Windows XP completely broken

Inactive-A
By esxuu
Apr 11, 2014
Topic Status:
Not open for further replies.
  1. Hey guys,
    My laptop is absolutely brain dead. I don't know what is wrong with it. It was running slow for a couple of weeks, and today I deleted the temp files, and it ran perfectly, but after restarting it went completely haywire, it got hung up on running start up scripts for about twenty minutes, I then tried rebooting into last working settings. That did boot in, so I ran msconfig to disable startup programs. But that went wrong, even though I was logged in as admin, it didn't let me. I then started navigating on chrome and it suddenly froze up again, but the mouse pointer was still moving.What the hell is going on??
    When I boot in safe mode it is slow at the login screen...
    It's only booting into safe mode, last working settings hangs too
  2. Broni

    Broni Malware Annihilator Posts: 46,157   +251

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ===============================

    Run this tool from safe mode....

    Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
  3. esxuu

    esxuu Newcomer, in training Topic Starter

    Hey, seen as I have to boot into safe mode, and in safe mode my wireless adapter doesn't work for some reason, should I download it onto my phone and then transfer it to the laptop?
  4. esxuu

    esxuu Newcomer, in training Topic Starter

    I ran them from an external hard drive, not C: drive if that makes a difference.

    Attached Files:

  5. Broni

    Broni Malware Annihilator Posts: 46,157   +251

    Please observe forum rules...
    All logs have to be pasted not attached.


    Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-04-2014
    Ran by UA43931 (administrator) on V0065191 on 12-04-2014 18:10:52
    Running from G:\
    Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
    Internet Explorer Version 8
    Boot Mode: Safe Mode (with Networking)

    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    () C:\Program Files\seguridad\rto\IBM\rtosesflow.exe
    () C:\Program Files\Vintegris\VinPassLogout\VinPassLogout.exe
    (Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\ssonsvr.exe


    ==================== Registry (Whitelisted) ==================

    HKLM\...\Run: [MSConfig] - C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [169984 2008-04-14] (Microsoft Corporation)
    Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
    Winlogon\Notify\rtonotify: C:\Program Files\seguridad\rto\IBM\rtonotify.dll ()
    Winlogon\Notify\VinPassLogout: C:\Program Files\Vintegris\VinPassLogout\DLLVinLogout.dll ()
    HKLM\...\Policies\Explorer: [NoMSAppLogo5ChannelNotify] 0
    HKLM\...\Policies\Explorer: [NoToolbarCustomize] 0
    HKLM\...\Policies\Explorer: [NoBandCustomize] 0
    HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1
    HKLM\...\Policies\Explorer: [NoControlPanel] 0
    HKU\.DEFAULT\...\Policies\Explorer: [Btn_Home] 0
    HKU\.DEFAULT\...\Policies\Explorer: [Btn_Fullscreen] 0
    HKU\.DEFAULT\...\Policies\Explorer: [Btn_Tools] 0
    HKU\.DEFAULT\...\Policies\Explorer: [Btn_Print] 0
    HKU\.DEFAULT\...\Policies\Explorer: [Btn_Edit] 0
    HKU\.DEFAULT\...\Policies\Explorer: [Btn_Cut] 0
    HKU\.DEFAULT\...\Policies\Explorer: [Btn_Copy] 0
    HKU\.DEFAULT\...\Policies\Explorer: [Btn_Paste] 0
    HKU\.DEFAULT\...\Policies\Explorer: [Btn_Encoding] 0
    HKU\S-1-5-21-1292428093-343818398-839522115-29857\...\Policies\Explorer: [NoSimpleStartMenu] 1
    HKU\S-1-5-21-1292428093-343818398-839522115-29857\...\Policies\Explorer: [SpecifyDefaultButtons] 1
    HKU\S-1-5-21-1292428093-343818398-839522115-29857\...\Policies\Explorer: [Btn_Back] 1
    HKU\S-1-5-21-1292428093-343818398-839522115-29857\...\Policies\Explorer: [Btn_Forward] 1
    HKU\S-1-5-21-1292428093-343818398-839522115-29857\...\Policies\Explorer: [Btn_Stop] 1
    HKU\S-1-5-21-1292428093-343818398-839522115-29857\...\Policies\Explorer: [Btn_Refresh] 1
    HKU\S-1-5-21-1292428093-343818398-839522115-29857\...\Policies\Explorer: [Btn_Home] 1
    HKU\S-1-5-21-1292428093-343818398-839522115-29857\...\Policies\Explorer: [Btn_Search] 1
    HKU\S-1-5-21-1292428093-343818398-839522115-29857\...\Policies\Explorer: [Btn_Favorites] 1
    HKU\S-1-5-21-1292428093-343818398-839522115-29857\...\Policies\Explorer: [Btn_History] 2
    HKU\S-1-5-21-1292428093-343818398-839522115-29857\...\Policies\Explorer: [Btn_Folders] 1
    HKU\S-1-5-21-1292428093-343818398-839522115-29857\...\Policies\Explorer: [Btn_Fullscreen] 2
    HKU\S-1-5-21-1292428093-343818398-839522115-29857\...\Policies\Explorer: [Btn_Tools] 1
    HKU\S-1-5-21-1292428093-343818398-839522115-29857\...\Policies\Explorer: [Btn_MailNews] 1
    HKU\S-1-5-21-1292428093-343818398-839522115-29857\...\Policies\Explorer: [Btn_Size] 1
    HKU\S-1-5-21-1292428093-343818398-839522115-29857\...\Policies\Explorer: [Btn_Print] 1
    HKU\S-1-5-21-1292428093-343818398-839522115-29857\...\Policies\Explorer: [Btn_Edit] 2
    HKU\S-1-5-21-1292428093-343818398-839522115-29857\...\Policies\Explorer: [Btn_Discussions] 2
    HKU\S-1-5-21-1292428093-343818398-839522115-29857\...\Policies\Explorer: [Btn_Cut] 2
    HKU\S-1-5-21-1292428093-343818398-839522115-29857\...\Policies\Explorer: [Btn_Copy] 2
    HKU\S-1-5-21-1292428093-343818398-839522115-29857\...\Policies\Explorer: [Btn_Paste] 2
    HKU\S-1-5-21-1292428093-343818398-839522115-29857\...\Policies\Explorer: [Btn_Encoding] 2
    IFEO\bitguard.exe: [Debugger] tasklist.exe
    IFEO\bprotect.exe: [Debugger] tasklist.exe
    IFEO\bpsvc.exe: [Debugger] tasklist.exe
    IFEO\browserdefender.exe: [Debugger] tasklist.exe
    IFEO\browserprotect.exe: [Debugger] tasklist.exe
    IFEO\browsersafeguard.exe: [Debugger] tasklist.exe
    IFEO\dprotectsvc.exe: [Debugger] tasklist.exe
    IFEO\protectedsearch.exe: [Debugger] tasklist.exe
    IFEO\searchprotection.exe: [Debugger] tasklist.exe
    IFEO\searchprotector.exe: [Debugger] tasklist.exe
    IFEO\snapdo.exe: [Debugger] tasklist.exe
    IFEO\stinst32.exe: [Debugger] tasklist.exe
    IFEO\stinst64.exe: [Debugger] tasklist.exe
    IFEO\utiljumpflip.exe: [Debugger] tasklist.exe
    Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\FixExcel2010XP.cmd ()
    Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\FixExcel2010XP.cmd ()
    GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    ProxyEnable: Internet Explorer proxy is enabled.
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://intranetbbva.es.igrupobbva/
    HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?publisher=S...ype=ds&q={searchTerms}&installDate=13/04/2013
    BHO: CSignonExplorerBHO Object - {118589B1-A016-4FC4-AB36-02EEE550CA9A} - C:\WINDOWS\system32\SignonBuHO.dll (Vintegris S.L.)
    BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
    BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll No File
    BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
    BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
    Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
    Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1361000746125
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    Winsock: Catalog5 04 C:\WINDOWS\system32\pnrpnsp.dll [58880] (Microsoft Corporation)
    Winsock: Catalog5 05 C:\WINDOWS\system32\pnrpnsp.dll [58880] (Microsoft Corporation)

    FireFox:
    ========
    FF ProfilePath: C:\Documents and Settings\UA43931.BBVA.002\Application Data\Mozilla\Firefox\Profiles\snvolgxe.default
    FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
    FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
    FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin: @java.com/DTPlugin,version=10.5.1 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.5.1 - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
    FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\Ask.xml
    FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\nationzoom.xml
    FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\Ask.xml
    FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\drae.xml
    FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-es.xml
    FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-es.xml
    FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-07-22]
    FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-07-22]
    FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []

