Solved Please: patched.a.gen and sirefef

[FERAC]

Hi I did all your steps here are the logs. Please could you help me? Thank you very much

MBAM

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.29.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
FAC :: PC [administrator]

29/07/2012 08:54:50 a.m.
mbam-log-2012-07-29 (08-54-50).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 214271
Time elapsed: 3 minute(s), 10 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

[FERAC]

GMER

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-07-29 11:18:48
Windows 6.1.7601 Service Pack 1
Running: ew5cejw4.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\bc77373509cf
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x49 0x7C 0x00 0x8B ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xD3 0x92 0x5C 0xF8 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x07 0x7F 0xCC 0xF4 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x37 0x8C 0xCD 0x16 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x04 0xE7 0xF2 0x64 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\bc77373509cf (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x49 0x7C 0x00 0x8B ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0xD3 0x92 0x5C 0xF8 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x64 0x54 0x28 0x27 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x37 0x8C 0xCD 0x16 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x04 0xE7 0xF2 0x64 ...

---- EOF - GMER 1.0.15 ----

 

[FERAC]

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by FAC at 11:19:55 on 2012-07-29
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.51.3082.18.7084.3866 [GMT -5:00]
.
AV: ESET NOD32 Antivirus 5.0 *Enabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.0 *Enabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files\Board\Board Server\BoardEngine.exe
C:\Program Files (x86)\Board\Board Web Server\BoardSilverlightService.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\NEC Projector User Supportware\Image Express Utility Lite\IEU_Service.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskmgr.exe
C:\Program Files (x86)\Board\Board Web Server\BoardSilverlightServiceWorker.exe
C:\Program Files (x86)\Board\Board Web Server\BoardSilverlightServiceWorker.exe
C:\Program Files (x86)\Board\Board Web Server\BoardSilverlightServiceWorker.exe
C:\Program Files (x86)\Board\Board Web Server\BoardSilverlightServiceWorker.exe
C:\Program Files (x86)\Board\Board Web Server\BoardSilverlightServiceWorker.exe
C:\Program Files (x86)\Board\Board Web Server\BoardSilverlightServiceWorker.exe
C:\Program Files (x86)\Board\Board Web Server\BoardSilverlightServiceWorker.exe
C:\Program Files (x86)\Board\Board Web Server\BoardSilverlightServiceWorker.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files (x86)\Red Gate\SQL Prompt 4\RedGate.SQLPrompt.TrayApp.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Users\FAC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\FAC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\FAC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\FAC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\FAC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\FAC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\FAC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\FAC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\FAC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\FAC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\FAC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\FAC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\FAC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\FAC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\FAC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\FAC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Users\FAC\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www1.la.dell.com/content/default.aspx?c=pe&l=es&s=gen
mWinlogon: Userinit=userinit.exe,
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Aplicación auxiliar de inicio de sesión de Windows Live ID: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
BHO: SSOIEAddonBHO Class: {da5bce70-d057-4d63-943d-5f3927ec59f1} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
EB: Developer Tools: {1a6fe369-f28c-4ad9-a3e6-2bcb50807cf1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll
uRun: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
mRun: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SQLPRO~1.LNK - C:\Program Files (x86)\Red Gate\SQL Prompt 4\RedGate.SQLPrompt.TrayApp.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
LSP: mswsock.dll
LSP: %SystemRoot%\system32\vsocklib.dll
DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: Interfaces\{27A3F84D-293F-4500-8062-4B28402863C9} : NameServer = 200.48.225.130,200.48.225.146
TCP: Interfaces\{27A3F84D-293F-4500-8062-4B28402863C9}\1447C616E6479637 : DhcpNameServer = 200.48.225.130 200.48.225.146
TCP: Interfaces\{27A3F84D-293F-4500-8062-4B28402863C9}\2554445435D2D494E494E4455425 : DhcpNameServer = 172.16.8.11 172.16.8.19
TCP: Interfaces\{27A3F84D-293F-4500-8062-4B28402863C9}\54B4F4445435 : DhcpNameServer = 200.48.225.130 200.48.225.146
TCP: Interfaces\{27A3F84D-293F-4500-8062-4B28402863C9}\84F4E474F435 : DhcpNameServer = 200.48.225.130 200.48.225.146
TCP: Interfaces\{27A3F84D-293F-4500-8062-4B28402863C9}\D494450235E214E234 : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: FastAccess - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll
AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL
LSA: Notification Packages = scecli FAPassSync
IFEO: alchemy.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO: avatarimport.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO: avfximport.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO: faconsu.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO: fasecfacx.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{9FDDE16B-836F-4806-AB1F-1455CBEFF289}
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
{B4F3A835-0E21-4959-BA22-42B3008E02FF}
{DA5BCE70-D057-4D63-943D-5F3927EC59F1}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
EB-X64: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - No File
mRun-x64: [FATrayAlert REG_SZ C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe ]
mRun-x64: [Dell Webcam Central REG_SZ "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 ]
mRun-x64: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll
SEH-X64: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}: Groove GFS Stub Execution Hook
IFEO-X64: alchemy.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO-X64: avatarimport.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO-X64: avfximport.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO-X64: faconsu.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO-X64: fasecfacx.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
.
Note: multiple IFEO entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\system32\DRIVERS\stdcfltn.sys --> C:\Windows\system32\DRIVERS\stdcfltn.sys [?]
R1 nvkflt;nvkflt;C:\Windows\system32\DRIVERS\nvkflt.sys --> C:\Windows\system32\DRIVERS\nvkflt.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-4-22 98208]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-1-24 901184]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-1-24 991296]
R2 Board7;Board 7 Engine;C:\Program Files\Board\Board Server\BoardEngine.exe [2012-3-23 20480]
