Solved Recycler virus from USB key, Need help!

R

Rick Anselmo

Posts: 16   +0
Hello. New to the forum and I need a lot of help:
I got a nasty virus from an USB key, Avira didn't detect it. There was a folder named recycler. And when I tried to update it and clean it, avira wasn't able to connect. Now firefox won't load any AV webage. Somehow malwarebytes was able to update and ran an scan to no avail.
Thanks in advance for your help.

VRA

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.08.19.06

Windows Vista x86 NTFS
Internet Explorer 7.0.6000.16385
Victor :: VICTOR1 [administrator]

20/08/2013 12:26:07 a.m.
mbam-log-2013-08-20 (00-26-07).txt

Scan type: Full scan (C:\|D:\|G:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 455550
Time elapsed: 1 hour(s), 14 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0J1O1KtGtAtH1Q1M1O2V2V -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 4
C:\Users\Victor\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{ED7702F7-093C-4968-8B84-3CF5D1A3F23D} (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}\Cache (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.

Files Detected: 9
C:\ProgramData\Tarma Installer\{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}\Setup.exe (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\Users\Victor\AppData\Local\Temp\is1590112554\dealply.exe (PUP.Optional.Dealply) -> Quarantined and deleted successfully.
C:\Users\Victor\AppData\Local\Temp\is1590112554\MyBabylonTB.exe (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Users\Victor\Desktop\progrmas\DTLite4461-0327.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\Victor\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}\Setup.dat (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}\Setup.ico (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}\_Setup.dll (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.
C:\ProgramData\Tarma Installer\{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}\_Setupx.dll (PUP.Optional.Tarma.A) -> Quarantined and deleted successfully.

(end)

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 7.0.6000.16385
Run by Victor at 2:51:09 on 2013-08-20
Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.52.3082.18.2046.1122 [GMT -5:00]
.
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Real\RealPlayer\Update\realsched.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Victor\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Victor\Desktop\HijackThis.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
.
============== Pseudo HJT Report ===============
.
BHO: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Windows Live Aplicación auxiliar de inicio de sesión: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Vidalia] "c:\program files\vidalia bundle\vidalia\vidalia.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"
mRun: [Adobe_ID0EYTHM] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
StartupFolder: c:\users\victor\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\victor\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\victor\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: NoAutorun = dword:1
mPolicies-System: EnableLUA = dword:0
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xportar a Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{EB82908C-C841-4EA8-873D-E882C8D08479} : DHCPNameServer = 192.168.1.254
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\victor\appdata\roaming\mozilla\firefox\profiles\ch5stkuo.default\
FF - prefs.js: browser.startup.homepage - hxxp://ffffound.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?q=
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\programdata\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordlegacyext.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\users\victor\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
.
---- FIREFOX POLICIES ----
.
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110819&tt=100512_4_
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - ca656b14000000000000001a9238357b
FF - user.js: extensions.BabylonToolbar_i.hardId - ca656b14000000000000001a9238357b
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15471
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1719:46:08
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
.
============= SERVICES / DRIVERS ===============
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-12-31 242240]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2011-8-3 379496]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-8-20 40776]
S0 OemBiosDevice;Royalty OEM Bios Extension;c:\windows\system32\drivers\royal.sys [2011-5-2 240128]
.
=============== File Associations ===============
.
ShellExec: dreamweaver.exe: Open="c:\program files\adobe\adobe dreamweaver cs3\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2013-08-20 07:38:24 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-08-20 05:25:16 -------- d-----w- c:\users\victor\appdata\roaming\Malwarebytes
2013-08-20 05:25:07 -------- d-----w- c:\programdata\Malwarebytes
2013-08-20 05:25:06 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-08-20 05:25:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-08-20 04:55:57 -------- d-----w- c:\program files\Dropbox
.
==================== Find3M ====================
.
1999-07-14 08:00:00 327168 ----a-w- c:\program files\vdsrun30.dll
.
============= FINISH: 2:51:24.92 ===============
 
Welcome aboard

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=====================================

redtarget.gif
I still need Attach.txt log from DDS.

redtarget.gif
Download RogueKiller for 32bit or Roguekiller for 64bit to your Desktop.
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

redtarget.gif
Create new restore point before proceeding with the next step....
How to:
- Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

Download Malwarebytes Anti-Rootkit (MBAR) from HERE
  • Unzip downloaded file.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt
 
Thanks for the welcoming words and the swift reply:



1. The attach.txt is pasted below. Some parts are in spanish. I'm currently living in mexico and the pc was built here.



2. The RKreport is also pasted in the post. There was no need to rename it, it ran nicely.



3. Restore point created.



4. I cannot download MBAR, because I cannot access any Anti virus web page. All other pages load fine, except AV ones (Avira, Norton, Kapersky, MWB....)



Logs follow:



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Ultimate
Boot Device: \Device\HarddiskVolume2
Install Date: 01/01/2007 01:37:22 a.m.
System Uptime: 20/08/2013 07:43:14 p.m. (1 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | M2N-E SLI
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 4800+ | Socket AM2 | 2512/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 146 GiB total, 14.249 GiB free.
D: is FIXED (NTFS) - 152 GiB total, 6.99 GiB free.
E: is CDROM ()
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP432: 20/08/2013 02:02:19 p.m. - Punto de control programado
RP433: 20/08/2013 08:05:11 p.m. - Antes de la limpieza del virus
.
==== Installed Programs ======================
.
3D??????
7-Zip 9.20
ABBYY FineReader 5.0 Sprint
Actualización de NVIDIA 1.4.28
Add or Remove Adobe Creative Suite 3 Master Collection
Adobe Acrobat 8 Professional
Adobe Acrobat 8.1.6 - CPSID_49167
Adobe Acrobat 8.1.6 Professional
Adobe After Effects CS3
Adobe After Effects CS3 Presets
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Contribute CS3
Adobe Creative Suite 3 Master Collection
Adobe Default Language CS3
Adobe Device Central CS3
Adobe Dreamweaver CS3
Adobe Encore CS3
Adobe Encore CS3 Codecs
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Fireworks CS3
Adobe Flash CS3
Adobe Flash Player 11 Plugin
Adobe Flash Player 9 ActiveX
Adobe Flash Video Encoder
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Photoshop Lightroom 4
Adobe Premiere Pro CS3
Adobe Premiere Pro CS3 Functional Content
Adobe Premiere Pro CS3 Third Party Content
Adobe Reader 9 - Español
Adobe Setup
Adobe SING CS3
Adobe Soundbooth CS3
Adobe Soundbooth CS3 Codecs
Adobe Stock Photos CS3
Adobe Streamline 4.0
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Version Cue CS3 Server {ko_KR}
Adobe Video Profiles
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
AHV content for Acrobat and Flash
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Batman Arkham City version 1.0
Batman: Arkham Asylum Game of the Year Edition
Bonjour
CCleaner
Corel Graphics - Windows Shell Extension
CorelDRAW Graphics Suite X5
CorelDRAW Graphics Suite X5 - Capture
CorelDRAW Graphics Suite X5 - Common
CorelDRAW Graphics Suite X5 - Connect
CorelDRAW Graphics Suite X5 - Custom Data
CorelDRAW Graphics Suite X5 - Draw
CorelDRAW Graphics Suite X5 - ES
CorelDRAW Graphics Suite X5 - Filters
CorelDRAW Graphics Suite X5 - FontNav
CorelDRAW Graphics Suite X5 - IPM
CorelDRAW Graphics Suite X5 - PHOTO-PAINT
CorelDRAW Graphics Suite X5 - Photozoom Plugin
CorelDRAW Graphics Suite X5 - Redist
CorelDRAW Graphics Suite X5 - Setup Files
CorelDRAW Graphics Suite X5 - VBA
CorelDRAW Graphics Suite X5 - VideoBrowser
CorelDRAW Graphics Suite X5 - VSTA
CorelDRAW Graphics Suite X5 - WT
CorelDRAW(R) Graphics Suite X5
DAEMON Tools Lite
Driver San Francisco
Dropbox
Dual-Core Optimizer
EPSON Copy Utility 3
EPSON Scan
EPSON Smart Panel
Herramienta de carga de Windows Live
HF pAppLoc version 1.0
ILLUSION ????!
ILLUSION ?????
iTunes
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office Access MUI (Spanish) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (Spanish) 2007
Microsoft Office Groove MUI (Spanish) 2007
Microsoft Office InfoPath MUI (Spanish) 2007
Microsoft Office OneNote MUI (Spanish) 2007
Microsoft Office Outlook MUI (Spanish) 2007
Microsoft Office PowerPoint MUI (Spanish) 2007
Microsoft Office Proof (Basque) 2007
Microsoft Office Proof (Catalan) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Galician) 2007
Microsoft Office Proof (Portuguese (Brazil)) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (Spanish) 2007
Microsoft Office Publisher MUI (Spanish) 2007
Microsoft Office Shared MUI (Spanish) 2007
Microsoft Office Word MUI (Spanish) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Windows Application Compatibility Database
Microsoft Windows Media Video 9 VCM
Mozilla Firefox 13.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
Nero 8 Lite 8.3.2.1
NVIDIA 3D Vision Controller Driver
NVIDIA Controlador de 3D Vision 280.26
NVIDIA Controlador de audio HD 1.2.23.3
NVIDIA Controlador de gráficos 280.26
NVIDIA Controlador de la controladora 3D Vision 280.19
NVIDIA Drivers
NVIDIA Install Application
NVIDIA PhysX
NVIDIA Software del sistema PhysX 9.10.0514
NVIDIA Stereoscopic 3D Driver
NVIDIA Update Components
Panel de control de NVIDIA 280.26
PDF Settings
piaip AppLocale
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Unity Web Player
VC80CRTRedist - 8.0.50727.6195
Visual Basic for Applications (R) Core
Visual Basic for Applications (R) Core - English
Visual Basic for Applications (R) Core - Spanish
VLC media player 1.1.11
Windows Live Asistente para el inicio de sesión
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
20/08/2013 12:04:33 a.m., Error: volsnap [36] - Se anularon las instantáneas del volumen C: porque el almacenamiento de instantáneas no pudo crecer debido a un límite impuesto por el usuario.
20/08/2013 07:43:14 p.m., Error: ACPI [6] - IRQARB: la BIOS ACPI no contiene una IRQ para el dispositivo en la ranura PCI 14, función 0. Póngase en contacto con su proveedor de sistema para recibir asistencia técnica.
20/08/2013 07:43:14 p.m., Error: ACPI [6] - IRQARB: la BIOS ACPI no contiene una IRQ para el dispositivo en la ranura PCI 13, función 0. Póngase en contacto con su proveedor de sistema para recibir asistencia técnica.
20/08/2013 07:43:14 p.m., Error: ACPI [6] - IRQARB: la BIOS ACPI no contiene una IRQ para el dispositivo en la ranura PCI 12, función 0. Póngase en contacto con su proveedor de sistema para recibir asistencia técnica.
20/08/2013 07:43:14 p.m., Error: ACPI [6] - IRQARB: la BIOS ACPI no contiene una IRQ para el dispositivo en la ranura PCI 11, función 0. Póngase en contacto con su proveedor de sistema para recibir asistencia técnica.
20/08/2013 02:37:04 a.m., Error: ACPI [6] - IRQARB: la BIOS ACPI no contiene una IRQ para el dispositivo en la ranura PCI 14, función 0. Póngase en contacto con su proveedor de sistema para recibir asistencia técnica.
20/08/2013 02:37:04 a.m., Error: ACPI [6] - IRQARB: la BIOS ACPI no contiene una IRQ para el dispositivo en la ranura PCI 13, función 0. Póngase en contacto con su proveedor de sistema para recibir asistencia técnica.
20/08/2013 02:37:04 a.m., Error: ACPI [6] - IRQARB: la BIOS ACPI no contiene una IRQ para el dispositivo en la ranura PCI 12, función 0. Póngase en contacto con su proveedor de sistema para recibir asistencia técnica.
20/08/2013 02:37:04 a.m., Error: ACPI [6] - IRQARB: la BIOS ACPI no contiene una IRQ para el dispositivo en la ranura PCI 11, función 0. Póngase en contacto con su proveedor de sistema para recibir asistencia técnica.
20/08/2013 01:44:52 a.m., Error: ACPI [6] - IRQARB: la BIOS ACPI no contiene una IRQ para el dispositivo en la ranura PCI 14, función 0. Póngase en contacto con su proveedor de sistema para recibir asistencia técnica.
20/08/2013 01:44:52 a.m., Error: ACPI [6] - IRQARB: la BIOS ACPI no contiene una IRQ para el dispositivo en la ranura PCI 13, función 0. Póngase en contacto con su proveedor de sistema para recibir asistencia técnica.
20/08/2013 01:44:52 a.m., Error: ACPI [6] - IRQARB: la BIOS ACPI no contiene una IRQ para el dispositivo en la ranura PCI 12, función 0. Póngase en contacto con su proveedor de sistema para recibir asistencia técnica.
20/08/2013 01:44:52 a.m., Error: ACPI [6] - IRQARB: la BIOS ACPI no contiene una IRQ para el dispositivo en la ranura PCI 11, función 0. Póngase en contacto con su proveedor de sistema para recibir asistencia técnica.
19/08/2013 12:01:05 p.m., Error: Service Control Manager [7026] - El siguiente controlador de inicio del sistema o de inicio del arranque no se cargó correctamente: i8042prt
19/08/2013 11:58:18 p.m., Error: ACPI [6] - IRQARB: la BIOS ACPI no contiene una IRQ para el dispositivo en la ranura PCI 14, función 0. Póngase en contacto con su proveedor de sistema para recibir asistencia técnica.
19/08/2013 11:58:18 p.m., Error: ACPI [6] - IRQARB: la BIOS ACPI no contiene una IRQ para el dispositivo en la ranura PCI 13, función 0. Póngase en contacto con su proveedor de sistema para recibir asistencia técnica.
19/08/2013 11:58:18 p.m., Error: ACPI [6] - IRQARB: la BIOS ACPI no contiene una IRQ para el dispositivo en la ranura PCI 12, función 0. Póngase en contacto con su proveedor de sistema para recibir asistencia técnica.
19/08/2013 11:58:18 p.m., Error: ACPI [6] - IRQARB: la BIOS ACPI no contiene una IRQ para el dispositivo en la ranura PCI 11, función 0. Póngase en contacto con su proveedor de sistema para recibir asistencia técnica.
19/08/2013 11:56:37 p.m., Error: ACPI [6] - IRQARB: la BIOS ACPI no contiene una IRQ para el dispositivo en la ranura PCI 14, función 0. Póngase en contacto con su proveedor de sistema para recibir asistencia técnica.
19/08/2013 11:56:37 p.m., Error: ACPI [6] - IRQARB: la BIOS ACPI no contiene una IRQ para el dispositivo en la ranura PCI 13, función 0. Póngase en contacto con su proveedor de sistema para recibir asistencia técnica.
19/08/2013 11:56:37 p.m., Error: ACPI [6] - IRQARB: la BIOS ACPI no contiene una IRQ para el dispositivo en la ranura PCI 12, función 0. Póngase en contacto con su proveedor de sistema para recibir asistencia técnica.
19/08/2013 11:56:37 p.m., Error: ACPI [6] - IRQARB: la BIOS ACPI no contiene una IRQ para el dispositivo en la ranura PCI 11, función 0. Póngase en contacto con su proveedor de sistema para recibir asistencia técnica.
19/08/2013 10:04:32 p.m., Error: Service Control Manager [7026] - El siguiente controlador de inicio del sistema o de inicio del arranque no se cargó correctamente: i8042prt
19/08/2013 10:02:29 p.m., Error: ACPI [6] - IRQARB: la BIOS ACPI no contiene una IRQ para el dispositivo en la ranura PCI 14, función 0. Póngase en contacto con su proveedor de sistema para recibir asistencia técnica.
19/08/2013 10:02:29 p.m., Error: ACPI [6] - IRQARB: la BIOS ACPI no contiene una IRQ para el dispositivo en la ranura PCI 13, función 0. Póngase en contacto con su proveedor de sistema para recibir asistencia técnica.
19/08/2013 10:02:29 p.m., Error: ACPI [6] - IRQARB: la BIOS ACPI no contiene una IRQ para el dispositivo en la ranura PCI 12, función 0. Póngase en contacto con su proveedor de sistema para recibir asistencia técnica.
19/08/2013 10:02:29 p.m., Error: ACPI [6] - IRQARB: la BIOS ACPI no contiene una IRQ para el dispositivo en la ranura PCI 11, función 0. Póngase en contacto con su proveedor de sistema para recibir asistencia técnica.
19/08/2013 08:40:31 a.m., Error: Service Control Manager [7026] - El siguiente controlador de inicio del sistema o de inicio del arranque no se cargó correctamente: i8042prt
19/08/2013 08:38:30 a.m., Error: ACPI [6] - IRQARB: la BIOS ACPI no contiene una IRQ para el dispositivo en la ranura PCI 14, función 0. Póngase en contacto con su proveedor de sistema para recibir asistencia técnica.
19/08/2013 08:38:30 a.m., Error: ACPI [6] - IRQARB: la BIOS ACPI no contiene una IRQ para el dispositivo en la ranura PCI 13, función 0. Póngase en contacto con su proveedor de sistema para recibir asistencia técnica.
19/08/2013 08:38:30 a.m., Error: ACPI [6] - IRQARB: la BIOS ACPI no contiene una IRQ para el dispositivo en la ranura PCI 12, función 0. Póngase en contacto con su proveedor de sistema para recibir asistencia técnica.
19/08/2013 08:38:30 a.m., Error: ACPI [6] - IRQARB: la BIOS ACPI no contiene una IRQ para el dispositivo en la ranura PCI 11, función 0. Póngase en contacto con su proveedor de sistema para recibir asistencia técnica.
19/08/2013 05:34:30 p.m., Error: Service Control Manager [7026] - El siguiente controlador de inicio del sistema o de inicio del arranque no se cargó correctamente: i8042prt
19/08/2013 05:32:28 p.m., Error: ACPI [6] - IRQARB: la BIOS ACPI no contiene una IRQ para el dispositivo en la ranura PCI 14, función 0. Póngase en contacto con su proveedor de sistema para recibir asistencia técnica.
19/08/2013 05:32:28 p.m., Error: ACPI [6] - IRQARB: la BIOS ACPI no contiene una IRQ para el dispositivo en la ranura PCI 13, función 0. Póngase en contacto con su proveedor de sistema para recibir asistencia técnica.
19/08/2013 05:32:28 p.m., Error: ACPI [6] - IRQARB: la BIOS ACPI no contiene una IRQ para el dispositivo en la ranura PCI 12, función 0. Póngase en contacto con su proveedor de sistema para recibir asistencia técnica.
19/08/2013 05:32:28 p.m., Error: ACPI [6] - IRQARB: la BIOS ACPI no contiene una IRQ para el dispositivo en la ranura PCI 11, función 0. Póngase en contacto con su proveedor de sistema para recibir asistencia técnica.
19/08/2013 05:00:07 p.m., Error: ACPI [6] - IRQARB: la BIOS ACPI no contiene una IRQ para el dispositivo en la ranura PCI 14, función 0. Póngase en contacto con su proveedor de sistema para recibir asistencia técnica.
19/08/2013 05:00:07 p.m., Error: ACPI [6] - IRQARB: la BIOS ACPI no contiene una IRQ para el dispositivo en la ranura PCI 13, función 0. Póngase en contacto con su proveedor de sistema para recibir asistencia técnica.
19/08/2013 05:00:07 p.m., Error: ACPI [6] - IRQARB: la BIOS ACPI no contiene una IRQ para el dispositivo en la ranura PCI 12, función 0. Póngase en contacto con su proveedor de sistema para recibir asistencia técnica.
19/08/2013 05:00:07 p.m., Error: ACPI [6] - IRQARB: la BIOS ACPI no contiene una IRQ para el dispositivo en la ranura PCI 11, función 0. Póngase en contacto con su proveedor de sistema para recibir asistencia técnica.
19/08/2013 04:57:57 p.m., Error: Service Control Manager [7026] - El siguiente controlador de inicio del sistema o de inicio del arranque no se cargó correctamente: i8042prt
19/08/2013 04:55:57 p.m., Error: ACPI [6] - IRQARB: la BIOS ACPI no contiene una IRQ para el dispositivo en la ranura PCI 14, función 0. Póngase en contacto con su proveedor de sistema para recibir asistencia técnica.
19/08/2013 04:55:57 p.m., Error: ACPI [6] - IRQARB: la BIOS ACPI no contiene una IRQ para el dispositivo en la ranura PCI 13, función 0. Póngase en contacto con su proveedor de sistema para recibir asistencia técnica.
19/08/2013 04:55:57 p.m., Error: ACPI [6] - IRQARB: la BIOS ACPI no contiene una IRQ para el dispositivo en la ranura PCI 12, función 0. Póngase en contacto con su proveedor de sistema para recibir asistencia técnica.
19/08/2013 04:55:57 p.m., Error: ACPI [6] - IRQARB: la BIOS ACPI no contiene una IRQ para el dispositivo en la ranura PCI 11, función 0. Póngase en contacto con su proveedor de sistema para recibir asistencia técnica.
19/08/2013 04:53:48 p.m., Error: Service Control Manager [7034] - El servicio FLEXnet Licensing Service se terminó de manera inesperada. Esto ha sucedido 1 veces.
19/08/2013 04:36:46 p.m., Error: Service Control Manager [7026] - El siguiente controlador de inicio del sistema o de inicio del arranque no se cargó correctamente: i8042prt
19/08/2013 04:34:46 p.m., Error: ACPI [6] - IRQARB: la BIOS ACPI no contiene una IRQ para el dispositivo en la ranura PCI 14, función 0. Póngase en contacto con su proveedor de sistema para recibir asistencia técnica.
19/08/2013 04:34:46 p.m., Error: ACPI [6] - IRQARB: la BIOS ACPI no contiene una IRQ para el dispositivo en la ranura PCI 13, función 0. Póngase en contacto con su proveedor de sistema para recibir asistencia técnica.
19/08/2013 04:34:46 p.m., Error: ACPI [6] - IRQARB: la BIOS ACPI no contiene una IRQ para el dispositivo en la ranura PCI 12, función 0. Póngase en contacto con su proveedor de sistema para recibir asistencia técnica.
19/08/2013 04:34:46 p.m., Error: ACPI [6] - IRQARB: la BIOS ACPI no contiene una IRQ para el dispositivo en la ranura PCI 11, función 0. Póngase en contacto con su proveedor de sistema para recibir asistencia técnica.
19/08/2013 01:11:46 a.m., Error: ACPI [6] - IRQARB: la BIOS ACPI no contiene una IRQ para el dispositivo en la ranura PCI 14, función 0. Póngase en contacto con su proveedor de sistema para recibir asistencia técnica.
19/08/2013 01:11:46 a.m., Error: ACPI [6] - IRQARB: la BIOS ACPI no contiene una IRQ para el dispositivo en la ranura PCI 13, función 0. Póngase en contacto con su proveedor de sistema para recibir asistencia técnica.
19/08/2013 01:11:46 a.m., Error: ACPI [6] - IRQARB: la BIOS ACPI no contiene una IRQ para el dispositivo en la ranura PCI 12, función 0. Póngase en contacto con su proveedor de sistema para recibir asistencia técnica.
19/08/2013 01:11:46 a.m., Error: ACPI [6] - IRQARB: la BIOS ACPI no contiene una IRQ para el dispositivo en la ranura PCI 11, función 0. Póngase en contacto con su proveedor de sistema para recibir asistencia técnica.
16/08/2013 04:20:57 p.m., Error: Service Control Manager [7026] - El siguiente controlador de inicio del sistema o de inicio del arranque no se cargó correctamente: i8042prt
16/08/2013 04:18:52 p.m., Error: ACPI [6] - IRQARB: la BIOS ACPI no contiene una IRQ para el dispositivo en la ranura PCI 14, función 0. Póngase en contacto con su proveedor de sistema para recibir asistencia técnica.
16/08/2013 04:18:52 p.m., Error: ACPI [6] - IRQARB: la BIOS ACPI no contiene una IRQ para el dispositivo en la ranura PCI 13, función 0. Póngase en contacto con su proveedor de sistema para recibir asistencia técnica.
16/08/2013 04:18:52 p.m., Error: ACPI [6] - IRQARB: la BIOS ACPI no contiene una IRQ para el dispositivo en la ranura PCI 12, función 0. Póngase en contacto con su proveedor de sistema para recibir asistencia técnica.
16/08/2013 04:18:52 p.m., Error: ACPI [6] - IRQARB: la BIOS ACPI no contiene una IRQ para el dispositivo en la ranura PCI 11, función 0. Póngase en contacto con su proveedor de sistema para recibir asistencia técnica.
15/08/2013 12:38:59 p.m., Error: ACPI [6] - IRQARB: la BIOS ACPI no contiene una IRQ para el dispositivo en la ranura PCI 14, función 0. Póngase en contacto con su proveedor de sistema para recibir asistencia técnica.
15/08/2013 12:38:59 p.m., Error: ACPI [6] - IRQARB: la BIOS ACPI no contiene una IRQ para el dispositivo en la ranura PCI 13, función 0. Póngase en contacto con su proveedor de sistema para recibir asistencia técnica.
15/08/2013 12:38:59 p.m., Error: ACPI [6] - IRQARB: la BIOS ACPI no contiene una IRQ para el dispositivo en la ranura PCI 12, función 0. Póngase en contacto con su proveedor de sistema para recibir asistencia técnica.
15/08/2013 12:38:59 p.m., Error: ACPI [6] - IRQARB: la BIOS ACPI no contiene una IRQ para el dispositivo en la ranura PCI 11, función 0. Póngase en contacto con su proveedor de sistema para recibir asistencia técnica.
14/08/2013 12:55:50 a.m., Error: Service Control Manager [7026] - El siguiente controlador de inicio del sistema o de inicio del arranque no se cargó correctamente: i8042prt
14/08/2013 12:53:48 a.m., Error: ACPI [6] - IRQARB: la BIOS ACPI no contiene una IRQ para el dispositivo en la ranura PCI 14, función 0. Póngase en contacto con su proveedor de sistema para recibir asistencia técnica.
14/08/2013 12:53:48 a.m., Error: ACPI [6] - IRQARB: la BIOS ACPI no contiene una IRQ para el dispositivo en la ranura PCI 13, función 0. Póngase en contacto con su proveedor de sistema para recibir asistencia técnica.
14/08/2013 12:53:48 a.m., Error: ACPI [6] - IRQARB: la BIOS ACPI no contiene una IRQ para el dispositivo en la ranura PCI 12, función 0. Póngase en contacto con su proveedor de sistema para recibir asistencia técnica.
14/08/2013 12:53:48 a.m., Error: ACPI [6] - IRQARB: la BIOS ACPI no contiene una IRQ para el dispositivo en la ranura PCI 11, función 0. Póngase en contacto con su proveedor de sistema para recibir asistencia técnica.
14/08/2013 11:24:25 a.m., Error: ACPI [6] - IRQARB: la BIOS ACPI no contiene una IRQ para el dispositivo en la ranura PCI 14, función 0. Póngase en contacto con su proveedor de sistema para recibir asistencia técnica.
14/08/2013 11:24:25 a.m., Error: ACPI [6] - IRQARB: la BIOS ACPI no contiene una IRQ para el dispositivo en la ranura PCI 13, función 0. Póngase en contacto con su proveedor de sistema para recibir asistencia técnica.
14/08/2013 11:24:25 a.m., Error: ACPI [6] - IRQARB: la BIOS ACPI no contiene una IRQ para el dispositivo en la ranura PCI 12, función 0. Póngase en contacto con su proveedor de sistema para recibir asistencia técnica.
14/08/2013 11:24:25 a.m., Error: ACPI [6] - IRQARB: la BIOS ACPI no contiene una IRQ para el dispositivo en la ranura PCI 11, función 0. Póngase en contacto con su proveedor de sistema para recibir asistencia técnica.
14/08/2013 08:57:13 p.m., Error: ACPI [6] - IRQARB: la BIOS ACPI no contiene una IRQ para el dispositivo en la ranura PCI 14, función 0. Póngase en contacto con su proveedor de sistema para recibir asistencia técnica.
14/08/2013 08:57:13 p.m., Error: ACPI [6] - IRQARB: la BIOS ACPI no contiene una IRQ para el dispositivo en la ranura PCI 13, función 0. Póngase en contacto con su proveedor de sistema para recibir asistencia técnica.
14/08/2013 08:57:13 p.m., Error: ACPI [6] - IRQARB: la BIOS ACPI no contiene una IRQ para el dispositivo en la ranura PCI 12, función 0. Póngase en contacto con su proveedor de sistema para recibir asistencia técnica.
14/08/2013 08:57:13 p.m., Error: ACPI [6] - IRQARB: la BIOS ACPI no contiene una IRQ para el dispositivo en la ranura PCI 11, función 0. Póngase en contacto con su proveedor de sistema para recibir asistencia técnica.
13/08/2013 02:33:40 p.m., Error: Service Control Manager [7026] - El siguiente controlador de inicio del sistema o de inicio del arranque no se cargó correctamente: i8042prt
13/08/2013 02:31:40 p.m., Error: ACPI [6] - IRQARB: la BIOS ACPI no contiene una IRQ para el dispositivo en la ranura PCI 14, función 0. Póngase en contacto con su proveedor de sistema para recibir asistencia técnica.
13/08/2013 02:31:40 p.m., Error: ACPI [6] - IRQARB: la BIOS ACPI no contiene una IRQ para el dispositivo en la ranura PCI 13, función 0. Póngase en contacto con su proveedor de sistema para recibir asistencia técnica.
13/08/2013 02:31:40 p.m., Error: ACPI [6] - IRQARB: la BIOS ACPI no contiene una IRQ para el dispositivo en la ranura PCI 12, función 0. Póngase en contacto con su proveedor de sistema para recibir asistencia técnica.
13/08/2013 02:31:40 p.m., Error: ACPI [6] - IRQARB: la BIOS ACPI no contiene una IRQ para el dispositivo en la ranura PCI 11, función 0. Póngase en contacto con su proveedor de sistema para recibir asistencia técnica.
.
==== End Of File ===========================



