130E-ED69-4BEA-A2FF-6AB9CE0AE6CB}
    [2012/07/13 20:57:31 | 000,000,000 | ---D | C] -- C:\Users\FAC\AppData\Local\{4D3B1C14-1DC2-4C32-9B92-0E592917E361}
    [2012/07/13 20:57:20 | 000,000,000 | ---D | C] -- C:\Users\FAC\AppData\Local\{1C847B92-75FC-4E42-9FDD-21A3A42A489F}
    [2012/07/12 21:42:22 | 000,000,000 | ---D | C] -- C:\Users\FAC\AppData\Local\{653EC06C-C034-4362-849A-36806534566F}
    [2012/07/12 21:42:03 | 000,000,000 | ---D | C] -- C:\Users\FAC\AppData\Local\{0930AB24-6963-4792-BC7A-2144B658AD6B}
    [2012/07/12 06:01:39 | 000,000,000 | --SD | C] -- C:\Users\FAC\Google Drive
    [2012/07/12 06:00:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
    [2012/07/12 05:51:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
    [2012/07/09 05:31:01 | 000,000,000 | ---D | C] -- C:\Users\FAC\AppData\Local\{946A31AA-6745-4759-B9A2-5DF168FF0E29}
    [2012/07/09 05:30:49 | 000,000,000 | ---D | C] -- C:\Users\FAC\AppData\Local\{3E608C65-06F6-4BDF-9A36-BB4512C515F5}
    [2012/07/08 17:30:24 | 000,000,000 | ---D | C] -- C:\Users\FAC\AppData\Local\{6F8AC0ED-B43E-4E02-A694-0B4C315E251A}
    [2012/07/08 17:30:12 | 000,000,000 | ---D | C] -- C:\Users\FAC\AppData\Local\{FA59F42B-CF59-4277-B373-83CC033EA3C9}
    [2012/07/07 21:15:32 | 000,000,000 | ---D | C] -- C:\Users\FAC\AppData\Local\{A30E3A44-C51F-4784-8F46-A8DC214B9E84}
    [2012/07/07 21:15:17 | 000,000,000 | ---D | C] -- C:\Users\FAC\AppData\Local\{45D86823-9E61-47D0-BA61-FEB481C7FC50}
    [2012/07/07 19:13:39 | 000,000,000 | ---D | C] -- C:\Users\FAC\Documents\JJ
    [2012/07/07 01:22:17 | 000,000,000 | ---D | C] -- C:\Users\FAC\AppData\Local\{B7B5DC1F-64AD-458D-B9EE-614B51B2F6AF}
    [2012/07/07 01:22:04 | 000,000,000 | ---D | C] -- C:\Users\FAC\AppData\Local\{77C57E54-220A-4385-BB22-DFA130EFE193}
    [2012/07/04 22:12:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Telltale Games
    [2012/07/03 21:28:54 | 000,000,000 | ---D | C] -- C:\Users\FAC\AppData\Local\{7DD2A09A-33C2-4700-9B9A-679226663AB6}
    [2012/07/03 21:28:39 | 000,000,000 | ---D | C] -- C:\Users\FAC\AppData\Local\{6743AA27-EF15-421D-BD0D-CB7A21592D78}
    [2012/07/02 02:44:25 | 000,000,000 | ---D | C] -- C:\Users\FAC\AppData\Local\{DE71E766-F71E-421F-B561-BBD7CD0C840C}
    [2012/07/02 02:43:48 | 000,000,000 | ---D | C] -- C:\Users\FAC\AppData\Local\{AA5D7126-BA5E-497D-8364-9669F393928A}
    [2012/07/01 07:19:29 | 000,000,000 | ---D | C] -- C:\Users\FAC\AppData\Local\{9AFBBE61-47C4-40C8-B01F-528A131984C2}
    [2012/07/01 07:19:18 | 000,000,000 | ---D | C] -- C:\Users\FAC\AppData\Local\{FE825E6D-CF94-4CA8-AEBA-626CF0AD94A3}
    [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2012/07/30 22:28:42 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\FAC\Desktop\OTL.exe
    [2012/07/30 22:23:00 | 000,000,838 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2012/07/30 22:04:56 | 000,001,026 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/07/30 22:04:46 | 000,001,038 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-657104428-2278183389-2821783934-1002UA.job
    [2012/07/30 22:04:45 | 000,001,030 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/07/30 22:04:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/07/30 11:46:00 | 000,000,986 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-657104428-2278183389-2821783934-1002Core.job
    [2012/07/30 06:56:23 | 001,678,594 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2012/07/30 06:56:23 | 000,749,872 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
    [2012/07/30 06:56:23 | 000,655,532 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2012/07/30 06:56:23 | 000,159,906 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
    [2012/07/30 06:56:23 | 000,122,990 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2012/07/30 06:55:24 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/07/30 06:55:24 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/07/30 06:45:36 | 1276,252,159 | -HS- | M] () -- C:\hiberfil.sys
    [2012/07/30 00:02:33 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2012/07/29 23:32:40 | 004,721,417 | R--- | M] (Swearware) -- C:\Users\FAC\Desktop\ComboFix.exe
    [2012/07/29 20:58:30 | 000,000,512 | ---- | M] () -- C:\Users\FAC\Desktop\MBR.dat
    [2012/07/29 08:57:22 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\FAC\Desktop\dds.scr
    [2012/07/29 08:49:49 | 001,438,391 | ---- | M] (Farbar) -- C:\Users\FAC\Desktop\FRST64.exe