    Chrome:
    =======
    CHR HomePage: hxxp://www.google.com/
    CHR Extension: (backgroundPage) - C:\Documents and Settings\UA43931.BBVA.002\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2014-03-24]
    CHR Extension: (Google Wallet) - C:\Documents and Settings\UA43931.BBVA.002\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-06]
    CHR HKLM\...\Chrome\Extension: [kiplfnciaokpcennlkldkdaeaaomamof] - C:\Documents and Settings\ua43931\Local Settings\Application Data\Torch\Plugins\TorchPlugin.crx [2014-02-06]
    CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
    CHR HKLM\...\Chrome\Extension: [pgafcinpmmpklohkojmllohdhomoefph] - C:\Documents and Settings\All Users\Application Data\Browser Manager\2.3.762.17\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.crx [2013-10-09]

    ========================== Services (Whitelisted) =================

    S2 6to4; C:\WINDOWS\System32\6to4svc.dll [100352 2008-04-14] (Microsoft Corporation)
    S4 AVGIDSAgent; D:\Program Files\AVG\avgidsagent.exe [3782672 2014-02-23] (AVG Technologies CZ, s.r.o.)
    S4 avgwd; D:\Program Files\AVG\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
    S4 BlackICE; C:\Archivos de programa\ISS\issSensors\DesktopProtection\blackd.exe [851968 2004-03-16] (Internet Security Systems, Inc.)
    S4 dsNcService; C:\Program Files\Juniper Networks\Common Files\dsNcService.exe [669040 2011-04-25] (Juniper Networks)
    S4 EPA_GPO_PMService; C:\WINDOWS\system32\PMService.exe [81920 2005-01-21] (TerraNovum)
    S2 Iprip; C:\WINDOWS\System32\iprip.dll [35328 2008-04-14] (Microsoft Corporation)
    S4 JavaQuickStarterService; C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe [161664 2012-05-04] (Oracle Corporation)
    S4 JuniperAccessService; C:\Program Files\Common Files\Juniper Networks\JUNS\dsAccessService.exe [198000 2011-04-25] (Juniper Networks, Inc.)
    S4 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-03-05] (Malwarebytes Corporation)
    S2 McAfeeEngineService; C:\Program Files\Network Associates\VirusScan\EngineServer.exe [22816 2010-10-22] (McAfee, Inc.)
    S2 McAfeeFramework; C:\Program Files\Network Associates\Common Framework\FrameworkService.exe [120128 2011-01-12] (McAfee, Inc.)
    S2 McShield; C:\Program Files\Network Associates\VirusScan\Mcshield.exe [147984 2010-10-22] (McAfee, Inc.)
    S2 McTaskManager; C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe [66880 2010-10-22] (McAfee, Inc.)
    S2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [69192 2010-10-22] (McAfee, Inc.)
    S3 p2pgasvc; C:\WINDOWS\system32\p2pgasvc.dll [105472 2008-04-14] (Microsoft Corporation)
    S4 PCToolsSSDMonitorSvc; C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe [794272 2012-08-21] (PC Tools)
    S4 RapApp; C:\Archivos de programa\ISS\issSensors\DesktopProtection\RapApp.exe [688128 2003-06-20] (Internet Security Systems, Inc.)
    S4 rtofirewall; C:\Program Files\seguridad\rto\IBM\rtofirewallsvc.exe [93184 2011-02-18] ()
    S4 RtoSecStart; C:\Program Files\seguridad\rto\IBM\rtosecstartsrv.exe [86016 2011-02-18] ()
    S4 RtoSysLog; C:\Program Files\seguridad\rto\IBM\rtosyslogservice.exe [145408 2011-02-18] ()
    S4 rtousb; C:\Program Files\seguridad\rto\IBM\rtousbservice.exe [90624 2011-02-18] ()
    S4 S24EventMonitor; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [915728 2010-12-23] (Intel(R) Corporation)
    S4 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3275136 2013-10-09] (Skype Technologies S.A.)
    S4 STacSV; C:\Program Files\IDT\WDM\STacSV.exe [282709 2011-05-27] (IDT, Inc.)
    S4 tunnelguardservice; C:\Program Files\Nortel Networks\TunnelGuard\CueAgent_srv.exe [53248 2003-10-03] (Alexandria Software Consulting)
    S4 WLANKEEPER; C:\Program Files\Intel\WiFi\bin\WLKeeper.exe [375056 2010-12-23] (Intel(R) Corporation)
    S4 WMCoreService; C:\Program Files\Ericsson\Mobile Broadband Drivers\WMCore\WMCore.exe [842280 2011-03-03] (Ericsson AB)

    ==================== Drivers (Whitelisted) ====================

    S3 AESTAud; C:\WINDOWS\System32\drivers\AESTAud.sys [113664 2009-04-21] (Andrea Electronics Corporation)
    S3 AtiHDAudioService; C:\WINDOWS\System32\drivers\AtihdXP3.sys [101392 2011-03-30] (Advanced Micro Devices)
    S1 Avgdiskx; C:\WINDOWS\System32\DRIVERS\avgdiskx.sys [120600 2013-11-25] (AVG Technologies CZ, s.r.o.)
    S1 AVGIDSDriver; C:\WINDOWS\System32\DRIVERS\avgidsdriverx.sys [210712 2013-11-25] (AVG Technologies CZ, s.r.o.)
    R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [149272 2013-11-25] (AVG Technologies CZ, s.r.o.)
    S1 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [22808 2014-01-19] (AVG Technologies CZ, s.r.o.)
    S1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [176952 2013-10-31] (AVG Technologies CZ, s.r.o.)
    R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [222520 2013-10-31] (AVG Technologies CZ, s.r.o.)
    R0 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [102712 2013-10-01] (AVG Technologies CZ, s.r.o.)
    R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [27448 2013-09-10] (AVG Technologies CZ, s.r.o.)
    R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [193848 2013-08-01] (AVG Technologies CZ, s.r.o.)
    S4 black; C:\WINDOWS\System32\drivers\BlackDrv.sys [228837 2004-04-09] (Internet Security Systems, Inc.)
    S3 btaudio; C:\WINDOWS\System32\drivers\btaudio.sys [556200 2009-11-18] (Broadcom Corporation.)
    S3 BTDriver; C:\WINDOWS\System32\DRIVERS\btport.sys [37160 2010-01-14] (Broadcom Corporation.)
    S3 BTKRNL; C:\WINDOWS\System32\DRIVERS\btkrnl.sys [932136 2010-07-23] (Broadcom Corporation.)
    S3 BTWDNDIS; C:\WINDOWS\System32\DRIVERS\btwdndis.sys [118440 2009-11-18] (Broadcom Corporation.)
    S3 BTWUSB; C:\WINDOWS\System32\Drivers\btwusb.sys [51752 2010-07-23] (Broadcom Corporation.)
    S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
    R3 dsNcAdpt; C:\WINDOWS\System32\DRIVERS\dsNcAdpt.sys [26624 2011-04-25] (Juniper Networks)
    R3 e1cexpress; C:\WINDOWS\System32\DRIVERS\e1c5132.sys [192168 2011-05-04] (Intel Corporation)
    S3 e1yexpress; C:\WINDOWS\System32\DRIVERS\e1y5132.sys [244368 2008-03-27] (Intel Corporation)
    R3 Eacfilt; C:\WINDOWS\System32\DRIVERS\eacfilt.sys [11113 2004-09-30] (Nortel Networks)
    S3 h36wgps; C:\WINDOWS\System32\DRIVERS\h36wgps.sys [87592 2011-02-28] (Ericsson AB)
    S0 HpCISSm2; C:\WINDOWS\System32\drivers\HpCISSm2.sys [29224 2010-01-26] (Hewlett-Packard Company)
    R3 IFXTPM; C:\WINDOWS\System32\DRIVERS\IFXTPM.SYS [44800 2007-12-18] (Infineon Technologies AG)
    S3 IPSECEXT; C:\WINDOWS\System32\DRIVERS\ipsecw2k.sys [216459 2004-09-30] (Nortel Networks NA, Inc.)
    R3 IPSECSHM; C:\WINDOWS\System32\DRIVERS\ipsecw2k.sys [216459 2004-09-30] (Nortel Networks NA, Inc.)
    S3 libusb0; C:\WINDOWS\System32\DRIVERS\libusb0.sys [28160 2009-07-07] (http://libusb-win32.sourceforge.net)
    S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-03-05] (Malwarebytes Corporation)
    R3 Mbm4bus; C:\WINDOWS\System32\DRIVERS\Mbm4bus.sys [122824 2011-02-11] (MCCI Corporation)
    S3 Mbm4mdfl; C:\WINDOWS\System32\DRIVERS\Mbm4mdfl.sys [14920 2011-02-11] (MCCI Corporation)
    S3 Mbm4mdm; C:\WINDOWS\System32\DRIVERS\Mbm4mdm.sys [138952 2011-02-11] (MCCI Corporation)
    S3 Mbm4mgmt; C:\WINDOWS\System32\DRIVERS\Mbm4mgmt.sys [132808 2011-02-11] (MCCI Corporation)
    R3 Mbm4NNd5; C:\WINDOWS\System32\DRIVERS\Mbm4NNd5.sys [24904 2011-02-11] (MCCI Corporation)
    R3 Mbm4NUn; C:\WINDOWS\System32\DRIVERS\Mbm4NUn.sys [149960 2011-02-11] (MCCI Corporation)
    R3 MEI; C:\WINDOWS\System32\DRIVERS\HECI.sys [41088 2010-10-19] (Intel Corporation)
    S3 mfeapfk; C:\WINDOWS\System32\drivers\mfeapfk.sys [76024 2010-10-22] (McAfee, Inc.)
    S3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [91896 2010-10-22] (McAfee, Inc.)
    S3 mfebopk; C:\WINDOWS\System32\drivers\mfebopk.sys [43192 2010-10-22] (McAfee, Inc.)
    S0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [344712 2010-10-22] (McAfee, Inc.)
    S3 mferkdet; C:\WINDOWS\System32\drivers\mferkdet.sys [66536 2010-10-22] (McAfee, Inc.)
    R1 mfetdik; C:\WINDOWS\System32\drivers\mfetdik.sys [64208 2010-10-22] (McAfee, Inc.)
    S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
    R3 NETwNx32; C:\WINDOWS\System32\DRIVERS\NETwNx32.sys [7391104 2010-12-21] (Intel Corporation)
    R3 nusb3hub; C:\WINDOWS\System32\DRIVERS\nusb3hub.sys [62336 2010-12-10] (Renesas Electronics Corporation)
    R3 nusb3xhc; C:\WINDOWS\System32\DRIVERS\nusb3xhc.sys [141440 2010-12-10] (Renesas Electronics Corporation)
    S3 RapFile; C:\WINDOWS\system32\drivers\RapFile.sys [36676 2003-06-20] (Internet Security Systems, Inc.)
    S3 RapNet; C:\WINDOWS\system32\drivers\RapNet.sys [24344 2003-06-20] (Internet Security Systems, Inc.)
    S2 s24trans; C:\WINDOWS\System32\DRIVERS\s24trans.sys [13952 2010-05-19] (Intel Corporation)
    S3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1970726 2011-05-27] (IDT, Inc.)
    S3 swivsp; C:\WINDOWS\System32\DRIVERS\swivspnt.sys [20352 2007-09-18] (Sierra Wireless Inc.)
    R1 Tcpip6; C:\WINDOWS\System32\DRIVERS\tcpip6.sys [225856 2008-06-20] (Microsoft Corporation)
    S0 VMSCSI; C:\WINDOWS\System32\drivers\vmscsi.sys [10880 2005-11-30] (VMware, Inc.)
    S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
    S4 IntelIde; No ImagePath
    S1 iSafeNetFilter; \??\C:\Program Files\iSafe\iSafeNetFilter.sys [X]
    S3 smsmdd; system32\DRIVERS\smsmdm.sys [X]
    U%8Faq%09 T8267;
    U2 TMAgent;
    U1 WS2IFSL;