RogueKiller V8.6.6 [Aug 19 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6000 ) 32 bits version
Started in : Normal mode
User : Victor [Admin rights]
Mode : Remove -- Date : 08/20/2013 19:59:33
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[HJ POL] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HID RUN][Hidden from API] HKCU\[...]\Run : Afxuxu (C:\Users\Victor\AppData\Roaming\Afxuxu.exe) -> DELETED

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost
::1 localhost
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3320620AS ATA Device +++++
--- User ---
[MBR] ab5b1a24d59797f22ae24ff3427244c9
[BSP] 99d6f0c23a9c0ead3efefca1ce126bf9 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 150000 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 307202048 | Size: 155243 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_D_08202013_195933.txt >>
RKreport[0]_S_08202013_195810.txt
 
Thanks for the upload. Ran it twice, no malware found, both times (?)
Logs:
Malwarebytes Anti-Rootkit BETA 1.06.1.1005
www.malwarebytes.org

Database version: v2013.08.20.10

Windows Vista x86 NTFS
Internet Explorer 7.0.6000.16385
Victor :: VICTOR1 [administrator]

20/08/2013 09:18:25 p.m.
mbar-log-2013-08-20 (21-18-25).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 267213
Time elapsed: 18 minute(s), 39 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.1.1005

(c) Malwarebytes Corporation 2011-2012

OS version: 6.0.6000 Windows Vista x86

Account is Administrative

Internet Explorer version: 7.0.6000.16385

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.512000 GHz
Memory total: 2145255424, free: 1198411776

Could not load protection driver
Downloaded database version: v2013.08.20.10
Initializing...
------------ Kernel report ------------
08/20/2013 20:29:38
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\amdk8.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\ohci1394.sys
\SystemRoot\system32\DRIVERS\1394BUS.SYS
\SystemRoot\system32\DRIVERS\nvmfdx32.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\Drivers\nvBridge.kmd
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\ASACPI.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\mcdbus.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\AmdLLD.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\dtsoftbus01.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\flpydisk.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\nvhda32v.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\system32\DRIVERS\parvdm.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\??\C:\Users\Victor\AppData\Local\Temp\mbr.sys
\??\C:\Windows\system32\TrueSight.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff85652a68
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IdeDeviceP4T0L0-4\
Lower Device Object: 0xffffffff856435c0
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff85652a68, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff856526b8, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff85652a68, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff85636a98, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff856435c0, DeviceName: \Device\Ide\IdeDeviceP4T0L0-4\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: B65B6B8C

Partition information:

Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 307200000

Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 307202048 Numsec = 317937664
Partition file system is NTFS
Partition is bootable

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 320072933376 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)...
Done!
Scan finished
=======================================


Removal queue found; removal started
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_1_307202048_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.1.1005

(c) Malwarebytes Corporation 2011-2012

OS version: 6.0.6000 Windows Vista x86

Account is Administrative

Internet Explorer version: 7.0.6000.16385

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.512000 GHz
Memory total: 2145255424, free: 1174786048

Could not load protection driver
Downloaded database version: v2013.08.20.10
Initializing...
------------ Kernel report ------------
08/20/2013 20:58:41
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\amdk8.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\ohci1394.sys
\SystemRoot\system32\DRIVERS\1394BUS.SYS
\SystemRoot\system32\DRIVERS\nvmfdx32.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\Drivers\nvBridge.kmd
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\ASACPI.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\mcdbus.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\AmdLLD.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\dtsoftbus01.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\flpydisk.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\nvhda32v.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\system32\DRIVERS\parvdm.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\??\C:\Users\Victor\AppData\Local\Temp\mbr.sys
\??\C:\Windows\system32\TrueSight.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff85652a68
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IdeDeviceP4T0L0-4\
Lower Device Object: 0xffffffff856435c0
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff85652a68, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff856526b8, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff85652a68, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff85636a98, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff856435c0, DeviceName: \Device\Ide\IdeDeviceP4T0L0-4\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scan Interrupted
Scan was aborted.
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.1.1005

(c) Malwarebytes Corporation 2011-2012

OS version: 6.0.6000 Windows Vista x86

Account is Administrative

Internet Explorer version: 7.0.6000.16385

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.512000 GHz
Memory total: 2145255424, free: 1163595776

Could not load protection driver
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.1.1005

(c) Malwarebytes Corporation 2011-2012

OS version: 6.0.6000 Windows Vista x86

Account is Administrative

Internet Explorer version: 7.0.6000.16385

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.512000 GHz
Memory total: 2145255424, free: 1170194432

Could not load protection driver
Downloaded database version: v2013.08.20.10
Initializing...
------------ Kernel report ------------
08/20/2013 21:00:41
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\amdk8.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\ohci1394.sys
\SystemRoot\system32\DRIVERS\1394BUS.SYS
\SystemRoot\system32\DRIVERS\nvmfdx32.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\Drivers\nvBridge.kmd
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\ASACPI.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\mcdbus.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\AmdLLD.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\dtsoftbus01.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\flpydisk.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\nvhda32v.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\system32\DRIVERS\parvdm.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\??\C:\Users\Victor\AppData\Local\Temp\mbr.sys
\??\C:\Windows\system32\TrueSight.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff85652a68
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IdeDeviceP4T0L0-4\
Lower Device Object: 0xffffffff856435c0
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff85652a68, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff856526b8, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff85652a68, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff85636a98, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff856435c0, DeviceName: \Device\Ide\IdeDeviceP4T0L0-4\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: B65B6B8C

Partition information:

Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 307200000

Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 307202048 Numsec = 317937664
Partition file system is NTFS
Partition is bootable

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 320072933376 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)...
Done!
Scan finished
=======================================


Removal queue found; removal started
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_1_307202048_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.06.1.1005

(c) Malwarebytes Corporation 2011-2012

OS version: 6.0.6000 Windows Vista x86

Account is Administrative

Internet Explorer version: 7.0.6000.16385

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.512000 GHz
Memory total: 2145255424, free: 1169457152

Could not load protection driver
Initializing...
------------ Kernel report ------------
08/20/2013 21:18:20
------------ Loaded modules -----------
\SystemRoot\system32\ntkrnlpa.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\acpi.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\msrpc.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\ecache.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\drivers\crcdisk.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\amdk8.sys
\SystemRoot\system32\DRIVERS\fdc.sys
\SystemRoot\system32\DRIVERS\serial.sys
\SystemRoot\system32\DRIVERS\serenum.sys
\SystemRoot\system32\DRIVERS\parport.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\ohci1394.sys
\SystemRoot\system32\DRIVERS\1394BUS.SYS
\SystemRoot\system32\DRIVERS\nvmfdx32.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\Drivers\nvBridge.kmd
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\ASACPI.sys
\SystemRoot\system32\DRIVERS\msiscsi.sys
\SystemRoot\system32\DRIVERS\storport.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rdpdr.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\mcdbus.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\AmdLLD.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\system32\DRIVERS\dtsoftbus01.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\flpydisk.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\nvhda32v.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\smb.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\drivers\usbaudio.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\drivers\spsys.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\drivers\mrxdav.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\system32\DRIVERS\parvdm.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\drivers\tcpipreg.sys
\??\C:\Users\Victor\AppData\Local\Temp\mbr.sys
\??\C:\Windows\system32\TrueSight.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xffffffff85652a68
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\Ide\IdeDeviceP4T0L0-4\
Lower Device Object: 0xffffffff856435c0
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Device number: 0, partition: 1
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffffff85652a68, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffffff856526b8, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffffff85652a68, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffffff85636a98, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffffff856435c0, DeviceName: \Device\Ide\IdeDeviceP4T0L0-4\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 1
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: B65B6B8C

Partition information:

Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 307200000

Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 307202048 Numsec = 317937664
Partition file system is NTFS
Partition is bootable

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 320072933376 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)...
Done!
Scan finished
=======================================


Removal queue found; removal started
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_1_307202048_i.mbam...
Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
Removal finished
 
redtarget.gif
Create new restore point before proceeding with the next step....
How to:
- Windows 8: http://www.vikitech.com/11302/system-restore-windows-8
- Windows 7: http://www.howtogeek.com/howto/3195/create-a-system-restore-point-in-windows-7/
- Vista: http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/
- XP: http://support.microsoft.com/kb/948247

redtarget.gif
Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    If the connection is not there use restore point you created prior to running Combofix.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error Illegal operation attempted on a registery key that has been marked for deletion, restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
Ran combofix:

ComboFix 13-08-20.01 - Victor 20/08/2013 22:09:28.1.2 - x86
Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.52.3082.18.2046.1209 [GMT -5:00]
Running from: c:\users\Victor\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\data
c:\data\jce06_SP.pp
c:\windows\apppatch\AppLoc.exe
c:\windows\apppatch\AppLocA.exe
c:\windows\apppatch\unins000.dat
c:\windows\apppatch\unins000.exe
c:\windows\IsUn0411.exe
c:\windows\PFRO.log
.
.
((((((((((((((((((((((((( Files Created from 2013-07-21 to 2013-08-21 )))))))))))))))))))))))))))))))
.
.
2013-08-21 01:29 . 2013-08-21 03:00 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-08-20 05:25 . 2013-08-20 05:25 -------- d-----w- c:\users\Victor\AppData\Roaming\Malwarebytes
2013-08-20 05:25 . 2013-08-20 05:25 -------- d-----w- c:\programdata\Malwarebytes
2013-08-20 05:25 . 2013-08-20 05:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-08-20 05:25 . 2013-04-04 19:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-08-20 04:55 . 2013-08-20 04:56 -------- d-----w- c:\program files\Dropbox
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
1999-07-14 08:00 . 2012-02-23 19:54 327168 ----a-w- c:\program files\vdsrun30.dll
2012-06-19 00:05 . 2011-05-07 13:22 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Victor\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Victor\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Victor\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Victor\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2006-10-31 1196032]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-31 201728]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-11-06 3673728]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-11-06 3673728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-15 623992]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-11-15 273528]
.
c:\users\Victor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Victor\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-24 27776968]
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2012-5-4 576000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoAutorun"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-628112888-541856711-2089572369-1000]
"EnableNotificationsRef"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - TRUESIGHT
*Deregistered* - TrueSight
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Victor\AppData\Roaming\Mozilla\Firefox\Profiles\ch5stkuo.default\
FF - prefs.js: browser.startup.homepage - hxxp://ffffound.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?q=
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110819&tt=100512_4_
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - ca656b14000000000000001a9238357b
FF - user.js: extensions.BabylonToolbar_i.hardId - ca656b14000000000000001a9238357b
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15471
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1719:46
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Vidalia - c:\program files\Vidalia Bundle\Vidalia\vidalia.exe
AddRemove-Driver San Francisco - c:\program files\Black_Box\Driver San Francisco\Uninstall\Uninstall.exe
AddRemove-Uninstall Presto! BizCard Spa - c:\program files\NewSoft\Presto! BizCard Spa\Uninst.isu
AddRemove-{9143B17E-BBDE-4EA7-A4E3-20D384D9C8A5}_is1 - c:\windows\AppPatch\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-08-20 22:22
Windows 6.0.6000 NTFS
.
detected NTDLL code modification:
ZwEnumerateValueKey, ZwQueryDirectoryFile
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Afxuxu = c:\users\Victor\AppData\Roaming\Afxuxu.exe
.
scanning hidden files ...
.
.
c:\users\Victor\AppData\Local\Temp\catchme.dll 53248 bytes executable
c:\users\Victor\AppData\Roaming\Afxuxu.exe 163840 bytes executable
.
scan completed successfully
hidden files: 2
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2512)
c:\windows\System32\cscobj.dll
.
Completion time: 2013-08-20 22:24:41
ComboFix-quarantined-files.txt 2013-08-21 03:24
.
Pre-Run: 14,920,417,280 bytes libres
Post-Run: 31,185,743,872 bytes libres
.
- - End Of File - - 777630985D7617CC29A59247F9866ED0
5C616939100B85E558DA92B899A0FC36
 
Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
 
Farbar scan logs, in two posts becasue of the word limit:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-08-2013
Ran by Victor (administrator) on 20-08-2013 22:49:14
Running from C:\Users\Victor\Desktop
Microsoft® Windows Vista™ Ultimate (X86) OS Language: Spanish Modern Sort
Internet Explorer Version 7
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(MagicISO, Inc.) C:\Program Files\MagicDisc\MagicDisc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Macrovision Europe Ltd.) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcrobatInfo.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [GrooveMonitor] - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [623992 2008-10-14] (Adobe Systems Inc.)
HKLM\...\Run: [Adobe_ID0EYTHM] - C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE [1884160 2007-03-20] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421160 2011-04-27] (Apple Inc.)
HKLM\...\Run: [amd_dc_opt] - C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM\...\Run: [TkBellExe] - C:\Program Files\Real\RealPlayer\update\realsched.exe [273528 2011-11-14] (RealNetworks, Inc.)
HKCU\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [201728 2006-10-31] (Microsoft Corporation)
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files\DAEMON Tools Lite\DTLite.exe [3673728 2012-11-06] (DT Soft Ltd)
HKU\Default\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2006-10-31] (Microsoft Corporation)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - C:\Windows\System32\oobefldr.dll [ 2006-10-31] (Microsoft Corporation)
Startup: C:\Users\Victor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Victor\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Victor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
ShortcutTarget: MagicDisc.lnk -> C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/?q={searc...SP_ss&mntrId=ca656b14000000000000001a9238357b
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://search.babylon.com/?q={searc...SP_ss&mntrId=ca656b14000000000000001a9238357b
BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll (Adobe Systems Incorporated.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO: Windows Live Aplicación auxiliar de inicio de sesión - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll (Adobe Systems Incorporated.)
Toolbar: HKCU -Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2210608 2006-10-27] (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Victor\AppData\Roaming\Mozilla\Firefox\Profiles\ch5stkuo.default
FF user.js: detected! => C:\Users\Victor\AppData\Roaming\Mozilla\Firefox\Profiles\ch5stkuo.default\user.js
FF Homepage: hxxp://ffffound.com/
FF Keyword.URL: hxxp://www.google.com/search?q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @real.com/nppl3260;version=12.0.1.669 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=12.0.1.669 - c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=12.0.1.669 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=12.0.1.669 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=12.0.1.669 - c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Victor\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\babylon.xml
FF Extension: No Name - C:\Users\Victor\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: DivXWebPlayer - C:\Users\Victor\AppData\Roaming\Mozilla\Firefox\Profiles\ch5stkuo.default\Extensions\DivXWebPlayer@divx.com.xpi
FF Extension: Default - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR DefaultSearchURL: (Google) - {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Victor\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0
CHR HKLM\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx

========================== Services (Whitelisted) =================

S3 Adobe Version Cue CS3; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe [153792 2007-03-20] (Adobe Systems Incorporated)
R2 nvUpdatusService; C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2255464 2011-08-03] (NVIDIA Corporation)