    [2012/07/29 08:40:14 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\FAC\Desktop\aswMBR.exe
    [2012/07/29 08:39:28 | 001,552,384 | ---- | M] () -- C:\Users\FAC\Desktop\RogueKiller.exe
    [2012/07/29 08:38:46 | 002,117,108 | ---- | M] () -- C:\Users\FAC\Desktop\tdsskiller.zip
    [2012/07/28 19:42:42 | 000,302,592 | ---- | M] () -- C:\Users\FAC\Desktop\ew5cejw4.exe
    [2012/07/28 19:39:49 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/07/28 19:37:28 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\FAC\Desktop\mbam-setup-1.62.0.1300.exe
    [2012/07/27 03:14:02 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
    [2012/07/27 03:14:02 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    [2012/07/22 10:13:45 | 000,002,128 | ---- | M] () -- C:\Users\Public\Desktop\Saints Row The Third.lnk
    [2012/07/12 06:01:39 | 000,001,709 | ---- | M] () -- C:\Users\FAC\Desktop\Google Drive.lnk
    [2012/07/08 21:51:23 | 000,002,062 | -H-- | M] () -- C:\Users\FAC\Documents\Default.rdp
    [2012/07/04 22:25:45 | 000,001,823 | ---- | M] () -- C:\Users\FAC\Desktop\WalkingDead.lnk
    [2012/07/03 22:43:25 | 000,000,025 | ---- | M] () -- C:\Windows\LastUser.ini
    [2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2012/07/29 23:44:43 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/07/29 23:44:43 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/07/29 23:44:43 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/07/29 23:44:43 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/07/29 23:44:43 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/07/29 20:58:30 | 000,000,512 | ---- | C] () -- C:\Users\FAC\Desktop\MBR.dat
    [2012/07/29 08:39:21 | 001,552,384 | ---- | C] () -- C:\Users\FAC\Desktop\RogueKiller.exe
    [2012/07/29 08:38:20 | 002,117,108 | ---- | C] () -- C:\Users\FAC\Desktop\tdsskiller.zip
    [2012/07/28 19:42:41 | 000,302,592 | ---- | C] () -- C:\Users\FAC\Desktop\ew5cejw4.exe
    [2012/07/28 19:39:49 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/07/22 10:13:45 | 000,002,128 | ---- | C] () -- C:\Users\Public\Desktop\Saints Row The Third.lnk
    [2012/07/12 06:01:39 | 000,001,709 | ---- | C] () -- C:\Users\FAC\Desktop\Google Drive.lnk
    [2012/07/12 05:51:49 | 000,001,030 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/07/12 05:51:49 | 000,001,026 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/07/04 22:25:45 | 000,001,823 | ---- | C] () -- C:\Users\FAC\Desktop\WalkingDead.lnk
    [2012/05/12 19:34:53 | 000,000,025 | ---- | C] () -- C:\Windows\LastUser.ini
    [2012/04/23 10:56:42 | 001,589,248 | ---- | C] () -- C:\Windows\SysWow64\libmysql_d.dll
    [2012/04/16 00:29:33 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
    [2012/04/04 17:45:35 | 000,006,776 | ---- | C] () -- C:\Users\FAC\Links.rar
    [2012/02/29 13:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
    [2012/02/22 21:03:44 | 000,000,813 | ---- | C] () -- C:\Users\FAC\AppData\Roaming\MPQEditor.ini
    [2012/01/27 09:50:14 | 000,000,017 | ---- | C] () -- C:\Users\FAC\AppData\Local\resmon.resmoncfg
    [2012/01/24 06:58:14 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
    [2012/01/23 22:54:30 | 000,000,215 | ---- | C] () -- C:\Windows\disney.ini
    [2012/01/20 20:49:30 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\pdtEnvioC.dll
    [2012/01/20 20:49:30 | 000,000,272 | ---- | C] () -- C:\Windows\PM000.INI
    [2012/01/09 17:58:55 | 000,001,217 | ---- | C] () -- C:\Windows\ODBC.INI
    [2012/01/09 17:58:55 | 000,000,777 | ---- | C] () -- C:\Windows\ODBCINST.INI
    [2012/01/08 08:10:10 | 001,656,742 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/12/08 17:55:00 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\BDSSR160.dll
    [2011/12/08 17:55:00 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\BDSSR.dll
    [2011/04/22 01:11:27 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
    [2011/04/22 01:10:37 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
    [2011/04/22 01:10:35 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
    [2011/04/22 01:10:33 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
    [2010/11/01 22:40:34 | 000,087,176 | ---- | C] () -- C:\Windows\SysWow64\FAIEExtension.dll
    [2010/11/01 22:40:30 | 000,057,480 | ---- | C] () -- C:\Windows\SysWow64\FAib.dll
    [2010/11/01 22:40:24 | 000,248,968 | ---- | C] () -- C:\Windows\SysWow64\FACrashRpt.dll
    < End of report >
     