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2014-04-12 18:10 - 2014-04-12 18:10 - 00000000 ___DC () C:\FRST
    2014-04-11 17:07 - 2014-04-12 18:04 - 00000000 ____D () C:\WINDOWS\pss
    2014-04-11 16:11 - 2014-04-11 16:11 - 00000000 ___DC () C:\Documents and Settings\UA43931.BBVA.002\Local Settings\Application Data\Sun
    2014-04-11 16:11 - 2014-04-11 16:11 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\SystemRequirementsLab
    2014-04-11 16:11 - 2014-04-11 16:11 - 00000000 ____D () C:\Program Files\SystemRequirementsLab
    2014-04-11 15:50 - 2014-04-11 15:50 - 00000597 ____C () C:\Documents and Settings\UA43931.BBVA.002\Desktop\WinDirStat.lnk
    2014-04-09 14:50 - 2014-04-09 15:24 - 00000000 ___DC () C:\Documents and Settings\UA43931.BBVA.002\Application Data\vlc
    2014-04-09 14:50 - 2014-04-09 14:50 - 00000726 _____ () C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
    2014-04-09 14:50 - 2014-04-09 14:50 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
    2014-04-09 14:48 - 2014-04-09 14:48 - 00000000 ____D () C:\Program Files\VideoLAN
    2014-04-07 20:18 - 2014-04-09 13:04 - 00024064 ____C () C:\Documents and Settings\UA43931.BBVA.002\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2014-04-07 11:13 - 2014-04-07 11:13 - 00000876 ____C () C:\Documents and Settings\UA43931.BBVA.002\Desktop\µTorrent.lnk
    2014-04-07 11:12 - 2014-04-11 16:29 - 00000000 ___DC () C:\Documents and Settings\UA43931.BBVA.002\Application Data\uTorrent
    2014-04-06 16:26 - 2014-04-06 16:26 - 00000000 ___DC () C:\Documents and Settings\UA43931.BBVA.002\Local Settings\Application Data\Hewlett-Packard_Developme
    2014-04-06 16:20 - 2014-04-06 21:20 - 00000000 ___DC () C:\Documents and Settings\UA43931.BBVA.002\Application Data\Skype
    2014-04-05 12:40 - 2014-04-05 12:42 - 00000000 ___DC () C:\Documents and Settings\UA43931.BBVA.002\Desktop\Holiday_Work_M2
    2014-04-03 13:24 - 2014-04-06 16:25 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2014-04-03 13:23 - 2014-04-03 13:23 - 00000784 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    2014-04-03 13:23 - 2014-04-03 13:23 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2014-04-03 13:23 - 2014-04-03 13:23 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
    2014-04-03 13:23 - 2014-04-03 13:23 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-04-03 13:23 - 2014-03-05 09:26 - 00050648 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
    2014-04-03 13:23 - 2014-03-05 09:26 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
    2014-04-03 12:46 - 2014-04-03 12:46 - 00000000 ___DC () C:\Documents and Settings\UA43931.BBVA.002\Application Data\TuneUp Software
    2014-04-03 12:46 - 2014-04-03 12:46 - 00000000 ___DC () C:\Documents and Settings\UA43931.BBVA.002\Application Data\AVG2014
    2014-04-03 12:46 - 2014-04-03 12:46 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG
    2014-04-03 12:45 - 2014-04-03 12:46 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\AVG2014
    2014-04-03 12:45 - 2014-04-03 12:45 - 00000000 __HDC () C:\$AVG
    2014-04-03 12:40 - 2014-04-11 13:27 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\MFAData
    2014-04-03 12:40 - 2014-04-03 12:51 - 00000000 ___DC () C:\Documents and Settings\UA43931.BBVA.002\Local Settings\Application Data\Avg2014
    2014-04-03 12:40 - 2014-04-03 12:40 - 00000000 ___DC () C:\Documents and Settings\UA43931.BBVA.002\Local Settings\Application Data\MFAData
    2014-04-01 18:25 - 2014-04-01 18:25 - 00000059 ____C () C:\Documents and Settings\UA43931.BBVA.002\Start Menu\Importar contactos....url
    2014-03-31 16:47 - 2014-03-31 16:47 - 00102400 _____ () C:\WINDOWS\Minidump\Mini033114-01.dmp
    2014-03-24 17:10 - 2014-04-03 13:18 - 00000000 ____D () C:\Program Files\MediaWatchV1
    2014-03-20 14:29 - 2014-03-20 14:29 - 00000000 ___DC () C:\Documents and Settings\UA43931.BBVA.002\Local Settings\Application Data\Microsoft Help
    2014-03-16 17:12 - 2014-03-16 17:12 - 00000000 _SHDC () C:\Documents and Settings\UA43931.BBVA.002\IECompatCache
    2014-03-16 17:12 - 2014-03-16 17:12 - 00000000 ___DC () C:\Documents and Settings\UA43931.BBVA.002\Application Data\Google