==================== Drivers (Whitelisted) ====================

R0 CLFS; C:\Windows\System32\CLFS.sys [221800 2006-10-31] (Microsoft Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2012-12-31] (DT Soft Ltd)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] ()
S0 OemBiosDevice; C:\Windows\System32\drivers\royal.sys [240128 2011-05-02] (PARADOX)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [x]
U3 catchme; \??\C:\Users\Victor\AppData\Local\Temp\catchme.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
U3 mbr; \??\C:\ComboFix\mbr.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-20 22:48 - 2013-08-20 22:48 - 01070183 _____ (Farbar) C:\Users\Victor\Desktop\FRST.exe
2013-08-20 22:24 - 2013-08-20 22:24 - 00008964 _____ C:\ComboFix.txt
2013-08-20 22:07 - 2013-08-20 22:24 - 00000000 ____D C:\Qoobox
2013-08-20 22:07 - 2013-08-20 22:24 - 00000000 ____D C:\ComboFix
2013-08-20 22:07 - 2013-08-20 22:23 - 00000000 ____D C:\Windows\erdnt
2013-08-20 22:07 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe
2013-08-20 22:07 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe
2013-08-20 22:07 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-08-20 22:07 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-08-20 22:07 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-08-20 22:07 - 2000-08-30 19:00 - 00212480 _____ (SteelWerX) C:\Windows\SWXCACLS.exe
2013-08-20 22:07 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe
2013-08-20 22:07 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe
2013-08-20 22:07 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe
2013-08-20 22:04 - 2013-08-20 22:04 - 05109244 ____R (Swearware) C:\Users\Victor\Desktop\ComboFix.exe
2013-08-20 20:29 - 2013-08-20 22:00 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-08-20 20:28 - 2013-08-20 22:00 - 00000000 ____D C:\Users\Victor\Desktop\mbar
2013-08-20 20:26 - 2013-08-20 20:26 - 12081912 _____ (Malwarebytes Corp.) C:\Users\Victor\Desktop\mbar-1.06.1.1005.exe
2013-08-20 19:59 - 2013-08-20 19:59 - 00001832 _____ C:\Users\Victor\Desktop\RKreport[0]_D_08202013_195933.txt
2013-08-20 19:58 - 2013-08-20 19:58 - 00001774 _____ C:\Users\Victor\Desktop\RKreport[0]_S_08202013_195810.txt
2013-08-20 19:56 - 2013-08-20 22:06 - 00000000 ____D C:\Users\Victor\Desktop\RK_Quarantine
2013-08-20 19:51 - 2013-08-20 19:51 - 00024475 _____ C:\Users\Victor\Documents\post.txt
2013-08-20 19:49 - 2013-08-20 19:49 - 00923136 _____ C:\Users\Victor\Desktop\RogueKiller.exe
2013-08-20 02:27 - 2013-08-20 20:12 - 00024411 _____ C:\Users\Victor\Desktop\attach.txt
2013-08-20 02:27 - 2013-08-20 20:12 - 00010445 _____ C:\Users\Victor\Desktop\dds.txt
2013-08-20 02:26 - 2013-08-20 02:26 - 00688992 ____R (Swearware) C:\Users\Victor\Desktop\dds.com
2013-08-20 02:06 - 2013-08-20 02:43 - 00000000 ____D C:\Users\Victor\Desktop\backups
2013-08-20 01:51 - 2013-08-20 03:07 - 00022731 _____ C:\Users\Victor\Desktop\hijackthis.log
2013-08-20 01:50 - 2013-08-20 01:50 - 00388608 _____ (Trend Micro Inc.) C:\Users\Victor\Desktop\HijackThis.exe
2013-08-20 01:49 - 2013-08-20 01:49 - 00894600 _____ (CNET Download.com) C:\Users\Victor\Desktop\cbsidlm-cbsi134-Temp_File_Cleaner-SEO-10628816.exe
2013-08-20 00:25 - 2013-08-20 00:25 - 00000906 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-20 00:25 - 2013-08-20 00:25 - 00000000 ____D C:\Users\Victor\AppData\Roaming\Malwarebytes
2013-08-20 00:25 - 2013-08-20 00:25 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-20 00:25 - 2013-08-20 00:25 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-08-20 00:25 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-20 00:23 - 2013-08-20 00:24 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Victor\Desktop\mbam-setup-1.75.0.1300.exe
2013-08-20 00:03 - 2013-08-20 00:03 - 00017028 _____ C:\Users\Victor\Desktop\AutoRunExterminator-1.8.zip
2013-08-20 00:03 - 2013-08-20 00:03 - 00000000 ____D C:\Users\Victor\Desktop\AutoRunExterminator-1.8
2013-08-19 23:55 - 2013-08-19 23:56 - 00000000 ____D C:\Program Files\Dropbox
2013-08-14 16:39 - 2013-08-14 16:39 - 00591480 _____ C:\Users\Victor\Desktop\ficha2.cdr
2013-08-14 00:46 - 2013-08-14 00:46 - 04612735 _____ C:\Users\Victor\Desktop\xxxxxxxxxx.psd
2013-08-12 18:22 - 2013-08-12 14:08 - 27933756 _____ C:\Users\Victor\Desktop\Shaun-Tan .rar
2013-08-04 18:45 - 2013-08-04 18:44 - 00625352 _____ C:\Users\Victor\Desktop\ficha - copia.cdr
2013-08-04 18:44 - 2013-08-04 18:44 - 00625352 _____ C:\Users\Victor\Desktop\ficha.cdr

==================== One Month Modified Files and Folders =======

2013-08-20 22:48 - 2013-08-20 22:48 - 01070183 _____ (Farbar) C:\Users\Victor\Desktop\FRST.exe
2013-08-20 22:48 - 2011-05-04 09:36 - 00000069 _____ C:\Windows\NeroDigital.ini
2013-08-20 22:43 - 2006-10-31 03:00 - 00003552 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-20 22:43 - 2006-10-31 03:00 - 00003552 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-20 22:25 - 2011-05-04 07:01 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-08-20 22:24 - 2013-08-20 22:24 - 00008964 _____ C:\ComboFix.txt
2013-08-20 22:24 - 2013-08-20 22:07 - 00000000 ____D C:\Qoobox
2013-08-20 22:24 - 2013-08-20 22:07 - 00000000 ____D C:\ComboFix
2013-08-20 22:24 - 2006-10-31 01:42 - 00000000 __RHD C:\Users\Default
2013-08-20 22:24 - 2006-10-31 01:42 - 00000000 ___RD C:\Users\Public
2013-08-20 22:23 - 2013-08-20 22:07 - 00000000 ____D C:\Windows\erdnt
2013-08-20 22:22 - 2006-10-31 00:56 - 00000215 _____ C:\Windows\system.ini
2013-08-20 22:07 - 2006-10-31 03:05 - 01303483 _____ C:\Windows\WindowsUpdate.log
2013-08-20 22:06 - 2013-08-20 19:56 - 00000000 ____D C:\Users\Victor\Desktop\RK_Quarantine
2013-08-20 22:04 - 2013-08-20 22:04 - 05109244 ____R (Swearware) C:\Users\Victor\Desktop\ComboFix.exe
2013-08-20 22:00 - 2013-08-20 20:29 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-08-20 22:00 - 2013-08-20 20:28 - 00000000 ____D C:\Users\Victor\Desktop\mbar
2013-08-20 20:26 - 2013-08-20 20:26 - 12081912 _____ (Malwarebytes Corp.) C:\Users\Victor\Desktop\mbar-1.06.1.1005.exe
2013-08-20 20:12 - 2013-08-20 02:27 - 00024411 _____ C:\Users\Victor\Desktop\attach.txt
2013-08-20 20:12 - 2013-08-20 02:27 - 00010445 _____ C:\Users\Victor\Desktop\dds.txt
2013-08-20 19:59 - 2013-08-20 19:59 - 00001832 _____ C:\Users\Victor\Desktop\RKreport[0]_D_08202013_195933.txt
2013-08-20 19:58 - 2013-08-20 19:58 - 00001774 _____ C:\Users\Victor\Desktop\RKreport[0]_S_08202013_195810.txt
2013-08-20 19:51 - 2013-08-20 19:51 - 00024475 _____ C:\Users\Victor\Documents\post.txt
2013-08-20 19:49 - 2013-08-20 19:49 - 00923136 _____ C:\Users\Victor\Desktop\RogueKiller.exe
2013-08-20 19:44 - 2012-03-28 21:31 - 00000000 ___RD C:\Users\Victor\Dropbox
2013-08-20 19:44 - 2012-03-28 21:28 - 00000000 ____D C:\Users\Victor\AppData\Roaming\Dropbox
2013-08-20 19:43 - 2011-05-02 17:34 - 00000000 ____D C:\Users\Victor\Tracing
2013-08-20 19:43 - 2011-05-02 15:48 - 00000000 ____D C:\ProgramData\NVIDIA
2013-08-20 19:43 - 2006-10-31 03:15 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-20 14:50 - 2006-10-31 03:15 - 00032550 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-20 12:35 - 2007-01-01 00:05 - 00000000 ____D C:\Users\Victor\AppData\Roaming\Adobe
2013-08-20 12:14 - 2012-02-03 12:46 - 00060003 _____ C:\Windows\FontData.fdb
2013-08-20 03:07 - 2013-08-20 01:51 - 00022731 _____ C:\Users\Victor\Desktop\hijackthis.log
2013-08-20 02:43 - 2013-08-20 02:06 - 00000000 ____D C:\Users\Victor\Desktop\backups
2013-08-20 02:26 - 2013-08-20 02:26 - 00688992 ____R (Swearware) C:\Users\Victor\Desktop\dds.com
2013-08-20 01:50 - 2013-08-20 01:50 - 00388608 _____ (Trend Micro Inc.) C:\Users\Victor\Desktop\HijackThis.exe
2013-08-20 01:49 - 2013-08-20 01:49 - 00894600 _____ (CNET Download.com) C:\Users\Victor\Desktop\cbsidlm-cbsi134-Temp_File_Cleaner-SEO-10628816.exe
2013-08-20 01:43 - 2006-10-31 01:42 - 00000000 ____D C:\Windows\Branding
2013-08-20 01:41 - 2011-05-04 23:44 - 00000000 ____D C:\Users\Victor\Desktop\progrmas
2013-08-20 00:25 - 2013-08-20 00:25 - 00000906 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-20 00:25 - 2013-08-20 00:25 - 00000000 ____D C:\Users\Victor\AppData\Roaming\Malwarebytes
2013-08-20 00:25 - 2013-08-20 00:25 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-20 00:25 - 2013-08-20 00:25 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-08-20 00:24 - 2013-08-20 00:23 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Victor\Desktop\mbam-setup-1.75.0.1300.exe
2013-08-20 00:03 - 2013-08-20 00:03 - 00017028 _____ C:\Users\Victor\Desktop\AutoRunExterminator-1.8.zip
2013-08-20 00:03 - 2013-08-20 00:03 - 00000000 ____D C:\Users\Victor\Desktop\AutoRunExterminator-1.8
2013-08-19 23:56 - 2013-08-19 23:55 - 00000000 ____D C:\Program Files\Dropbox
2013-08-19 23:55 - 2012-03-28 21:31 - 00000922 _____ C:\Users\Victor\Desktop\Dropbox.lnk
2013-08-19 23:55 - 2012-03-28 21:29 - 00000000 ____D C:\Users\Victor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-08-19 23:52 - 2012-02-29 22:11 - 00005218 _____ C:\Windows\setupact.log
2013-08-19 23:24 - 2006-10-31 01:06 - 01549514 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-16 16:30 - 2012-11-27 01:11 - 00000000 ____D C:\Users\Victor\Desktop\2004-Reise, Reise
2013-08-16 16:20 - 2006-10-31 03:00 - 01764912 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-15 19:47 - 2011-05-02 16:29 - 00110320 _____ C:\Users\Victor\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-14 16:39 - 2013-08-14 16:39 - 00591480 _____ C:\Users\Victor\Desktop\ficha2.cdr
2013-08-14 00:46 - 2013-08-14 00:46 - 04612735 _____ C:\Users\Victor\Desktop\xxxxxxxxxx.psd
2013-08-12 14:08 - 2013-08-12 18:22 - 27933756 _____ C:\Users\Victor\Desktop\Shaun-Tan .rar
2013-08-07 18:10 - 2013-04-26 19:12 - 00000000 ____D C:\Users\Victor\Desktop\gam
2013-08-07 12:23 - 2012-05-04 12:05 - 00000000 ____D C:\illusion
2013-08-05 19:09 - 2011-05-04 09:36 - 00098816 _____ C:\Users\Victor\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-08-05 19:01 - 2012-10-08 14:36 - 00000000 ____D C:\Users\Victor\Desktop\Nueva carpeta
2013-08-04 18:44 - 2013-08-04 18:45 - 00625352 _____ C:\Users\Victor\Desktop\ficha - copia.cdr
2013-08-04 18:44 - 2013-08-04 18:44 - 00625352 _____ C:\Users\Victor\Desktop\ficha.cdr
2013-07-25 19:16 - 2011-05-05 08:38 - 00000000 ____D C:\Users\Victor\Desktop\comics
2013-07-25 19:13 - 2012-11-21 14:37 - 00000000 ____D C:\Users\Victor\Desktop\Shiwasu_No_Okina_JC_Ecchi_(www.hentairules.net)_(English)
2013-07-25 19:04 - 2011-05-06 06:52 - 00000000 ____D C:\Users\Victor\Desktop\H
2013-07-25 19:02 - 2013-06-11 22:09 - 00000000 ____D C:\Users\Victor\Desktop\Sinestro Corps War

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe
[2006-10-30 23:13] - [2006-10-31 00:13] - 2923520 ____A (Microsoft Corporation) ABF93D1B3E99C404D9A447BB54475465

C:\Windows\System32\winlogon.exe
[2006-10-30 23:10] - [2006-10-31 00:14] - 0308224 ____A (Microsoft Corporation) ECE76F6D06DC50CFCF990CD7ED47942F

C:\Windows\System32\wininit.exe
[2006-10-30 23:10] - [2006-10-31 00:14] - 0095744 ____A (Microsoft Corporation) F4949B3E91F2703D17E4B5206B81B19D

C:\Windows\System32\svchost.exe
[2006-10-30 23:00] - [2006-10-31 00:14] - 0022016 ____A (Microsoft Corporation) CF250503F6ECBE7387B6175D177467AC

C:\Windows\System32\services.exe
[2006-10-30 23:00] - [2006-10-31 00:14] - 0279552 ____A (Microsoft Corporation) B161166B9C3BD9D4E7386728C0F70BAD

C:\Windows\System32\User32.dll
[2006-10-30 23:03] - [2006-10-31 00:14] - 0633856 ____A (Microsoft Corporation) 694677C03BD0747E06F8796010A789A0

C:\Windows\System32\userinit.exe
[2006-10-30 23:09] - [2006-10-31 00:14] - 0024576 ____A (Microsoft Corporation) 73E4DE171259AECB3117B32DF2A69070

C:\Windows\System32\Drivers\volsnap.sys
[2006-10-30 23:18] - [2006-10-31 00:18] - 0208488 ____A (Microsoft Corporation) BC8928E1F84ED6BFFC29E24BBB05BCAE



LastRegBack: 2013-08-20 19:49

==================== End Of Log ============================
 
And Addition.txt in 2 posts:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 21-08-2013
Ran by Victor at 2013-08-20 22:49:31
Running from C:\Users\Victor\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

3Dカスタム少女 (Version: 1.0.0)
7-Zip 9.20
ABBYY FineReader 5.0 Sprint (Version: 5.0.0.3412)
Actualización de NVIDIA 1.4.28 (Version: 1.4.28)
Add or Remove Adobe Creative Suite 3 Master Collection (Version: 1.0)
Adobe Acrobat 8 Professional (Version: 8.1.6)
Adobe Acrobat 8.1.6 - CPSID_49167
Adobe Acrobat 8.1.6 Professional (Version: 8.1.6)
Adobe After Effects CS3 (Version: 8)
Adobe After Effects CS3 Presets (Version: 8)
Adobe Anchor Service CS3 (Version: 1.0)
Adobe Asset Services CS3 (Version: 3)
Adobe Bridge CS3 (Version: 2)
Adobe Bridge Start Meeting (Version: 1.0)
Adobe BridgeTalk Plugin CS3 (Version: 1.0)
Adobe Camera Raw 4.0 (Version: 4.0)
Adobe CMaps (Version: 1.0)
Adobe Color - Photoshop Specific (Version: 1.0)
Adobe Color Common Settings (Version: 1.0.1)
Adobe Color EU Extra Settings (Version: 1.0)
Adobe Color JA Extra Settings (Version: 1.0)
Adobe Color NA Recommended Settings (Version: 1.0)
Adobe Contribute CS3 (Version: 4.1)
Adobe Default Language CS3 (Version: 1.0)
Adobe Device Central CS3 (Version: 1.0)
Adobe Dreamweaver CS3 (Version: 9)
Adobe Encore CS3 (Version: 3)
Adobe Encore CS3 Codecs (Version: 3)
Adobe ExtendScript Toolkit 2 (Version: 2.0.2)
Adobe Extension Manager CS3 (Version: 1.8)
Adobe Fireworks CS3 (Version: 9.0)
Adobe Flash CS3 (Version: 9.0)
Adobe Flash Player 11 Plugin (Version: 11.1.102.62)
Adobe Flash Player 9 ActiveX (Version: 9.0.45.0)
Adobe Flash Video Encoder (Version: 2.0)
Adobe Fonts All (Version: 1.0)
Adobe Help Viewer CS3 (Version: 1)
Adobe Illustrator CS3 (Version: 13.0)
Adobe InDesign CS3 (Version: 5.0)
Adobe InDesign CS3 Icon Handler (Version: 5.0)
Adobe Linguistics CS3 (Version: 3.0.0)
Adobe MotionPicture Color Files (Version: 1.0)
Adobe PDF Library Files (Version: 8.0)
Adobe Photoshop CS3 (Version: 10)
Adobe Photoshop Lightroom 4 (Version: 4.0.1)
Adobe Premiere Pro CS3 (Version: 3)
Adobe Premiere Pro CS3 Functional Content (Version: 8)
Adobe Premiere Pro CS3 Third Party Content (Version: 3)
Adobe Reader 9 - Español (Version: 9.0.0)
Adobe Setup (Version: 1.0)
Adobe SING CS3 (Version: 0.1)
Adobe Soundbooth CS3 (Version: 1)
Adobe Soundbooth CS3 Codecs (Version: 3)
Adobe Stock Photos CS3 (Version: 1.5)
Adobe Streamline 4.0
Adobe Type Support (Version: 1.0)
Adobe Update Manager CS3 (Version: 5.1.0)
Adobe Version Cue CS3 Client (Version: 3)
Adobe Version Cue CS3 Server {ko_KR} (Version: 3.0.0.0 {ko_KR} )
Adobe Video Profiles (Version: 1.0)
Adobe WAS CS3 (Version: 1.0)
Adobe WinSoft Linguistics Plugin (Version: 1.0)
Adobe XMP DVA Panels CS3 (Version: 1.0)
Adobe XMP Panels CS3 (Version: 1.0)
AHV content for Acrobat and Flash (Version: 1)
Apple Application Support (Version: 1.5.1)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
Batman Arkham City version 1.0 (Version: 1.0)
Batman: Arkham Asylum Game of the Year Edition (Version: 1.0.0.0)
Bonjour (Version: 3.0.0.10)
CCleaner (Version: 3.06)
Corel Graphics - Windows Shell Extension (Version: 15.0.0.487)
Corel Graphics - Windows Shell Extension (Version: 15.0.487)
CorelDRAW Graphics Suite X5 - Capture (Version: 15.0)
CorelDRAW Graphics Suite X5 - Common (Version: 15.0)
CorelDRAW Graphics Suite X5 - Connect (Version: 15.0)
CorelDRAW Graphics Suite X5 - Custom Data (Version: 15.0)
CorelDRAW Graphics Suite X5 - Draw (Version: 15.0)
CorelDRAW Graphics Suite X5 - ES (Version: 15.0)
CorelDRAW Graphics Suite X5 - Filters (Version: 15.0)
CorelDRAW Graphics Suite X5 - FontNav (Version: 15.0)
CorelDRAW Graphics Suite X5 - IPM (Version: 15.0)
CorelDRAW Graphics Suite X5 - PHOTO-PAINT (Version: 15.0)
CorelDRAW Graphics Suite X5 - Photozoom Plugin (Version: 15.0)
CorelDRAW Graphics Suite X5 - Redist (Version: 15.0)
CorelDRAW Graphics Suite X5 - Setup Files (Version: 15.0)
CorelDRAW Graphics Suite X5 - VBA (Version: 15.0)
CorelDRAW Graphics Suite X5 - VideoBrowser (Version: 15.0)
CorelDRAW Graphics Suite X5 - VSTA (Version: 15.0)
CorelDRAW Graphics Suite X5 - WT (Version: 15.0)
CorelDRAW Graphics Suite X5 (Version: 15.0)
CorelDRAW(R) Graphics Suite X5 (Version: 15.0.0.486)
DAEMON Tools Lite (Version: 4.46.1.0327)
Dropbox (HKCU Version: 2.0.22)
Dual-Core Optimizer (Version: 1.1.4.0169)
EPSON Copy Utility 3 (Version: 3.0.1.0)
EPSON Scan
EPSON Smart Panel
Herramienta de carga de Windows Live (Version: 14.0.8014.1029)
ILLUSION ワケあり! (Version: 1.00.0000)
ILLUSION 俺が主人公 (Version: 1.00.0000)
iTunes (Version: 10.2.2.14)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Games for Windows - LIVE (Version: 3.1.186.0)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.1.99.0)
Microsoft Office Access MUI (Spanish) 2007 (Version: 12.0.4518.1014)
Microsoft Office Enterprise 2007 (Version: 12.0.4518.1014)
Microsoft Office Excel MUI (Spanish) 2007 (Version: 12.0.4518.1014)
Microsoft Office Groove MUI (Spanish) 2007 (Version: 12.0.4518.1014)
Microsoft Office InfoPath MUI (Spanish) 2007 (Version: 12.0.4518.1014)
Microsoft Office OneNote MUI (Spanish) 2007 (Version: 12.0.4518.1014)
Microsoft Office Outlook MUI (Spanish) 2007 (Version: 12.0.4518.1014)
Microsoft Office PowerPoint MUI (Spanish) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (Basque) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (Catalan) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (Galician) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (Portuguese (Brazil)) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (Spanish) 2007 (Version: 12.0.4518.1014)
Microsoft Office Publisher MUI (Spanish) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared MUI (Spanish) 2007 (Version: 12.0.4518.1014)
Microsoft Office Word MUI (Spanish) 2007 (Version: 12.0.4518.1014)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Windows Application Compatibility Database
Microsoft Windows Media Video 9 VCM
Mozilla Firefox 13.0.1 (x86 en-US) (Version: 13.0.1)
Mozilla Maintenance Service (Version: 13.0.1)
MSVCRT (Version: 14.0.1468.721)
Nero 8 Lite 8.3.2.1 (Version: 8.3.2.1)
NVIDIA 3D Vision Controller Driver (Version: 280.19)
NVIDIA Controlador de 3D Vision 280.26 (Version: 280.26)
NVIDIA Controlador de audio HD 1.2.23.3 (Version: 1.2.23.3)
NVIDIA Controlador de gráficos 280.26 (Version: 280.26)
NVIDIA Controlador de la controladora 3D Vision 280.19 (Version: 280.19)
NVIDIA Drivers (Version: 1.10.62.40)
NVIDIA Install Application (Version: 2.1000.25.170)
NVIDIA PhysX (Version: 9.10.0514)
NVIDIA Software del sistema PhysX 9.10.0514 (Version: 9.10.0514)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.12.8026)
NVIDIA Update Components (Version: 1.4.28)
Panel de control de NVIDIA 280.26 (Version: 280.26)
PDF Settings (Version: 1.0)
piaip AppLocale (Version: 1.0.0)
QuickTime (Version: 7.69.80.9)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealPlayer
RealUpgrade 1.1 (Version: 1.1.0)
Unity Web Player (HKCU Version: )
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
Visual Basic for Applications (R) Core - English (Version: 6.4.99.69)
Visual Basic for Applications (R) Core - Spanish (Version: 6.4.99.69)
Visual Basic for Applications (R) Core (Version: 6.4.99.69)
VLC media player 1.1.11 (Version: 1.1.11)
Windows Live Asistente para el inicio de sesión (Version: 5.000.818.5)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Messenger (Version: 14.0.8117.0416)
WinRAR archiver
 