  18. FERAC

    FERAC TS Rookie Topic Starter Posts: 21

    OTL Extras logfile created on: 30/07/2012 10:33:55 p.m. - Run 1
    OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\FAC\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 0000280A | Country: Perú | Language: ESR | Date Format: dd/MM/yyyy

    6.92 Gb Total Physical Memory | 4.69 Gb Available Physical Memory | 67.83% Memory free
    13.83 Gb Paging File | 10.56 Gb Available in Paging File | 76.32% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 451.01 Gb Total Space | 34.87 Gb Free Space | 7.73% Space Free | Partition Type: NTFS

    Computer Name: PC | User Name: FAC | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
    "{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
    "{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
    "{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
    "{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
    "{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
    "{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
    "{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
    "{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
    "{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
    "{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
    "{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
    "{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
    "{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
    "{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
    "{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
    "{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
    "{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
    "{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
    "{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
    "{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
    "{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
    "{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
    "{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
    "{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
    "TCP Query User{0CB6A0CF-D09F-4971-9ABC-70B0A43DA1D9}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
    "UDP Query User{AE2853D5-C303-48B8-8C08-C245F77FF7ED}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
    "{056E5A6F-BEF6-4094-8724-D45F0F564312}" = Microsoft SQL Server 2008 Setup Support Files
    "{0C6C4C8A-3B96-4681-90BA-0E15CDE96298}" = Microsoft SQL Server 2008 Management Studio
    "{108C8C1D-DA02-4A6C-94CD-5603F6A6FC72}" = Microsoft SQL Server 2008 Management Studio
    "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
    "{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java(TM) 6 Update 24 (64-bit)
    "{290D4DB2-F1B4-4B8E-918D-D71EF29A001B}" = Software Intel(R) PROSet/Wireless WiFi
    "{29C93182-34F6-3275-A18D-59326851CD57}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools - enu
    "{29D10287-B073-42C4-A3E5-FF922EDA471E}" = ESET NOD32 Antivirus
    "{2BFA9B05-7418-4EDE-A6FC-620427BAAAA3}" = Crystal Reports Basic Runtime for Visual Studio 2008 (x64)
    "{362A3FDF-B12E-436A-9097-1B795A9FFCC5}" = Microsoft SQL Server 2008 R2 Native Client
    "{40A5B390-78B8-44EA-A063-DB06D5407AC3}" = HBMP Converter
    "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
    "{528E2373-AE49-4802-B4A8-326BBFDAD6A0}" = VmciSockets
    "{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
    "{5CF8804D-7452-4461-9D61-5BE019600420}" = FastAccess
    "{5DE154DF-A55E-4FA5-BE59-32E78FCACF3E}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
    "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    "{62EED300-E841-4083-A1D6-60B906271804}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Tools
    "{64D5BBC6-5270-3711-AA39-31C1087AF4E6}" = Microsoft Visual Studio 2008 Remote Debugger - ENU
    "{6532B2B4-A46C-4EE7-B7F7-468A26D83170}" = Board 7 Server
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
    "{893F27E6-D6BE-4B9F-80E6-0ADA694A31A8}" = Microsoft SQL Server 2008 Common Files
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8A7CAA24-7B23-410B-A7C3-F994B0944160}" = Microsoft Virtual PC 2007
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
    "{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0C0A-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Spanish) 2007
    "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
    "{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
    "{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9aa5f39c-a8de-46b0-919a-0248f8bc8490}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
    "{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
    "{A992BBAA-723D-4574-A07F-983BF8FAA3E1}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Win32 Tools
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA Controlador de 3D Vision 296.10
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panel de control de NVIDIA 296.10
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Controlador de gráficos 296.10
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.7.11
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Software del sistema PhysX 9.12.0213
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Actualización de NVIDIA 1.7.11
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA Controlador de audio HD 1.3.12.0
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Monitor de la tecnología Intel® Turbo Boost 2.0
    "{C3600AE6-93A0-3DB7-B7AA-45BD58F133B5}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
    "{C7B40C35-85AE-4303-9EEA-1A1EA779664D}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
    "{D3E39E77-0EB4-36FB-B97A-8C8AB21B9A45}" = Visual Studio .NET Prerequisites - English
    "{D59D0AA8-C9C4-4714-824B-E36C7179D2FF}" = Microsoft SQL Server 2005 Analysis Services ADOMD.NET