    ==================== One Month Modified Files and Folders =======

    2014-04-12 18:10 - 2014-04-12 18:10 - 00000000 ___DC () C:\FRST
    2014-04-12 18:06 - 2013-02-16 09:45 - 60671130 _____ () C:\WINDOWS\setupapi.log
    2014-04-12 18:06 - 2011-04-07 19:20 - 00221494 _____ () C:\WINDOWS\setupact.log
    2014-04-12 18:06 - 2011-04-07 17:26 - 01535139 _____ () C:\WINDOWS\WindowsUpdate.log
    2014-04-12 18:05 - 2011-04-08 03:15 - 00000582 _____ () C:\WINDOWS\win.ini
    2014-04-12 18:05 - 2011-04-08 03:15 - 00000227 _____ () C:\WINDOWS\system.ini
    2014-04-12 18:05 - 2011-04-08 03:15 - 00000212 _RSHC () C:\boot.ini
    2014-04-12 18:04 - 2014-04-11 17:07 - 00000000 ____D () C:\WINDOWS\pss
    2014-04-12 18:00 - 2012-05-31 07:21 - 00000000 __SHD () C:\WINDOWS\CSC
    2014-04-12 17:50 - 2011-04-07 19:24 - 00000159 _____ () C:\WINDOWS\wiadebug.log
    2014-04-12 17:50 - 2011-04-07 19:24 - 00000050 _____ () C:\WINDOWS\wiaservc.log
    2014-04-12 17:50 - 2011-04-07 17:30 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
    2014-04-11 20:37 - 2014-02-06 13:47 - 00000178 __SHC () C:\Documents and Settings\UA43931.BBVA.002\ntuser.ini
    2014-04-11 19:35 - 2012-05-31 06:39 - 00000460 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{36657E7A-DB41-4A05-8160-C2C88A5694DE}.job
    2014-04-11 18:25 - 2012-05-31 06:24 - 00524288 _____ () C:\WINDOWS\system32\config\HP Conne.evt
    2014-04-11 18:22 - 2013-07-01 20:20 - 00001324 _____ () C:\WINDOWS\system32\d3d9caps.dat
    2014-04-11 18:01 - 2013-05-11 14:19 - 00000336 _____ () C:\WINDOWS\Tasks\HP Photo Creations Messager.job
    2014-04-11 17:59 - 2014-02-05 15:55 - 00000374 _____ () C:\WINDOWS\Tasks\SelectionTool Update.job
    2014-04-11 17:59 - 2013-07-29 19:00 - 00000276 _____ () C:\WINDOWS\Tasks\RMAutoUpdate.job
    2014-04-11 17:59 - 2013-07-24 15:49 - 00000000 ____D () C:\Program Files\PC Tools Registry Mechanic
    2014-04-11 17:59 - 2012-11-17 20:51 - 00001086 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2014-04-11 17:42 - 2012-11-17 20:51 - 00001090 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2014-04-11 17:41 - 2011-04-07 17:30 - 00032356 _____ () C:\WINDOWS\SchedLgU.Txt
    2014-04-11 17:24 - 2013-09-01 13:24 - 00000416 _____ () C:\WINDOWS\Tasks\At6.job
    2014-04-11 16:29 - 2014-04-07 11:12 - 00000000 ___DC () C:\Documents and Settings\UA43931.BBVA.002\Application Data\uTorrent
    2014-04-11 16:29 - 2012-05-31 16:07 - 00131072 _____ () C:\WINDOWS\system32\config\OAlerts.evt
    2014-04-11 16:11 - 2014-04-11 16:11 - 00000000 ___DC () C:\Documents and Settings\UA43931.BBVA.002\Local Settings\Application Data\Sun
    2014-04-11 16:11 - 2014-04-11 16:11 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\SystemRequirementsLab
    2014-04-11 16:11 - 2014-04-11 16:11 - 00000000 ____D () C:\Program Files\SystemRequirementsLab
    2014-04-11 15:50 - 2014-04-11 15:50 - 00000597 ____C () C:\Documents and Settings\UA43931.BBVA.002\Desktop\WinDirStat.lnk
    2014-04-11 14:18 - 2013-05-11 14:18 - 00000466 _____ () C:\WINDOWS\Tasks\At4.job
    2014-04-11 14:00 - 2013-05-11 14:18 - 00000466 _____ () C:\WINDOWS\Tasks\At5.job
    2014-04-11 13:27 - 2014-04-03 12:40 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\MFAData
    2014-04-11 10:10 - 2013-05-11 14:18 - 00000466 _____ () C:\WINDOWS\Tasks\At2.job
    2014-04-10 22:12 - 2013-07-24 15:49 - 00000276 _____ () C:\WINDOWS\Tasks\RMSchedule.job
    2014-04-10 20:40 - 2013-05-11 14:18 - 00000466 _____ () C:\WINDOWS\Tasks\At3.job
    2014-04-10 19:00 - 2013-07-29 19:00 - 00000272 _____ () C:\WINDOWS\system32\AppLog.log
    2014-04-10 17:35 - 2013-09-01 13:24 - 00000000 ____D () C:\Quarantine
    2014-04-10 17:33 - 2011-04-08 03:15 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
    2014-04-09 15:24 - 2014-04-09 14:50 - 00000000 ___DC () C:\Documents and Settings\UA43931.BBVA.002\Application Data\vlc
    2014-04-09 14:50 - 2014-04-09 14:50 - 00000726 _____ () C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
    2014-04-09 14:50 - 2014-04-09 14:50 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
    2014-04-09 14:48 - 2014-04-09 14:48 - 00000000 ____D () C:\Program Files\VideoLAN
    2014-04-09 13:04 - 2014-04-07 20:18 - 00024064 ____C () C:\Documents and Settings\UA43931.BBVA.002\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2014-04-07 11:13 - 2014-04-07 11:13 - 00000876 ____C () C:\Documents and Settings\UA43931.BBVA.002\Desktop\µTorrent.lnk
    2014-04-07 09:34 - 2012-11-20 22:02 - 02059880 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    2014-04-06 21:20 - 2014-04-06 16:20 - 00000000 ___DC () C:\Documents and Settings\UA43931.BBVA.002\Application Data\Skype
    2014-04-06 17:01 - 2014-02-10 20:04 - 00000000 ___DC () C:\Documents and Settings\UA43931.BBVA.002\Local Settings\Application Data\CUSTPDF Writer
    2014-04-06 16:26 - 2014-04-06 16:26 - 00000000 ___DC () C:\Documents and Settings\UA43931.BBVA.002\Local Settings\Application Data\Hewlett-Packard_Developme
    2014-04-06 16:25 - 2014-04-03 13:24 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2014-04-06 16:24 - 2013-02-03 11:18 - 00002265 _____ () C:\Documents and Settings\All Users\Desktop\Skype.lnk
    2014-04-06 16:20 - 2013-02-03 11:18 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Skype
    2014-04-06 16:20 - 2012-11-27 22:30 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Skype
    2014-04-05 12:42 - 2014-04-05 12:40 - 00000000 ___DC () C:\Documents and Settings\UA43931.BBVA.002\Desktop\Holiday_Work_M2
    2014-04-05 10:47 - 2014-01-30 19:22 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\WPM
    2014-04-05 10:47 - 2014-01-30 19:21 - 00000000 ____D () C:\Program Files\fst_es_43
    2014-04-03 16:37 - 2012-11-17 20:52 - 00001818 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
    2014-04-03 16:18 - 2014-01-30 19:21 - 00000000 ____D () C:\Documents and Settings\ua43931\Application Data\nationzoom
    2014-04-03 16:18 - 2013-06-29 14:54 - 00000000 ____D () C:\Program Files\Movies Toolbar
    2014-04-03 14:15 - 2013-01-12 23:40 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
    2014-04-03 14:00 - 2014-02-05 15:55 - 00000000 ____D () C:\Program Files\SelectionTool
    2014-04-03 13:57 - 2014-01-30 19:21 - 00000000 ____D () C:\Program Files\Mobogenie
    2014-04-03 13:23 - 2014-04-03 13:23 - 00000784 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
    2014-04-03 13:23 - 2014-04-03 13:23 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2014-04-03 13:23 - 2014-04-03 13:23 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
    2014-04-03 13:23 - 2014-04-03 13:23 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-04-03 13:20 - 2014-02-06 13:47 - 00000000 ___DC () C:\Documents and Settings\UA43931.BBVA.002\Local Settings\Application Data\Google
    2014-04-03 13:19 - 2014-02-24 18:00 - 00000000 ____D () C:\Program Files\MediaViewerV1
    2014-04-03 13:19 - 2014-01-30 19:23 - 00000000 ____D () C:\Documents and Settings\ua43931\Local Settings\Application Data\genienext
    2014-04-03 13:18 - 2014-03-24 17:10 - 00000000 ____D () C:\Program Files\MediaWatchV1
    2014-04-03 13:18 - 2014-02-27 20:55 - 00000000 ____D () C:\Program Files\MediaViewV1
    2014-04-03 13:17 - 2014-02-23 14:54 - 00000000 ____D () C:\Program Files\MediaPlayerV1
    2014-04-03 13:11 - 2013-09-01 13:24 - 00000000 ____D () C:\Program Files\DealPly
    2014-04-03 12:51 - 2014-04-03 12:40 - 00000000 ___DC () C:\Documents and Settings\UA43931.BBVA.002\Local Settings\Application Data\Avg2014
    2014-04-03 12:46 - 2014-04-03 12:46 - 00000000 ___DC () C:\Documents and Settings\UA43931.BBVA.002\Application Data\TuneUp Software
    2014-04-03 12:46 - 2014-04-03 12:46 - 00000000 ___DC () C:\Documents and Settings\UA43931.BBVA.002\Application Data\AVG2014
    2014-04-03 12:46 - 2014-04-03 12:46 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG
    2014-04-03 12:46 - 2014-04-03 12:45 - 00000000 ___DC () C:\Documents and Settings\All Users\Application Data\AVG2014
    2014-04-03 12:45 - 2014-04-03 12:45 - 00000000 __HDC () C:\$AVG
    2014-04-03 12:40 - 2014-04-03 12:40 - 00000000 ___DC () C:\Documents and Settings\UA43931.BBVA.002\Local Settings\Application Data\MFAData
    2014-04-03 12:37 - 2013-07-22 14:13 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Norton
    2014-04-03 12:31 - 2013-07-22 14:13 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
    2014-04-02 14:41 - 2013-11-11 14:39 - 00528020 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
    2014-04-01 18:59 - 2012-09-08 13:35 - 00000838 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2014-04-01 18:25 - 2014-04-01 18:25 - 00000059 ____C () C:\Documents and Settings\UA43931.BBVA.002\Start Menu\Importar contactos....url
    2014-04-01 14:59 - 2012-09-08 13:35 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
    2014-04-01 14:59 - 2012-05-31 06:40 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
    2014-03-31 16:47 - 2014-03-31 16:47 - 00102400 _____ () C:\WINDOWS\Minidump\Mini033114-01.dmp
    2014-03-31 16:47 - 2012-07-03 15:20 - 00000000 ____D () C:\WINDOWS\Minidump
    2014-03-31 14:24 - 2013-12-19 10:24 - 00000133 _____ () C:\Documents and Settings\NetworkService\Application Data\WB.CFG
    2014-03-20 14:29 - 2014-03-20 14:29 - 00000000 ___DC () C:\Documents and Settings\UA43931.BBVA.002\Local Settings\Application Data\Microsoft Help
    2014-03-16 17:12 - 2014-03-16 17:12 - 00000000 _SHDC () C:\Documents and Settings\UA43931.BBVA.002\IECompatCache
    2014-03-16 17:12 - 2014-03-16 17:12 - 00000000 ___DC () C:\Documents and Settings\UA43931.BBVA.002\Application Data\Google
    2014-03-16 17:12 - 2014-02-06 13:47 - 00000000 ___DC () C:\Documents and Settings\UA43931.BBVA.002
    2014-03-16 16:36 - 2012-11-20 22:25 - 00000000 ____D () C:\Program Files\SAMSUNG
    2014-03-16 16:35 - 2011-04-07 19:21 - 00639330 ____C () C:\WINDOWS\iis6.log
    2014-03-16 16:35 - 2011-04-07 19:21 - 00553780 ____C () C:\WINDOWS\FaxSetup.log
    2014-03-16 16:35 - 2011-04-07 19:21 - 00275820 ____C () C:\WINDOWS\ocgen.log
    2014-03-16 16:35 - 2011-04-07 19:21 - 00255774 ____C () C:\WINDOWS\tsoc.log
    2014-03-16 16:35 - 2011-04-07 19:21 - 00187895 ____C () C:\WINDOWS\comsetup.log
    2014-03-16 16:35 - 2011-04-07 19:21 - 00174732 ____C () C:\WINDOWS\msmqinst.log
    2014-03-16 16:35 - 2011-04-07 19:21 - 00113922 ____C () C:\WINDOWS\ntdtcsetup.log
    2014-03-16 16:35 - 2011-04-07 19:21 - 00094775 ____C () C:\WINDOWS\netfxocm.log
    2014-03-16 16:35 - 2011-04-07 19:21 - 00038132 ____C () C:\WINDOWS\MedCtrOC.log
    2014-03-16 16:35 - 2011-04-07 19:21 - 00029892 ____C () C:\WINDOWS\ocmsn.log
    2014-03-16 16:35 - 2011-04-07 19:21 - 00027589 ____C () C:\WINDOWS\tabletoc.log
    2014-03-16 16:35 - 2011-04-07 19:21 - 00026909 ____C () C:\WINDOWS\msgsocm.log
    2014-03-16 16:35 - 2011-04-07 19:21 - 00001917 _____ () C:\WINDOWS\imsins.log