R2 Board7Silverlight;Board 7 Web Engine;C:\Program Files (x86)\Board\Board Web Server\BoardSilverlightService.exe [2012-3-23 134656]
R2 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-9-6 974944]
R2 IEU_Service;NEC Projector USB Display Service;C:\Program Files (x86)\NEC Projector User Supportware\Image Express Utility Lite\IEU_Service.exe [2012-4-13 69120]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-5-3 2348352]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-29 382272]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-1-19 3027840]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2011-10-12 2072896]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-4-21 2656280]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-8-21 846448]
R2 VMwareHostd;VMware Workstation Server;C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2011-8-22 11837440]
R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Accelern.sys --> C:\Windows\system32\DRIVERS\Accelern.sys [?]
R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-1-24 1298496]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\system32\DRIVERS\btmaux.sys --> C:\Windows\system32\DRIVERS\btmaux.sys [?]
R3 btmhsf;btmhsf;C:\Windows\system32\DRIVERS\btmhsf.sys --> C:\Windows\system32\DRIVERS\btmhsf.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 iBtFltCoex;iBtFltCoex;C:\Windows\system32\DRIVERS\iBtFltCoex.sys --> C:\Windows\system32\DRIVERS\iBtFltCoex.sys [?]
R3 IntcDAud;Sonido Intel(R) para pantallas;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NETwNs64;___ Controlador del adaptador Intel(R) Wireless WiFi Link para Windows 7 de 64 bits;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 qicflt;upper Device Filter Driver;C:\Windows\system32\DRIVERS\qicflt.sys --> C:\Windows\system32\DRIVERS\qicflt.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-9-22 11856]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 epfwwfpr;epfwwfpr;C:\Windows\system32\DRIVERS\epfwwfpr.sys --> C:\Windows\system32\DRIVERS\epfwwfpr.sys [?]
S2 gupdate;Google Update Servicio (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-7-12 116648]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-9 250056]
S3 FACAP;facap, FastAccess Video Capture;C:\Windows\system32\DRIVERS\facap.sys --> C:\Windows\system32\DRIVERS\facap.sys [?]
S3 gupdatem;Google Update Servicio (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-7-12 116648]
S3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
S3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
S3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;C:\Windows\system32\DRIVERS\nvstusb.sys --> C:\Windows\system32\DRIVERS\nvstusb.sys [?]
S3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2011-4-21 79360]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
S3 WatAdminSvc;Servicio de tecnologías de activación de Windows;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 FAService;FAService;C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe [2010-11-1 2428552]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-07-29 04:42:38--------d-----w-C:\Users\FAC\AppData\Local\{ED932E98-07C1-4612-99BE-5F80BFA50CB4}
2012-07-29 04:42:25--------d-----w-C:\Users\FAC\AppData\Local\{E61FEAB6-851D-4F72-8895-A140412C90B6}
2012-07-29 00:40:06--------d-----w-C:\Users\FAC\AppData\Roaming\Malwarebytes
2012-07-29 00:39:4824904----a-w-C:\Windows\System32\drivers\mbam.sys
2012-07-29 00:39:48--------d-----w-C:\ProgramData\Malwarebytes
2012-07-29 00:39:47--------d-----w-C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-28 21:46:44--------d-----w-C:\Program Files (x86)\stinger
2012-07-22 16:05:24--------d-----w-C:\Users\FAC\AppData\Roaming\runic games
2012-07-22 14:56:06--------d-----w-C:\Program Files (x86)\THQ
2012-07-22 13:17:09--------d-----w-C:\Program Files (x86)\Runic Games
2012-07-22 12:47:21--------d-----w-C:\Users\FAC\AppData\Local\{8A321CB4-F715-428A-B1F1-6EDEE9C49CDC}
2012-07-22 12:47:10--------d-----w-C:\Users\FAC\AppData\Local\{2D8A6715-0624-467B-BF6B-1C6AEF6B3961}
2012-07-22 00:53:47--------d-----w-C:\Users\FAC\AppData\Local\FLT
2012-07-22 00:53:47--------d-----w-C:\Users\FAC\AppData\Local\2012
2012-07-15 13:32:03--------d-----w-C:\Users\FAC\AppData\Local\{89B1F2E4-9720-44FF-97F6-79923C36F6BE}
2012-07-15 13:31:52--------d-----w-C:\Users\FAC\AppData\Local\{533E5A63-922A-4360-82A9-EDE670DAD33B}
2012-07-15 01:31:26--------d-----w-C:\Users\FAC\AppData\Local\{0F6A4ED6-B520-4E90-ADA6-A8491720BAB0}
2012-07-15 01:31:14--------d-----w-C:\Users\FAC\AppData\Local\{4A24130E-ED69-4BEA-A2FF-6AB9CE0AE6CB}
2012-07-14 01:57:31--------d-----w-C:\Users\FAC\AppData\Local\{4D3B1C14-1DC2-4C32-9B92-0E592917E361}
2012-07-14 01:57:20--------d-----w-C:\Users\FAC\AppData\Local\{1C847B92-75FC-4E42-9FDD-21A3A42A489F}
2012-07-13 02:42:22--------d-----w-C:\Users\FAC\AppData\Local\{653EC06C-C034-4362-849A-36806534566F}
2012-07-13 02:42:03--------d-----w-C:\Users\FAC\AppData\Local\{0930AB24-6963-4792-BC7A-2144B658AD6B}
2012-07-12 11:01:39--------d-s---w-C:\Users\FAC\Google Drive
2012-07-09 10:31:01--------d-----w-C:\Users\FAC\AppData\Local\{946A31AA-6745-4759-B9A2-5DF168FF0E29}
2012-07-09 10:30:49--------d-----w-C:\Users\FAC\AppData\Local\{3E608C65-06F6-4BDF-9A36-BB4512C515F5}
2012-07-08 22:30:24--------d-----w-C:\Users\FAC\AppData\Local\{6F8AC0ED-B43E-4E02-A694-0B4C315E251A}
2012-07-08 22:30:12--------d-----w-C:\Users\FAC\AppData\Local\{FA59F42B-CF59-4277-B373-83CC033EA3C9}
2012-07-08 02:15:32--------d-----w-C:\Users\FAC\AppData\Local\{A30E3A44-C51F-4784-8F46-A8DC214B9E84}
2012-07-08 02:15:17--------d-----w-C:\Users\FAC\AppData\Local\{45D86823-9E61-47D0-BA61-FEB481C7FC50}
2012-07-07 06:22:17--------d-----w-C:\Users\FAC\AppData\Local\{B7B5DC1F-64AD-458D-B9EE-614B51B2F6AF}
2012-07-07 06:22:04--------d-----w-C:\Users\FAC\AppData\Local\{77C57E54-220A-4385-BB22-DFA130EFE193}
2012-07-05 03:12:24--------d-----w-C:\Program Files (x86)\Telltale Games
2012-07-04 02:28:54--------d-----w-C:\Users\FAC\AppData\Local\{7DD2A09A-33C2-4700-9B9A-679226663AB6}
2012-07-04 02:28:39--------d-----w-C:\Users\FAC\AppData\Local\{6743AA27-EF15-421D-BD0D-CB7A21592D78}
2012-07-02 07:44:25--------d-----w-C:\Users\FAC\AppData\Local\{DE71E766-F71E-421F-B561-BBD7CD0C840C}
2012-07-02 07:43:48--------d-----w-C:\Users\FAC\AppData\Local\{AA5D7126-BA5E-497D-8364-9669F393928A}
2012-07-01 12:19:29--------d-----w-C:\Users\FAC\AppData\Local\{9AFBBE61-47C4-40C8-B01F-528A131984C2}
2012-07-01 12:19:18--------d-----w-C:\Users\FAC\AppData\Local\{FE825E6D-CF94-4CA8-AEBA-626CF0AD94A3}
2012-06-30 16:59:37--------d-----w-C:\Users\FAC\AppData\Local\{6428FD0A-DA3A-4524-AF00-EC294C511DF1}
2012-06-30 16:59:22--------d-----w-C:\Users\FAC\AppData\Local\{E8B5A077-FAC3-49F1-95D2-15B229F34C16}
2012-06-30 00:12:24--------d-----w-C:\Users\FAC\AppData\Local\{431A41D7-1B0C-4BDC-BF4F-B07E3C6CC0A8}
2012-06-30 00:12:11--------d-----w-C:\Users\FAC\AppData\Local\{5863B0A1-F7CD-49C1-A191-C9DEC405C34E}
.
==================== Find3M ====================
.
2012-07-27 08:14:0270344----a-w-C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-27 08:14:02426184----a-w-C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-02 22:15:312622464----a-w-C:\Windows\System32\wucltux.dll
2012-06-02 22:15:0899840----a-w-C:\Windows\System32\wudriver.dll
2012-06-02 20:19:42186752----a-w-C:\Windows\System32\wuwebv.dll
2012-06-02 20:15:1236864----a-w-C:\Windows\System32\wuapp.exe
.
============= FINISH: 11:20:23.86 ===============