Sorry it didn't fit in two... I'll try to cut it in understandable pieces:

=================== Restore Points =========================

20-08-2013 19:02:19 Punto de control programado
21-08-2013 01:05:11 Antes de la limpieza del virus
21-08-2013 02:57:26 Before combo fix

==================== Hosts content: ==========================

2006-10-31 00:57 - 2013-08-20 22:22 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {024AB418-34EC-437C-AFB9-E5BDC6BE6183} - System32\Tasks\RealCreateProcessScheduledTask9056996S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {035372B5-8E0D-4E5D-9C37-1B88C9E88183} - System32\Tasks\RealCreateProcessScheduledTask24075571S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {03967D71-9CA8-4B22-AD79-C1F45319575A} - System32\Tasks\RealCreateProcessScheduledTask5450347S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {046F7371-C72B-46AF-8EFA-CE95FF3CDEC3} - System32\Tasks\RealCreateProcessScheduledTask10859838S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {04B66B28-7215-4BEF-87C4-CDE60D7BC0B0} - System32\Tasks\RealCreateProcessScheduledTask13277666S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {04C2E377-7254-405F-82FF-3DAFEF5F2C72} - System32\Tasks\RealCreateProcessScheduledTask4862145S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {04DE1650-1669-4F7C-81FF-EB10BB99EF93} - System32\Tasks\RealCreateProcessScheduledTask8508310S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {051C5719-C76F-4027-A9B4-12D340ECFD90} - System32\Tasks\RealCreateProcessScheduledTask6656453S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {06272C5C-FCCB-4E50-ACA3-2E3BE49F9ACA} - System32\Tasks\RealCreateProcessScheduledTask23495092S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {063BB8AA-9C6C-46AA-849F-42B2FA88624A} - System32\Tasks\RealCreateProcessScheduledTask10259624S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {06A245A9-75B4-4FC6-8181-A9C704A27764} - System32\Tasks\RealCreateProcessScheduledTask4253414S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {074EE765-01D2-4840-BBAE-84AF91B3E013} - System32\Tasks\RealCreateProcessScheduledTask12827541S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {0780729E-28AC-4511-BCEB-7DE130CF4F9D} - System32\Tasks\RealCreateProcessScheduledTask5464715S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {08A96822-6875-4C2C-9911-BB1241C328D6} - System32\Tasks\RealCreateProcessScheduledTask18664833S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {08E42FFF-C235-4ECB-82FC-B34093F4C717} - System32\Tasks\RealCreateProcessScheduledTask648730S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {08EFACAC-4EF0-417D-8883-0CA44C372566} - System32\Tasks\RealCreateProcessScheduledTask33086298S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {09125BEB-93A4-4B48-8509-21DFFF4BED5E} - System32\Tasks\RealCreateProcessScheduledTask19860362S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {09BD214F-318C-46D1-B447-F5644DB5DC16} - System32\Tasks\RealCreateProcessScheduledTask6926834S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {0A48763D-919D-4006-84A4-99D4F68078FC} - System32\Tasks\RealCreateProcessScheduledTask28271749S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {0B0050A8-2EB3-48BB-8E78-D160CC1BB339} - System32\Tasks\RealCreateProcessScheduledTask4270230S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {0C64D904-5309-4524-8AE2-6EDACDD29C5D} - System32\Tasks\RealCreateProcessScheduledTask12056162S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {0CD7D285-2546-47BB-9CCB-12A102F72E2C} - System32\Tasks\RealCreateProcessScheduledTask9652811S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {0D2238B8-AD9C-4D55-BC8A-30AB3E30050E} - System32\Tasks\RealCreateProcessScheduledTask28274962S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {0D6DD8C0-CAE4-40E3-9C49-CD57B496253A} - System32\Tasks\RealCreateProcessScheduledTask15063472S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {0D9D3370-5119-464E-8161-F1742A02521F} - System32\Tasks\RealCreateProcessScheduledTask37874874S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {0E6D1730-EBFC-4331-8F90-42D2F9D9C595} - System32\Tasks\RealCreateProcessScheduledTask33090900S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {0F708DFC-D8D0-4476-B0A8-1EE8D0F1F08F} - System32\Tasks\RealCreateProcessScheduledTask4863752S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {10536C77-8EAE-49C5-BD3E-B057885A77B0} - System32\Tasks\RealCreateProcessScheduledTask6682958S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {1146D012-1F2D-4219-B7A8-E577C8328A77} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2006-10-31] ()
Task: {121CDBB1-2289-48EC-9CD4-A033F0CC1063} - System32\Tasks\RealCreateProcessScheduledTask9654043S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {136D429C-F993-4037-A8D7-CDE89467F7E7} - System32\Tasks\RealCreateProcessScheduledTask1251986S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {139724C5-9A4E-4A3E-B488-6CFB4CBD5C57} - System32\Tasks\RealCreateProcessScheduledTask9067370S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {13E9134C-100A-47E6-BDD8-4DE6A1E62DC2} - System32\Tasks\RealCreateProcessScheduledTask13298539S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {141AF520-9544-43B8-928D-B0F6C41EA2D7} - System32\Tasks\RealCreateProcessScheduledTask41478887S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {14FA8191-9CA9-4511-91F5-B90197AE6923} - System32\Tasks\RealCreateProcessScheduledTask13528968S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {153DE2F0-63A4-4405-A0C2-35574721FBDA} - System32\Tasks\RealCreateProcessScheduledTask2463458S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {15A6B7F7-96C2-47DF-A0D6-05AD1D8F5BE4} - System32\Tasks\RealCreateProcessScheduledTask1270004S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {1606231C-A390-474F-8A7D-3A04E491D2F1} - System32\Tasks\RealCreateProcessScheduledTask6054258S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {1692E161-D3E8-473E-B0C9-E11D94B25F13} - System32\Tasks\RealCreateProcessScheduledTask2453833S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {171B349E-F3E2-46EC-823F-5AA50514D653} - System32\Tasks\RealCreateProcessScheduledTask1860857S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {1874D31E-1299-41DB-AC8F-5EE4CD8491D0} - System32\Tasks\RealCreateProcessScheduledTask40280612S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {19DA7CD1-2075-4DA2-B01D-B88619639E2B} - System32\Tasks\RealCreateProcessScheduledTask13279429S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {1A168B32-83A7-41FA-AC35-DE0EEEEE08D6} - System32\Tasks\RealCreateProcessScheduledTask14457065S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {1A733BB1-C719-4464-AD73-75ECB184F67C} - System32\Tasks\RealCreateProcessScheduledTask1252064S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {1B5F653E-00EA-4E48-A0F6-6A0AA31DEE91} - System32\Tasks\RealCreateProcessScheduledTask9679581S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {1B9B10E6-B628-4C20-A53D-96A32C0C9B0B} - System32\Tasks\RealCreateProcessScheduledTask14477937S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {1D276052-219C-49B5-9A93-0EE408FE83BE} - System32\Tasks\RealCreateProcessScheduledTask4252977S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {1DDBEF90-CFCC-40B6-A8C8-475D1C30FA72} - System32\Tasks\RealCreateProcessScheduledTask4265067S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {1E5D6EA5-30AA-4A39-8A18-FB559A4D6DBB} - System32\Tasks\RealCreateProcessScheduledTask6055116S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {1EB943E5-34A0-4836-A330-45A75D823365} - System32\Tasks\RealCreateProcessScheduledTask3051894S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {1ECECF7F-4158-44D4-9DBF-41DB2E52266C} - System32\Tasks\RealCreateProcessScheduledTask3665461S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {1EDE4DF6-DF79-445E-A2D4-464EB2206696} - System32\Tasks\RealCreateProcessScheduledTask659993S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {1F323D03-CD28-481F-A41B-717795422102} - System32\Tasks\RealCreateProcessScheduledTask18716563S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {214D70FC-D063-46D6-B4A0-527B431C3062} - System32\Tasks\RealCreateProcessScheduledTask9054844S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {233A77D4-2BA8-4E99-92F5-A8A00377960E} - System32\Tasks\RealCreateProcessScheduledTask19857757S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {2416E4D4-DAFC-4741-8316-FFAE6A16102E} - System32\Tasks\RealCreateProcessScheduledTask12668841S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {2542FF29-C79C-4255-AD8C-10FBA8190B94} - System32\Tasks\RealCreateProcessScheduledTask7013446S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {2665E6A4-FB05-40BD-B2AB-91CC5BC47BD9} - System32\Tasks\RealCreateProcessScheduledTask1261720S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {267EEE2E-7B7B-4625-AA12-2A6D1DD794C4} - System32\Tasks\RealCreateProcessScheduledTask34292732S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {27589954-3ABC-4ECD-B84B-B75C9AD7DD50} - System32\Tasks\RealCreateProcessScheduledTask2449964S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {27E25764-9725-4EFE-84E1-F1D28624A2C0} - System32\Tasks\RealCreateProcessScheduledTask15692468S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {294213DC-74C2-40A3-BD8D-D13346481D22} - System32\Tasks\RealCreateProcessScheduledTask13256528S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {29A2D44D-8709-48BA-AE4D-CC59CFFA6499} - System32\Tasks\RealCreateProcessScheduledTask39675453S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {2B5A4C2A-F3B4-48F2-A74F-4E60D793BF4C} - System32\Tasks\RealCreateProcessScheduledTask16263962S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {2B955F2C-C58B-4736-BB33-7C0259C64EE7} - System32\Tasks\RealCreateProcessScheduledTask651881S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {2BDB6E38-6597-401D-99EE-F26079FB4D32} - System32\Tasks\RealCreateProcessScheduledTask1265948S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {2C0216B9-437E-4ED4-85A4-99481B3A2BED} - System32\Tasks\RealCreateProcessScheduledTask4305565S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {2C161A3A-ED3E-46F3-834C-183C55FB68E7} - System32\Tasks\RealCreateProcessScheduledTask40264560S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {2CC84BB5-090D-4C1F-AC29-89605D208BC3} - System32\Tasks\RealCreateProcessScheduledTask7254514S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {2D07BCCA-790C-49E7-9CBB-0721CBE7753B} - System32\Tasks\RealCreateProcessScheduledTask17471472S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {2D29A323-C502-4A80-9648-BAE8CB55DE14} - System32\Tasks\RealCreateProcessScheduledTask2465174S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {2D745158-3A7C-4DBA-8EA2-296AD19E016D} - System32\Tasks\RealCreateProcessScheduledTask9338204S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {300BAD3A-A4A7-42F8-B45F-9C34667B1FD9} - System32\Tasks\RealCreateProcessScheduledTask24709154S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {310E1A24-5897-4803-B929-EF7F176EFF59} - System32\Tasks\RealCreateProcessScheduledTask3823818S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {332CA5D7-E162-4F5C-9682-7C60FBE4938C} - System32\Tasks\RealCreateProcessScheduledTask7871748S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {33484936-59D5-466B-AE0E-2D42113D882C} - System32\Tasks\RealCreateProcessScheduledTask1570384S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {348DBE3A-D72C-4C5F-B9F9-A8EE053EBB2B} - System32\Tasks\RealCreateProcessScheduledTask34278739S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {34BAED79-EC4A-4E26-8CFE-386A170E28F2} - System32\Tasks\RealCreateProcessScheduledTask4872114S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {353AD138-355F-401D-B096-F0AC35142C0B} - System32\Tasks\RealCreateProcessScheduledTask20461824S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {35C51641-CA59-4C92-8457-C715DF3A7479} - System32\Tasks\RealCreateProcessScheduledTask6659745S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {3A0DC941-74F8-4AE0-9FDB-17E5229DC596} - System32\Tasks\RealCreateProcessScheduledTask9690610S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {3B2A17EF-9E53-4DA8-85A4-DC6DA7C1F8B0} - System32\Tasks\RealCreateProcessScheduledTask5585834S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {3B678FD2-CCB5-4494-9F58-B2AF678754AE} - System32\Tasks\RealCreateProcessScheduledTask16269937S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {3B77DEDD-4D8F-46FB-A819-6B869CA946D8} - System32\Tasks\RealCreateProcessScheduledTask13859830S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {3C6607F8-0DFA-4FE3-9E2B-D577143C7B55} - System32\Tasks\RealCreateProcessScheduledTask8490214S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {3D99A714-2085-459C-940F-F88045D1D2D1} - System32\Tasks\RealCreateProcessScheduledTask26463666S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {3D9BBC9C-704F-4891-AED0-D097D52B8ED2} - System32\Tasks\RealCreateProcessScheduledTask6665439S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {3E135ED0-F39A-4106-B9E4-4FA5575702CE} - System32\Tasks\RealCreateProcessScheduledTask28860746S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {3E1FFCE1-F2F0-47AB-8054-D690D58F1B0D} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2006-10-31] (Microsoft Corporation)
Task: {3E41C179-8593-4DB8-94C6-EC65BC3E06AA} - System32\Tasks\RealCreateProcessScheduledTask12698340S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {3E91C51E-E4C8-4E11-BE50-6599751BA321} - System32\Tasks\RealCreateProcessScheduledTask7865086S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {3E97B0E6-9C15-459C-BA68-BC7E45DA74F8} - System32\Tasks\RealCreateProcessScheduledTask8483677S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {3F43F59F-8F76-4B55-B085-78D3B56EB986} - System32\Tasks\RealCreateProcessScheduledTask22257551S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {3FD8C620-99F1-45FD-B57C-0D939CD912CD} - System32\Tasks\RealCreateProcessScheduledTask1907393S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {3FDF1CD2-952A-44EE-8BEC-2D677F8775AF} - System32\Tasks\RealCreateProcessScheduledTask3662685S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {40DA7407-625F-4B14-A9AD-96916FB3341A} - System32\Tasks\RealCreateProcessScheduledTask15669770S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {41A74C5F-E1CB-4216-BA66-5413F71E8A6A} - System32\Tasks\RealCreateProcessScheduledTask1259552S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {41BADB79-B78E-4919-B19C-3CB2B2DE871C} - System32\Tasks\RealCreateProcessScheduledTask6051029S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {424E586C-7C00-4B86-BF56-65E622FAA726} - System32\Tasks\RealCreateProcessScheduledTask7986595S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {433298D8-F27B-4241-AA62-7E0D79CCFC9E} - System32\Tasks\RealCreateProcessScheduledTask1268288S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {4461D28B-73F6-47D7-901B-39660189F6D3} - System32\Tasks\RealCreateProcessScheduledTask10426670S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {4465E2D9-CEA4-49B5-A6AB-828F327E4934} - System32\Tasks\RealCreateProcessScheduledTask18065134S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {4691DA9A-0479-473D-A164-0869826008EB} - System32\Tasks\RealCreateProcessScheduledTask9718363S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {46DC3F34-A7C0-44BC-B965-A55CDEFEF62C} - System32\Tasks\RealCreateProcessScheduledTask10253820S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {478DE92E-F914-470F-B071-730B15610173} - System32\Tasks\RealCreateProcessScheduledTask33697604S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {48AB9F9B-F327-44BE-8993-710299C40BC0} - System32\Tasks\RealCreateProcessScheduledTask27689319S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {48B44181-FE65-4C64-8CC1-5DA8F392D310} - System32\Tasks\RealCreateProcessScheduledTask1262188S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {48BB5942-AADC-4962-9EC1-016EC8BF053A} - System32\Tasks\RealCreateProcessScheduledTask12653163S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {4912377D-D875-4BF7-90DD-505BA200F72A} - System32\Tasks\RealCreateProcessScheduledTask3328952S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {491BD26B-DAF0-4823-B13B-97DCF1B56F27} - System32\Tasks\RealCreateProcessScheduledTask4247860S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {49361702-37B8-4DF4-87AA-ACEFCA9DEE16} - System32\Tasks\RealCreateProcessScheduledTask4251417S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {4959D5D9-48B2-4B51-9853-80AB75A5760E} - System32\Tasks\RealCreateProcessScheduledTask6930094S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {49718E86-5AC2-4031-B834-E16B1354D1C2} - System32\Tasks\RealCreateProcessScheduledTask24699201S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {4A35D3B6-18D7-4D5B-A477-4D9B9C76F31E} - System32\Tasks\RealCreateProcessScheduledTask2454738S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {4A9A457C-8C4A-44A7-9D2B-481BBFD29985} - System32\Tasks\RealCreateProcessScheduledTask11454435S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {4B0037C9-7E19-47FB-849B-88C7BA8791A9} - System32\Tasks\RealCreateProcessScheduledTask12662445S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {4B1B3A28-7DFF-42C0-AE12-B273E4957027} - System32\Tasks\RealCreateProcessScheduledTask15670940S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {4CCCFBBB-1EC8-4CB0-9E25-BB4C79C5C2EF} - System32\Tasks\RealCreateProcessScheduledTask12691383S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {4CD4B31C-FA39-486B-9C3B-4C86A2C755A3} - System32\Tasks\RealCreateProcessScheduledTask5464231S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {4CDF1982-FD67-48D0-88CA-E33A90CF9BB4} - System32\Tasks\RealCreateProcessScheduledTask15658709S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {4CE1123A-B9DA-4E82-BB77-A6F76D7DF8EA} - System32\Tasks\RealCreateProcessScheduledTask1525050S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {4CF98ABE-6D56-4042-BE0A-DFBB3E888BCE} - System32\Tasks\RealCreateProcessScheduledTask26499765S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {4F2550F7-D9F9-4C6B-A4AB-C6ADED0505E6} - System32\Tasks\RealCreateProcessScheduledTask7861233S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {4F770C89-4ADA-41B5-BEB6-FF88405D6D4C} - System32\Tasks\RealCreateProcessScheduledTask3059476S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {4FB49640-5F37-4ED7-ADB1-2DED94B9DA2D} - System32\Tasks\RealCreateProcessScheduledTask9055686S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {5066592B-7B3F-4B1D-BAA9-14982C4AB275} - System32\Tasks\RealCreateProcessScheduledTask4916543S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {50E69C68-E9D5-42B2-B71F-EA3D42915C8C} - System32\Tasks\RealCreateProcessScheduledTask19893996S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {50ED7493-096E-4E08-96C6-A2253AF5D404} - System32\Tasks\RealCreateProcessScheduledTask4865951S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {526F49EB-90BC-42AC-9B44-70FD7871B27F} - System32\Tasks\RealCreateProcessScheduledTask19306356S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {52CF3B6B-AF56-4A06-8DB4-027D378194A9} - System32\Tasks\RealCreateProcessScheduledTask10262900S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {536DA4FF-6ED4-4D65-9C6E-AB0821781EC5} - System32\Tasks\RealCreateProcessScheduledTask5461345S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {5470EA01-6284-43E5-A08C-B60258BA3959} - System32\Tasks\RealCreateProcessScheduledTask7855555S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {559E50D9-526F-435E-969D-DC4DE8FD6973} - System32\Tasks\RealCreateProcessScheduledTask4271120S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {55D546F9-3ECC-4B77-9EAA-7064A59BDD9B} - System32\Tasks\RealCreateProcessScheduledTask24072904S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {577F6761-439E-4857-AA8F-534780E9E71C} - System32\Tasks\RealCreateProcessScheduledTask22261171S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {5815296F-AE89-4E3D-8F25-389F9490FA6B} - System32\Tasks\RealCreateProcessScheduledTask7847973S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {583FE888-81E2-47E5-8BD2-2ADE30E44945} - System32\Tasks\RealCreateProcessScheduledTask6063384S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {58955193-79A9-484F-8BFB-BB4AEAB3388F} - System32\Tasks\RealCreateProcessScheduledTask22282824S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {58C47A43-7788-4AF6-8E57-A4678BF5C150} - System32\Tasks\RealCreateProcessScheduledTask8457204S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {59795DA5-453F-4302-8B03-AF1BBFD86FF2} - System32\Tasks\RealCreateProcessScheduledTask19305716S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {598DB535-6B43-4283-A0F8-80A6CFC71AE4} - System32\Tasks\RealCreateProcessScheduledTask13863294S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {5AF4CAAB-BD83-4B8B-88C9-9945F5141CC4} - System32\Tasks\RealCreateProcessScheduledTask15674840S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {5B0A343A-C218-4885-830B-FBBB7B1D72F5} - System32\Tasks\RealCreateProcessScheduledTask8456658S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {5C9C546B-C3CB-4837-81D8-1EB39423F13E} - System32\Tasks\RealCreateProcessScheduledTask34862729S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {5CF2DD37-48B1-48CC-9310-9B8667F1E563} - System32\Tasks\RealCreateProcessScheduledTask21060790S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {5DB58D85-A112-4819-8634-84379A8BE6C9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {5E19D60F-FCD1-4A52-8C28-AD21D81391C2} - System32\Tasks\RealCreateProcessScheduledTask22261093S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {5FB34A50-A019-4F15-A705-5DB5A269EAD0} - System32\Tasks\RealCreateProcessScheduledTask11467914S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {5FDD22E3-72F4-4CDC-A5EF-096B1131C70A} - System32\Tasks\RealCreateProcessScheduledTask7265684S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {6191B3AA-CD80-4E49-98A4-471D6C379DBD} - System32\Tasks\RealCreateProcessScheduledTask1870295S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {62C75638-C5E1-4F97-BD00-2022CCCF8273} - System32\Tasks\RealCreateProcessScheduledTask4850679S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {64FA53D5-B1ED-423A-88CA-5BE82ED8627C} - System32\Tasks\RealCreateProcessScheduledTask12075881S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {65AC5215-4782-47BF-983D-8B229682BF14} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {66A2DC61-4E4A-495E-BB90-C58E906E6316} - System32\Tasks\RealCreateProcessScheduledTask3050381S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {67369354-1D3B-4573-B5A0-8431EAEE256E} - System32\Tasks\RealCreateProcessScheduledTask15058870S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {67D297E1-4D4F-4E28-9DC6-23D06F10ACA6} - System32\Tasks\RealCreateProcessScheduledTask6655205S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {6833EB55-1D78-410C-942E-C084416EEFB5} - System32\Tasks\RealCreateProcessScheduledTask4560268S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {69271599-A47C-49FE-A382-577B67E1ED2B} - System32\Tasks\RealCreateProcessScheduledTask6224892S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {697F1EAC-0776-42E2-AAE4-F23A70720BB7} - System32\Tasks\RealCreateProcessScheduledTask9053596S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {6B5E1867-8198-4DE1-97BB-7656FD985776} - System32\Tasks\RealCreateProcessScheduledTask5249262S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {6B9AA9BF-E9DA-4C86-8D8D-7CEDEF7D2780} - System32\Tasks\RealCreateProcessScheduledTask20494178S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {6BB0DC9C-CBFE-49C0-97D7-F381EE9D1A0D} - System32\Tasks\RealCreateProcessScheduledTask4861100S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {6BEED06F-F160-47B5-893D-48DA12A32773} - System32\Tasks\RealCreateProcessScheduledTask12062574S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {6C1D8A32-15F8-4737-A909-1AB0529DE70D} - System32\Tasks\RealCreateProcessScheduledTask652037S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {6CB81866-278C-43D2-A8EE-FCF93A12EB8F} - System32\Tasks\RealCreateProcessScheduledTask29460944S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {6E3AADA6-A839-4A8F-A016-0AE0CFC27230} - System32\Tasks\RealCreateProcessScheduledTask13855603S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {6EDA8A3A-935B-42FD-B500-B41BA22A6DA3} - System32\Tasks\RealCreateProcessScheduledTask3664853S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {7205ACDF-3362-4743-8CFC-063A3724D3C3} - System32\Tasks\RealCreateProcessScheduledTask9060070S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {7485F2D2-EB61-461C-9F59-487FCB7B8571} - System32\Tasks\RealCreateProcessScheduledTask10273055S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {754122F1-1B33-4257-B0CF-0F03C495F2CA} - System32\Tasks\RealCreateProcessScheduledTask12060172S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {75B642DE-1DCF-40BA-9F27-BEBE20B10A75} - System32\Tasks\RealCreateProcessScheduledTask24673586S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {765765B7-CFD2-4761-A2E3-18DB65F261F6} - System32\Tasks\RealCreateProcessScheduledTask16278548S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {76C22B45-55AD-42E9-A337-50D1A4B0E0E9} - System32\Tasks\RealCreateProcessScheduledTask14463461S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {77BCAC18-C7AC-4E64-B1F3-C47FC10A8488} - System32\Tasks\RealCreateProcessScheduledTask2474019S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {789DD486-328F-4B27-BD9F-2F6532F73CD7} - System32\Tasks\RealCreateProcessScheduledTask17496916S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {7998820A-EC5D-4B84-9FD4-77E66281223A} - System32\Tasks\RealCreateProcessScheduledTask3653325S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {79F468F3-00B5-44F4-9B0F-9922C59814AB} - System32\Tasks\RealCreateProcessScheduledTask15076139S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {7A79FE50-2F34-4CD9-BB05-774D89AC6574} - System32\Tasks\RealCreateProcessScheduledTask10865750S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {7ABBDFBD-D761-457A-9B37-44A4A6794F62} - System32\Tasks\RealCreateProcessScheduledTask4877527S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {7B2D9C25-D88B-4435-A1B9-23B0ED51EDA5} - System32\Tasks\RealCreateProcessScheduledTask1250098S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {7B987516-B56A-49A5-843D-B2BF4CF3634A} - System32\Tasks\RealCreateProcessScheduledTask1254435S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {7C00D36B-59AF-40ED-9BE7-B3FEDD6299A9} - System32\Tasks\RealCreateProcessScheduledTask8458062S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {7C2EA6FD-3625-45DF-A0E9-45F6847AB84B} - System32\Tasks\RealCreateProcessScheduledTask4848152S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {7CA2212E-07D2-4FE2-9D99-5F6EEE364EB1} - System32\Tasks\RealCreateProcessScheduledTask11457431S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {7CC65B34-7102-428B-B4E9-71DAD7E0A974} - System32\Tasks\RealCreateProcessScheduledTask658402S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {7CEEAD02-3610-4114-9253-A45AE1DF86FF} - System32\Tasks\RealCreateProcessScheduledTask19856462S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {7E3CDE42-ED65-4613-8743-59A69D06070F} - System32\Tasks\RealCreateProcessScheduledTask10854471S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {7E8030D5-6CD1-4CB5-8B59-12E572460825} - System32\Tasks\RealCreateProcessScheduledTask16267675S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {7E9C5634-303B-4CE4-9A25-3EAE3CD0D870} - System32\Tasks\RealCreateProcessScheduledTask9658287S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {7ECE7CFF-41CF-4F3A-A9B0-3E671FBC928C} - System32\Tasks\RealCreateProcessScheduledTask14460777S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {7F5B8F34-9649-4E8E-BD0B-5ED0AD288EE5} - System32\Tasks\RealCreateProcessScheduledTask1264544S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {8045DCB7-8BB8-4106-B66B-E476C90091ED} - System32\Tasks\RealCreateProcessScheduledTask9077027S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {804E1470-2D26-417C-A20D-348E75ED5DFA} - System32\Tasks\RealCreateProcessScheduledTask12677390S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {80667F6E-EF4D-4934-891A-24862C3FFA4F} - System32\Tasks\RealCreateProcessScheduledTask15092363S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {808E0218-693C-4403-A075-F87EC13C25B8} - System32\Tasks\RealCreateProcessScheduledTask1250004S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
 