    "{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
    "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
    "{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
    "{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
    "{EF8B1A2E-9CCB-3AB2-91E3-4EEDAB1294E1}" = Microsoft Device Emulator (64 bit) version 3.0 - ENU
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
    "Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
    "Microsoft Visual Studio 2008 Remote Debugger - ENU" = Microsoft Visual Studio 2008 Remote Debugger - ENU
    "Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
    "novaPDF Professional Desktop 7 printer_is1" = novaPDF Professional Desktop 7.0 printer
    "ProInst" = Intel PROSet Wireless
    "SynTPDeinstKey" = Synaptics Pointing Device Driver
    "WinRAR archiver" = WinRAR 4.01 (64-bit)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd
    "{020617D7-2F72-4D02-BF59-A5CBC1761177}" = SQL Server 2008 R2 Management Studio
    "{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0C19D563-5F25-4621-BF10-01F741BD283F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools English
    "{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
    "{0D94F75A-0EA6-4951-B3AF-B145FA9E05C6}" = VMware Workstation
    "{0DF3AE91-E533-3960-8516-B23737F8B7A2}" = Visual C++ 2008 x64 Runtime - (v9.0.30729)
    "{0DF3AE91-E533-3960-8516-B23737F8B7A2}.vc_x64runtime_30729_01" = Visual C++ 2008 x64 Runtime - v9.0.30729.01
    "{0EDC9BA0-016E-406a-86DA-04FC1BE00C21}" = Need for Speed™ The Run
    "{121475F5-2598-4574-8801-8F6B3D6A99BB}" = SQL Server 2008 R2 Management Studio
    "{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware
    "{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F6A1825-474F-4124-9016-1168471D847B}" = Google Drive
    "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{22E23C71-C27A-3F30-8849-BB6129E50679}" = Visual C++ 2008 IA64 Runtime - (v9.0.30729)
    "{22E23C71-C27A-3F30-8849-BB6129E50679}.vc_i64runtime_30729_01" = Visual C++ 2008 IA64 Runtime - v9.0.30729.01
    "{241F2BF7-69EB-42A4-9156-96B2426C7504}" = Microsoft SQL Server Compact 3.5 for Devices ENU
    "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
    "{2864C41B-EF2D-4640-95A2-526276524519}" = Borland C++Builder 6
    "{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
    "{2AC9E096-C0EF-48B6-8347-C9520457BC58}" = SQL Prompt 4
    "{31821EFE-1B31-4744-9FB0-208F92BD7168}" = Visual FoxPro ODBC Driver
    "{319A3604-A562-4CA1-BEB2-9E4B70EC8043}" = DevExpress Example Runner
    "{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
    "{358A2F50-8885-4EDE-BBB0-130A5834E0B4}" = Visual FoxPro 9.0 Baseline - English
    "{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
    "{3A762A82-618D-3CAA-B847-D074ABFA0B2E}" = MSDN Library for Visual Studio 2008 - ENU
    "{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
    "{3DA245C5-23B1-4874-BFA7-287B7D6C1EF6}" = Microsoft Visual FoxPro OLE DB Provider
    "{3F8D9A47-9C50-3F46-8F12-B92DD5CA0A2E}" = Visual C++ 2008 x86 Runtime - (v9.0.30729.6161)
    "{3F8D9A47-9C50-3F46-8F12-B92DD5CA0A2E}.vc_x86runtime_30729_6161" = Visual C++ 2008 x86 Runtime - v9.0.30729.6161
    "{45410935-B52C-468A-A836-0D1000018201}" = BulletStorm
    "{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
    "{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
    "{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
    "{52877900-399C-4CAC-909D-61F47135174C}" = Board 7 Client
    "{52CABE63-3144-4BEC-8968-38CFEB22F6C8}" = Embarcadero RAD Studio XE2
    "{561BD069-5C63-4B48-98BD-91B743142304}" = MySQL Workbench 5.2 CE
    "{57660847-B1F7-35BD-9118-F62EB863A598}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    "{579755BD-57F6-4A32-BF6D-14CB3CEF95A8}" = Board 7 Web Server
    "{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
    "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
    "{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
    "{68180B21-DE6B-41AE-9826-3D65A1B3EF2C}" = Embarcadero Delphi and C++Builder XE2 Help System
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
    "{6C9F6D23-E9AD-43C9-B43A-011562AAF876}" = Windows Mobile 5.0 SDK R2 for Pocket PC
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{76866BE3-B2C7-40BB-B267-927792AED0C3}" = Microsoft SQL Server 2008 R2 Setup (English)
    "{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
    "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
    "{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
    "{79DDA36F-B19E-4293-A4F2-FA3EC1C06E6E}_is1" = MDF to ISO version 1.0
    "{7B33F480-496D-334A-BAC2-205DEC0CBC2D}" = Visual C++ 2008 x86 Runtime - (v9.0.30729.4148)
    "{7B33F480-496D-334A-BAC2-205DEC0CBC2D}.vc_x86runtime_30729_4148" = Visual C++ 2008 x86 Runtime - v9.0.30729.4148
    "{7C470FBA-F0E5-428C-8772-5414C920FA6C}" = Microsoft Dynamics Sure Step 2010
    "{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11
    "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
    "{8BB235BF-8740-48CF-9843-F502F5F07EC1}" = PostgreSQL OLE DB Provider
    "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
    "{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
    "{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
    "{90120000-001F-0403-0000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007
    "{90120000-001F-042D-0000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2007
    "{90120000-001F-0456-0000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
    "{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
    "{90120000-0021-0409-0000-0000000FF1CE}_VisualWebDeveloper_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
    "{90120000-002C-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing (Spanish) 2007
    "{90120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007