 

[FERAC]

DDS Attach
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 06/01/2012 08:32:28 p.m.
System Uptime: 28/07/2012 07:47:42 p.m. (16 hours ago)
.
Motherboard: Dell Inc. | | 0NJT03
Processor: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz | CPU | 780/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 451 GiB total, 24.521 GiB free.
D: is CDROM ()
E: is CDROM ()
J: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: facap, FastAccess Video Capture
Device ID: ROOT\IMAGE\0000
Manufacturer: Sensible Vision
Name: facap, FastAccess Video Capture
PNP Device ID: ROOT\IMAGE\0000
Service: FACAP
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Image File Execution Options =============
.
IFEO: alchemy.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO: avatarimport.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO: avfximport.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO: faconsu.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO: fasecfacx.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO: webcamdell2.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO-X64: alchemy.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO-X64: avatarimport.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO-X64: avfximport.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO-X64: faconsu.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO-X64: fasecfacx.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IFEO-X64: webcamdell2.exe - "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
.
==== Installed Programs ======================
.
.
Update for Microsoft Office 2007 (KB2508958)
AccelerometerP11
ActiveState Komodo Edit 7.0.2
Adobe AIR
Adobe Flash Player 11 ActiveX
Advanced Audio FX Engine
µTorrent
BDE_ENT
Board 7 Client
Board 7 Web Server
Borland C++Builder 6
BulletStorm
Camtasia Studio 6
CloneCD
CodeSite Express 4.6.1
CollabNet Subversion Client 1.6.12
Control ActiveX de Windows Live Mesh para conexiones remotas
Crystal Reports Basic for Visual Studio 2008
D3DX10
DAEMON Tools Lite
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell Webcam Central
DevExpress Example Runner
Embarcadero Delphi and C++Builder XE2 Help System
Embarcadero RAD Studio XE2
Foxit Reader 5.1
Galería fotográfica de Windows Live
GDR 1617 para SQL Server 2008 R2 (KB2494088)
GOM Player
Google Chrome
Google Drive
Google Update Helper
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB2538241)
Image Express Utility Lite
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Wireless Display
Java Auto Updater
Java(TM) 6 Update 31
Junk Mail filter update
LMD-Tools Special Edition (CBuilder 6)
Malwarebytes Anti-Malware version 1.62.0.1300
MDF to ISO version 1.0
Mesh Runtime
Messenger Companion
Microsoft .NET Compact Framework 2.0 SP2
Microsoft .NET Compact Framework 3.5
Microsoft Access database engine 2010 (English)
Microsoft Application Error Reporting
Microsoft Document Explorer 2008
Microsoft Dynamics Sure Step 2010
Microsoft Dynamics Sure Step 2012 Language Pack (English)
Microsoft Dynamics Sure Step 2012 Language Pack (Spanish)
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Project MUI (Spanish) 2007
Microsoft Office Project Professional 2007
Microsoft Office Proof (Basque) 2007
Microsoft Office Proof (Catalan) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2007
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Galician) 2007
Microsoft Office Proof (Portuguese (Brazil)) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Proofing (Spanish) 2007
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared MUI (Spanish) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
Microsoft Office Visio MUI (Spanish) 2007
Microsoft Office Visio Professional 2007
Microsoft Office Visual Web Developer 2007
Microsoft Office Visual Web Developer MUI (English) 2007
Microsoft Office Word MUI (English) 2010
Microsoft Report Viewer Redistributable 2008 (KB971119)
Microsoft Report Viewer Redistributable 2008 SP1
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008 Management Objects
Microsoft SQL Server 2008 R2
Microsoft SQL Server 2008 R2 Policies
Microsoft SQL Server 2008 R2 Setup (English)
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server Compact 3.5 for Devices ENU
Microsoft SQL Server Compact 3.5 SP1 Design Tools English
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU
Microsoft SQL Server Database Publishing Wizard 1.3
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual FoxPro 9.0 Professional - English
Microsoft Visual FoxPro OLE DB Provider
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio 2008 Professional Edition - ENU
Microsoft Visual Studio 2008 Professional Edition - ENU Service Pack 1 (KB945140)
Microsoft Visual Studio 2008 Remote Debugger - ENU Service Pack 1 (KB945140)
Microsoft Visual Studio Tools for Applications 2.0 - ENU
Microsoft Visual Studio Web Authoring Component
Microsoft XNA Framework Redistributable 3.1
MSDN Library for Visual Studio 2008 - ENU
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MySQL Workbench 5.2 CE
Need for Speed™ The Run
Notepad++
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
PostgreSQL OLE DB Provider
PremiumSoft Navicat Premium 10.0
Prezi Desktop
Pro VCL Extensions Library 1.85
Project64 1.6
psqlODBC 09.00.0310
RadPHP XE2
Rage
Realtek High Definition Audio Driver
Saints Row The Third
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft Office Project 2007 (KB949046)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
Security Update for Microsoft Visual Studio 2008 Professional Edition - ENU (KB2251487)
Security Update for Microsoft Visual Studio 2008 Professional Edition - ENU (KB2669970)
Security Update for Microsoft Visual Studio 2008 Professional Edition - ENU (KB972222)
Security Update for Microsoft Visual Studio 2008 Professional Edition - ENU (KB973675)
Skype Toolbars
Skype™ 4.2
SMPlayer 0.6.9
SQL Prompt 4
SQL Server 2008 R2 Common Files
SQL Server 2008 R2 Management Studio
SQL Server System CLR Types
StarCraft II
TeamViewer 7
TMPGEnc Video Mastering Works
tools-freebsd
tools-linux
tools-netware
tools-solaris
tools-windows
tools-winPre2k
Torchlight
TuneUp Utilities 2012
TuneUp Utilities Language Pack (en-US)
Ubisoft Game Launcher
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft Visual Studio Web Authoring Component (KB945140)
VC Runtimes MSI
VirtualCloneDrive
Visual C++ 2008 IA64 Runtime - (v9.0.30729)
Visual C++ 2008 IA64 Runtime - v9.0.30729.01
Visual C++ 2008 x64 Runtime - (v9.0.30729)
Visual C++ 2008 x64 Runtime - v9.0.30729.01
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - (v9.0.30729.4148)
Visual C++ 2008 x86 Runtime - (v9.0.30729.6161)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual C++ 2008 x86 Runtime - v9.0.30729.4148
Visual C++ 2008 x86 Runtime - v9.0.30729.6161
Visual FoxPro 9.0 Baseline - English
Visual FoxPro 9.0 Professional - English
Visual FoxPro ODBC Driver
Visual Studio 2005 Tools for Office Second Edition Runtime
Visual Studio Tools for the Office system 3.0 Runtime
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258)
VMware Workstation
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Mobile 5.0 SDK R2 for Pocket PC
Windows Mobile 5.0 SDK R2 for Smartphone
.
==== Event Viewer Messages From Past Week ========
.
28/07/2012 07:50:07 p.m., Error: Service Control Manager [7003] -
28/07/2012 07:09:25 p.m., Error: Microsoft-Windows-WLAN-AutoConfig [10000] - El módulo de extensibilidad de WLAN no se pudo iniciar. Ruta de acceso del módulo: C:\Windows\System32\IWMSSvc.dll Código de error: 87
28/07/2012 07:06:12 p.m., Error: Microsoft-Windows-WLAN-AutoConfig [10000] - El módulo de extensibilidad de WLAN no se pudo iniciar. Ruta de acceso del módulo: C:\Windows\System32\IWMSSvc.dll Código de error: 87
28/07/2012 07:00:00 p.m., Error: Microsoft-Windows-DistributedCOM [10005] - Error de DCOM "1084" al intentar iniciar el servicio MSIServer con argumentos "" para ejecutar el servidor: {000C101C-0000-0000-C000-000000000046}
28/07/2012 04:56:45 p.m., Error: Microsoft-Windows-DistributedCOM [10005] - Error de DCOM "1068" al intentar iniciar el servicio netprofm con argumentos "" para ejecutar el servidor: {A47979D2-C419-11D9-A5B4-001185AD2B89}
28/07/2012 04:52:04 p.m., Error: Microsoft-Windows-DistributedCOM [10005] - Error de DCOM "1084" al intentar iniciar el servicio WSearch con argumentos "" para ejecutar el servidor: {9E175B6D-F52A-11D8-B9A5-505054503030}
28/07/2012 04:52:04 p.m., Error: Microsoft-Windows-DistributedCOM [10005] - Error de DCOM "1084" al intentar iniciar el servicio WSearch con argumentos "" para ejecutar el servidor: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
28/07/2012 04:52:03 p.m., Error: Microsoft-Windows-DistributedCOM [10005] - Error de DCOM "1068" al intentar iniciar el servicio fdPHost con argumentos "" para ejecutar el servidor: {D3DCB472-7261-43CE-924B-0704BD730D5F}
28/07/2012 04:52:03 p.m., Error: Microsoft-Windows-DistributedCOM [10005] - Error de DCOM "1068" al intentar iniciar el servicio fdPHost con argumentos "" para ejecutar el servidor: {145B4335-FE2A-4927-A040-7C35AD3180EF}
28/07/2012 04:52:02 p.m., Error: Microsoft-Windows-DistributedCOM [10005] - Error de DCOM "1068" al intentar iniciar el servicio netman con argumentos "" para ejecutar el servidor: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
28/07/2012 04:52:01 p.m., Error: Microsoft-Windows-DistributedCOM [10005] - Error de DCOM "1084" al intentar iniciar el servicio EventSystem con argumentos "" para ejecutar el servidor: {1BE1F766-5536-11D1-B726-00C04FB926AF}
28/07/2012 04:51:56 p.m., Error: Microsoft-Windows-DistributedCOM [10005] - Error de DCOM "1084" al intentar iniciar el servicio ShellHWDetection con argumentos "" para ejecutar el servidor: {DD522ACC-F821-461A-A407-50B198B896DC}
28/07/2012 04:51:23 p.m., Error: sptd [4] - El controlador detectó un error interno en la estructura de datos de .
28/07/2012 04:48:39 p.m., Error: sptd [4] - El controlador detectó un error interno en la estructura de datos de .
27/07/2012 09:35:16 p.m., Error: Disk [11] - El controlador detectó un error de controladora en \Device\Harddisk1\DR3.
27/07/2012 09:35:15 p.m., Error: Disk [11] - El controlador detectó un error de controladora en \Device\Harddisk1\DR3.
27/07/2012 09:35:14 p.m., Error: Disk [11] - El controlador detectó un error de controladora en \Device\Harddisk1\DR3.
.
==== End Of File ===========================

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=========================================

• Download RogueKiller on the desktop
• Close all the running programs
• Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
• Otherwise just double-click on RogueKiller.exe
• Pre-scan will start. Let it finish.
• Click on SCAN button.
• A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

=======================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

 

[FERAC]

Thank you very much for your quick response

RogueKiller V7.6.4 [07/17/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: FAC [Admin rights]
Mode: Scan -- Date: 07/29/2012 14:38:01

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 10 ¤¤¤
[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{27A3F84D-293F-4500-8062-4B28402863C9} : NameServer (200.48.225.130,200.48.225.146) -> FOUND
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{27A3F84D-293F-4500-8062-4B28402863C9} : NameServer (200.48.225.130,200.48.225.146) -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : alchemy.exe ("C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe") -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : avatarimport.exe ("C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe") -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : avfximport.exe ("C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe") -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : faconsu.exe ("C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe") -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : fasecfacx.exe ("C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe") -> FOUND
[IFEO] HKLM\[...]\Image File Execution Options : webcamdell2.exe ("C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe") -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] @ : c:\windows\installer\{dda59d07-63fd-4192-f593-a6e3c17885d9}\@ --> FOUND
[ZeroAccess][FOLDER] U : c:\windows\installer\{dda59d07-63fd-4192-f593-a6e3c17885d9}\U --> FOUND
[ZeroAccess][FOLDER] L : c:\windows\installer\{dda59d07-63fd-4192-f593-a6e3c17885d9}\L --> FOUND
[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_32\desktop.ini --> FOUND
[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_64\desktop.ini --> FOUND

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 serial.alcohol-soft.com
127.0.0.1 www.alcohol-soft.com
127.0.0.1 serial.alcohol-soft.com
127.0.0.1 images.alcohol-soft.com
127.0.0.1 trial.alcohol-soft.com
127.0.0.1 forum.alcohol-soft.com
127.0.0.1 support.alcohol-soft.com
127.0.0.1 users.alcohol-soft.com
127.0.0.1 shop.alcohol-soft.com
127.0.0.1 vodka.alcohol-soft.com
127.0.0.1 *.alcohol-soft.com
127.0.0.1 *.alcohol-soft.*
127.0.0.1 alcohol-soft.com


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9500420AS +++++
--- User ---
[MBR] a033947f3ecfe907bfc665dc4499862b
[BSP] 142a624fe1fb6f27efadf7ef62d2a621 : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 101 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 208896 | Size: 15000 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30928896 | Size: 461837 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt

 

[Broni]

Go on...