Task: {80B8B4C8-AFE8-48BF-8F08-3DCF693D78E2} - System32\Tasks\RealCreateProcessScheduledTask3931537S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {82D90C96-A8D6-4E41-872E-A424A670DD28} - System32\Tasks\RealCreateProcessScheduledTask2464566S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {851DFB3E-F6FA-4805-B2F0-9749AC19E83C} - System32\Tasks\RealCreateProcessScheduledTask3660969S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {853003A8-7BDD-4D3D-8238-2E0798CE95D3} - System32\Tasks\RealCreateProcessScheduledTask633910S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {8549BBC2-8F5D-4E19-9901-D20D5D23634F} - System32\Tasks\RealCreateProcessScheduledTask40871981S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {866209A0-7C61-4245-8112-E0E1C81F3502} - System32\Tasks\RealCreateProcessScheduledTask3053267S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {866E98C4-2B0F-4DD0-AD80-C41367999226} - System32\Tasks\RealCreateProcessScheduledTask13860720S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {871715E8-B19F-44CF-9715-741CF136DA40} - System32\Tasks\RealCreateProcessScheduledTask9672841S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {88219D78-003F-411F-9047-EBEBB500ECD6} - System32\Tasks\RealCreateProcessScheduledTask10253618S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {883EB7C0-B2D5-4244-AB49-C542876484F7} - System32\Tasks\RealCreateProcessScheduledTask9656134S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {890261AA-9946-426A-836C-CD3FBCFAE188} - System32\Tasks\RealCreateProcessScheduledTask33692503S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {892EC9A3-8542-4C02-BF1C-EE2183532859} - System32\Tasks\RealCreateProcessScheduledTask33682441S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {8A209F69-71AF-482F-A28B-5268CDA78D93} - System32\Tasks\RealCreateProcessScheduledTask6088547S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {8A92C456-02DB-4489-B34D-15800CE2A1A3} - System32\Tasks\RealCreateProcessScheduledTask11459287S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {8ADC91C5-4AC0-44FB-9BDB-CDE87E12C077} - System32\Tasks\RealCreateProcessScheduledTask3664557S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {8B0AC77D-73C0-4618-8685-6ACAC7EC593A} - System32\Tasks\RealCreateProcessScheduledTask5492810S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {8BE9C43F-A95D-42E9-8B29-0831BE4DA6BB} - System32\Tasks\RealCreateProcessScheduledTask657076S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {8C94921D-6007-416D-8F75-D3DE0642B7E0} - System32\Tasks\RealCreateProcessScheduledTask12060062S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {8CCE094B-412B-4D34-96FF-2B60D26BA723} - System32\Tasks\RealCreateProcessScheduledTask9667007S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {8D68347A-E1FE-49B8-BEBB-0FDF400A89D0} - System32\Tasks\RealCreateProcessScheduledTask21665746S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {8E1850F1-E727-49F0-BA61-CA634BD9E246} - System32\Tasks\RealCreateProcessScheduledTask1847987S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {8E6E33D7-B16E-46BD-8E70-D1C90F4D636A} - System32\Tasks\RealCreateProcessScheduledTask658605S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {8E9C8823-89B0-4D6A-B771-5C76D7C14F1F} - System32\Tasks\RealCreateProcessScheduledTask25870925S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {8ED39975-5278-4DA1-BCA6-60B926C7EE06} - System32\Tasks\RealCreateProcessScheduledTask6668169S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {8EDE1208-E27D-418F-83EF-28484E17397F} - System32\Tasks\RealCreateProcessScheduledTask33092336S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {8EF6DAB4-6CE0-426E-95F2-8A74970ADF07} - System32\Tasks\RealCreateProcessScheduledTask38464012S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {8F612020-7155-410F-B256-E96154B1C0C0} - System32\Tasks\RealCreateProcessScheduledTask26474134S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {8F94CBCB-8D58-4727-BD4D-B10684D3594D} - System32\Tasks\RealCreateProcessScheduledTask27671535S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {8F9E566F-9021-4CFE-84D7-8AFEBBB83CB7} - System32\Tasks\RealCreateProcessScheduledTask7261050S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {8FED7FB1-F105-4001-97E2-E72CFD262B7C} - System32\Tasks\RealCreateProcessScheduledTask9055187S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {900553A5-071F-4868-8BC1-27B90A97149E} - System32\Tasks\RealCreateProcessScheduledTask37292163S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {908C182E-CC70-49E4-B9AC-8B1F17C59667} - System32\Tasks\RealCreateProcessScheduledTask1849781S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {909391A2-EEF1-4E9B-9913-E23939684F40} - System32\Tasks\RealCreateProcessScheduledTask9669129S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {914F0CE7-9DCA-4D2D-A029-D4F11E33A092} - System32\Tasks\RealCreateProcessScheduledTask4885171S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {91949497-3E5F-4157-BD17-CE1302EF42F3} - System32\Tasks\RealCreateProcessScheduledTask12655175S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {92211B8F-2D96-4E8E-BD3C-94286F16E67F} - System32\Tasks\RealCreateProcessScheduledTask5504198S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {92CBC1E6-79FB-4F23-88F4-1CEA3F1512CA} - System32\Tasks\RealCreateProcessScheduledTask2477748S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {92F22B85-5793-4DF6-8C67-1386BEA40F3B} - System32\Tasks\RealCreateProcessScheduledTask39092696S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {935D811B-7DDD-4740-A51F-1583A345B1BE} - System32\Tasks\RealCreateProcessScheduledTask22271857S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {9378D50E-EAC4-4AAF-8C9D-447F0DE6BBCE} - System32\Tasks\RealCreateProcessScheduledTask11463312S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {93E58DEE-526D-43FC-A952-CD4DB364CF73} - System32\Tasks\RealCreateProcessScheduledTask12085475S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {959F80A3-CE31-431F-A275-29637507CF1B} - System32\Tasks\RealCreateProcessScheduledTask25863499S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {96FBCAB8-262C-4F63-987E-3726095B875B} - System32\Tasks\RealCreateProcessScheduledTask27098106S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {97CB6507-217E-4D47-B041-703D30DB5D37} - System32\Tasks\RealCreateProcessScheduledTask9057059S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {986B881F-F235-4629-82F4-F58F3A3DD042} - System32\Tasks\RealCreateProcessScheduledTask3071472S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {986CF9F3-FA28-4B0A-9F11-009162CA9D3B} - System32\Tasks\RealCreateProcessScheduledTask25897679S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {991CC335-D836-4409-97F4-AA21D2D69F05} - System32\Tasks\RealCreateProcessScheduledTask25268230S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {99B5E959-84A3-4C92-90EE-168915C4F19A} - System32\Tasks\RealCreateProcessScheduledTask5454840S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {99BCD4CF-4FC8-4BD3-B0CF-7A98D6E1293F} - System32\Tasks\RealCreateProcessScheduledTask4274598S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {9A0112BF-F2B7-473C-B337-FD15DAC3357A} - System32\Tasks\RealCreateProcessScheduledTask2459932S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {9B199E81-366A-4B09-8A0C-A44AF442FBB5} - System32\Tasks\RealCreateProcessScheduledTask7256526S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {9BAE189F-87B2-4E60-84B2-7362634EBD69} - System32\Tasks\RealCreateProcessScheduledTask7853667S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {9BCB95A9-6D7C-48A1-8F17-29CC6D685699} - System32\Tasks\RealCreateProcessScheduledTask12655144S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {9C504D17-4B29-4AB6-844E-DE3C3F5398E3} - System32\Tasks\RealCreateProcessScheduledTask28872009S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {9DB0994A-E453-4C44-A12B-53D09986370E} - System32\Tasks\RealCreateProcessScheduledTask3053891S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {9E37CD09-944C-49BF-84C6-BA7D1F90B4D9} - System32\Tasks\RealCreateProcessScheduledTask28898686S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {9EDED14F-CD79-43A5-9425-525088EC1D78} - System32\Tasks\RealCreateProcessScheduledTask9059680S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {9EFE5D9A-8B95-4FE2-AC31-9EA9958AEC3D} - System32\Tasks\RealCreateProcessScheduledTask936240S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {9F0B3480-D131-43C4-9899-A67FCA8AA730} - System32\Tasks\RealCreateProcessScheduledTask25299384S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {9F2ABCD5-5F53-4569-BB9B-28EC2DAE99EC} - System32\Tasks\RealCreateProcessScheduledTask11455824S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {9F57A864-B55D-4DD7-96BC-E8C8A884B6BE} - System32\Tasks\RealCreateProcessScheduledTask4878042S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {9F7C85B8-1448-4634-8DDA-1186A37F1702} - System32\Tasks\RealCreateProcessScheduledTask669805S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {9FD28D7D-AB69-4789-AE33-743715216AD6} - System32\Tasks\RealCreateProcessScheduledTask12660339S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {9FDE7C54-21F8-434A-848B-E4729605F6F5} - System32\Tasks\RealCreateProcessScheduledTask1854711S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {A02BC5FA-8686-45E4-BAD9-B57909E71252} - System32\Tasks\RealCreateProcessScheduledTask19264703S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {A07B272D-0029-4E7C-B4F6-FD19170882D9} - System32\Tasks\RealCreateProcessScheduledTask30060409S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {A15068B2-938C-42BB-ACDA-28F7090F9F8C} - System32\Tasks\RealCreateProcessScheduledTask4898150S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {A27453B3-5EA2-4EBF-ABFD-68FF9A146A22} - System32\Tasks\RealCreateProcessScheduledTask28862431S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {A2B7C3DE-2C4D-4127-8541-F8C3ED341272} - System32\Tasks\RealCreateProcessScheduledTask34876831S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {A2C1D648-3581-4070-836E-5BA9FAB28D08} - System32\Tasks\RealCreateProcessScheduledTask33076283S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {A38A65B7-27FE-4C7A-AE33-0388F1C96C94} - System32\Tasks\RealCreateProcessScheduledTask38515492S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {A56B6065-9A15-4F2D-8257-994DC4FF01B5} - System32\Tasks\RealCreateProcessScheduledTask11460005S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {A697B1E9-D074-45C4-A907-AA038560AB0E} - System32\Tasks\RealCreateProcessScheduledTask12658077S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {A6EE4793-63E2-44AC-95C0-71999C60FC20} - System32\Tasks\RealCreateProcessScheduledTask10855891S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {A7EF6240-9547-49F6-9E44-577E28B77CA9} - System32\Tasks\RealCreateProcessScheduledTask39664377S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {A818C3DD-8DFD-4917-9919-F02DE1AA70D0} - System32\Tasks\RealCreateProcessScheduledTask19861626S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {A8C734E0-23F1-4D53-BD11-F824CE0FC3F4} - System32\Tasks\RealCreateProcessScheduledTask5480424S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {A998877F-EF63-415F-B39F-5B5E044A31B8} - System32\Tasks\RealCreateProcessScheduledTask1256494S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {AA40B9F5-2DA3-406A-A465-7133F4A35D9E} - System32\Tasks\RealCreateProcessScheduledTask24121872S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {AB593F20-06CC-45D6-9468-F552B0BBE26C} - System32\Tasks\RealCreateProcessScheduledTask12670042S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {ABFF2805-2EA2-4209-91FE-620E605E5666} - System32\Tasks\RealCreateProcessScheduledTask20465069S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {AC17FB79-B38D-426F-A6BA-D449630A805C} - System32\Tasks\RealCreateProcessScheduledTask5454528S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {ACF40E14-4406-4F12-8CB2-132DD2B2F7CD} - System32\Tasks\RealCreateProcessScheduledTask1070978S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {AE78CF6B-FB6D-40DD-83CF-74C1DABFEE18} - System32\Tasks\RealCreateProcessScheduledTask37868447S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {AEA4FE85-5FA9-43B6-B456-3EF34C952B0A} - System32\Tasks\RealCreateProcessScheduledTask15059322S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {AEC45AFA-B85A-4F90-B66A-9D4EACDD4683} - System32\Tasks\RealCreateProcessScheduledTask10263024S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {AFFDDE97-2365-48BB-89B3-A206406FFDCA} - System32\Tasks\RealCreateProcessScheduledTask6653037S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {B0E4EE5B-ADE3-414C-B597-D8077D1A652B} - System32\Tasks\RealCreateProcessScheduledTask2624592S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {B23A2F6B-83F4-4175-9DDE-D480DECF371A} - System32\Tasks\RealCreateProcessScheduledTask47495253S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {B324E25D-6435-4F6C-86E2-328F69FFEF39} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {B362FF40-8FCE-4DC7-9040-3934DE219C23} - System32\Tasks\RealCreateProcessScheduledTask1246713S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {B3CB1F01-54CA-40F5-AAEE-D93742ED81A9} - System32\Tasks\RealCreateProcessScheduledTask14129182S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {B3DF44B2-6832-46F7-AEFE-7EF502142962} - System32\Tasks\RealCreateProcessScheduledTask4254022S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {B3F3E9BE-AD0A-4CDB-8CBA-E8A6D5EE5744} - System32\Tasks\RealCreateProcessScheduledTask11468475S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {B42C3705-57A2-431E-AEC0-56AB2883AD74} - System32\Tasks\RealCreateProcessScheduledTask62868S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {B44DB606-6C42-4A4E-B8D7-0468836F5609} - System32\Tasks\RealCreateProcessScheduledTask3670157S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {B592BDC1-2274-45BD-B556-C5E82D1C2DDC} - System32\Tasks\RealCreateProcessScheduledTask53289S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {B5AA1149-9D1D-47A2-BDBD-0292CE6A229F} - System32\Tasks\RealCreateProcessScheduledTask4260964S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {B5C5CC01-8BDD-4ECF-8184-99041959CE2D} - System32\Tasks\RealCreateProcessScheduledTask22894847S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {B5EA3B13-1DED-42BF-A464-399FE18B20AB} - System32\Tasks\RealCreateProcessScheduledTask21661004S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {B61D1B7F-0E11-452D-9DD1-B281DAEE518C} - System32\Tasks\RealCreateProcessScheduledTask27659414S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {B627C762-54F9-4635-ACCE-FF01341C3818} - System32\Tasks\RealCreateProcessScheduledTask1866099S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {B7CE5D96-A827-445A-9D0E-3079E8178C6D} - System32\Tasks\RealCreateProcessScheduledTask9064890S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {B8649385-8CD6-4F44-AC64-98FB19C6B592} - System32\Tasks\RealCreateProcessScheduledTask21662174S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {B8BD6069-9CBD-4DF3-91B1-32C9C7D95D57} - System32\Tasks\RealCreateProcessScheduledTask1850811S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {BA036481-92C7-43EF-8078-80DD6A8EBBAC} - System32\Tasks\RealCreateProcessScheduledTask931247S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {BA061809-E76B-454C-81E2-1DD00832C5B6} - System32\Tasks\RealCreateProcessScheduledTask32604692S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {BA331C2E-F687-4171-A240-BD424A8772DE} - System32\Tasks\RealCreateProcessScheduledTask6678137S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {BA99F2E0-7EFC-4F18-A15F-C57C63602F4E} - System32\Tasks\RealCreateProcessScheduledTask8159367S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {BAB66E9D-3F11-402F-BC4B-1F41330308DF} - System32\Tasks\RealCreateProcessScheduledTask36674431S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {BBFD81C6-12EE-40F5-A150-2A379B4266C9} - System32\Tasks\RealCreateProcessScheduledTask3665181S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {BCC6F90A-2736-475A-937A-15886D2E4C27} - System32\Tasks\RealCreateProcessScheduledTask10252588S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {BD063FA3-B378-425D-9A55-BC2AD066BFE0} - System32\Tasks\RealCreateProcessScheduledTask4251682S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {BD1C526C-B547-4A19-B477-130512356D73} - System32\Tasks\RealCreateProcessScheduledTask1899936S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {BD700DCB-9998-4AE3-86C6-B00A1D4F1B5C} - System32\Tasks\RealCreateProcessScheduledTask36070239S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {BDDC1D1B-01FB-49C2-B47B-95C3B9AB8F2C} - System32\Tasks\RealCreateProcessScheduledTask23466029S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {BE760C85-9F2B-4232-9173-D2BB3EAE77C1} - System32\Tasks\RealCreateProcessScheduledTask6675251S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {BE97FE39-2267-4019-8606-E7A2226E90C2} - System32\Tasks\RealCreateProcessScheduledTask23498836S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {BECF11BE-AA89-4AD7-A270-F79AB6A46FA5} - System32\Tasks\RealCreateProcessScheduledTask6093851S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {BF92846D-60F5-45DF-A2E5-63AC299D4E5B} - System32\Tasks\RealCreateProcessScheduledTask6663957S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {BFB27EC1-034B-4875-A134-AB10C16F889E} - System32\Tasks\RealCreateProcessScheduledTask5467803S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {C016B214-CA4E-4101-8DDD-10D8CCA41DBD} - System32\Tasks\RealCreateProcessScheduledTask29498884S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {C01B6D12-02F7-4E01-88FA-0B321BAD502F} - System32\Tasks\RealCreateProcessScheduledTask2634810S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {C0815DAB-BB24-4CDA-B7E9-49375DBE69F9} - System32\Tasks\RealCreateProcessScheduledTask4854423S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {C096DB5D-6F14-44BF-8EE9-CD347BC889A8} - System32\Tasks\RealCreateProcessScheduledTask16258471S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {C0A9C5E6-075A-491D-943C-E69B98B12917} - System32\Tasks\RealCreateProcessScheduledTask12061326S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {C164EC43-63D2-4A4B-9A77-F45361DB8164} - System32\Tasks\RealCreateProcessScheduledTask20507095S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {C17DE0A5-44B6-4DB9-8596-8C0DFDB6C21F} - System32\Tasks\RealCreateProcessScheduledTask21058138S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {C1C90073-F58B-4C74-9C1C-B8C308C860CD} - System32\Tasks\RealCreateProcessScheduledTask221833S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {C23495B3-9C5C-4F06-BAFE-100B60D8CA08} - System32\Tasks\RealCreateProcessScheduledTask4859883S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {C3A0B64E-6864-428C-A20D-B2F3B8C40F90} - System32\Tasks\RealCreateProcessScheduledTask39075270S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {C53E76A6-7EC8-4E32-BDC4-F4A7E1065667} - System32\Tasks\RealCreateProcessScheduledTask10886545S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {C5438B12-0070-497E-BB9F-B2A74A3DFE97} - System32\Tasks\RealCreateProcessScheduledTask26461139S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {C591C48B-7D7D-4659-9E65-CBA58C81A39F} - System32\Tasks\RealCreateProcessScheduledTask2454816S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {C5D5DA06-C291-47A3-A9CE-0CEA667275AA} - System32\Tasks\RealCreateProcessScheduledTask3654994S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {C70D590B-7915-4B91-B2CE-7656C7A6631C} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-628112888-541856711-2089572369-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2011-09-27] (RealNetworks, Inc.)
Task: {C7180606-BFC3-4F10-8693-67AF9ABA00F2} - System32\Tasks\RealCreateProcessScheduledTask24722040S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {C7AE8CDA-613B-4DDA-8B01-A3E25D91C9B8} - System32\Tasks\RealCreateProcessScheduledTask14465395S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {C7E17EFE-975F-492C-8141-9F2B8D956718} - System32\Tasks\RealCreateProcessScheduledTask7268055S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
 