    Files to move or delete:
    ====================
    C:\Windows\Tasks\At1.job
    C:\Windows\Tasks\At2.job
    C:\Windows\Tasks\At3.job
    C:\Windows\Tasks\At4.job
    C:\Windows\Tasks\At5.job
    C:\Windows\Tasks\At6.job


    Some content of TEMP:
    ====================
    C:\Documents and Settings\UA43931.BBVA.000\Local Settings\Temp\Uninstall.exe
    C:\Documents and Settings\UA43931.BBVA.002\Local Settings\Temp\SRLDetectionLibrary3695500547527255027.dll


    ==================== Bamital & volsnap Check =================

    C:\WINDOWS\explorer.exe => MD5 is legit
    C:\WINDOWS\system32\winlogon.exe => MD5 is legit
    C:\WINDOWS\system32\svchost.exe => MD5 is legit
    C:\WINDOWS\system32\services.exe => MD5 is legit
    C:\WINDOWS\system32\User32.dll => MD5 is legit
    C:\WINDOWS\system32\userinit.exe => MD5 is legit
    C:\WINDOWS\system32\rpcss.dll => MD5 is legit
    C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

    ==================== End Of Log ============================
  6. Broni

    Broni Malware Annihilator Posts: 46,157   +251

    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-04-2014
    Ran by UA43931 at 2014-04-12 18:11:42
    Running from G:\
    Boot Mode: Safe Mode (with Networking)
    ==========================================================


    ==================== Security Center ========================

    AV: VirusScan Enterprise + AntiSpyware Enterprise (Disabled - Up to date) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