    "{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
    "{90120000-0054-0C0A-0000-0000000FF1CE}" = Microsoft Office Visio MUI (Spanish) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-006E-0C0A-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Spanish) 2007
    "{90120000-00B4-0C0A-0000-0000000FF1CE}" = Microsoft Office Project MUI (Spanish) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-00D1-0409-0000-0000000FF1CE}" = Microsoft Access database engine 2010 (English)
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{939C80FA-96C9-44A6-B318-8E7D8BD8481B}" = Messenger Companion
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
    "{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}" = Windows Mobile 5.0 SDK R2 for Smartphone
    "{97492AA4-2743-4C0A-8701-593652B73E43}" = Microsoft Dynamics Sure Step 2012 Language Pack (Spanish)
    "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.3
    "{9BAAE963-E16D-4E17-AFE6-1965F5AA0292}" = Visual FoxPro 9.0 Professional - English
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
    "{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
    "{A589DA26-51BD-475D-8C32-E19E34145842}" = Camtasia Studio 6
    "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A95A76C9-6F65-477E-83A0-9F884B6DC21B}" = TuneUp Utilities Language Pack (en-US)
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008
    "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
    "{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris
    "{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k
    "{C51059C0-E4D6-C24C-6C72-0FF78122D56E}" = Prezi Desktop
    "{C7BB113C-4564-4DA2-8E34-451CDA9DD5AD}" = Microsoft Dynamics Sure Step 2012 Language Pack (English)
    "{C9BEFDFB-A2DD-4D88-881C-3B303CCE384E}" = ActiveState Komodo Edit 7.0.2
    "{CACEA8C8-3D38-4F51-953D-1E6FC3346FEF}" = SQL Server 2008 R2 Common Files
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
    "{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
    "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
    "{D21BC5B2-CBAC-48FA-A701-B5A63C1CA7B8}" = Microsoft SQL Server 2008 R2 Policies
    "{D441BD04-E548-4F8E-97A4-1B66135BAAA8}" = Microsoft SQL Server 2008 Setup Support Files
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{D7DAD1E4-45F4-3B2B-899A-EA728167EC4F}" = Microsoft Visual Studio 2008 Professional Edition - ENU
    "{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
    "{DDFD8348-058C-4F4B-85E5-6D740D4AB3FE}" = Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU
    "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
    "{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
    "{E7F6A244-D989-4FBA-B388-77A50BFDADDA}" =
    "{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
    "{E966F0CC-76B3-11D3-945B-00C04FB1760A}" = BDE_ENT
    "{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
    "{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
    "{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
    "{F84906ED-BB54-4889-B131-FED9C9056FC8}" = Intel(R) Wireless Display
    "{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
    "{FC835376-FF3B-4CAA-83E0-2148B3FB7C98}" = SQL Server 2008 R2 Common Files
    "{FE384752-58AE-42F0-AB9F-2CD4141FF7B5}_is1" = RadPHP XE2
    "{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Advanced Audio FX Engine" = Advanced Audio FX Engine
    "CloneCD" = CloneCD
    "CodeSite Express 4.6.1" = CodeSite Express 4.6.1
    "CollabNet Subversion Client" = CollabNet Subversion Client 1.6.12
    "com.prezi.PreziDesktop" = Prezi Desktop
    "DAEMON Tools Lite" = DAEMON Tools Lite
    "Dell Webcam Central" = Dell Webcam Central
    "Embarcadero Delphi and C++Builder XE2 Help System" = Embarcadero Delphi and C++Builder XE2 Help System
    "Embarcadero RAD Studio XE2" = Embarcadero RAD Studio XE2
    "Foxit Reader_is1" = Foxit Reader 5.1
    "GOM Player" = GOM Player
    "Image Express Utility Lite" = Image Express Utility Lite
    "LMD-Tools Special Edition (CBuilder 6)" = LMD-Tools Special Edition (CBuilder 6)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
    "Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
    "Microsoft Report Viewer Redistributable 2008 (KB971119)" = Microsoft Report Viewer Redistributable 2008 SP1
    "Microsoft SQL Server 10" = Microsoft SQL Server 2008 R2
    "Microsoft SQL Server 2008 R2" = Microsoft SQL Server 2008 R2
    "Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
    "Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
    "Microsoft Visual Studio 2008 Professional Edition - ENU" = Microsoft Visual Studio 2008 Professional Edition - ENU
    "MSDN Library for Visual Studio 2008 - ENU" = MSDN Library for Visual Studio 2008 - ENU
    "Notepad++" = Notepad++
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "Office14.PROPLUS" = Microsoft Office Professional Plus 2010
    "PremiumSoft Navicat Premium_is1" = PremiumSoft Navicat Premium 10.0
    "PRJPRO" = Microsoft Office Project Professional 2007
    "Pro VCL Extensions Library 1.85_is1" = Pro VCL Extensions Library 1.85
    "psqlODBC 09.00.0310-1" = psqlODBC 09.00.0310
    "Rage_is1" = Rage
    "Runic Games Torchlight" = Torchlight
    "Saints Row The Third_is1" = Saints Row The Third
    "SMPlayer" = SMPlayer 0.6.9
    "StarCraft II" = StarCraft II
    "TeamViewer 7" = TeamViewer 7
    "TMPGEnc Video Mastering Works" = TMPGEnc Video Mastering Works
    "TuneUp Utilities 2012" = TuneUp Utilities 2012
    "uTorrent" = µTorrent
    "VirtualCloneDrive" = VirtualCloneDrive
    "VISPRO" = Microsoft Office Visio Professional 2007
    "Visual FoxPro 9.0 Professional - English" = Microsoft Visual FoxPro 9.0 Professional - English
    "Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
    "VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
    "VMware_Workstation" = VMware Workstation
    "WinLiveSuite" = Windows Live Essentials