Task: {C829204B-EE6A-4422-8886-BD1CE7D822FF} - System32\Tasks\RealCreateProcessScheduledTask6664175S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {C83AA45A-2FBE-406C-B313-496603D50076} - System32\Tasks\RealCreateProcessScheduledTask5454637S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {C8516998-CEFF-4E05-8152-E1111F0907B8} - System32\Tasks\RealCreateProcessScheduledTask9054048S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {C8FC5D06-87A9-4AD5-84FE-49A6E7A2D6C1} - System32\Tasks\RealCreateProcessScheduledTask1868969S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {C91C0812-E54C-4EE0-9389-8C715B49407C} - System32\Tasks\RealCreateProcessScheduledTask7263032S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {CA034B7D-12F4-4BDE-A4E8-F24A524186FD} - System32\Tasks\RealCreateProcessScheduledTask3061410S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {CA6246B8-79A7-41CB-86C8-704D4A2EA4A1} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-628112888-541856711-2089572369-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2011-09-27] (RealNetworks, Inc.)
Task: {CB0F7B1A-EBD5-4C2B-9C52-36D28C62FFA6} - System32\Tasks\RealCreateProcessScheduledTask4851209S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {CBF95BB3-7888-49F3-A154-EBD1409717EB} - System32\Tasks\RealCreateProcessScheduledTask23472596S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {CC089B16-EE0D-4D37-B02B-E6C609704F10} - System32\Tasks\RealCreateProcessScheduledTask9652421S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {CC2C6A92-BA21-4952-8F3E-5600819714C3} - System32\Tasks\RealCreateProcessScheduledTask9655120S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {CC2D30A6-75D4-4AC3-BBA2-560399D2C869} - System32\Tasks\RealCreateProcessScheduledTask26473556S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {CDAC75AD-29EF-465B-A1E6-30C50C50A577} - System32\Tasks\RealCreateProcessScheduledTask659977S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {CE1D9051-3362-49C2-ADF3-A20E6F2DDF52} - System32\Tasks\RealCreateProcessScheduledTask26504866S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {CE40EEBC-C5E3-4BFD-8100-7B8FCC6E47AA} - System32\Tasks\RealCreateProcessScheduledTask55895S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {CE57A1E7-A259-4176-862F-E10081043F21} - System32\Tasks\RealCreateProcessScheduledTask31272818S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {CF37D600-47B1-4E0C-9268-934076B5E6CE} - System32\Tasks\RealCreateProcessScheduledTask4525869S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {CFD1E84B-9D25-4178-85A5-2CFF038BD564} - System32\Tasks\RealCreateProcessScheduledTask2871604S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {D10D4CF7-FC4C-4A3C-A237-F6EACD86EEBE} - System32\Tasks\RealCreateProcessScheduledTask10259499S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {D1E72E6F-707B-4A0F-B14E-D72971905D7F} - System32\Tasks\RealCreateProcessScheduledTask6059000S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {D282802F-5981-461A-BDFE-D227FB756967} - System32\Tasks\RealCreateProcessScheduledTask13253330S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {D3195E1C-7E58-45AA-A648-1913762180A7} - System32\Tasks\RealCreateProcessScheduledTask2456298S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {D383C35B-6814-4AB1-9670-40437DDBB819} - System32\Tasks\RealCreateProcessScheduledTask1264200S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {D49A2371-2744-44C2-B302-EBCDECE030E0} - System32\Tasks\RealCreateProcessScheduledTask7264108S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {D5505FF7-3842-40F6-A5FF-6104DB958AA8} - System32\Tasks\RealCreateProcessScheduledTask2458981S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {D59DC9B5-2656-4C65-B38F-1508278137D4} - System32\Tasks\RealCreateProcessScheduledTask18693397S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {D5D1BE30-2AD7-460E-9ABE-3D93FF9F95CC} - System32\Tasks\RealCreateProcessScheduledTask3051941S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {D5FD670F-187B-4431-9A58-DD280EA98981} - System32\Tasks\RealCreateProcessScheduledTask10260076S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {D61874D0-0DE9-4BBB-937A-23581EF2AB80} - System32\Tasks\RealCreateProcessScheduledTask13253517S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {D6A760C9-89CD-46BB-AF16-915DB5FA073E} - System32\Tasks\RealCreateProcessScheduledTask3325598S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {D6E88DD7-2A25-4B04-84C4-7BEAF3BF0329} - System32\Tasks\RealCreateProcessScheduledTask38475056S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {D72E3522-A42A-40AF-8FD1-0BCB813C9C50} - System32\Tasks\RealCreateProcessScheduledTask1315135S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {D7757501-5957-47E6-A0A4-91050B102E1C} - System32\Tasks\RealCreateProcessScheduledTask3053391S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {D791DA2F-66BC-4FB3-BBBA-4E6C422F63BF} - System32\Tasks\RealCreateProcessScheduledTask15073690S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {D795CE6A-C846-4341-9B66-7CD5EF4B9D81} - System32\Tasks\RealCreateProcessScheduledTask3083640S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {D7B9EAB0-9008-43F6-8A47-3F59B870FF85} - System32\Tasks\RealCreateProcessScheduledTask7258508S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {D7BCB7BB-9466-4F1C-822B-D1BCD14BEA80} - System32\Tasks\RealCreateProcessScheduledTask13877724S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {D7C94B49-4A49-4C09-8B0F-968B48B29E16} - System32\Tasks\RealCreateProcessScheduledTask18068457S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {D80AA035-E966-408C-B29B-7F1CE2F77E07} - System32\Tasks\RealCreateProcessScheduledTask6337213S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {D81C1E23-7D88-4D3D-A390-C1AE8B0322C1} - System32\Tasks\RealCreateProcessScheduledTask6186048S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {D831FCEF-92C2-4BA2-81BF-383E83032C18} - System32\Tasks\RealCreateProcessScheduledTask7264810S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {D9405A5A-74A8-4B7F-BA2D-10142D03DC1F} - System32\Tasks\RealCreateProcessScheduledTask20481230S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {DA2BDE62-0A46-430D-AA51-E77C57DBE8F7} - System32\Tasks\RealCreateProcessScheduledTask2460104S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {DA2D19F6-DE80-44D1-A3DD-9B22691DC33E} - System32\Tasks\RealCreateProcessScheduledTask12666391S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {DA824F64-977F-4750-8CF1-5BA9D4EBF318} - System32\Tasks\RealCreateProcessScheduledTask1859157S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {DABF3309-482C-4395-B6F7-7432A345D630} - System32\Tasks\RealCreateProcessScheduledTask6071012S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {DB46D096-8BE3-48EB-9772-4A6971D4D3A3} - System32\Tasks\RealCreateProcessScheduledTask6067144S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {DB79E1F7-25E2-4940-8C44-6FA31A3E86B5} - System32\Tasks\RealCreateProcessScheduledTask7867364S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {DE6EE121-6816-463A-A1D7-7F18168AF5ED} - System32\Tasks\RealCreateProcessScheduledTask8738037S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {DF32F817-5683-46D3-9460-BE11A86BF01A} - System32\Tasks\RealCreateProcessScheduledTask3659721S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {DF8DA814-1718-4250-A45F-BB998A069FBA} - System32\Tasks\RealCreateProcessScheduledTask12654411S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {E02613A8-CC41-4216-AA88-AA8815557DE5} - System32\Tasks\RealCreateProcessScheduledTask42681405S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {E0C8A76A-23EF-4379-B7DC-1F7F42198A0E} - System32\Tasks\RealCreateProcessScheduledTask2466251S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {E17E7279-3944-4D60-8EBE-C90199264343} - System32\Tasks\RealCreateProcessScheduledTask6064445S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {E2EF4BF7-522E-4877-8E30-3E337784E387} - System32\Tasks\RealCreateProcessScheduledTask66440S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {E2FEC2D4-9DAC-4D59-B72E-D348F0ED86D4} - System32\Tasks\RealCreateProcessScheduledTask27074535S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {E44B0A71-A484-4DB8-A26A-DE6ADA54B55D} - System32\Tasks\RealCreateProcessScheduledTask19875166S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {E53E77C7-7FD3-458B-9CD2-C8E88C7DB76E} - System32\Tasks\RealCreateProcessScheduledTask13255389S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {E6156488-4D14-444A-9F96-0E4B3F4AC2F2} - System32\Tasks\RealCreateProcessScheduledTask1878720S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {E64B0944-1C99-4E29-81A3-862FA5F56474} - System32\Tasks\RealCreateProcessScheduledTask5458490S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {E65CAB37-E47C-45B3-9515-AC4638D15E36} - System32\Tasks\RealCreateProcessScheduledTask16921646S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {E70A162D-13DB-41C7-A401-7F4442F71A0F} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {E8D48FD2-3CA3-4A6A-9568-A51C37DC2DAD} - System32\Tasks\RealCreateProcessScheduledTask3665571S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {E903B28B-3D98-4980-AB50-E48FA680676E} - System32\Tasks\RealCreateProcessScheduledTask3662341S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {E9247F7E-A6CA-463B-8046-DB22C3569046} - System32\Tasks\RealCreateProcessScheduledTask7260411S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {EAC7544E-960C-4BC9-A2D0-4ED10BAF04EB} - System32\Tasks\RealCreateProcessScheduledTask10256379S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {EAFCB870-9DE1-4BB1-BBA4-2E7EBF34156A} - System32\Tasks\RealCreateProcessScheduledTask41469964S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {EB07BE1E-3DC2-4316-9BF7-FC2C07AA75F1} - System32\Tasks\RealCreateProcessScheduledTask12668217S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {EB238515-C141-4E30-98D3-AADFD683376D} - System32\Tasks\RealCreateProcessScheduledTask16892973S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {EB58C5BC-2FCE-4EA7-8B05-64D1C7EEB49F} - System32\Tasks\RealCreateProcessScheduledTask35491631S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {EBE8454A-4C98-46D0-8D7C-E4C232D2FC19} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2006-10-31] (Microsoft Corporation)
Task: {EC1158C5-0301-4A4F-A7B0-498C1EACECCD} - System32\Tasks\RealCreateProcessScheduledTask42665337S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {EC33CB47-4F9B-4715-B96A-2D10CC0D31D5} - System32\Tasks\RealCreateProcessScheduledTask10267751S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {ECDB791E-823E-4DF8-BE5E-FD53BF470C5F} - System32\Tasks\RealCreateProcessScheduledTask3054093S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {ED31397E-EDEA-4ABD-92DA-5089AC3213E8} - System32\Tasks\RealCreateProcessScheduledTask12666345S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {EEAE1BC7-D8F9-4C00-900A-B143855D5D93} - System32\Tasks\RealCreateProcessScheduledTask18064666S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {EF15544E-7B52-43FC-9E22-E6D6EAAF9521} - System32\Tasks\RealCreateProcessScheduledTask4259934S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {EF931EE7-A976-45CD-8E5F-E1B8348AEEE2} - System32\Tasks\RealCreateProcessScheduledTask33805869S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {EFAF7D59-0200-4A79-807B-14573C174E93} - System32\Tasks\RealCreateProcessScheduledTask6664565S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {EFD674A0-B51A-4030-ABC5-555F3A04F719} - System32\Tasks\RealCreateProcessScheduledTask11460785S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {EFDC602D-5F5B-49D2-BA43-7955C770E113} - System32\Tasks\RealCreateProcessScheduledTask4275909S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {F09E9E0C-C092-4847-B48D-A709D3DEC03D} - System32\Tasks\RealCreateProcessScheduledTask6655283S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {F254EF06-F021-4C5B-B726-A5789E0918A7} - System32\Tasks\RealCreateProcessScheduledTask10860259S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {F309B159-409A-4EBA-8613-2D8DB9B74D4E} - System32\Tasks\RealCreateProcessScheduledTask5451314S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {F38A0472-7E9E-4B42-839A-CAF6A72360BE} - System32\Tasks\RealCreateProcessScheduledTask15659083S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {F3B7D18D-FC60-4BCD-9A61-F765F7497A12} - System32\Tasks\RealCreateProcessScheduledTask7854806S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {F402F423-DBAE-407B-A283-785F77236351} - System32\Tasks\RealCreateProcessScheduledTask1252532S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {F42BD8EA-2E86-4A51-A799-019750165F40} - System32\Tasks\RealCreateProcessScheduledTask20474460S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {F4530649-4CC3-41DA-94A2-77011E4E7081} - System32\Tasks\RealCreateProcessScheduledTask12328587S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {F526FE10-8C18-4FE4-B0BD-6F5F75494573} - System32\Tasks\RealCreateProcessScheduledTask4256222S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {F5B16BEB-E61A-4B09-8FBA-DABC10F122D6} - System32\Tasks\RealCreateProcessScheduledTask30663182S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {F6B53217-5EC3-4D40-9E57-96F54EEC6DC5} - System32\Tasks\RealCreateProcessScheduledTask254578S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {F6C0327E-2AD1-4714-9D80-52331DC1ABE6} - System32\Tasks\RealCreateProcessScheduledTask30077429S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {F772F473-2E8E-4EF8-8120-574DA69E6B0B} - System32\Tasks\RealCreateProcessScheduledTask6061528S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {F8165210-01B7-44C0-BE8A-7F20F288F548} - System32\Tasks\RealCreateProcessScheduledTask25899582S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {F8FC5A72-42A0-4D54-918D-74D9AA2EB10E} - System32\Tasks\RealCreateProcessScheduledTask22272871S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {F92C5CCB-1ECF-4385-89F2-FB94F05688EF} - System32\Tasks\RealCreateProcessScheduledTask5473607S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {F980EFE4-EA91-421C-9662-E3C77F5D2EDA} - System32\Tasks\RealCreateProcessScheduledTask10269311S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {F9860591-B2C7-45DE-BEDF-F223AF6372AD} - System32\Tasks\RealCreateProcessScheduledTask19874262S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {FAC029CE-E530-463B-8E64-E21C27FF9A38} - System32\Tasks\RealCreateProcessScheduledTask18119859S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {FAE2AD91-EEC5-4410-B7F7-5A779D93B8AE} - System32\Tasks\RealCreateProcessScheduledTask9052192S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {FB83E74C-8967-4079-B36D-B4D5C3EC4E26} - System32\Tasks\RealCreateProcessScheduledTask3659799S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {FBC42724-5EF2-4AAF-80DE-F1E8B5296CD7} - System32\Tasks\RealCreateProcessScheduledTask654548S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {FC1F48C8-64E8-4B71-B479-B2E8DA118659} - System32\Tasks\RealCreateProcessScheduledTask6825106S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {FD81D6FE-300C-4540-B02C-067202958CA9} - System32\Tasks\RealCreateProcessScheduledTask55739S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {FDD0E5A2-797D-42E8-BB96-5B7C75119862} - System32\Tasks\RealCreateProcessScheduledTask4249046S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {FDDC9315-6818-41CE-813E-4ABEE56333D0} - System32\Tasks\RealCreateProcessScheduledTask26467082S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {FDE1FC3A-4757-483B-BA6D-C8706D65C476} - System32\Tasks\RealCreateProcessScheduledTask4252758S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {FE14B64C-8467-44DF-AA3B-50726E9C3FB5} - System32\Tasks\RealCreateProcessScheduledTask9708691S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {FE29FD1D-7731-4D7B-A80A-9E8D5B6A0415} - System32\Tasks\RealCreateProcessScheduledTask13861921S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {FE5774B3-5779-4B35-BB61-4F38A108CCED} - System32\Tasks\RealCreateProcessScheduledTask28891026S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {FEEDC2E0-E6F0-4F1A-80EA-0A4B3CB3B91B} - System32\Tasks\RealCreateProcessScheduledTask1915349S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
Task: {FF67DB46-E3A8-453A-99AD-79772421765F} - System32\Tasks\RealCreateProcessScheduledTask2456142S-1-5-21-628112888-541856711-2089572369-1000 => c:\program files\real\realplayer\update\realsched.exe [2011-11-14] (RealNetworks, Inc.)
==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/20/2013 08:33:06 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabUn certificado requerido no se encuentra dentro del periodo de validez cuando se ha realizado la comprobación con el reloj de sistema actual o con la marca de tiempo en el archivo firmado.

Error: (08/20/2013 07:47:16 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabUn certificado requerido no se encuentra dentro del periodo de validez cuando se ha realizado la comprobación con el reloj de sistema actual o con la marca de tiempo en el archivo firmado.

Error: (08/20/2013 10:53:11 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabUn certificado requerido no se encuentra dentro del periodo de validez cuando se ha realizado la comprobación con el reloj de sistema actual o con la marca de tiempo en el archivo firmado.

Error: (08/20/2013 02:41:08 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabUn certificado requerido no se encuentra dentro del periodo de validez cuando se ha realizado la comprobación con el reloj de sistema actual o con la marca de tiempo en el archivo firmado.

Error: (08/20/2013 01:48:56 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabUn certificado requerido no se encuentra dentro del periodo de validez cuando se ha realizado la comprobación con el reloj de sistema actual o con la marca de tiempo en el archivo firmado.

Error: (08/20/2013 01:10:24 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabUn certificado requerido no se encuentra dentro del periodo de validez cuando se ha realizado la comprobación con el reloj de sistema actual o con la marca de tiempo en el archivo firmado.

Error: (08/20/2013 00:24:41 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabUn certificado requerido no se encuentra dentro del periodo de validez cuando se ha realizado la comprobación con el reloj de sistema actual o con la marca de tiempo en el archivo firmado.

Error: (08/20/2013 00:24:34 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabUn certificado requerido no se encuentra dentro del periodo de validez cuando se ha realizado la comprobación con el reloj de sistema actual o con la marca de tiempo en el archivo firmado.

Error: (08/20/2013 00:03:46 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabUn certificado requerido no se encuentra dentro del periodo de validez cuando se ha realizado la comprobación con el reloj de sistema actual o con la marca de tiempo en el archivo firmado.

Error: (08/20/2013 00:02:18 AM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabUn certificado requerido no se encuentra dentro del periodo de validez cuando se ha realizado la comprobación con el reloj de sistema actual o con la marca de tiempo en el archivo firmado.


System errors:
=============
Error: (08/20/2013 10:22:39 PM) (Source: Service Control Manager) (User: )
Description: PEVSystemStart

Error: (08/20/2013 10:18:10 PM) (Source: Service Control Manager) (User: )
Description: PEVSystemStart

Error: (08/20/2013 10:09:00 PM) (Source: Service Control Manager) (User: )
Description: PEVSystemStart

Error: (08/20/2013 09:46:09 PM) (Source: Service Control Manager) (User: )
Description: mbamchameleon%%127

Error: (08/20/2013 09:44:37 PM) (Source: Service Control Manager) (User: )
Description: mbamchameleon%%127

Error: (08/20/2013 09:17:21 PM) (Source: Service Control Manager) (User: )
Description: mbamchameleon%%127

Error: (08/20/2013 09:00:09 PM) (Source: Service Control Manager) (User: )
Description: mbamchameleon%%127

Error: (08/20/2013 08:59:51 PM) (Source: Service Control Manager) (User: )
Description: mbamchameleon%%127

Error: (08/20/2013 08:50:14 PM) (Source: Service Control Manager) (User: )
Description: mbamchameleon%%127

Error: (08/20/2013 08:28:28 PM) (Source: Service Control Manager) (User: )
Description: mbamchameleon%%127


Microsoft Office Sessions:
=========================
Error: (07/26/2013 02:54:10 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 51 seconds with 0 seconds of active time. This session ended with a crash.

Error: (03/22/2013 03:27:17 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 9623 seconds with 2280 seconds of active time. This session ended with a crash.


CodeIntegrity Errors:
===================================
Date: 2012-03-01 12:11:56.401
Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume1\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchrome14browserrecordhelper.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.

Date: 2012-03-01 12:11:56.397
Description: Integridad de código no puede comprobar la integridad de imagen del archivo \Device\HarddiskVolume1\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchrome14browserrecordhelper.dll porque el conjunto de hashes de imagen por página no se encuentra en el sistema.