 

[FERAC]

sorry forgot to paste this one too

thanks


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-29 14:52:13
-----------------------------
14:52:13.637 OS Version: Windows x64 6.1.7601 Service Pack 1
14:52:13.637 Number of processors: 8 586 0x2A07
14:52:13.637 ComputerName: PC UserName:
14:52:16.508 Initialize success
14:55:06.195 AVAST engine defs: 12072901
14:55:18.235 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:55:18.237 Disk 0 Vendor: ST950042 D005 Size: 476940MB BusType: 3
14:55:18.254 Disk 0 MBR read successfully
14:55:18.256 Disk 0 MBR scan
14:55:18.260 Disk 0 Windows 7 default MBR code
14:55:18.262 Disk 0 Partition 1 00 DE Dell Utility MSDOS5.0 101 MB offset 63
14:55:18.269 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 15000 MB offset 208896
14:55:18.284 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 461837 MB offset 30928896
14:55:18.311 Disk 0 scanning C:\Windows\system32\drivers
14:55:31.042 Service scanning
14:55:56.133 Modules scanning
14:55:56.148 Disk 0 trace - called modules:
14:55:56.180 ntoskrnl.exe CLASSPNP.SYS disk.sys stdcfltn.sys ACPI.sys iaStor.sys sptd.sys hal.dll
14:55:56.195 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800718a790]
14:55:56.211 3 CLASSPNP.SYS[fffff88001a0143f] -> nt!IofCallDriver -> [0xfffffa80070a0cb0]
14:55:56.211 5 stdcfltn.sys[fffff88001d17c52] -> nt!IofCallDriver -> [0xfffffa8006f1e8c0]
14:55:56.211 7 ACPI.sys[fffff8800100b7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8006f26050]
14:55:59.284 AVAST engine scan C:\Windows
14:56:02.875 AVAST engine scan C:\Windows\system32
15:00:39.123 AVAST engine scan C:\Windows\system32\drivers
15:00:54.888 AVAST engine scan C:\Users\FAC
15:32:20.795 AVAST engine scan C:\ProgramData
15:38:09.009 Scan finished successfully
20:58:30.136 Disk 0 MBR has been saved successfully to "C:\Users\FAC\Desktop\MBR.dat"
20:58:30.140 The log file has been saved successfully to "C:\Users\FAC\Desktop\aswMBR.txt"

 

[Broni]

For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
• Use the arrow keys to select the Repair your computer menu item.
• Select US as the keyboard language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

• Insert the installation disc.
• Restart your computer.
• If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
• Click Repair your computer.
• Select US as the keyboard language settings, and then click Next.
• Select the operating system you want to repair, and then click Next.
• Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

• • 
    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt
• Select Command Prompt
• In the command window type in notepad and press Enter.
• The notepad opens. Under File menu select Open.
• Select "Computer" and find your flash drive letter and close the notepad.
• In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
  Note: Replace letter e with the drive letter of your flash drive.
• The tool will start to run.
• When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Next...

Re-run FRST again.
Type the following in the edit box after "Search:".

services.exe

Click Search button and post the log (Search.txt) it makes to your reply.

I'll expect two logs:
- FRST.txt
- Search.txt

 

[FERAC]

Thank you very much

Scan result of Farbar Recovery Scan Tool Version: 25-07-2012 01
Ran by SYSTEM at 29-07-2012 22:37:58
Running from X:\
Windows 7 Home Premium (X64) OS Language: Spanish Modern Sort
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2531624 2010-12-17] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [6561384 2010-12-14] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3 [2186856 2010-12-10] (Realtek Semiconductor)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [167960 2011-02-12] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [391704 2011-02-12] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [418328 2011-02-12] (Intel Corporation)
HKLM\...\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe [686704 2010-12-17] ()
HKLM\...\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray [1933584 2010-12-17] (Intel(R) Corporation)
HKLM\...\Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp [10355200 2011-01-24] (Intel Corporation)
HKLM\...\Run: [QuickSet] c:\Program Files\Dell\QuickSet\QuickSet.exe [4479648 2011-01-25] (Dell Inc.)
HKLM\...\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [4526 2010-11-29] ()
HKLM\...\Run: [RunDLLEntry] C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry [17920 2009-02-26] (Creative Technology Ltd.)
HKLM\...\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice [4030008 2011-09-06] (ESET)
HKLM-x32\...\Run: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe [93832 2010-11-01] (Sensible Vision )
HKLM-x32\...\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 [487562 2010-08-19] (Creative Technology Ltd)
HKLM-x32\...\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe" [103536 2011-08-22] (VMware, Inc.)
HKU\FAC\...\Run: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount [33120 2009-11-15] (Alcohol Soft Development Team)
HKU\FAC\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [3672384 2012-04-11] (DT Soft Ltd)
HKU\FAC\...\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart [12163848 2012-06-20] (Google)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll
Tcpip\..\Interfaces\{27A3F84D-293F-4500-8062-4B28402863C9}: [NameServer]200.48.225.130,200.48.225.146
IMEO\alchemy.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\avatarimport.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\avfximport.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\faconsu.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\fasecfacx.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\webcamdell2.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
Lsa: [Notification Packages] scecli
FAPassSync

==================== Services (Whitelisted) ======

2 Bluetooth Device Monitor; "C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe" [901184 2011-01-24] (Intel Corporation)
3 Bluetooth Media Service; "C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe" [1298496 2011-01-24] (Intel Corporation)
2 Bluetooth OBEX Service; "C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe" [991296 2011-01-24] (Intel Corporation)
2 Board7; "C:\Program Files\Board\Board Server\BoardEngine.exe" [20480 2012-03-23] (Board International SA)
2 Board7Silverlight; "C:\Program Files (x86)\Board\Board Web Server\BoardSilverlightService.exe" [134656 2012-03-23] (Board International SA)
2 ekrn; "C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe" [974944 2011-09-06] (ESET)
2 IEU_Service; C:\Program Files (x86)\NEC Projector User Supportware\Image Express Utility Lite\IEU_Service.exe [69120 2012-04-13] (NEC Display Solutions, Ltd.)
4 msvsmon90; "C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe" /service msvsmon90 [4737024 2008-07-29] (Microsoft Corporation)
3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-12-17] ()
2 TuneUp.UtilitiesSvc; "C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe" [2072896 2011-10-12] (TuneUp Software)
2 UNS; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" [2656280 2010-12-20] (Intel Corporation)
2 VMwareHostd; "C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe" -u "C:\ProgramData\VMware\hostd\config.xml" [31995 2012-01-08] ()
2 MySQL; "C:\Program Files (x86)\OTRS\MySQL\bin\mysqld.exe" --defaults-file="C:\Program Files (x86)\OTRS\MySQL\my.ini" MySQL [x]

========================== Drivers (Whitelisted) =============

2 eamonm; C:\Windows\System32\Drivers\eamonm.sys [202576 2011-08-09] (ESET)
1 ehdrv; C:\Windows\System32\Drivers\ehdrv.sys [146432 2011-08-04] (ESET)
3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [40648 2007-02-15] (SlySoft, Inc.)
3 ElbyCDFL; C:\Windows\SysWow64\Drivers\ElbyCDFL.sys [40648 2007-02-15] (SlySoft, Inc.)
2 epfwwfpr; C:\Windows\System32\Drivers\epfwwfpr.sys [137144 2011-08-04] (ESET)
3 iBtFltCoex; C:\Windows\System32\Drivers\iBtFltCoex.sys [60416 2011-12-09] (Intel Corporation)
1 nvkflt; C:\Windows\System32\Drivers\nvkflt.sys [249152 2012-02-29] (NVIDIA Corporation)
3 NvStUSB; C:\Windows\System32\Drivers\NvStUSB.sys [121960 2010-12-12] ()
0 sptd; C:\Windows\System32\Drivers\sptd.sys [560184 2012-04-13] (Duplex Secure Ltd.)
3 TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2011-09-22] (TuneUp Software)
1 vmm; \??\C:\Windows\system32\Controladores\vmm.sys [296816 2007-02-18] (Microsoft Corporation)