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-657104428-2278183389-2821783934-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Google Chrome" = Google Chrome

    ========== Last 20 Event Log Errors ==========

    [ Application Events ]
    Error - 23/06/2012 07:51:44 p.m. | Computer Name = PC | Source = System Restore | ID = 8193
    Description =

    Error - 23/06/2012 07:51:45 p.m. | Computer Name = PC | Source = System Restore | ID = 8193
    Description =

    Error - 23/06/2012 07:51:46 p.m. | Computer Name = PC | Source = System Restore | ID = 8193
    Description =

    Error - 23/06/2012 07:51:47 p.m. | Computer Name = PC | Source = System Restore | ID = 8193
    Description =

    Error - 23/06/2012 07:51:48 p.m. | Computer Name = PC | Source = System Restore | ID = 8193
    Description =

    Error - 23/06/2012 07:51:49 p.m. | Computer Name = PC | Source = System Restore | ID = 8193
    Description =

    Error - 23/06/2012 07:51:50 p.m. | Computer Name = PC | Source = System Restore | ID = 8193
    Description =

    Error - 23/06/2012 07:51:50 p.m. | Computer Name = PC | Source = System Restore | ID = 8193
    Description =

    Error - 23/06/2012 07:51:51 p.m. | Computer Name = PC | Source = System Restore | ID = 8193
    Description =

    Error - 01/07/2012 12:57:13 p.m. | Computer Name = PC | Source = System Restore | ID = 8193
    Description =

    Error - 02/07/2012 07:32:26 a.m. | Computer Name = PC | Source = Application Error | ID = 1000
    Description = Nombre de la aplicación con errores: Explorer.EXE, versión: 6.1.7601.17567,
    marca de tiempo: 0x4d672ee4 Nombre del módulo con errores: FACredProv2.dll, versión:
    3.0.85.1, marca de tiempo: 0x4ccfa00d Código de excepción: 0xc0000005 Desplazamiento
    de errores: 0x00000000000025b2 Id. del proceso con errores: 0xdcc Hora de inicio
    de la aplicación con errores: 0x01cd51a00163b1b1 Ruta de acceso de la aplicación
    con errores: C:\Windows\Explorer.EXE Ruta de acceso del módulo con errores: C:\Windows\system32\FACredProv2.dll
    Id.
    del informe: 98976ec8-c439-11e1-afac-bc77373509cf

    Error - 03/07/2012 09:35:16 p.m. | Computer Name = PC | Source = System Restore | ID = 8193
    Description =

    [ Red Gate Software Events ]
    Error - 10/07/2012 04:08:59 a.m. | Computer Name = PC | Source = SQL Prompt 4 | ID = 0
    Description = 2012-07-10 03:08:59,959 [14] ERROR RedGate.SqlPrompt.Engine.LogService
    [(null)] - LogService caught unhandled exception in AppDomain: 'Thread was being
    aborted.' System.Threading.ThreadAbortException: Thread was being aborted. at
    Microsoft.VisualStudio.Package.LanguageService.ParseThread() at System.Threading.ThreadHelper.ThreadStart_Context(Object
    state) at System.Threading.ExecutionContext.Run(ExecutionContext executionContext,
    ContextCallback callback, Object state) at System.Threading.ThreadHelper.ThreadStart()

    Error - 10/07/2012 04:40:43 a.m. | Computer Name = PC | Source = SQL Prompt 4 | ID = 0
    Description = 2012-07-10 03:40:43,325 [11] ERROR RedGate.SqlPrompt.Engine.LogService
    [(null)] - LogService caught unhandled exception in AppDomain: 'Subproceso anulado.'
    System.Threading.ThreadAbortException:
    Subproceso anulado. en RedGate.SQLPrompt.CommonUI.TaskExecuter.Executer.a()
    en System.Threading.ThreadHelper.ThreadStart_Context(Object state) en System.Threading.ExecutionContext.Run(ExecutionContext
    executionContext, ContextCallback callback, Object state) en System.Threading.ThreadHelper.ThreadStart()

    Error - 10/07/2012 04:46:37 a.m. | Computer Name = PC | Source = SQL Prompt 4 | ID = 0
    Description = 2012-07-10 03:46:37,508 [6] ERROR RedGate.SqlPrompt.Engine.LogService
    [(null)] - LogService caught unhandled exception in AppDomain: 'Thread was being
    aborted.' System.Threading.ThreadAbortException: Thread was being aborted. at
    Microsoft.VisualStudio.Package.LanguageService.ParseThread() at System.Threading.ThreadHelper.ThreadStart_Context(Object
    state) at System.Threading.ExecutionContext.Run(ExecutionContext executionContext,
    ContextCallback callback, Object state) at System.Threading.ThreadHelper.ThreadStart()

    Error - 10/07/2012 04:48:02 a.m. | Computer Name = PC | Source = SQL Prompt 4 | ID = 0
    Description = 2012-07-10 03:48:02,476 [11] ERROR RedGate.SqlPrompt.Engine.LogService
    [(null)] - LogService caught unhandled exception in AppDomain: 'Subproceso anulado.'
    System.Threading.ThreadAbortException:
    Subproceso anulado. en RedGate.SQLPrompt.CommonUI.TaskExecuter.Executer.a()
    en System.Threading.ThreadHelper.ThreadStart_Context(Object state) en System.Threading.ExecutionContext.Run(ExecutionContext
    executionContext, ContextCallback callback, Object state) en System.Threading.ThreadHelper.ThreadStart()

    Error - 10/07/2012 04:49:22 a.m. | Computer Name = PC | Source = SQL Prompt 4 | ID = 0
    Description = 2012-07-10 03:49:22,973 [11] ERROR RedGate.SqlPrompt.Engine.LogService
    [(null)] - LogService caught unhandled exception in AppDomain: 'Subproceso anulado.'
    System.Threading.ThreadAbortException:
    Subproceso anulado. en RedGate.SQLPrompt.CommonUI.TaskExecuter.Executer.a()
    en System.Threading.ThreadHelper.ThreadStart_Context(Object state) en System.Threading.ExecutionContext.Run(ExecutionContext
    executionContext, ContextCallback callback, Object state) en System.Threading.ThreadHelper.ThreadStart()