==================== Memory info ===========================

Percentage of memory in use: 50%
Total physical RAM: 2045.88 MB
Available physical RAM: 1010.92 MB
Total Pagefile: 4310.82 MB
Available Pagefile: 3317.23 MB
Total Virtual: 2047.88 MB
Available Virtual: 1910.5 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:146.48 GB) (Free:28.9 GB) NTFS
Drive d: (versus) (Fixed) (Total:151.6 GB) (Free:6.98 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: B65B6B8C)
Partition 1: (Not Active) - (Size=146 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=152 GB) - (Type=07 NTFS)

==================== End Of Log ============================
 
1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code: 
File::
c:\users\Victor\AppData\Roaming\Afxuxu.exe 

Registry::
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"Afxuxu"=-

ClearJavaCache::


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
Combofix.txt log:

ComboFix 13-08-20.01 - Victor 20/08/2013 23:21:58.1.2 - x86
Microsoft® Windows Vista™ Ultimate 6.0.6000.0.1252.52.3082.18.2046.1187 [GMT -5:00]
Running from: c:\users\Victor\Desktop\ComboFix.exe
Command switches used :: c:\users\Victor\Desktop\CFScript.txt
.
FILE ::
"c:\users\Victor\AppData\Roaming\Afxuxu.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Victor\AppData\Roaming\Afxuxu.exe
c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
c:\windows\jestertb.dll
.
.
((((((((((((((((((((((((( Files Created from 2013-07-21 to 2013-08-21 )))))))))))))))))))))))))))))))
.
.
2013-08-21 04:27 . 2013-08-21 04:27 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-08-21 04:27 . 2013-08-21 04:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-21 03:49 . 2013-08-21 03:49 -------- d-----w- C:\FRST
2013-08-21 01:29 . 2013-08-21 03:00 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-08-20 05:25 . 2013-08-20 05:25 -------- d-----w- c:\users\Victor\AppData\Roaming\Malwarebytes
2013-08-20 05:25 . 2013-08-20 05:25 -------- d-----w- c:\programdata\Malwarebytes
2013-08-20 05:25 . 2013-08-20 05:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-08-20 05:25 . 2013-04-04 19:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-08-20 04:55 . 2013-08-20 04:56 -------- d-----w- c:\program files\Dropbox
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
1999-07-14 08:00 . 2012-02-23 19:54 327168 ----a-w- c:\program files\vdsrun30.dll
2012-06-19 00:05 . 2011-05-07 13:22 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Victor\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Victor\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Victor\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Victor\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2006-10-31 1196032]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-31 201728]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2012-11-06 3673728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-15 623992]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-27 421160]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-11-15 273528]
.
c:\users\Victor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Victor\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-24 27776968]
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2012-5-4 576000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoAutorun"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-628112888-541856711-2089572369-1000]
"EnableNotificationsRef"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Victor\AppData\Roaming\Mozilla\Firefox\Profiles\ch5stkuo.default\
FF - prefs.js: browser.startup.homepage - hxxp://ffffound.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?q=
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110819&tt=100512_4_
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - ca656b14000000000000001a9238357b
FF - user.js: extensions.BabylonToolbar_i.hardId - ca656b14000000000000001a9238357b
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15471
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1719:46
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Afxuxu - c:\users\Victor\AppData\Roaming\Afxuxu.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-08-20 23:31
Windows 6.0.6000 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3352)
c:\users\Victor\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
c:\program files\ArcSoft\PhotoImpression 5\share\pihook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\users\Victor\AppData\Roaming\Dropbox\bin\Dropbox.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2013-08-20 23:36:51 - machine was rebooted
ComboFix-quarantined-files.txt 2013-08-21 04:36
ComboFix2.txt 2013-08-21 03:24
.
Pre-Run: 31,012,872,192 bytes libres
Post-Run: 30,766,653,440 bytes libres
.
- - End Of File - - 917F9DDE909F09C3CF4213E760EF49A5
5C616939100B85E558DA92B899A0FC36
 
Very good :)

How is computer doing?

redtarget.gif
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

redtarget.gif
Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
It's doing great! You're the man, Broni!
One question: I'm pretty sure two of my USB keys are infected (I haven't plugged any of them during the cleaning process) How should I clean them? I suspect formatting them won't do. Logs:

# AdwCleaner v3.000 - Report created 21/08/2013 at 20:12:27
# Updated 20/08/2013 by Xplode
# Operating System : Windows Vista (TM) Ultimate (32 bits)
# Username : Victor - VICTOR1
# Running from : C:\Users\Victor\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\Users\Victor\AppData\Local\Babylon
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\Babylon.xml
File Deleted : C:\Users\Victor\AppData\Roaming\Mozilla\Firefox\Profiles\ch5stkuo.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKLM\Software\Babylon

***** [ Browsers ] *****

-\\ Internet Explorer v7.0.6000.16385


-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Users\Victor\AppData\Roaming\Mozilla\Firefox\Profiles\ch5stkuo.default\prefs.js ]

Line Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110819&tt=100512_4_");
Line Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "ca656b14000000000000001a9238357b");
Line Deleted : user_pref("extensions.BabylonToolbar_i.id", "ca656b14000000000000001a9238357b");
Line Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15471");
Line Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Line Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Line Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Line Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Line Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Line Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1719:46:08");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Line Deleted : user_pref("extensions.enabledAddons", "DivXWebPlayer%40divx.com:2.0.2.039,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1");
Line Deleted : user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{ABDE892B-13A8-4d1b-88E6-365A6E755758}\":{\"descriptor\":\"C:\\\\ProgramData\\\\Real\\\\RealPlayer\\\\BrowserRecord[...]

-\\ Google Chrome v

[ File : C:\Users\Victor\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [4283 octets] - [21/08/2013 20:10:46]
AdwCleaner[S0].txt - [4254 octets] - [21/08/2013 20:12:27]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4314 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.2 (08.20.2013:1)
OS: Windows Vista (TM) Ultimate x86
Ran by Victor on 21/08/2013 at 20:16:31.77
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted: [File] C:\user.js
Emptied folder: C:\Users\Victor\AppData\Roaming\mozilla\firefox\profiles\ch5stkuo.default\minidumps [8 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21/08/2013 at 20:18:36.30
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
OTL logfile created on: 21/08/2013 08:30:59 p.m. - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Victor\Desktop
Windows Vista Ultimate Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16385)
Locale: 0000080A | Country: México | Language: ESM | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.37 Gb Available Physical Memory | 68.59% Memory free
4.21 Gb Paging File | 3.54 Gb Available in Paging File | 84.02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 146.48 Gb Total Space | 28.55 Gb Free Space | 19.49% Space Free | Partition Type: NTFS
Drive D: | 151.60 Gb Total Space | 6.98 Gb Free Space | 4.61% Space Free | Partition Type: NTFS

Computer Name: VICTOR1 | User Name: Victor | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/08/21 20:10:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Victor\Desktop\OTL.exe
PRC - [2013/05/24 19:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\Victor\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2011/11/14 19:02:17 | 000,273,528 | ---- | M] (RealNetworks, Inc.) -- C:\Archivos de programa\Real\RealPlayer\Update\realsched.exe
PRC - [2011/08/03 06:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) -- C:\Archivos de programa\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/08/03 06:50:00 | 000,812,648 | ---- | M] (NVIDIA Corporation) -- C:\Archivos de programa\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2011/08/03 06:50:00 | 000,373,864 | ---- | M] (NVIDIA Corporation) -- C:\Archivos de programa\NVIDIA Corporation\Display\nvtray.exe
PRC - [2011/08/03 03:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) -- C:\Archivos de programa\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009/02/23 19:43:12 | 000,576,000 | ---- | M] (MagicISO, Inc.) -- C:\Archivos de programa\MagicDisc\MagicDisc.exe
PRC - [2008/10/14 21:38:56 | 000,623,992 | ---- | M] (Adobe Systems Inc.) -- C:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
PRC - [2007/01/01 00:06:17 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Archivos de programa\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2006/10/31 02:48:01 | 000,895,488 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Windows Media Player\wmpnetwk.exe
PRC - [2006/10/31 02:48:01 | 000,201,728 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Windows Media Player\wmpnscfg.exe
PRC - [2006/10/31 02:47:23 | 001,196,032 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Windows Sidebar\sidebar.exe
PRC - [2006/10/31 00:13:40 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2006/10/31 00:13:29 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2006/10/27 00:47:42 | 000,031,016 | ---- | M] (Microsoft Corporation) -- C:\Archivos de programa\Microsoft Office\Office12\GrooveMonitor.exe


========== Modules (No Company Name) ==========

MOD - [2013/03/13 15:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Victor\AppData\Roaming\Dropbox\bin\libcef.dll
MOD - [2012/11/13 18:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Victor\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll
MOD - [2011/03/21 17:30:20 | 000,067,872 | ---- | M] () -- C:\Archivos de programa\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2002/07/04 09:38:00 | 000,053,248 | ---- | M] () -- C:\Archivos de programa\ArcSoft\PhotoImpression 5\Share\PIHook.dll


========== Services (SafeList) ==========

SRV - [2013/08/14 12:55:29 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Archivos de programa\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/08/03 06:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Archivos de programa\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/08/03 03:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Archivos de programa\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2007/03/20 17:41:24 | 000,153,792 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Archivos de programa\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe -- (Adobe Version Cue CS3)
SRV - [2007/01/01 00:06:17 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Archivos de programa\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2006/10/31 02:48:01 | 000,895,488 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Archivos de programa\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2006/10/31 02:46:40 | 000,263,272 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006/10/27 00:47:54 | 000,065,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2006/10/26 19:49:34 | 000,441,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2006/10/26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012/12/31 21:23:11 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/08/03 06:50:00 | 010,304,104 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/05/25 02:25:04 | 000,139,368 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2011/05/02 15:49:30 | 000,240,128 | ---- | M] (PARADOX) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\royal.sys -- (OemBiosDevice)
DRV - [2009/02/24 18:42:14 | 000,116,736 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2007/11/18 03:39:50 | 001,040,544 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/06/29 14:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AmdLLD.sys -- (AmdLLD)
DRV - [2004/08/13 09:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope =
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-628112888-541856711-2089572369-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
IE - HKU\S-1-5-21-628112888-541856711-2089572369-1000\..\SearchScopes,DefaultScope =
IE - HKU\S-1-5-21-628112888-541856711-2089572369-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKU\S-1-5-21-628112888-541856711-2089572369-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-628112888-541856711-2089572369-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-628112888-541856711-2089572369-1003\..\SearchScopes,DefaultScope =

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://ffffound.com/"
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3
FF - prefs.js..keyword.URL: "http://www.google.com/search?q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Victor\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/11/14 19:03:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/08/21 19:51:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/14 19:03:29 | 000,000,000 | ---D | M]

[2011/06/30 13:02:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Victor\AppData\Roaming\mozilla\Extensions
[2012/05/10 20:50:44 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Victor\AppData\Roaming\mozilla\Firefox\Profiles\ch5stkuo.default\extensions
[2011/05/10 07:59:07 | 000,550,833 | ---- | M] () (No name found) -- C:\Users\Victor\AppData\Roaming\mozilla\firefox\profiles\ch5stkuo.default\extensions\DivXWebPlayer@divx.com.xpi
[2013/08/21 19:51:47 | 000,000,000 | ---D | M] (No name found) -- C:\Archivos de programa\Mozilla Firefox\browser\extensions
[2013/08/21 19:51:47 | 000,000,000 | ---D | M] (Default) -- C:\Archivos de programa\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2013/08/20 23:31:35 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Windows Live Aplicación auxiliar de inicio de sesión) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKU\S-1-5-21-628112888-541856711-2089572369-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Archivos de programa\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Archivos de programa\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [amd_dc_opt] C:\Archivos de programa\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-628112888-541856711-2089572369-1000..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-628112888-541856711-2089572369-1000..\Run: [WMPNSCFG] C:\Archivos de programa\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-628112888-541856711-2089572369-1003..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Victor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Victor\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Victor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk = C:\Archivos de programa\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAutorun = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutorunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-628112888-541856711-2089572369-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-628112888-541856711-2089572369-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-628112888-541856711-2089572369-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xportar a Microsoft Excel - C:\Archivos de programa\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Archivos de programa\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Archivos de programa\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Archivos de programa\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Archivos de programa\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EB82908C-C841-4EA8-873D-E882C8D08479}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Archivos de programa\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Archivos de programa\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Archivos de programa\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img2.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img2.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Archivos de programa\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/08/21 20:29:30 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Victor\Desktop\OTL(1).exe
[2013/08/21 20:16:27 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/08/21 20:15:16 | 001,018,947 | ---- | C] (Thisisu) -- C:\Users\Victor\Desktop\JRT(1).exe
[2013/08/21 20:10:40 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013/08/21 20:09:59 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Victor\Desktop\OTL.exe
[2013/08/21 20:09:52 | 001,018,947 | ---- | C] (Thisisu) -- C:\Users\Victor\Desktop\JRT.exe
[2013/08/20 23:37:02 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/08/20 23:35:39 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013/08/20 22:49:08 | 000,000,000 | ---D | C] -- C:\FRST
[2013/08/20 22:48:16 | 001,070,183 | ---- | C] (Farbar) -- C:\Users\Victor\Desktop\FRST.exe
[2013/08/20 22:07:29 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/08/20 22:07:29 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/08/20 22:07:29 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2013/08/20 22:07:29 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/08/20 22:07:20 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/08/20 22:07:02 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/08/20 22:04:04 | 005,109,244 | R--- | C] (Swearware) -- C:\Users\Victor\Desktop\ComboFix.exe
[2013/08/20 20:29:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013/08/20 20:28:23 | 000,000,000 | ---D | C] -- C:\Users\Victor\Desktop\mbar
[2013/08/20 20:26:17 | 012,081,912 | ---- | C] (Malwarebytes Corp.) -- C:\Users\Victor\Desktop\mbar-1.06.1.1005.exe
[2013/08/20 19:56:14 | 000,000,000 | ---D | C] -- C:\Users\Victor\Desktop\RK_Quarantine
[2013/08/20 02:26:37 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Victor\Desktop\dds.com
[2013/08/20 02:06:54 | 000,000,000 | ---D | C] -- C:\Users\Victor\Desktop\backups
[2013/08/20 01:50:22 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Victor\Desktop\HijackThis.exe
[2013/08/20 01:49:04 | 000,894,600 | ---- | C] (CNET Download.com) -- C:\Users\Victor\Desktop\cbsidlm-cbsi134-Temp_File_Cleaner-SEO-10628816.exe
[2013/08/20 00:25:16 | 000,000,000 | ---D | C] -- C:\Users\Victor\AppData\Roaming\Malwarebytes
[2013/08/20 00:25:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/08/20 00:25:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/08/20 00:25:06 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/08/20 00:25:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/08/20 00:23:53 | 010,285,040 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Victor\Desktop\mbam-setup-1.75.0.1300.exe
[2013/08/20 00:03:51 | 000,000,000 | ---D | C] -- C:\Users\Victor\Desktop\AutoRunExterminator-1.8
[2013/08/19 23:55:57 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox
[2012/02/23 14:54:32 | 000,327,168 | ---- | C] (S.A.D.E. s.a.r.l.) -- C:\Program Files\vdsrun30.dll
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/08/21 20:29:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Victor\Desktop\OTL(1).exe
[2013/08/21 20:15:17 | 001,018,947 | ---- | M] (Thisisu) -- C:\Users\Victor\Desktop\JRT(1).exe
[2013/08/21 20:13:35 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013/08/21 20:13:35 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013/08/21 20:13:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/08/21 20:13:28 | 2145,902,592 | -HS- | M] () -- C:\hiberfil.sys
[2013/08/21 20:10:01 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Victor\Desktop\OTL.exe
[2013/08/21 20:09:52 | 001,018,947 | ---- | M] (Thisisu) -- C:\Users\Victor\Desktop\JRT.exe
[2013/08/21 20:09:39 | 000,975,858 | ---- | M] () -- C:\Users\Victor\Desktop\adwcleaner.exe
[2013/08/21 19:51:48 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013/08/20 23:31:35 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/08/20 22:48:54 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2013/08/20 22:48:19 | 001,070,183 | ---- | M] (Farbar) -- C:\Users\Victor\Desktop\FRST.exe
[2013/08/20 22:04:30 | 005,109,244 | R--- | M] (Swearware) -- C:\Users\Victor\Desktop\ComboFix.exe
[2013/08/20 20:26:59 | 012,081,912 | ---- | M] (Malwarebytes Corp.) -- C:\Users\Victor\Desktop\mbar-1.06.1.1005.exe
[2013/08/20 19:49:08 | 000,923,136 | ---- | M] () -- C:\Users\Victor\Desktop\RogueKiller.exe
[2013/08/20 12:14:00 | 000,060,003 | ---- | M] () -- C:\Windows\FontData.fdb
[2013/08/20 02:26:38 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Victor\Desktop\dds.com
[2013/08/20 01:50:22 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Victor\Desktop\HijackThis.exe
[2013/08/20 01:49:05 | 000,894,600 | ---- | M] (CNET Download.com) -- C:\Users\Victor\Desktop\cbsidlm-cbsi134-Temp_File_Cleaner-SEO-10628816.exe
[2013/08/20 00:25:07 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/08/20 00:24:13 | 010,285,040 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Victor\Desktop\mbam-setup-1.75.0.1300.exe
[2013/08/20 00:03:19 | 000,017,028 | ---- | M] () -- C:\Users\Victor\Desktop\AutoRunExterminator-1.8.zip
[2013/08/19 23:56:36 | 000,000,952 | ---- | M] () -- C:\Users\Victor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013/08/19 23:55:39 | 000,000,922 | ---- | M] () -- C:\Users\Victor\Desktop\Dropbox.lnk
[2013/08/19 23:24:11 | 000,700,356 | ---- | M] () -- C:\Windows\System32\perfh00A.dat
[2013/08/19 23:24:11 | 000,621,176 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/08/19 23:24:11 | 000,128,248 | ---- | M] () -- C:\Windows\System32\perfc00A.dat
[2013/08/19 23:24:11 | 000,108,260 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/08/16 16:20:06 | 001,764,912 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/08/14 16:43:06 | 000,079,946 | ---- | M] () -- C:\Users\Victor\Desktop\FICHA DE REGISTRO DE OBRA1 - copia.pdf
[2013/08/14 16:39:52 | 000,591,480 | ---- | M] () -- C:\Users\Victor\Desktop\ficha2.cdr
[2013/08/14 00:46:10 | 004,612,735 | ---- | M] () -- C:\Users\Victor\Desktop\xxxxxxxxxx.psd
[2013/08/12 14:12:52 | 001,384,771 | -H-- | M] () -- C:\Users\Victor\Desktop\Tan__Shaun_-_El__rbol_rojo.pdf
[2013/08/12 14:08:08 | 027,933,756 | ---- | M] () -- C:\Users\Victor\Desktop\Shaun-Tan .rar
[2013/08/05 19:09:07 | 000,098,816 | ---- | M] () -- C:\Users\Victor\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/08/04 18:44:42 | 000,625,352 | ---- | M] () -- C:\Users\Victor\Desktop\ficha.cdr
[2013/08/04 18:44:42 | 000,625,352 | ---- | M] () -- C:\Users\Victor\Desktop\ficha - copia.cdr
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/08/21 20:09:38 | 000,975,858 | ---- | C] () -- C:\Users\Victor\Desktop\adwcleaner.exe
[2013/08/20 22:07:29 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/08/20 22:07:29 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/08/20 22:07:29 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/08/20 22:07:29 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/08/20 22:07:29 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/08/20 19:49:06 | 000,923,136 | ---- | C] () -- C:\Users\Victor\Desktop\RogueKiller.exe
[2013/08/20 00:25:07 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/08/20 00:03:18 | 000,017,028 | ---- | C] () -- C:\Users\Victor\Desktop\AutoRunExterminator-1.8.zip
[2013/08/19 16:38:32 | 001,384,771 | -H-- | C] () -- C:\Users\Victor\Desktop\Tan__Shaun_-_El__rbol_rojo.pdf
[2013/08/14 16:43:06 | 000,079,946 | ---- | C] () -- C:\Users\Victor\Desktop\FICHA DE REGISTRO DE OBRA1 - copia.pdf
[2013/08/14 16:39:43 | 000,591,480 | ---- | C] () -- C:\Users\Victor\Desktop\ficha2.cdr
[2013/08/14 00:46:10 | 004,612,735 | ---- | C] () -- C:\Users\Victor\Desktop\xxxxxxxxxx.psd
[2013/08/12 18:22:19 | 027,933,756 | ---- | C] () -- C:\Users\Victor\Desktop\Shaun-Tan .rar
[2013/08/04 18:45:17 | 000,625,352 | ---- | C] () -- C:\Users\Victor\Desktop\ficha - copia.cdr
[2013/08/04 18:44:42 | 000,625,352 | ---- | C] () -- C:\Users\Victor\Desktop\ficha.cdr
[2013/06/17 20:06:04 | 000,000,037 | ---- | C] () -- C:\Windows\ACTIVEJP.INI
[2012/05/02 20:50:28 | 000,008,192 | ---- | C] () -- C:\Windows\d3dx.dat
[2012/02/23 15:05:41 | 000,000,098 | ---- | C] () -- C:\Windows\CS_MD_T.ini
[2012/02/23 14:54:32 | 000,001,225 | ---- | C] () -- C:\Program Files\readme.htm
[2011/09/06 13:40:08 | 000,096,768 | ---- | C] () -- C:\Windows\SlantAdj.dll
[2011/09/06 13:40:08 | 000,003,136 | ---- | C] () -- C:\Windows\Ade001.bin
[2011/09/06 13:40:08 | 000,000,072 | ---- | C] () -- C:\Windows\System32\epDPE.ini
[2011/09/06 13:22:05 | 000,000,029 | ---- | C] () -- C:\Windows\DEBUGSM.INI
[2011/05/25 11:58:02 | 000,000,094 | ---- | C] () -- C:\Users\Victor\AppData\Local\fusioncache.dat
[2011/05/25 11:53:58 | 000,022,328 | ---- | C] () -- C:\Users\Victor\AppData\Roaming\PnkBstrK.sys
[2011/05/04 09:36:41 | 000,098,816 | ---- | C] () -- C:\Users\Victor\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/02 16:29:32 | 000,000,680 | ---- | C] () -- C:\Users\Victor\AppData\Local\d3d9caps.dat

========== ZeroAccess Check ==========

[2006/10/31 03:07:06 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2006/10/31 00:14:52 | 011,314,688 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2006/10/31 00:14:39 | 000,614,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2006/10/31 00:14:53 | 000,348,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/04/04 13:41:05 | 000,000,000 | ---D | M] -- C:\Users\Victor\AppData\Roaming\Bioshock2
[2011/12/08 14:53:03 | 000,000,000 | ---D | M] -- C:\Users\Victor\AppData\Roaming\Braid
[2012/12/31 21:27:09 | 000,000,000 | ---D | M] -- C:\Users\Victor\AppData\Roaming\DAEMON Tools Lite
[2013/08/21 20:14:41 | 000,000,000 | ---D | M] -- C:\Users\Victor\AppData\Roaming\Dropbox
[2011/09/06 14:32:24 | 000,000,000 | ---D | M] -- C:\Users\Victor\AppData\Roaming\EPSON
[2011/07/12 17:49:37 | 000,000,000 | ---D | M] -- C:\Users\Victor\AppData\Roaming\Sierra
[2011/09/06 14:28:09 | 000,000,000 | ---D | M] -- C:\Users\Victor\AppData\Roaming\Smart Panel
[2011/07/18 12:26:13 | 000,000,000 | ---D | M] -- C:\Users\Victor\AppData\Roaming\thriXXX

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Victor\Desktop\Sunny Leone - ****ed The Beauty In Pink [MmM]_xvid.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Victor\Desktop\Stoya.Deeper.11.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Victor\Desktop\June_and_Suzi.mp4:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Victor\Desktop\Feinman Lectures - 1 - The Law of Gravitation.avi:TOC.WMV