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-29 20:58 - 2012-07-29 20:58 - 00002098 ____A C:\Users\FAC\Desktop\aswMBR.txt
2012-07-29 20:58 - 2012-07-29 20:58 - 00000512 ____A C:\Users\FAC\Desktop\MBR.dat
2012-07-29 14:38 - 2012-07-29 14:38 - 00003342 ____A C:\Users\FAC\Desktop\RKreport[1].txt
2012-07-29 14:37 - 2012-07-29 14:38 - 00000000 ____D C:\Users\FAC\Desktop\RK_Quarantine
2012-07-29 11:21 - 2012-07-29 11:21 - 00027018 ____A C:\Users\FAC\Desktop\DDS.txt
2012-07-29 11:21 - 2012-07-29 11:21 - 00016911 ____A C:\Users\FAC\Desktop\Attach.txt
2012-07-29 08:57 - 2012-07-29 08:57 - 00607260 ____R (Swearware) C:\Users\FAC\Desktop\dds.scr
2012-07-29 08:49 - 2012-07-29 08:49 - 01438391 ____A (Farbar) C:\Users\FAC\Desktop\FRST64.exe
2012-07-29 08:39 - 2012-07-29 08:40 - 04731392 ____A (AVAST Software) C:\Users\FAC\Desktop\aswMBR.exe
2012-07-29 08:39 - 2012-07-29 08:39 - 01552384 ____A C:\Users\FAC\Desktop\RogueKiller.exe
2012-07-29 08:38 - 2012-07-29 08:38 - 02117108 ____A C:\Users\FAC\Desktop\tdsskiller.zip
2012-07-29 02:57 - 2012-07-29 07:39 - 00000000 ____D C:\Users\FAC\Downloads\Prototype_2-FLT
2012-07-28 23:42 - 2012-07-28 23:42 - 00000000 ____D C:\Users\FAC\AppData\Local\{ED932E98-07C1-4612-99BE-5F80BFA50CB4}
2012-07-28 23:42 - 2012-07-28 23:42 - 00000000 ____D C:\Users\FAC\AppData\Local\{E61FEAB6-851D-4F72-8895-A140412C90B6}
2012-07-28 22:37 - 2012-07-29 22:31 - 1557799640 ____A C:\Users\FAC\Downloads\The.Humble.Indie.Bundle.for.Windows.rar
2012-07-28 22:13 - 2012-07-28 22:59 - 416214770 ____A (BonitaSoft) C:\Users\FAC\Downloads\BOS-5.7.2-win-setup.exe
2012-07-28 20:38 - 2012-07-28 20:38 - 00005181 ____A C:\Users\FAC\Desktop\gmer.txt
2012-07-28 19:42 - 2012-07-28 19:42 - 00302592 ____A C:\Users\FAC\Desktop\ew5cejw4.exe
2012-07-28 19:40 - 2012-07-28 19:40 - 00000000 ____D C:\Users\FAC\AppData\Roaming\Malwarebytes
2012-07-28 19:39 - 2012-07-28 19:39 - 00001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-28 19:39 - 2012-07-28 19:39 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-28 19:39 - 2012-07-03 13:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-28 19:35 - 2012-07-28 19:37 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\FAC\Desktop\mbam-setup-1.62.0.1300.exe
2012-07-28 19:18 - 2012-07-29 04:52 - 00000000 ____D C:\Users\FAC\Downloads\PC_Hot.Wheels.World.Race -(direct.play)-(ToeD)
2012-07-28 19:04 - 2012-07-28 19:04 - 00000054 ___RH C:\Users\FAC\Downloads\stinger.opt
2012-07-28 16:46 - 2012-07-28 19:04 - 00000000 ____D C:\Program Files (x86)\stinger
2012-07-28 16:38 - 2012-07-28 16:39 - 09691752 ____A (McAfee Inc.) C:\Users\FAC\Downloads\stinger.exe
2012-07-28 16:28 - 2012-07-28 19:14 - 00000000 ____D C:\Users\FAC\Downloads\PC_Hot.Wheels.Stunt.Track.Challenge -.direct.play.-ToeD
2012-07-28 16:24 - 2012-07-28 16:25 - 00000000 ____D C:\Users\FAC\Downloads\Hot Wheels Stunt Track Driver 1 & 2
2012-07-28 16:23 - 2012-07-28 19:13 - 00000000 ____D C:\Users\FAC\Downloads\Hot Wheels Beat That [English][PCDVD][WwW.GamesTorrents.CoM]
2012-07-28 16:21 - 2012-07-29 04:00 - 341615624 ____A C:\Users\FAC\Downloads\Hot.Wheels.Velocity.X_PC.7z
2012-07-28 15:13 - 2012-07-28 15:13 - 00000000 ____D C:\Users\Public\Documents\astragon Software GmbH
2012-07-28 15:00 - 2012-07-28 15:07 - 64397972 ____A C:\Users\FAC\Downloads\ESET.NOD32.Antivirus.v6.0.115.0.RC.x64.rar
2012-07-28 14:59 - 2012-07-28 15:31 - 57957476 ____A C:\Users\FAC\Downloads\ESET.NOD32.Antivirus.v6.0.115.0.RC.x86.rar
2012-07-24 20:25 - 2012-07-27 19:27 - 429195264 ____A C:\Users\FAC\Downloads\System_Management_Server_Train.ISO
2012-07-24 20:10 - 2012-07-25 00:34 - 00000000 ____D C:\Users\FAC\Downloads\MICROSOFT.SYSTEMS.MANAGEMENT.SERVER.2003.WITH.SP1-RORiSO
2012-07-22 11:05 - 2012-07-22 11:05 - 00000000 ____D C:\Users\FAC\AppData\Roaming\runic games
2012-07-22 10:13 - 2012-07-22 10:13 - 00002128 ____A C:\Users\Public\Desktop\Saints Row The Third.lnk
2012-07-22 09:58 - 2012-07-22 10:25 - 00000000 ____D C:\Users\FAC\Downloads\Two And half Men Season 9
2012-07-22 09:56 - 2012-07-22 09:56 - 00000000 ____D C:\Program Files (x86)\THQ
2012-07-22 09:31 - 2012-07-22 10:05 - 00000000 ____D C:\Users\FAC\Downloads\Sins.of.a.Solar.Empire.Rebellion-RELOADED
2012-07-22 09:29 - 2012-07-22 09:33 - 00000000 ____D C:\Users\FAC\Downloads\Sins.of.a.Solar.Empire.Rebellion.Update.v1.03-RELOADED
2012-07-22 08:25 - 2012-07-22 09:02 - 00000000 ____D C:\Users\FAC\Downloads\Torchlight v1.15
2012-07-22 08:17 - 2012-07-22 08:17 - 00000000 ____D C:\Program Files (x86)\Runic Games
2012-07-22 07:47 - 2012-07-22 07:47 - 00000000 ____D C:\Users\FAC\AppData\Local\{8A321CB4-F715-428A-B1F1-6EDEE9C49CDC}
2012-07-22 07:47 - 2012-07-22 07:47 - 00000000 ____D C:\Users\FAC\AppData\Local\{2D8A6715-0624-467B-BF6B-1C6AEF6B3961}
2012-07-21 19:53 - 2012-07-21 19:53 - 00000000 ____D C:\Users\FAC\AppData\Local\FLT
2012-07-21 19:53 - 2012-07-21 19:53 - 00000000 ____D C:\Users\FAC\AppData\Local\2012
2012-07-21 12:14 - 2012-07-21 12:31 - 272416288 ____A C:\Users\FAC\Downloads\SQL2012DevTrainingKit.Setup.exe
2012-07-21 12:07 - 2012-07-21 17:33 - 00000000 ____D C:\Users\FAC\Downloads\Saints.Row.The.Third-SKIDROW
2012-07-16 04:12 - 2012-07-16 04:28 - 00000000 ____D C:\Users\FAC\Downloads\AD
2012-07-15 08:32 - 2012-07-15 08:32 - 00000000 ____D C:\Users\FAC\AppData\Local\{89B1F2E4-9720-44FF-97F6-79923C36F6BE}