    Error - 10/07/2012 05:01:03 a.m. | Computer Name = PC | Source = SQL Prompt 4 | ID = 0
    Description = 2012-07-10 04:01:03,416 [11] ERROR RedGate.SqlPrompt.Engine.LogService
    [(null)] - LogService caught unhandled exception in AppDomain: 'Subproceso anulado.'
    System.Threading.ThreadAbortException:
    Subproceso anulado. en RedGate.SQLPrompt.CommonUI.TaskExecuter.Executer.a()
    en System.Threading.ThreadHelper.ThreadStart_Context(Object state) en System.Threading.ExecutionContext.Run(ExecutionContext
    executionContext, ContextCallback callback, Object state) en System.Threading.ThreadHelper.ThreadStart()

    Error - 10/07/2012 05:13:46 a.m. | Computer Name = PC | Source = SQL Prompt 4 | ID = 0
    Description = 2012-07-10 04:13:46,361 [11] ERROR RedGate.SqlPrompt.Engine.LogService
    [(null)] - LogService caught unhandled exception in AppDomain: 'Subproceso anulado.'
    System.Threading.ThreadAbortException:
    Subproceso anulado. en RedGate.SQLPrompt.CommonUI.TaskExecuter.Executer.a()
    en System.Threading.ThreadHelper.ThreadStart_Context(Object state) en System.Threading.ExecutionContext.Run(ExecutionContext
    executionContext, ContextCallback callback, Object state) en System.Threading.ThreadHelper.ThreadStart()

    Error - 10/07/2012 08:36:58 a.m. | Computer Name = PC | Source = SQL Prompt 4 | ID = 0
    Description = 2012-07-10 07:36:58,933 [11] ERROR RedGate.SqlPrompt.Engine.LogService
    [(null)] - LogService caught unhandled exception in AppDomain: 'Subproceso anulado.'
    System.Threading.ThreadAbortException:
    Subproceso anulado. en RedGate.SQLPrompt.CommonUI.TaskExecuter.Executer.a()
    en System.Threading.ThreadHelper.ThreadStart_Context(Object state) en System.Threading.ExecutionContext.Run(ExecutionContext
    executionContext, ContextCallback callback, Object state) en System.Threading.ThreadHelper.ThreadStart()

    Error - 12/07/2012 08:05:10 a.m. | Computer Name = PC | Source = SQL Prompt 4 | ID = 0
    Description = 2012-07-12 07:05:10,386 [11] ERROR RedGate.SqlPrompt.Engine.LogService
    [(null)] - LogService caught unhandled exception in AppDomain: 'Subproceso anulado.'
    System.Threading.ThreadAbortException:
    Subproceso anulado. en RedGate.SQLPrompt.CommonUI.TaskExecuter.Executer.a()
    en System.Threading.ThreadHelper.ThreadStart_Context(Object state) en System.Threading.ExecutionContext.Run(ExecutionContext
    executionContext, ContextCallback callback, Object state) en System.Threading.ThreadHelper.ThreadStart()

    Error - 20/07/2012 04:41:58 a.m. | Computer Name = PC | Source = SQL Prompt 4 | ID = 0
    Description = 2012-07-20 03:41:58,913 [11] ERROR RedGate.SqlPrompt.Engine.LogService
    [(null)] - LogService caught unhandled exception in AppDomain: 'Subproceso anulado.'
    System.Threading.ThreadAbortException:
    Subproceso anulado. en RedGate.SQLPrompt.CommonUI.TaskExecuter.Executer.a()
    en System.Threading.ThreadHelper.ThreadStart_Context(Object state) en System.Threading.ExecutionContext.Run(ExecutionContext
    executionContext, ContextCallback callback, Object state) en System.Threading.ThreadHelper.ThreadStart()

    [ System Events ]
    Error - 21/03/2012 10:33:30 a.m. | Computer Name = PC | Source = Disk | ID = 262155
    Description = El controlador detectó un error de controladora en \Device\Harddisk1\DR12.

    Error - 21/03/2012 10:35:27 a.m. | Computer Name = PC | Source = Disk | ID = 262155
    Description = El controlador detectó un error de controladora en \Device\Harddisk1\DR13.

    Error - 21/03/2012 10:35:28 a.m. | Computer Name = PC | Source = Disk | ID = 262155
    Description = El controlador detectó un error de controladora en \Device\Harddisk1\DR13.

    Error - 21/03/2012 10:35:29 a.m. | Computer Name = PC | Source = Disk | ID = 262155
    Description = El controlador detectó un error de controladora en \Device\Harddisk1\DR13.

    Error - 21/03/2012 09:21:31 p.m. | Computer Name = PC | Source = EventLog | ID = 6008
    Description = El cierre anterior del sistema a las 07:18:35 p.m. del ?21/?03/?2012
    resultó inesperado.

    Error - 22/03/2012 09:11:33 a.m. | Computer Name = PC | Source = Tcpip | ID = 4199
    Description = El sistema ha detectado un conflicto por la dirección IP 192.168.1.109.
    La dirección de hardware de red es 70-CA-9B-6A-EA-46, las operaciones de red en
    este sistema pueden verse afectadas por este problema.

    Error - 22/03/2012 11:06:34 p.m. | Computer Name = PC | Source = Service Control Manager | ID = 7011
    Description = Se agotó el tiempo de espera (30000 ms) para la respuesta de transacción
    del servicio lmhosts.

    Error - 23/03/2012 12:29:15 a.m. | Computer Name = PC | Source = JMCR | ID = 262148
    Description = El controlador detectó un error interno en la estructura de datos
    de \Device\Scsi\JMCR1.

    Error - 23/03/2012 12:29:15 a.m. | Computer Name = PC | Source = JMCR | ID = 262148
    Description = El controlador detectó un error interno en la estructura de datos
    de \Device\Scsi\JMCR2.