    ==================== Installed Programs ======================

    µTorrent (HKCU\...\uTorrent) (Version: 3.4.1.30768 - BitTorrent Inc.)
    7-Zip 9.20 (HKLM\...\{23170F69-40C1-2701-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
    Adobe Acrobat 4.0 (HKLM\...\Adobe Acrobat 4.0) (Version: - )
    Adobe AIR (HKLM\...\Adobe AIR) (Version: 1.5.2.8870 - Adobe Systems Inc.)
    Adobe AIR (Version: 1.5.2.8870 - Adobe Systems Inc.) Hidden
    Adobe Digital Editions (HKLM\...\Digital Editions) (Version: - )
    Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
    Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.43 - Adobe Systems Incorporated)
    Adobe Reader X (10.1.0) - Español (HKLM\...\{AC76BA86-7AD7-1034-7B44-AA1000000001}) (Version: 10.1.0 - Adobe Systems Incorporated)
    Adobe Shockwave Player (HKLM\...\{AD72CFB4-C2BF-424E-9DF0-C7BAD1F30A11}) (Version: 11.0 - Adobe Systems, Inc.)
    Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)
    Apple Mobile Device Support (HKLM\...\{459699C3-9430-4381-964B-4248D87B49F9}) (Version: 6.0.1.3 - Apple Inc.)
    Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
    AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4355 - AVG Technologies)
    AVG 2014 (Version: 14.0.3882 - AVG Technologies) Hidden
    AVG 2014 (Version: 14.0.4355 - AVG Technologies) Hidden
    BBVA_Office_OTF_TTF (HKLM\...\{FCFF5110-5D38-43D3-9972-86F05DA2C6B8}) (Version: 17.11.2011 - Your Company Name)
    bbvasalvapantallas Screen Saver (HKLM\...\bbvasalvapantallas) (Version: - )
    Broadcom 2070 Bluetooth 3.0 (HKLM\...\{F48BE301-EC78-4686-B580-EE4934558798}) (Version: 5.6.0.5600 - HP)
    Citrix Presentation Server Client (HKLM\...\{2624B680-02BC-4CBC-839C-DA20DF6EF6EC}) (Version: 10.200.2650 - Citrix Systems, Inc.)
    Compatibilidad con Aplicaciones de Apple (HKLM\...\{CCE825DB-347A-4004-A186-5F4A6FDD8547}) (Version: 2.3.2 - Apple Inc.)
    Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6425.1000 - Microsoft Corporation)
    Estudio de mejora de productos de HP Deskjet 3050A J611 series (HKLM\...\{E9A0F78E-A0E7-419D-AAD8-A4C1FC720119}) (Version: 25.0.571.0 - Hewlett-Packard Co.)
    explorer (HKLM\...\{77df91a6-dbec-4033-9b56-f771e4fe01f5}.sdb) (Version: - )
    EZ GPO Power Management Config Tool (HKLM\...\{C5B83F18-6959-4760-9879-709E29E75DAF}) (Version: 2.0.14 - TerraNovum)
    fst_es_43 (HKLM\...\fst_es_43_is1) (Version: - FREESOFTTODAY) <==== ATTENTION
    Garmin ANT Agent (HKLM\...\{2CEDDEB4-7AB5-440E-A8B0-4EF9B1727DBD}) (Version: 2.3.4 - Garmin Ltd or its subsidiaries)
    Google Chrome (HKLM\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
    Google Drive (HKLM\...\{E87022D3-C8C9-4C76-8E27-BC7F18F9B8FB}) (Version: 1.14.6059.644 - Google, Inc.)
    Google Talk Plugin (HKLM\...\{669A032D-4E28-3D11-BB26-8AD5D51EFE87}) (Version: 2.1.8.0 - Google)
    Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
    Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
    Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden
    HP Connection Manager (HKLM\...\{795AADBF-58C2-42D0-B779-E730702A247E}) (Version: 4.0.45.1 - Hewlett-Packard Company)
    HP Deskjet 3050A J611 series Ayuda (HKLM\...\{97DDCAB8-B770-4089-A10F-67568069D78A}) (Version: 140.0.2.2 - Hewlett Packard)
    HP Mobile Broadband Drivers (HKLM\...\{646E8C34-C88B-42F9-9F41-985A801219E1}) (Version: 6.3.5.3 - Ericsson AB)
    HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.5192 - HP Photo Creations)
    HP Update (HKLM\...\{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}) (Version: 5.003.000.004 - Hewlett-Packard)
    HPDiagnosticAlert (Version: 1.00.0000 - Microsoft) Hidden
    Impresora PDF (HKLM\...\{2429D645-2C0B-46C8-B02A-BF95BB045945}) (Version: 0.00 - BBVA)
    Intel PROSet Wireless (Version: - ) Hidden
    Internet Explorer (Version: 8 - Microsoft Corporation) Hidden
    iTunes (HKLM\...\{B0261E53-B6F1-474A-864B-E7C3CBF468E0}) (Version: 11.0.1.12 - Apple Inc.)
    Java 2 Runtime Environment, SE v1.4.2_07 (HKLM\...\{7148F0A8-6813-11D6-A77B-00B0D0142070}) (Version: 1.4.2_07 - Sun Microsystems, Inc.)
    Java Auto Updater (Version: 2.1.6.0 - Sun Microsystems, Inc.) Hidden
    Java(TM) 7 Update 5 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217005FF}) (Version: 7.0.50 - Oracle)
    JavaFX 2.1.1 (HKLM\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
    Juniper Installer Service (HKLM\...\{5E325444-E4C0-451C-ADC0-FE0D839703D4}) (Version: 7.1.0.18193 - Juniper Networks)
    Juniper Networks Network Connect 7.1.0 (HKLM\...\Juniper Network Connect 7.1.0) (Version: 7.1.0.18193 - Juniper Networks)
    Juniper Networks, Inc. Setup Client Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
    K-Lite Codec Pack 5.1.0 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 5.1.0 - )
    LEGATO EmailXtender® 4.81 Client (HKLM\...\{DA9E949F-3C63-476C-9248-FF64D95A0031}) (Version: 4.81.1043 - EMC Corporation)
    Livelink Office Editor (HKLM\...\{0EC5AE85-BAED-400D-95E6-A3528FC9B124}) (Version: 3.2.0.209 - Open Text Corporation)
    Malwarebytes Anti-Malware versión 2.00.0.1000 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.00.0.1000 - Malwarebytes Corporation)
    McAfee Agent (HKLM\...\{2AAB21C2-4CDA-4189-A0EC-5ED666113F84}) (Version: 4.5.0.1810 - McAfee, Inc.)
    McAfee AntiSpyware Enterprise Module (HKLM\...\McAfee Anti-Spyware Enterprise Module) (Version: 8.7.0.129 - McAfee, Inc.)
    McAfee VirusScan Enterprise (HKLM\...\{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}) (Version: 8.7.00004 - McAfee, Inc.)
    Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )
    Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
    Microsoft .NET Framework 1.1 Security Update (KB2656353) (HKLM\...\M2656353) (Version: - )
    Microsoft .NET Framework 1.1 Security Update (KB2656370) (HKLM\...\M2656370) (Version: - )
    Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - ESN (HKLM\...\{85AC0FFA-643D-3103-9310-7086ECB0C36C}) (Version: 2.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - ESN (HKLM\...\{12E0A949-8861-35F8-B7ED-5658788A7BFE}) (Version: 3.1.21022 - Microsoft Corporation)
    Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
    Microsoft .NET Framework 3.5 Language Pack - esn (Version: 3.5.21022 - Microsoft Corporation) Hidden
    Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
    Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
    Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
    Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 (Version: - Microsoft Corporation) Hidden
    Microsoft Office 2010 Service Pack 1 (SP1) (HKLM\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version: - Microsoft)
    Microsoft Office 2010 Service Pack 1 (SP1) (Version: - Microsoft) Hidden
    Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Access MUI (Spanish) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
    Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Excel MUI (Spanish) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
    Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Groove MUI (Spanish) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
    Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office InfoPath MUI (Spanish) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
    Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office OneNote MUI (Spanish) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
    Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Outlook MUI (Spanish) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
    Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office PowerPoint MUI (Spanish) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
    Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.6029.1000 - Microsoft Corporation)
    Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (Basque) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (Catalan) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (Galician) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (Portuguese (Brazil)) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proofing (Spanish) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
    Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Publisher MUI (Spanish) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared MUI (Spanish) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Office Word MUI (Spanish) 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
    Microsoft Software Update for Web Folders (English) 14 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
    Microsoft Software Update for Web Folders (Spanish) 14 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
    Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft WinUsb 1.0 (HKLM\...\winusb0100) (Version: - Microsoft Corporation)
    Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
    Mobile Broadband Generic Drivers (HKLM\...\{7F18A718-2398-4D83-B5A2-AEACB9D3F71C}) (Version: 2.02.03.005.15 - Novatel Wireless)
    Mobogenie (HKLM\...\Mobogenie) (Version: - Mobogenie.com) <==== ATTENTION
    Mozilla Firefox 22.0 (x86 es-ES) (HKLM\...\Mozilla Firefox 22.0 (x86 es-ES)) (Version: 22.0 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 22.0 - Mozilla)
    MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
    MSXML 6.0 Parser (KB933579) (HKLM\...\{79ACDEE9-29B6-4E2A-8C65-4352774D5BEA}) (Version: 6.10.1200.0 - Microsoft Corporation)
    Nortel Networks Contivity VPN Client (HKLM\...\{EF964A78-078C-11D1-B7A7-0000C0134CE6}) (Version: - )
    Nortel Networks TunnelGuard (HKLM\...\{8EA37DFD-B8C6-49A6-AE0F-F2195BA5C8A4}) (Version: 1.1.1 - Nortel Networks)
    NVIDIA PhysX (HKLM\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
    Paquete de controladores de Windows - Dynastream Innovations (libusb0) LibUsbDevices (07/07/2009 1.12.2) (HKLM\...\24DA573F901348FFDFF7717497830D45BE0C362E) (Version: 07/07/2009 1.12.2 - Dynastream Innovations)
    Paquete de controladores de Windows - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
    Paquete de idioma de Microsoft .NET Framework 3.5 - esn (HKLM\...\Microsoft .NET Framework 3.5 Language Pack - esn) (Version: - Microsoft Corporation)
    PC Tools Registry Mechanic 11.1 (HKLM\...\Registry Mechanic_is1) (Version: 11.1 - PC Tools)
    QuickTime (HKLM\...\{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}) (Version: 7.64.17.73 - Apple Inc.)
    RDC (Version: - Microsoft Corporation) Hidden
    rto (HKLM\...\{8CBBA6C1-58E8-444C-94F5-BD0A2001E038}) (Version: 1.0.0 - IBM)
    SelectionTool (HKLM\...\96bd7ea2-c92e-4f4d-8108-c7bb81075eea) (Version: - SelectionTool Software) <==== ATTENTION
    Skype Click to Call (HKLM\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
    Skype™ 6.3 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.107 - Skype Technologies S.A.)
    Software básico del dispositivo HP Deskjet 3050A J611 series (HKLM\...\{23E1E4DA-6D66-47FA-B65B-2E3B00059FB5}) (Version: 25.0.571.0 - Hewlett-Packard Co.)
    Software Intel(R) PROSet/Wireless WiFi (HKLM\...\{F5F97313-4454-4B49-A602-285447A55B86}) (Version: 14.00.1000 - Intel Corporation)
    swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    System Requirements Lab CYRI (HKLM\...\{F3FCB08B-E752-444D-86A0-0634A4F3B23D}) (Version: 6.0.8.0 - Husdawg, LLC)
    Update for Windows XP (KB943729) (HKLM\...\KB943729) (Version: - Microsoft Corporation)
    Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
    Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
    VinPassLogout (HKLM\...\{78D0D78C-FC9D-455B-81F4-E9B2145B7858}) (Version: 1.0.0 - Vintegris)
    VinSSO (HKLM\...\{0A636730-C329-4A2D-BBFF-EDF0891BBB1A}) (Version: 3.0.4 - Vintegris)
    Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
    VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
    WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
    WIMGAPI (HKLM\...\{721ABC3B-5F12-4332-9C0C-C11424EF666C}) (Version: 1.0.0.0 - Microsoft Corporation)
    Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
    Windows Internet Explorer 8 Multilingual User Interface (MUI) (HKLM\...\IE8-MUI) (Version: 20090411.120000 - Microsoft Corporation)
    Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )
    Windows Media Format 11 runtime (Version: - Microsoft Corporation) Hidden
    Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )
    Windows Media Player 11 (Version: - Microsoft Corporation) Hidden
    XML Paper Specification Shared Components Language Pack 1.0 (Version: - Microsoft Corporation) Hidden
  7. Broni