2012-07-15 08:31 - 2012-07-15 08:32 - 00000000 ____D C:\Users\FAC\AppData\Local\{533E5A63-922A-4360-82A9-EDE670DAD33B}
2012-07-14 20:31 - 2012-07-14 20:31 - 00000000 ____D C:\Users\FAC\AppData\Local\{4A24130E-ED69-4BEA-A2FF-6AB9CE0AE6CB}
2012-07-14 20:31 - 2012-07-14 20:31 - 00000000 ____D C:\Users\FAC\AppData\Local\{0F6A4ED6-B520-4E90-ADA6-A8491720BAB0}
2012-07-13 20:57 - 2012-07-13 20:57 - 00000000 ____D C:\Users\FAC\AppData\Local\{4D3B1C14-1DC2-4C32-9B92-0E592917E361}
2012-07-13 20:57 - 2012-07-13 20:57 - 00000000 ____D C:\Users\FAC\AppData\Local\{1C847B92-75FC-4E42-9FDD-21A3A42A489F}
2012-07-12 21:42 - 2012-07-12 21:42 - 00000000 ____D C:\Users\FAC\AppData\Local\{653EC06C-C034-4362-849A-36806534566F}
2012-07-12 21:42 - 2012-07-12 21:42 - 00000000 ____D C:\Users\FAC\AppData\Local\{0930AB24-6963-4792-BC7A-2144B658AD6B}
2012-07-12 06:01 - 2012-07-28 19:50 - 00000000 ___SD C:\Users\FAC\Google Drive
2012-07-12 06:01 - 2012-07-12 06:01 - 00001709 ____A C:\Users\FAC\Desktop\Google Drive.lnk
2012-07-12 05:53 - 2012-07-12 05:53 - 00000000 ____D C:\Users\FAC\AppData\LocalGoogle
2012-07-12 05:51 - 2012-07-29 22:01 - 00001030 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-12 05:51 - 2012-07-29 19:01 - 00001026 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-12 05:51 - 2012-07-12 06:00 - 00000000 ____D C:\Program Files (x86)\Google
2012-07-09 05:31 - 2012-07-09 05:31 - 00000000 ____D C:\Users\FAC\AppData\Local\{946A31AA-6745-4759-B9A2-5DF168FF0E29}
2012-07-09 05:30 - 2012-07-09 05:31 - 00000000 ____D C:\Users\FAC\AppData\Local\{3E608C65-06F6-4BDF-9A36-BB4512C515F5}
2012-07-08 21:57 - 2012-07-08 22:05 - 00000000 ____D C:\Users\FAC\Downloads\Torchlight-SKIDROW
2012-07-08 17:30 - 2012-07-08 17:30 - 00000000 ____D C:\Users\FAC\AppData\Local\{FA59F42B-CF59-4277-B373-83CC033EA3C9}
2012-07-08 17:30 - 2012-07-08 17:30 - 00000000 ____D C:\Users\FAC\AppData\Local\{6F8AC0ED-B43E-4E02-A694-0B4C315E251A}
2012-07-07 21:15 - 2012-07-07 21:15 - 00000000 ____D C:\Users\FAC\AppData\Local\{A30E3A44-C51F-4784-8F46-A8DC214B9E84}
2012-07-07 21:15 - 2012-07-07 21:15 - 00000000 ____D C:\Users\FAC\AppData\Local\{45D86823-9E61-47D0-BA61-FEB481C7FC50}
2012-07-07 19:13 - 2012-07-27 21:37 - 00000000 ____D C:\Users\FAC\Documents\JJ
2012-07-07 19:12 - 2012-07-07 21:19 - 00000000 ____D C:\Users\FAC\Downloads\Ice Age (2002).LA ERA DE HIELO.Spanish.720p.Audio Latino AC3-rucucu
2012-07-07 01:22 - 2012-07-07 01:22 - 00000000 ____D C:\Users\FAC\AppData\Local\{B7B5DC1F-64AD-458D-B9EE-614B51B2F6AF}
2012-07-07 01:22 - 2012-07-07 01:22 - 00000000 ____D C:\Users\FAC\AppData\Local\{77C57E54-220A-4385-BB22-DFA130EFE193}
2012-07-04 22:25 - 2012-07-04 22:25 - 00001823 ____A C:\Users\FAC\Desktop\WalkingDead.lnk
2012-07-04 22:12 - 2012-07-04 22:12 - 00000000 ____D C:\Program Files (x86)\Telltale Games
2012-07-03 21:28 - 2012-07-03 21:28 - 00000000 ____D C:\Users\FAC\AppData\Local\{7DD2A09A-33C2-4700-9B9A-679226663AB6}
2012-07-03 21:28 - 2012-07-03 21:28 - 00000000 ____D C:\Users\FAC\AppData\Local\{6743AA27-EF15-421D-BD0D-CB7A21592D78}
2012-07-02 05:03 - 2012-07-02 09:40 - 00000000 ____D C:\Users\FAC\Downloads\Lynda.com.SharePoint.2010.Essential.Training-QUASAR
2012-07-02 04:40 - 2012-07-02 05:52 - 00000000 ____D C:\Users\FAC\Downloads\Lynda Java
2012-07-02 04:20 - 2012-07-02 05:37 - 00000000 ____D C:\Users\FAC\Downloads\Lynda.Com.HTML5.Video.Tutorials[HemZone]
2012-07-02 02:58 - 2012-07-02 04:42 - 119478286 ____A C:\Users\FAC\Downloads\C Sharp .Net 4 Book Collection (ASP.Net, MVC 3, WPF, WCF etc) - Part.3.rar
2012-07-02 02:45 - 2012-07-02 02:54 - 00000000 ____D C:\Users\FAC\Downloads\Worx Professional ASP.NET MVC 3
2012-07-02 02:44 - 2012-07-02 02:44 - 00000000 ____D C:\Users\FAC\AppData\Local\{DE71E766-F71E-421F-B561-BBD7CD0C840C}
2012-07-02 02:43 - 2012-07-02 02:44 - 00000000 ____D C:\Users\FAC\AppData\Local\{AA5D7126-BA5E-497D-8364-9669F393928A}
2012-07-02 02:16 - 2012-07-02 02:17 - 00000000 ____D C:\Users\FAC\Downloads\SQL Server 2008 Transact SQL Recipes
2012-07-01 10:46 - 2012-07-02 04:15 - 00000000 ____D C:\Users\FAC\Downloads\London_2012_The_Official_Video_Game_of_the_Olympic_Games-FLT
2012-07-01 10:07 - 2012-07-01 10:07 - 00000000 ____D C:\Users\FAC\Downloads\Legend of 1900
2012-07-01 07:19 - 2012-07-01 07:19 - 00000000 ____D C:\Users\FAC\AppData\Local\{FE825E6D-CF94-4CA8-AEBA-626CF0AD94A3}
2012-07-01 07:19 - 2012-07-01 07:19 - 00000000 ____D C:\Users\FAC\AppData\Local\{9AFBBE61-47C4-40C8-B01F-528A131984C2}
2012-07-01 07:15 - 2012-07-07 01:41 - 00000000 ____D C:\Users\FAC\Downloads\The.Walking.Dead.Episode.2.Starved.for.Help-TiNYiSO
2012-06-30 11:59 - 2012-06-30 12:00 - 00000000 ____D C:\Users\FAC\AppData\Local\{6428FD0A-DA3A-4524-AF00-EC294C511DF1}
2012-06-30 11:59 - 2012-06-30 11:59 - 00000000 ____D C:\Users\FAC\AppData\Local\{E8B5A077-FAC3-49F1-95D2-15B229F34C16}
2012-06-29 19:24 - 2012-06-29 22:49 - 35735399 ____A C:\Users\FAC\Downloads\Fieldrunners HD-Appstap.net.rar
2012-06-29 19:12 - 2012-06-29 19:12 - 00000000 ____D C:\Users\FAC\AppData\Local\{5863B0A1-F7CD-49C1-A191-C9DEC405C34E}
2012-06-29 19:12 - 2012-06-29 19:12 - 00000000 ____D C:\Users\FAC\AppData\Local\{431A41D7-1B0C-4BDC-BF4F-B07E3C6CC0A8}
2012-06-29 19:01 - 2012-06-30 03:08 - 00000000 ____D C:\Users\FAC\Downloads\American.Reunion.UNRATED.DVDRip.XviD.SBT