< End of report >
 
OTL Extras logfile created on: 21/08/2013 08:30:59 p.m. - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Victor\Desktop
Windows Vista Ultimate Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16385)
Locale: 0000080A | Country: México | Language: ESM | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.37 Gb Available Physical Memory | 68.59% Memory free
4.21 Gb Paging File | 3.54 Gb Available in Paging File | 84.02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 146.48 Gb Total Space | 28.55 Gb Free Space | 19.49% Space Free | Partition Type: NTFS
Drive D: | 151.60 Gb Total Space | 6.98 Gb Free Space | 4.61% Space Free | Partition Type: NTFS

Computer Name: VICTOR1 | User Name: Victor | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-628112888-541856711-2089572369-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-628112888-541856711-2089572369-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
"DisabledInterfaces" = {EB82908C-C841-4EA8-873D-E882C8D08479}

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{31B45743-80E1-45B5-BAA5-8A34E26CE83B}" = lport=50900 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{491CC759-633A-4496-99B3-16713385D225}" = lport=2869 | protocol=6 | dir=in | app=system |
"{61F8AAFC-2A43-4D02-8FB2-7B132D1CE45A}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{635D455C-97E1-4398-A5E9-8132C8A6EEC1}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{637074FB-6CFD-4814-9AB9-0E8D8C9F0165}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{B21F3DA8-2EC4-451F-8634-245BD1005247}" = lport=50901 | protocol=6 | dir=in | name=adobe version cue cs3 server |
"{BAF603BD-CA97-4E0D-B3C3-E0696997B853}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1502722D-5EC9-48EB-9D58-D3662F8B4A58}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1FC2219A-AD0C-4BE9-A66A-B84E27F57775}" = protocol=17 | dir=in | app=c:\program files\square enix\batman arkham asylum goty\binaries\shippingpc-bmgame.exe |
"{291C4D58-E904-4D37-84E5-304465D0E57D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{298BF809-31D1-4B2B-B922-776CD1E9C6B9}" = protocol=17 | dir=in | app=c:\program files\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe |
"{3066F594-8DA8-487A-8E8D-0B02407525CB}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{311F4F1A-E11E-4763-9422-EB67E6256A54}" = protocol=17 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe |
"{38D15206-EC7E-4F26-B383-DBD675A47D2E}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{40AF21F1-A666-4C58-A8E8-2159A807FEA2}" = protocol=6 | dir=in | app=c:\program files\square enix\batman arkham asylum goty\binaries\shippingpc-bmgame.exe |
"{59BD5C69-6C53-4AB1-8161-F36FB6792611}" = protocol=6 | dir=in | app=c:\users\victor\appdata\roaming\dropbox\bin\dropbox.exe |
"{680D71BD-323E-40FD-81AC-B5720A91D4C9}" = protocol=6 | dir=in | app=c:\program files\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\dedicated\xr_3da.exe |
"{6A4B9812-2FA7-4622-AA70-3007E579260A}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{6BFE8CB8-EDCC-43D3-A9F4-59D2E7EA5881}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{6C42A88C-498E-4A54-8314-853F6459848D}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{6DD0E3A3-E82B-433F-A4B1-E0F9B98CEF04}" = protocol=6 | dir=in | app=c:\program files\common files\adobe\adobe version cue cs3\server\bin\versioncuecs3.exe |
"{848ECBC2-11C0-445C-9A23-11EDB3A8CED4}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{928FD51E-9C71-409E-9F05-99385778604C}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{A78DC57F-2959-4584-A99B-6FA2AEEC5CAF}" = protocol=17 | dir=in | app=c:\users\victor\appdata\roaming\dropbox\bin\dropbox.exe |
"{A89EE19E-80EC-453B-8742-E3561FE1096E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{A8BFD361-6195-43D0-8758-621B7A060D4C}" = protocol=6 | dir=in | app=c:\program files\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe |
"{C3A8E505-F475-45FA-B4AE-19954843FB16}" = protocol=17 | dir=in | app=c:\program files\thq\s.t.a.l.k.e.r. - shadow of chernobyl\bin\xr_3da.exe |
"{C74E90CB-1EBC-4539-9F1B-C4689F2FEB33}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{CEE45FF9-E692-467C-97AF-FC14FD3D84EA}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{51DD370C-6690-424E-9674-5F14468B323F}" = Corel Graphics - Windows Shell Extension
"_{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW(R) Graphics Suite X5
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{0327FA9D-975C-448C-A086-577D57BB25B8}" = Adobe Soundbooth CS3 Codecs
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0CEC06EF-5052-4CE8-8256-74AE363A4238}" = Adobe Creative Suite 3 Master Collection
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
"{1D58229F-C505-45CA-8223-F35F3A34B963}" = Adobe Version Cue CS3 Server {ko_KR}
"{1DDB76B6-9B33-47DE-8577-78EBFD3E2FF3}" = Adobe Setup
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Herramienta de carga de Windows Live
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{24D9A3E0-D086-4B62-AF93-63CF6B05CB48}" = CorelDRAW Graphics Suite X5 - Custom Data
"{260ED378-2B8C-4831-ADAE-D0712D119AC5}" = CorelDRAW Graphics Suite X5 - VSTA
"{26945917-E053-45F6-AF98-309730CFC318}" = Visual Basic for Applications (R) Core
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2B83A043-BA8C-4164-98AA-29529D0BE756}" = Windows Live Essentials
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{2EFFFC71-1E66-454E-A6E6-CEEC800B96D2}" = Adobe Flash Video Encoder
"{311EBF70-9282-41D1-BAB0-AD22220301B9}" = 3Dカスタム少女
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3472C84E-2FD0-439F-B27F-C290C1E4CD8B}" = CorelDRAW Graphics Suite X5 - Filters
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = piaip AppLocale
"{485ACF57-F364-440A-8496-E1E81C8FA1AA}" = Adobe Premiere Pro CS3 Third Party Content
"{4AA5A318-D35A-4CE7-8421-B52E1CAA8BE6}" = Visual Basic for Applications (R) Core - Spanish
"{50F102CA-4BE2-41A9-9810-5BB05EB91B9A}" = Adobe Premiere Pro CS3 Functional Content
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{51DD370C-6690-424E-9674-5F14468B323F}" = Corel Graphics - Windows Shell Extension
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{54B2EAD9-A110-43F7-B010-2859A1BD2AFE}" = Adobe Encore CS3
"{54B8F4A1-02B0-4D32-8F37-925526C0EEC6}" = CorelDRAW Graphics Suite X5 - Connect
"{57400C1E-BC51-4ECE-AD2A-A6096204DDEC}" = CorelDRAW Graphics Suite X5 - VBA
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{58DCEEE5-532E-44F4-B1D7-A146EF9E9FDA}" = Adobe Premiere Pro CS3
"{59123CCF-FED2-46FF-9293-D1DC80042219}" = CorelDRAW Graphics Suite X5 - Redist
"{62978C1C-FE2E-4A4E-851D-3EB406C9EBC2}" = CorelDRAW Graphics Suite X5 - Draw
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{68EE5C41-2F79-4F36-BE85-22A814F55AF7}" = CorelDRAW Graphics Suite X5 - ES
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B52140A-F189-4945-BFFC-DB3F00B8C589}" = Adobe Flash CS3
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6C11D561-620B-47DA-A693-4C597F3CDF40}" = EPSON Smart Panel
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7593234B-2AEB-4FC9-B02D-C9B30D86084C}" = Windows Live Asistente para el inicio de sesión
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3
"{7DFC1012-D346-46CE-B03E-FF79125AE029}" = Adobe Fireworks CS3
"{80A17ED7-059E-40FF-B5D6-F37C737CA693}" = Adobe Photoshop Lightroom 4
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{8924FD04-AFF1-4387-B08B-6A979485F2BD}" = Windows Live Call
"{8B7IL77L-LKS1-AC3-BATAC-18CD6E6334R1}_is1" = Batman Arkham City version 1.0
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90120000-0015-0C0A-0000-0000000FF1CE}" = Microsoft Office Access MUI (Spanish) 2007
"{90120000-0016-0C0A-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Spanish) 2007
"{90120000-0018-0C0A-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Spanish) 2007
"{90120000-0019-0C0A-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Spanish) 2007
"{90120000-001A-0C0A-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Spanish) 2007
"{90120000-001B-0C0A-0000-0000000FF1CE}" = Microsoft Office Word MUI (Spanish) 2007
"{90120000-001F-0403-0000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007
"{90120000-001F-042D-0000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2007
"{90120000-001F-0456-0000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing (Spanish) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0C0A-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Spanish) 2007
"{90120000-006E-0C0A-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Spanish) 2007
"{90120000-00A1-0C0A-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Spanish) 2007
"{90120000-00BA-0C0A-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Spanish) 2007
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9244E956-5939-4B88-930C-0699D4AB2B95}" = CorelDRAW Graphics Suite X5 - WT
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{983F7145-CABF-4EDD-9F3D-E06B2F024BD3}" = CorelDRAW Graphics Suite X5 - FontNav
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A1B04B6B-25BB-48AD-8BD9-D31A86E89F3E}" = CorelDRAW Graphics Suite X5 - PHOTO-PAINT
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A6B23EFA-6590-482C-A11F-5ACE1B91F5B9}" = Adobe Soundbooth CS3
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{AC76BA86-7AD7-1034-7B44-A90000000001}" = Adobe Reader 9 - Español
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA Controlador de 3D Vision 280.26
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panel de control de NVIDIA 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Controlador de gráficos 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA Controlador de la controladora 3D Vision 280.19
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Software del sistema PhysX 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Actualización de NVIDIA 1.4.28
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA Controlador de audio HD 1.2.23.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B399C91E-96F2-4265-9884-1C9A10E9FCF4}" = CorelDRAW Graphics Suite X5
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B8B7A4D8-80E1-4DAE-BD33-7FD535BA3931}" = Adobe Encore CS3 Codecs
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BC4F8E84-5E29-49EC-B4E7-E6F9CB50986C}" = Adobe Flash Player 9 ActiveX
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{C4156B59-DD7E-40DF-AF08-E568A27A6409}" = Windows Live Messenger
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{CA3861BA-1D96-4D66-B577-318E1602C4F3}" = CorelDRAW Graphics Suite X5 - Common
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{CE54DCE1-E00A-4D91-ACB9-A2D916C24051}" = CorelDRAW Graphics Suite X5 - Setup Files
"{CFABC775-5386-4BA5-86B4-505BBD36E812}" = Batman: Arkham Asylum Game of the Year Edition
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D372B00C-01B4-4622-9B4B-3907815DB03B}" = ILLUSION 俺が主人公
"{D596EEA2-C6C8-45D3-89DF-FA2DBE99F829}" = Visual Basic for Applications (R) Core - English
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D642FF8D-438D-4545-A1D5-2EDB4BCAE3BA}" = CorelDRAW Graphics Suite X5 - Photozoom Plugin
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DE6CBC04-8673-4DBA-BA81-07F1639CEB5F}" = CorelDRAW Graphics Suite X5 - IPM
"{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb" = Microsoft Windows Application Compatibility Database
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EB0202F7-016A-410C-ADE4-40F848CCC661}" = Adobe After Effects CS3
"{EDB98D5A-A6FB-425C-BFB7-51A0924B762D}" = CorelDRAW Graphics Suite X5 - Capture
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F59A9E08-A6A4-4ACF-91F2-D0344956C30B}" = iTunes
"{FC9E08AA-CD59-4C59-BEF9-87E05B9E37D7}" = Adobe Contribute CS3
"{FD1E17BC-2956-4AD7-B937-D23F06F1A5E8}" = ILLUSION ワケあり!
"{FE4B83DE-85CF-4DE5-90CE-A2735A0E1F21}" = CorelDRAW Graphics Suite X5 - VideoBrowser
"7-Zip" = 7-Zip 9.20
"Adobe Acrobat 8 Professional" = Adobe Acrobat 8.1.6 Professional
"Adobe Acrobat 8 Professional_816" = Adobe Acrobat 8.1.6 - CPSID_49167
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Streamline 4.0" = Adobe Streamline 4.0
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_5ac697db6c6103f6f8b5198d25f73f7" = Add or Remove Adobe Creative Suite 3 Master Collection
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"CCleaner" = CCleaner
"DAEMON Tools Lite" = DAEMON Tools Lite
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Scanner" = EPSON Scan
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 23.0.1 (x86 en-US)" = Mozilla Firefox 23.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nero8Lite_is1" = Nero 8 Lite 8.3.2.1
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"RealPlayer 12.0" = RealPlayer
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-628112888-541856711-2089572369-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ OSession Events ]
Error - 22/03/2013 04:27:17 p.m. | Computer Name = Victor1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 9623
seconds with 2280 seconds of active time. This session ended with a crash.

Error - 26/07/2013 03:54:10 p.m. | Computer Name = Victor1 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 51
seconds with 0 seconds of active time. This session ended with a crash.


< End of report >
 
I uninstalled it when I couldn't update it. I thought the license expired, then I realized the virus was blocking me. Should I install it now?
 
redtarget.gif
Install ONE of these:

- Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html

- free Microsoft Security Essentials: http://windows.microsoft.com/en-GB/windows/products/security-essentials
Note for Windows 8 users: Microsoft Security Essentials comes preinstalled and renamed as Windows Defender.
You can keep it or you have to disable it before installing another AV program. How to...

- free Comodo Antivirus: http://www.comodo.com/home/internet-security/antivirus.php
redtarget.gif
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
Code: 
:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
@Alternate Data Stream - 64 bytes -> C:\Users\Victor\Desktop\Sunny Leone - ****ed The Beauty In Pink [MmM]_xvid.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Victor\Desktop\Stoya.Deeper.11.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Victor\Desktop\June_and_Suzi.mp4:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Victor\Desktop\Feinman Lectures - 1 - The Law of Gravitation.avi:TOC.WMV

:Services

:Reg

:Files
C:\FRST

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.
Last scans....

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.

redtarget.gif
Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
Logs:

All processes killed
========== OTL ==========
Service NwlnkFwd stopped successfully!
Service NwlnkFwd deleted successfully!
File system32\DRIVERS\nwlnkfwd.sys not found.
Service NwlnkFlt stopped successfully!
Service NwlnkFlt deleted successfully!
File system32\DRIVERS\nwlnkflt.sys not found.
Service IpInIp stopped successfully!
Service IpInIp deleted successfully!
File system32\DRIVERS\ipinip.sys not found.
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\ComboFix\catchme.sys not found.
Service blbdrive stopped successfully!
Service blbdrive deleted successfully!
File C:\Windows\system32\drivers\blbdrive.sys not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Unable to delete ADS C:\Users\Victor\Desktop\Sunny Leone - ****ed The Beauty In Pink [MmM]_xvid.avi:TOC.WMV .
ADS C:\Users\Victor\Desktop\Stoya.Deeper.11.avi:TOC.WMV deleted successfully.
ADS C:\Users\Victor\Desktop\June_and_Suzi.mp4:TOC.WMV deleted successfully.
ADS C:\Users\Victor\Desktop\Feinman Lectures - 1 - The Law of Gravitation.avi:TOC.WMV deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\FRST\Quarantine folder moved successfully.
C:\FRST\Logs folder moved successfully.
C:\FRST\Hives\Users\00000002 folder moved successfully.
C:\FRST\Hives\Users\00000001 folder moved successfully.
C:\FRST\Hives\Users folder moved successfully.
C:\FRST\Hives folder moved successfully.
C:\FRST folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Victor
->Temp folder emptied: 1005996 bytes
->Temporary Internet Files folder emptied: 4317244 bytes
->FireFox cache emptied: 379250717 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 858 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 149041428 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 509.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: UpdatusUser

User: Victor

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: UpdatusUser

User: Victor
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 08222013_142837

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Results of screen317's Security Check version 0.99.72
Windows Vista x86 (UAC is enabled)
Out of date service pack!!
Internet Explorer 7 Out of date!
``````````````Antivirus/Firewall Check:``````````````
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
CCleaner
Adobe Flash Player 9 Flash Player out of Date!
Adobe Flash Player 11.1.102.62
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (23.0.1)
Google Chrome 29.0.1547.57
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
AVAST Software Avast setup avast.setup
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

Farbar Service Scanner Version: 18-08-2013
Ran by Victor (administrator) on 21-08-2013 at 22:02:55
Running from "C:\Users\Victor\Desktop"
Microsoft® Windows Vista™ Ultimate (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll
[2006-10-30 23:25] - [2006-10-31 00:14] - 0018432 ____A (Microsoft Corporation) 05300B47C811F01472C16C77D58DED96

C:\Windows\system32\Drivers\nsiproxy.sys
[2006-10-30 23:24] - [2006-10-30 23:24] - 0016384 ____A (Microsoft Corporation) 7C1BD412DA3034EC95422AF82DC73D84

C:\Windows\system32\dhcpcsvc.dll
[2006-10-30 23:23] - [2006-10-31 00:14] - 0204800 ____A (Microsoft Corporation) FA669A320D2EE21668B0FD7EDFD5A5AA

C:\Windows\system32\Drivers\afd.sys
[2006-10-30 23:26] - [2006-10-30 23:26] - 0270336 ____A (Microsoft Corporation) 2A652F53719F41BD71116269ABFF9978

C:\Windows\system32\Drivers\tdx.sys
[2006-10-30 23:25] - [2006-10-30 23:25] - 0068096 ____A (Microsoft Corporation) AB45F6D782A254F29C9A49F9FC54326C

C:\Windows\system32\Drivers\tcpip.sys
[2006-10-30 23:26] - [2006-10-30 23:26] - 0802816 ____A (Microsoft Corporation) 7DCA8D7F38766C5FF6B666E46498596E

C:\Windows\system32\dnsrslvr.dll
[2006-10-30 23:12] - [2006-10-31 00:14] - 0083968 ____A (Microsoft Corporation) A55C2B0D5FB0A669FF12CBD69D0861C4

C:\Windows\system32\mpssvc.dll
[2006-10-30 23:24] - [2006-10-31 00:14] - 0395264 ____A (Microsoft Corporation) 4D1304305A7532A1E16E5C580D70B009

C:\Windows\system32\bfe.dll
[2006-10-30 23:25] - [2006-10-31 00:14] - 0317440 ____A (Microsoft Corporation) 095B2518DBD68B667DC59431F8127A8F

C:\Windows\system32\Drivers\mpsdrv.sys
[2006-10-30 23:23] - [2006-10-30 23:23] - 0063488 ____A (Microsoft Corporation) B27DB25D823B0D0C075A1B9993765959

C:\Windows\system32\SDRSVC.dll
[2006-10-31 02:48] - [2006-10-31 02:48] - 0102912 ____A (Microsoft Corporation) 3AFE5EE4D61F88AAD2D45F33BC00B1F7

C:\Windows\system32\vssvc.exe
[2006-10-30 23:19] - [2006-10-31 00:14] - 0924160 ____A (Microsoft Corporation) 234A31099AFC3F8FAB5449A84BBDF2D9

C:\Windows\system32\wuaueng.dll
[2006-10-30 23:43] - [2006-10-31 00:14] - 1568256 ____A (Microsoft Corporation) 60A0C976C58F6FBDEC1B31AEB1642999

C:\Windows\system32\qmgr.dll
[2006-10-30 23:06] - [2006-10-31 00:14] - 0749568 ____A (Microsoft Corporation) 6BDCB825113990DB1A3300FBAA726C0B

C:\Windows\system32\es.dll
[2006-10-30 23:17] - [2006-10-31 00:14] - 0259584 ____A (Microsoft Corporation) 3BFDA3F067C89363E027FACBC8C0E2D0

C:\Windows\system32\cryptsvc.dll
[2006-10-30 23:08] - [2006-10-31 00:14] - 0123392 ____A (Microsoft Corporation) B6E82A7FB19DB78D36AAC5F8A4D716FE

C:\Program Files\Windows Defender\MpSvc.dll
[2006-10-31 02:46] - [2006-10-31 02:46] - 0263272 ____A (Microsoft Corporation) 76E74539D3236C09483B5F392064766E

C:\Windows\system32\ipnathlp.dll
[2006-10-30 23:25] - [2006-10-31 00:14] - 0286720 ____A (Microsoft Corporation) 82642DE6F37A3387A4F9403485B4357B

C:\Windows\system32\iphlpsvc.dll
[2006-10-30 23:25] - [2006-10-31 00:14] - 0177664 ____A (Microsoft Corporation) E32CDAEA4C15231C91997EE3D4AAD80F

C:\Windows\system32\svchost.exe
[2006-10-30 23:00] - [2006-10-31 00:14] - 0022016 ____A (Microsoft Corporation) CF250503F6ECBE7387B6175D177467AC

C:\Windows\system32\rpcss.dll
[2006-10-30 23:17] - [2006-10-31 00:14] - 0545792 ____A (Microsoft Corporation) 525959364B144FD9BB114275D84F807C



**** End of log ****

C:\Program Files\Square Enix\Batman Arkham Asylum GOTY\Binaries\paul.dll a variant of Win32/Packed.VMProtect.AAH trojan cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Users\Victor\AppData\Roaming\_Afxuxu_.exe.zip Win32/Dorkbot.B worm deleted - quarantined
 
redtarget.gif
Update Adobe Flash Player: http://get.adobe.com/flashplayer/
Make sure you UN-check Yes, install McAfee Security Scan Plus

NOTE 1: Beginning with Adobe Flash Version 11.3, the universal installer includes the 32-bit and 64-bit versions of the Flash Player.
NOTE 2: While installing make sure you UN-check any extra garbage which wants to install alongside.

redtarget.gif
Update Adobe Reader

You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions (if present).
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB) and install one of two free alternatives:

- Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

- PDF-XChange Viewer: http://www.tracker-software.com/product/pdf-xchange-viewer

=====================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code: 
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure Windows Updates are current.

4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

8. Run Temporary File Cleaner (TFC) weekly.

9. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

11. (Windows XP only) Run defrag at your convenience.

12. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

13. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

14. Please, let me know, how your computer is doing.
 
Phew... There.
The PC is doing great! You are awesome Broni:

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Victor
->Temp folder emptied: 645849 bytes
->Temporary Internet Files folder emptied: 952180 bytes
->FireFox cache emptied: 111628655 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1284 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 130519156 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 232.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: UpdatusUser

User: Victor
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: UpdatusUser

User: Victor

Total Java Files Cleaned = 0.00 mb

Restore point Set: OTL Restore Point

OTL by OldTimer - Version 3.2.69.0 log created on 08222013_192930

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 
You must log in or register to reply here.

Similar threads

E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni
liltxkg
Inactive Cleanup Help - File Explorer Freezing
Replies
6
Views
2K
Broni
Broni
R
Solved Data Hijacking, Help Please
2
Replies
37
Views
5K
Broni
Broni

Latest posts

Back