    Broni Malware Annihilator Posts: 46,157   +251

    ==================== Restore Points =========================


    ==================== Hosts content: ==========================

    2011-04-08 03:15 - 2012-11-08 09:42 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
    127.0.0.1 localhost

    ==================== Scheduled Tasks (whitelisted) =============

    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    Task: C:\WINDOWS\Tasks\At1.job => C:\WINDOWS\System32\Reinicio.exe
    Task: C:\WINDOWS\Tasks\At2.job => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe
    Task: C:\WINDOWS\Tasks\At3.job => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe
    Task: C:\WINDOWS\Tasks\At4.job => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe
    Task: C:\WINDOWS\Tasks\At5.job => C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPCustPartic.exe
    Task: C:\WINDOWS\Tasks\At6.job => C:\DOCUME~1\ua43931\APPLIC~1\Dealply\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\HP Photo Creations Messager.job => C:\Documents and Settings\All Users\Application Data\HP Photo Creations\MessageCheck.exe
    Task: C:\WINDOWS\Tasks\RMAutoUpdate.job => C:\Program Files\PC Tools Registry Mechanic\SULauncher.exe
    Task: C:\WINDOWS\Tasks\RMSchedule.job => C:\Program Files\PC Tools Registry Mechanic\RegMech.exe
    Task: C:\WINDOWS\Tasks\SelectionTool Update.job => C:\Program Files\SelectionTool\STupdate.exe <==== ATTENTION
    Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{36657E7A-DB41-4A05-8160-C2C88A5694DE}.job => C:\WINDOWS\system32\msfeedssync.exe

    ==================== Loaded Modules (whitelisted) =============

    2011-02-18 13:52 - 2011-02-18 13:52 - 00096768 _____ () C:\Program Files\seguridad\rto\IBM\rtonotify.dll
    2011-02-18 13:51 - 2011-02-18 13:51 - 00066048 _____ () C:\Program Files\seguridad\rto\IBM\rtoTrace.dll
    2010-05-10 17:57 - 2010-05-10 17:57 - 00011776 _____ () C:\Program Files\Vintegris\VinPassLogout\DLLVinLogout.dll
    2011-02-18 13:52 - 2011-02-18 13:52 - 00166912 _____ () C:\Program Files\seguridad\rto\IBM\rtosesflow.exe
    2011-02-18 13:51 - 2011-02-18 13:51 - 00066048 _____ () C:\Program Files\seguridad\rto\IBM\rtotrace.dll
    2010-07-14 12:11 - 2010-07-14 12:11 - 00092160 _____ () C:\Program Files\Vintegris\VinPassLogout\VinPassLogout.exe
    2011-03-17 00:11 - 2011-03-17 00:11 - 04297568 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
    2011-06-06 12:55 - 2011-06-06 12:55 - 00301056 _____ () C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.ESP

    ==================== Alternate Data Streams (whitelisted) =========

    AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1

    ==================== Safe Mode (whitelisted) ===================

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\McAfeeEngineService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

    ==================== Disabled items from MSCONFIG ==============

    MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BTTray.lnk => C:\WINDOWS\pss\BTTray.lnkCommon Startup
    MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Program Neighborhood Agent.lnk => C:\WINDOWS\pss\Program Neighborhood Agent.lnkCommon Startup
    MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^TunnelGuard Tray Monitor.lnk => C:\WINDOWS\pss\TunnelGuard Tray Monitor.lnkCommon Startup
    MSCONFIG\startupfolder: C:^Documents and Settings^UA43931.BBVA.002^Start Menu^Programs^Startup^Microsoft SharePoint Workspace.lnk => C:\WINDOWS\pss\Microsoft SharePoint Workspace.lnkStartup
    MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    MSCONFIG\startupreg: AESTFltr => %SystemRoot%\system32\AESTFltr.exe /NoDlg
    MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    MSCONFIG\startupreg: AVG_UI => "D:\Program Files\AVG\avgui.exe" /TRAYONLY
    MSCONFIG\startupreg: BCSSync => "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe
    MSCONFIG\startupreg: EPA_EZ_GPO_Tool => C:\WINDOWS\system32\EZ_GPO_Tool.exe
    MSCONFIG\startupreg: GoogleChromeAutoLaunch_C0E34EB849C6CEDCAE20AC6B5EAC1D84 => "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window
    MSCONFIG\startupreg: GrooveMonitor => C:\Program Files\Microsoft Office\Office14\GROOVEMN.EXE
    MSCONFIG\startupreg: HP Software Update => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    MSCONFIG\startupreg: HPConnectionManager => C:\Program Files\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
    MSCONFIG\startupreg: IntelWireless => "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
    MSCONFIG\startupreg: IntelZeroConfig => "C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe"
    MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
    MSCONFIG\startupreg: McAfeeUpdaterUI => "C:\Program Files\Network Associates\Common Framework\udaterui.exe" /StartedFromRunKey
    MSCONFIG\startupreg: mobilegeni daemon => C:\Program Files\Mobogenie\DaemonProcess.exe
    MSCONFIG\startupreg: OfficeSyncProcess => "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
    MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\qttask.exe" -atboottime
    MSCONFIG\startupreg: RtoUsbUser => C:\Program Files\seguridad\rto\IBM\rtousbuser.exe
    MSCONFIG\startupreg: ShStatEXE => "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
    MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    MSCONFIG\startupreg: Synchronization Manager => %SystemRoot%\system32\mobsync.exe /logon
    MSCONFIG\startupreg: upfst_es_43.exe => C:\Documents and Settings\UA43931.BBVA.000\Local Settings\Application Data\fst_es_43\upfst_es_43.exe -runhelper

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (04/12/2014 06:02:45 PM) (Source: Userenv) (User: NT AUTHORITY)
    Description: Windows no puede obtener el nombre del controlador de dominio para la red de su equipo. (El dominio especificado no existe o no se pudo establecer conexión con él. ). Se ha anulado el proceso de directiva de grupo.

    Error: (04/12/2014 06:01:57 PM) (Source: UserInit) (User: )
    Description: No se pudo ejecutar la siguiente secuencia de comandos KIX460.EXE. El sistema no puede hallar el archivo especificado.

    Error: (04/12/2014 06:01:57 PM) (Source: UserInit) (User: )
    Description: No se pudo ejecutar la siguiente secuencia de comandos SDS.exe. El sistema no puede hallar el archivo especificado.

    Error: (04/12/2014 06:01:56 PM) (Source: Userenv) (User: NT AUTHORITY)
    Description: Windows no puede obtener el nombre del controlador de dominio para la red de su equipo. (El dominio especificado no existe o no se pudo establecer conexión con él. ). Se ha anulado el proceso de directiva de grupo.

    Error: (04/12/2014 06:01:11 PM) (Source: rtosesflow) (User: )
    Description: La eliminación de las cuentas locales falló, Rc=1.

    Error: (04/12/2014 05:59:37 PM) (Source: rtosesflow) (User: )
    Description: ERROR en GetDlgItem hDlg=30028, iCtrId=1. Rc=1400.