============ 3 Months Modified Files ========================

2012-07-29 22:31 - 2012-07-28 22:37 - 1557799640 ____A C:\Users\FAC\Downloads\The.Humble.Indie.Bundle.for.Windows.rar
2012-07-29 22:30 - 2009-07-14 04:31 - 00749872 ____A C:\Windows\System32\perfh00A.dat
2012-07-29 22:30 - 2009-07-14 04:31 - 00159906 ____A C:\Windows\System32\perfc00A.dat
2012-07-29 22:30 - 2009-07-14 00:13 - 01678594 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-29 22:23 - 2012-04-09 23:15 - 00000838 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-07-29 22:01 - 2012-07-12 05:51 - 00001030 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-29 21:58 - 2009-07-14 00:10 - 01952947 ____A C:\Windows\WindowsUpdate.log
2012-07-29 21:46 - 2012-01-07 05:25 - 00001038 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-657104428-2278183389-2821783934-1002UA.job
2012-07-29 20:58 - 2012-07-29 20:58 - 00002098 ____A C:\Users\FAC\Desktop\aswMBR.txt
2012-07-29 20:58 - 2012-07-29 20:58 - 00000512 ____A C:\Users\FAC\Desktop\MBR.dat
2012-07-29 19:01 - 2012-07-12 05:51 - 00001026 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-29 14:38 - 2012-07-29 14:38 - 00003342 ____A C:\Users\FAC\Desktop\RKreport[1].txt
2012-07-29 11:46 - 2012-01-07 05:25 - 00000986 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-657104428-2278183389-2821783934-1002Core.job
2012-07-29 11:21 - 2012-07-29 11:21 - 00027018 ____A C:\Users\FAC\Desktop\DDS.txt
2012-07-29 11:21 - 2012-07-29 11:21 - 00016911 ____A C:\Users\FAC\Desktop\Attach.txt
2012-07-29 08:57 - 2012-07-29 08:57 - 00607260 ____R (Swearware) C:\Users\FAC\Desktop\dds.scr
2012-07-29 08:49 - 2012-07-29 08:49 - 01438391 ____A (Farbar) C:\Users\FAC\Desktop\FRST64.exe
2012-07-29 08:40 - 2012-07-29 08:39 - 04731392 ____A (AVAST Software) C:\Users\FAC\Desktop\aswMBR.exe
2012-07-29 08:39 - 2012-07-29 08:39 - 01552384 ____A C:\Users\FAC\Desktop\RogueKiller.exe
2012-07-29 08:38 - 2012-07-29 08:38 - 02117108 ____A C:\Users\FAC\Desktop\tdsskiller.zip
2012-07-29 04:00 - 2012-07-28 16:21 - 341615624 ____A C:\Users\FAC\Downloads\Hot.Wheels.Velocity.X_PC.7z
2012-07-28 22:59 - 2012-07-28 22:13 - 416214770 ____A (BonitaSoft) C:\Users\FAC\Downloads\BOS-5.7.2-win-setup.exe
2012-07-28 20:38 - 2012-07-28 20:38 - 00005181 ____A C:\Users\FAC\Desktop\gmer.txt
2012-07-28 19:57 - 2009-07-13 23:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-28 19:57 - 2009-07-13 23:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-28 19:48 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-28 19:47 - 2009-07-13 23:51 - 00057427 ____A C:\Windows\setupact.log
2012-07-28 19:42 - 2012-07-28 19:42 - 00302592 ____A C:\Users\FAC\Desktop\ew5cejw4.exe
2012-07-28 19:39 - 2012-07-28 19:39 - 00001111 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-07-28 19:37 - 2012-07-28 19:35 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\FAC\Desktop\mbam-setup-1.62.0.1300.exe
2012-07-28 19:36 - 2011-05-13 11:46 - 00000836 ____A C:\Users\FAC\Desktop\Estrenos SUB.txt
2012-07-28 19:04 - 2012-07-28 19:04 - 00000054 ___RH C:\Users\FAC\Downloads\stinger.opt
2012-07-28 18:59 - 2012-05-31 12:13 - 00031744 ____A C:\Users\FAC\Desktop\Modelo 2 - Necesidades para el CUBO.xls
2012-07-28 16:44 - 2012-05-10 23:33 - 00001024 ____A C:\Windows\olecli.log
2012-07-28 16:43 - 2011-04-21 15:30 - 00080774 ____A C:\Windows\PFRO.log
2012-07-28 16:39 - 2012-07-28 16:38 - 09691752 ____A (McAfee Inc.) C:\Users\FAC\Downloads\stinger.exe
2012-07-28 15:31 - 2012-07-28 14:59 - 57957476 ____A C:\Users\FAC\Downloads\ESET.NOD32.Antivirus.v6.0.115.0.RC.x86.rar
2012-07-28 15:08 - 2011-04-21 23:14 - 00582608 ____A C:\Windows\DirectX.log
2012-07-28 15:07 - 2012-07-28 15:00 - 64397972 ____A C:\Users\FAC\Downloads\ESET.NOD32.Antivirus.v6.0.115.0.RC.x64.rar
2012-07-27 19:27 - 2012-07-24 20:25 - 429195264 ____A C:\Users\FAC\Downloads\System_Management_Server_Train.ISO
2012-07-27 03:14 - 2012-04-09 23:15 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-27 03:14 - 2012-03-18 22:51 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-22 10:13 - 2012-07-22 10:13 - 00002128 ____A C:\Users\Public\Desktop\Saints Row The Third.lnk
2012-07-21 12:31 - 2012-07-21 12:14 - 272416288 ____A C:\Users\FAC\Downloads\SQL2012DevTrainingKit.Setup.exe
2012-07-16 04:48 - 2011-11-25 06:28 - 00001203 ____A C:\Users\FAC\Desktop\NewAlbumReleases.txt
2012-07-12 06:01 - 2012-07-12 06:01 - 00001709 ____A C:\Users\FAC\Desktop\Google Drive.lnk
2012-07-08 21:51 - 2011-05-03 19:43 - 00002062 ___AH C:\Users\FAC\Documents\Default.rdp
2012-07-07 19:08 - 2009-07-13 21:34 - 00000558 ____A C:\Windows\win.ini
2012-07-04 22:25 - 2012-07-04 22:25 - 00001823 ____A C:\Users\FAC\Desktop\WalkingDead.lnk
2012-07-03 22:43 - 2012-05-12 19:34 - 00000025 ____A C:\Windows\LastUser.ini
2012-07-03 13:46 - 2012-07-28 19:39 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-07-02 04:42 - 2012-07-02 02:58 - 119478286 ____A C:\Users\FAC\Downloads\C Sharp .Net 4 Book Collection (ASP.Net, MVC 3, WPF, WCF etc) - Part.3.rar
2012-06-29 22:49 - 2012-06-29 19:24 - 35735399 ____A C:\Users\FAC\Downloads\Fieldrunners HD-Appstap.net.rar
2012-06-12 22:07 - 2012-06-10 16:34 - 980738048 ____A C:\Users\FAC\Downloads\Wrath of the Titans (Clash of the Titans 2) (V.O.S.E) 2012 DVDRip Xvid Mp3 TuCenTral.avi
2012-06-12 22:04 - 2012-06-12 22:04 - 00036377 ____A C:\Users\FAC\Desktop\mp desde 15 mayo.xlsx
2012-06-11 01:18 - 2012-06-11 00:46 - 198180864 ____A C:\Users\FAC\Downloads\AdventureWorks2012_Data.mdf
2012-06-11 00:54 - 2012-06-11 00:54 - 00832264 ____A C:\Users\FAC\Downloads\Analysis Services Tutorial SQL Server 2012.zip
2012-06-11 00:54 - 2012-06-11 00:54 - 00452044 ____A C:\Users\FAC\Downloads\AdventureWorks Multidimensional Models SQL Server 2012.zip
2012-06-10 18:17 - 2012-06-10 18:10 - 26214332 ____A C:\Users\FAC\Downloads\YO SOY KURT COBAIN.mp4
2012-06-10 17:02 - 2012-06-10 16:54 - 29041160 ____A C:\Users\FAC\Downloads\Yo Soy [ Peru ] Kurt Cobain.mp4
2012-06-02 17:19 - 2012-06-21 20:31 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 17:19 - 2012-06-21 20:31 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 17:19 - 2012-06-21 20:31 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 17:19 - 2012-06-21 20:31 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 17:19 - 2012-06-21 20:31 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 17:15 - 2012-06-21 20:31 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 17:15 - 2012-06-21 20:31 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 15:19 - 2012-06-21 20:31 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 15:15 - 2012-06-21 20:31 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 09:15 - 2012-06-02 09:13 - 26809448 ____A (Microsoft Corporation) C:\Users\FAC\Downloads\AccessDatabaseEngine2010.exe
2012-06-02 09:12 - 2012-06-02 09:09 - 26481656 ____A (Microsoft Corporation) C:\Users\FAC\Downloads\AccessDatabaseEngine2007.exe
2012-06-02 08:50 - 2012-06-02 08:36 - 184897536 ____A C:\Users\FAC\Documents\Database1.accdb
2012-05-25 17:35 - 2012-05-25 17:35 - 00009249 ____A C:\Users\FAC\Documents\siaf munilim.xlsx
2012-05-24 23:47 - 2009-07-13 23:45 - 00422160 ____A C:\Windows\System32\FNTCACHE.DAT
2012-05-24 23:43 - 2012-01-06 23:08 - 57848688 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-05-24 08:57 - 2012-01-09 17:58 - 00001217 ____A C:\Windows\ODBC.INI
2012-05-24 03:54 - 2012-01-09 09:47 - 00041079 ____A C:\Users\FAC\sanct.log
2012-05-23 04:54 - 2012-05-23 04:54 - 00425545 ____A C:\Users\FAC\Documents\CAS Nombrado 201203.xlsx
2012-05-23 03:56 - 2012-05-23 03:56 - 00000945 ____A C:\Users\Public\Desktop\µTorrent.lnk
2012-05-20 09:53 - 2012-05-20 09:49 - 09585439 ____A C:\Users\FAC\Downloads\HUGE FILE TEXT EDITOR gvim73_46.exe
2012-05-19 02:53 - 2012-05-19 02:53 - 00001351 ____A C:\Users\FAC\Desktop\SqlDbx.lnk
2012-05-17 22:00 - 2012-05-17 22:02 - 19595047 ____A C:\Users\FAC\Desktop\BDBoard20120517 2159.rar
2012-05-16 17:59 - 2012-05-16 17:59 - 00000698 ____A C:\Users\FAC\Downloads\launch.rtc
2012-05-15 22:11 - 2012-05-15 22:11 - 00001103 ____A C:\Users\Public\Desktop\Board 7.lnk
2012-05-15 16:21 - 2011-05-13 11:46 - 00008282 ____A C:\Users\FAC\Desktop\IPs IPPSA.txt
2012-05-12 05:58 - 2012-05-12 05:58 - 01240668 ____A C:\Users\FAC\Downloads\SqlDbxPersonal.zip
2012-05-09 19:04 - 2012-05-09 19:04 - 00000923 ____A C:\Users\Public\Desktop\PreziDesktop3.lnk
2012-05-09 00:33 - 2012-05-09 00:30 - 18187892 ____A C:\Users\FAC\Downloads\Nirvana - Drain You (MTV Live and Loud 93) HD.mp4
2012-05-08 23:57 - 2012-05-08 23:53 - 16383413 ____A C:\Users\FAC\Downloads\Nirvana Pennyroyal Tea (Live) French TV 1994 High Quality.mp4
2012-05-08 23:56 - 2012-05-08 23:53 - 08441533 ____A C:\Users\FAC\Downloads\NIRVANA - Kurt Cobains Top 5 Best Drain You Screams.mp4
2012-05-08 23:51 - 2012-05-08 23:45 - 41528996 ____A C:\Users\FAC\Downloads\Olaf - in Bloom Smell like teen spirit (día de la música).mp4
2012-05-08 23:24 - 2012-05-08 23:22 - 18192186 ____A C:\Users\FAC\Downloads\Nirvana - Drain You [HD] (Live on French tv 1994).mp4
2012-05-08 23:09 - 2012-05-08 22:47 - 115513677 ____A C:\Users\FAC\Downloads\OLAF en la FIL Arequipa 2011.mp4
2012-05-08 22:53 - 2012-05-08 22:48 - 11783119 ____A C:\Users\FAC\Downloads\Somebody - Olaf - AQP 2012.mp4
2012-05-08 22:52 - 2012-05-08 22:43 - 19358981 ____A C:\Users\FAC\Downloads\Sweet Child O Mine-JackettsRamiro.mp4
2012-05-08 22:52 - 2012-05-08 22:43 - 16620726 ____A C:\Users\FAC\Downloads\Olaf - the man who sold the world.mp4
2012-05-08 22:48 - 2012-05-08 22:42 - 13184410 ____A C:\Users\FAC\Downloads\where did you sleep last night-NirvanaOLAF.mp4
2012-05-06 20:20 - 2012-05-06 20:16 - 10323088 ____A (Gretech Corporation) C:\Users\FAC\Downloads\GOMPLAYERENSETUP.EXE
2012-05-03 17:13 - 2012-05-03 17:13 - 00000020 ___SH C:\Users\UpdatusUser\ntuser.ini
2012-05-03 17:09 - 2012-05-03 17:09 - 00000005 ____A C:\Users\FAC\Documents\anulacion tarjeta credito.txt
2012-05-03 11:23 - 2012-05-03 10:47 - 212446672 ____A (NVIDIA Corporation) C:\Users\FAC\Downloads\NVIDIA 296.10-notebook-win7-winvista-64bit-international-whql.exe
2012-05-03 00:43 - 2012-05-03 00:40 - 15161419 ____A C:\Users\FAC\Downloads\Nirvana The Man Who Sold The World live Great Western Forum 12301993 AMT2.mp4
2012-05-03 00:39 - 2012-05-03 00:33 - 23296827 ____A C:\Users\FAC\Downloads\Nirvana - The Man Who Sold The World MTV Live Loud, Seattle, WA.mp4