    Error - 23/03/2012 12:29:15 a.m. | Computer Name = PC | Source = JMCR | ID = 262148
    Description = El controlador detectó un error interno en la estructura de datos
    de \Device\Scsi\JMCR3.


    < End of report >
     
  19. FERAC

    FERAC TS Rookie Topic Starter Posts: 21

    just did a little donation thanks a lot
     
  20. Broni

    Broni Malware Annihilator Posts: 52,905   +344

    Thank you :)

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O4 - HKU\S-1-5-21-657104428-2278183389-2821783934-1006..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
      O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 File not found
      O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 File not found
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 File not found
      [2012/07/29 22:37:50 | 000,000,000 | ---D | C] -- C:\FRST
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ==========================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please, run F-Secure Online Scanner

    • Disable your Antivirus program.
    • Checkmark I have read and accepted the license terms.
    • Click on Run Check button.
    • Quick scan (recommended) option will come pre-checked. Don't change it.
    • Click on Start button.
    • When scan is done, in Step 3: Clean the files, leave all settings as they're.
    • Click Next button.
    • Click Full report... button.
    • Copy report's content and paste it into your next reply.
     
  21. FERAC

    FERAC TS Rookie Topic Starter Posts: 21

    No problems anymore
    Thanks a lot

    OTL

    All processes killed
    ========== OTL ==========
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
    Registry value HKEY_USERS\S-1-5-21-657104428-2278183389-2821783934-1006\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
    64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ deleted successfully.
    64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\ deleted successfully.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ not found.
    C:\FRST\Quarantine\{dda59d07-63fd-4192-f593-a6e3c17885d9}\U folder moved successfully.
    C:\FRST\Quarantine\{dda59d07-63fd-4192-f593-a6e3c17885d9}\L folder moved successfully.
    C:\FRST\Quarantine\{dda59d07-63fd-4192-f593-a6e3c17885d9} folder moved successfully.
    Folder move failed. C:\FRST\Quarantine scheduled to be moved on reboot.
    C:\FRST\Logs folder moved successfully.
    C:\FRST\Hives folder moved successfully.
    C:\FRST folder moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 56466 bytes

    User: Default User

    User: FAC
    ->Temp folder emptied: 25605226 bytes
    ->Temporary Internet Files folder emptied: 221919037 bytes
    ->Java cache emptied: 512660 bytes
    ->Google Chrome cache emptied: 259173522 bytes
    ->Flash cache emptied: 14926275 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 401408 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 11218 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50539 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 498.00 mb


    [EMPTYJAVA]

    User: All Users

    User: Default

    User: Default User

    User: FAC
    ->Java cache emptied: 0 bytes

    User: Public

    User: UpdatusUser

    Total Java Files Cleaned = 0.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User

    User: FAC
    ->Flash cache emptied: 0 bytes

    User: Public

    User: UpdatusUser

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.55.0 log created on 07302012_231830

    Files\Folders moved on Reboot...
    File\Folder C:\FRST\Quarantine not found!
    C:\Users\FAC\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    File move failed. C:\Windows\temp\vmware-SYSTEM\vmauthd.log scheduled to be moved on reboot.
    C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-3676.log moved successfully.

    PendingFileRenameOperations files...
    File C:\FRST\Quarantine not found!
    File C:\Users\FAC\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
    [2012/07/30 23:20:34 | 000,002,015 | ---- | M] () C:\Windows\temp\vmware-SYSTEM\vmauthd.log : Unable to obtain MD5
    File C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-3676.log not found!

    Registry entries deleted on Reboot...
     
  22. FERAC

    FERAC TS Rookie Topic Starter Posts: 21

    FSS
    Results of screen317's Security Check version 0.99.43
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    ESET NOD32 Antivirus 5.0
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.62.0.1300
    TuneUp Utilities 2012
    TuneUp Utilities Language Pack (en-US)
    Java(TM) 6 Update 31
    Java version out of Date!
    Google Chrome 20.0.1132.47
    Google Chrome 20.0.1132.57
    ````````Process Check: objlist.exe by Laurent````````
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 1%
    ````````````````````End of Log``````````````````````
     
  23. FERAC

    FERAC TS Rookie Topic Starter Posts: 21

    Thanks a lot!

    TFC did restart the PC

    Scanning Report

    Wednesday, August 1, 2012 23:48:35 - 23:51:27

    Computer name: PC
    Scanning type: Quick scan
    Target: System


    No malware found


    Statistics

    Scanned:
    • Files: 6266
    • System: 6266
    • Not scanned: 0
    Actions:
    • Disinfected: 0
    • Renamed: 0
    • Deleted: 0
    • Not cleaned: 0
    • Submitted: 0
     
  24. Broni

    Broni Malware Annihilator Posts: 52,905   +344

    I still need FSS log.
     
  25. FERAC

    FERAC TS Rookie Topic Starter Posts: 21

    Results of screen317's Security Check version 0.99.43
    Windows 7 Service Pack 1 x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````Antivirus/Firewall Check:``````````````
    ESET NOD32 Antivirus 5.0
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.62.0.1300
    TuneUp Utilities 2012
    TuneUp Utilities Language Pack (en-US)
    Java(TM) 6 Update 31
    Java version out of Date!
    Google Chrome 20.0.1132.47
    Google Chrome 20.0.1132.57
    ````````Process Check: objlist.exe by Laurent````````
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 1%
    ````````````````````End of Log``````````````````````
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...