    Error: (04/12/2014 05:59:37 PM) (Source: rtosesflow) (User: )
    Description: La eliminación de las cuentas locales falló, Rc=1.

    Error: (04/12/2014 05:59:36 PM) (Source: rtosesflow) (User: )
    Description: ERROR en GetDlgItem hDlg=30028, iCtrId=5e0. Rc=1400.

    Error: (04/12/2014 05:59:36 PM) (Source: rtosesflow) (User: )
    Description: Falló la obtención de la información de red. rc=2138.

    Error: (04/12/2014 05:52:49 PM) (Source: McLogEvent) (User: NT AUTHORITY)
    Description: A thread in process C:\Program Files\Network Associates\VirusScan\Mcshield.exe took longer than 90000 ms to complete a request.

    The process will be terminated.
    Thread id : 2752 (0xac0)

    Thread address : 0x7C90E4F4

    Thread message :

    Build VSCORE.14.1.0.567 / 5400.1158
    Object being scanned = \Device\HarddiskVolume1\Documents and Settings\All Users\Application Data\AVG2014\Chjw\e6489b1f489aed95\avgcchmf.dat
    by \??\D:\PROGRA~1\AVG\avgrsx.exe
    4(16)(0)
    4(16)(0)
    7200(16)(0)
    7595(16)(0)
    7005(0)(0)
    7004(0)(0)
    5006(0)(0)
    5004(0)(0)


    System errors:
    =============
    Error: (04/12/2014 06:07:18 PM) (Source: DCOM) (User: BBVA)
    Description: DCOM ha obtenido un error "%%1084" al intentar iniciar el servicio StiSvc con argumentos ""
    para ejecutar el servidor:
    {A1F4E726-8CF1-11D1-BF92-0060081ED811}

    Error: (04/12/2014 06:06:23 PM) (Source: DCOM) (User: BBVA)
    Description: DCOM ha obtenido un error "%%1084" al intentar iniciar el servicio StiSvc con argumentos ""
    para ejecutar el servidor:
    {A1F4E726-8CF1-11D1-BF92-0060081ED811}

    Error: (04/12/2014 06:06:16 PM) (Source: DCOM) (User: BBVA)
    Description: DCOM ha obtenido un error "%%1084" al intentar iniciar el servicio StiSvc con argumentos ""
    para ejecutar el servidor:
    {A1F4E726-8CF1-11D1-BF92-0060081ED811}

    Error: (04/12/2014 06:06:06 PM) (Source: DCOM) (User: BBVA)
    Description: DCOM ha obtenido un error "%%1084" al intentar iniciar el servicio wuauserv con argumentos ""
    para ejecutar el servidor:
    {E60687F7-01A1-40AA-86AC-DB1CBF673334}

    Error: (04/12/2014 06:03:05 PM) (Source: DCOM) (User: NT AUTHORITY)
    Description: DCOM ha obtenido un error "%%1084" al intentar iniciar el servicio EventSystem con argumentos ""
    para ejecutar el servidor:
    {1BE1F766-5536-11D1-B726-00C04FB926AF}

    Error: (04/12/2014 06:03:03 PM) (Source: DCOM) (User: BBVA)
    Description: DCOM ha obtenido un error "%%1084" al intentar iniciar el servicio wuauserv con argumentos ""
    para ejecutar el servidor:
    {E60687F7-01A1-40AA-86AC-DB1CBF673334}

    Error: (04/12/2014 06:02:36 PM) (Source: Service Control Manager) (User: )
    Description: El controlador de inicialización siguiente no se cargó correctamente:
    Avgdiskx
    AVGIDSDriver
    AVGIDSShim
    Avgldx86
    Fips
    HpCISSm2
    intelppm
    iSafeNetFilter
    KR10I
    mfehidk
    VMSCSI

    Error: (04/12/2014 06:02:36 PM) (Source: Service Control Manager) (User: )
    Description: El servicio McAfee McShield depende del servicio McAfee Validation Trust Protection Service, el cual no pudo iniciarse debido al siguiente error:
    %%1068

    Error: (04/12/2014 06:02:36 PM) (Source: Service Control Manager) (User: )
    Description: El servicio McAfee Validation Trust Protection Service depende del servicio McAfee Inc. mfehidk, el cual no pudo iniciarse debido al siguiente error:
    %%31

    Error: (04/12/2014 06:00:56 PM) (Source: NETLOGON) (User: )
    Description: No hay un controlador de dominio disponible para el dominio BBVA debido a lo siguiente:
    %%1311.

    Asegúrese de que el equipo está conectado a la red y vuelva a intentarlo.
    Si el problema persiste, póngase en contacto con el administrador del dominio.


    Microsoft Office Sessions:
    =========================
    Error: (04/12/2014 06:02:45 PM) (Source: Userenv)(User: NT AUTHORITY)
    Description: El dominio especificado no existe o no se pudo establecer conexión con él.

    Error: (04/12/2014 06:01:57 PM) (Source: UserInit)(User: )
    Description: KIX460.EXEEl sistema no puede hallar el archivo especificado.

    Error: (04/12/2014 06:01:57 PM) (Source: UserInit)(User: )
    Description: SDS.exeEl sistema no puede hallar el archivo especificado.

    Error: (04/12/2014 06:01:56 PM) (Source: Userenv)(User: NT AUTHORITY)
    Description: El dominio especificado no existe o no se pudo establecer conexión con él.

    Error: (04/12/2014 06:01:11 PM) (Source: rtosesflow)(User: )
    Description: La eliminación de las cuentas locales falló, Rc=1

    Error: (04/12/2014 05:59:37 PM) (Source: rtosesflow)(User: )
    Description: ERROR en GetDlgItem hDlg=30028, iCtrId=1. Rc=1400

    Error: (04/12/2014 05:59:37 PM) (Source: rtosesflow)(User: )
    Description: La eliminación de las cuentas locales falló, Rc=1

    Error: (04/12/2014 05:59:36 PM) (Source: rtosesflow)(User: )
    Description: ERROR en GetDlgItem hDlg=30028, iCtrId=5e0. Rc=1400

    Error: (04/12/2014 05:59:36 PM) (Source: rtosesflow)(User: )
    Description: Falló la obtención de la información de red. rc=2138

    Error: (04/12/2014 05:52:49 PM) (Source: McLogEvent)(User: NT AUTHORITY)
    Description: C:\Program Files\Network Associates\VirusScan\Mcshield.exe900002752 (0xac0)0x7C90E4F4
    Build VSCORE.14.1.0.567 / 5400.1158
    Object being scanned = \Device\HarddiskVolume1\Documents and Settings\All Users\Application Data\AVG2014\Chjw\e6489b1f489aed95\avgcchmf.dat
    by \??\D:\PROGRA~1\AVG\avgrsx.exe
    4(16)(0)
    4(16)(0)
    7200(16)(0)
    7595(16)(0)
    7005(0)(0)
    7004(0)(0)
    5006(0)(0)
    5004(0)(0)


    ==================== Memory info ===========================

    Percentage of memory in use: 11%
    Total physical RAM: 3054.29 MB
    Available physical RAM: 2709.04 MB
    Total Pagefile: 4942.65 MB
    Available Pagefile: 4798.04 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1958.21 MB

    ==================== Drives ================================

    Drive c: (SISTEMA) (Fixed) (Total:25 GB) (Free:9.98 GB) NTFS ==>[Drive with boot components (Windows XP)]
    Drive d: (DATOS) (Fixed) (Total:273.09 GB) (Free:232.4 GB) NTFS
    Drive g: () (Fixed) (Total:931.51 GB) (Free:696.49 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: C6E34D68)

    Partition: GPT Partition Type.

    ========================================================
    Disk: 1 (Size: 932 GB) (Disk ID: BDB057CE)

    Partition: GPT Partition Type.

    ==================== End Of Log ============================
  8. Broni

    Broni Malware Annihilator Posts: 46,157   +251

    I don't see much there but let's see what we can do...

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

    See if you can boot normally.

    Attached Files:

  9. esxuu

    esxuu Newcomer, in training Topic Starter

    Wow, did you read through the whole thing??
    Sorry about my uploading, I thought it would be too long to scroll up and down the page. I will have to run the script tomorrow, as I'm not.at home at the moment. Thank you so much for.your time.
  10. Broni

    Broni Malware Annihilator Posts: 46,157   +251

  11. Broni

    Broni Malware Annihilator Posts: 46,157   +251

    Still with me?
     
  12. Broni

    Broni Malware Annihilator Posts: 46,157   +251

    This topic is marked as abandoned and closed due to inactivity.

    This member will NOT be eligible to receive any more help in malware removal forum.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.