ZeroAccess:
C:\Windows\Installer\{dda59d07-63fd-4192-f593-a6e3c17885d9}
C:\Windows\Installer\{dda59d07-63fd-4192-f593-a6e3c17885d9}\@
C:\Windows\Installer\{dda59d07-63fd-4192-f593-a6e3c17885d9}\L
C:\Windows\Installer\{dda59d07-63fd-4192-f593-a6e3c17885d9}\U
C:\Windows\Installer\{dda59d07-63fd-4192-f593-a6e3c17885d9}\L\00000004.@
C:\Windows\Installer\{dda59d07-63fd-4192-f593-a6e3c17885d9}\U\00000004.@
C:\Windows\Installer\{dda59d07-63fd-4192-f593-a6e3c17885d9}\U\80000000.@
C:\Windows\Installer\{dda59d07-63fd-4192-f593-a6e3c17885d9}\U\80000032.@
C:\Windows\Installer\{dda59d07-63fd-4192-f593-a6e3c17885d9}\U\80000064.@

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 50BEA589F7D7958BDD2528A8F69D05CC ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 10%
Total physical RAM: 8106.17 MB
Available physical RAM: 7256.67 MB
Total Pagefile: 8104.32 MB
Available Pagefile: 7262.46 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:451.01 GB) (Free:24.25 GB) NTFS
3 Drive e: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:6.27 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive f: (EF) (Removable) (Total:3.78 GB) (Free:1.91 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

N£m Disco Estado Tama¤o Disp Din Gpt
---------- ---------- ------- ------- --- ---
Disco 0 En l¡nea 465 GB 0 B
Disco 1 En l¡nea 3875 MB 0 B

Partitions of Disk 0:
===============

N£m Partici¢n Tipo Tama¤o Desplazamiento
------------- ---------------- ------- ---------------
Partici¢n 1 OEM 101 MB 31 KB
Partici¢n 2 Principal 14 GB 102 MB
Partici¢n 3 Principal 451 GB 14 GB

==================================================================================

Disk: 0
Partici¢n 1
Tipo : DE
Oculta : S¡
Activa : No

N£m Volumen Ltr Etiqueta Fs Tipo Tama¤o Estado Info
----------- --- ----------- ----- ---------- ------- --------- --------
* Volumen 4 FAT32 Partici¢n 101 MB Correcto Oculto

==================================================================================

Disk: 0
Partici¢n 2
Tipo : 07
Oculta : No
Activa : S¡

N£m Volumen Ltr Etiqueta Fs Tipo Tama¤o Estado Info
----------- --- ----------- ----- ---------- ------- --------- --------
* Volumen 1 E RECOVERY NTFS Partici¢n 14 GB Correcto

==================================================================================

Disk: 0
Partici¢n 3
Tipo : 07
Oculta : No
Activa : No

N£m Volumen Ltr Etiqueta Fs Tipo Tama¤o Estado Info
----------- --- ----------- ----- ---------- ------- --------- --------
* Volumen 2 C OS NTFS Partici¢n 451 GB Correcto

==================================================================================

Partitions of Disk 1:
===============

N£m Partici¢n Tipo Tama¤o Desplazamiento
------------- ---------------- ------- ---------------
Partici¢n 1 Principal 3874 MB 31 KB

==================================================================================

Disk: 1
Partici¢n 1
Tipo : 0B
Oculta : No
Activa : S¡

N£m Volumen Ltr Etiqueta Fs Tipo Tama¤o Estado Info
----------- --- ----------- ----- ---------- ------- --------- --------
* Volumen 3 F EF FAT32 Extra¡ble 3874 MB Correcto

==================================================================================

==========================================================

Last Boot: 2012-07-28 00:15

======================= End Of Log ==========================

 

[FERAC]

Search.txt

Farbar Recovery Scan Tool Version: 25-07-2012 01
Ran by SYSTEM at 2012-07-29 22:44:10
Running from F:\

================== Search: "services.exe" ===================

C:\WINDOWS\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 18:19] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\WINDOWS\System32\services.exe
[2009-07-13 18:19] - [2009-07-13 20:39] - 0329216 ____A (Microsoft Corporation) 50BEA589F7D7958BDD2528A8F69D05CC

====== End Of Search ======

 

[Broni]

Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Next....

Restart normally.

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
• Double click on combofix.exe & follow the prompts.

• 
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe

• Double-click on the Rkill icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[FERAC]

Thanks!

Fixlog

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 25-07-2012 01
Ran by SYSTEM at 2012-07-29 23:35:24 Run:1
Running from F:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
C:\Windows\System32\consrv.dll not found.
C:\Windows\Installer\{dda59d07-63fd-4192-f593-a6e3c17885d9} moved successfully.
C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
C:\WINDOWS\System32\services.exe moved successfully.
C:\WINDOWS\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\WINDOWS\System32\services.exe

==== End of Fixlog ====

 

[FERAC]

Combofix ran in safe mode only


ComboFix 12-07-29.02 - FAC 29/07/2012 23:47:02.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.51.3082.18.7084.5004 [GMT -5:00]
Running from: c:\users\FAC\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 5.0 *Enabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.0 *Enabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\Roaming
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\olecli.log
c:\windows\SysWow64\html
c:\windows\SysWow64\html\calendar.html
c:\windows\SysWow64\html\calendarbottom.html
c:\windows\SysWow64\html\calendartop.html
c:\windows\SysWow64\html\crystalexportdialog.htm
c:\windows\SysWow64\html\crystalprinthost.html
c:\windows\SysWow64\images
c:\windows\SysWow64\images\toolbar\calendar.gif
c:\windows\SysWow64\images\toolbar\crlogo.gif
c:\windows\SysWow64\images\toolbar\export.gif
c:\windows\SysWow64\images\toolbar\export_over.gif
c:\windows\SysWow64\images\toolbar\exportd.gif
c:\windows\SysWow64\images\toolbar\First.gif
c:\windows\SysWow64\images\toolbar\first_over.gif
c:\windows\SysWow64\images\toolbar\Firstd.gif
c:\windows\SysWow64\images\toolbar\gotopage.gif
c:\windows\SysWow64\images\toolbar\gotopage_over.gif
c:\windows\SysWow64\images\toolbar\gotopaged.gif
c:\windows\SysWow64\images\toolbar\grouptree.gif
c:\windows\SysWow64\images\toolbar\grouptree_over.gif
c:\windows\SysWow64\images\toolbar\grouptreed.gif
c:\windows\SysWow64\images\toolbar\grouptreepressed.gif
c:\windows\SysWow64\images\toolbar\Last.gif
c:\windows\SysWow64\images\toolbar\last_over.gif
c:\windows\SysWow64\images\toolbar\Lastd.gif
c:\windows\SysWow64\images\toolbar\Next.gif
c:\windows\SysWow64\images\toolbar\next_over.gif
c:\windows\SysWow64\images\toolbar\Nextd.gif
c:\windows\SysWow64\images\toolbar\Prev.gif
c:\windows\SysWow64\images\toolbar\prev_over.gif
c:\windows\SysWow64\images\toolbar\Prevd.gif
c:\windows\SysWow64\images\toolbar\print.gif
c:\windows\SysWow64\images\toolbar\print_over.gif
c:\windows\SysWow64\images\toolbar\printd.gif
c:\windows\SysWow64\images\toolbar\Refresh.gif
c:\windows\SysWow64\images\toolbar\refresh_over.gif
c:\windows\SysWow64\images\toolbar\refreshd.gif
c:\windows\SysWow64\images\toolbar\Search.gif
c:\windows\SysWow64\images\toolbar\search_over.gif
c:\windows\SysWow64\images\toolbar\searchd.gif
c:\windows\SysWow64\images\toolbar\up.gif
c:\windows\SysWow64\images\toolbar\up_over.gif
c:\windows\SysWow64\images\toolbar\upd.gif
c:\windows\SysWow64\images\tree\begindots.gif
c:\windows\SysWow64\images\tree\beginminus.gif
c:\windows\SysWow64\images\tree\beginplus.gif
c:\windows\SysWow64\images\tree\blank.gif
c:\windows\SysWow64\images\tree\blankdots.gif
c:\windows\SysWow64\images\tree\dots.gif
c:\windows\SysWow64\images\tree\lastdots.gif
c:\windows\SysWow64\images\tree\lastminus.gif
c:\windows\SysWow64\images\tree\lastplus.gif
c:\windows\SysWow64\images\tree\Magnify.gif
c:\windows\SysWow64\images\tree\minus.gif
c:\windows\SysWow64\images\tree\minusbox.gif
c:\windows\SysWow64\images\tree\plus.gif
c:\windows\SysWow64\images\tree\plusbox.gif
c:\windows\SysWow64\images\tree\singleminus.gif
c:\windows\SysWow64\images\tree\singleplus.gif
.
.
((((((((((((((((((((((((( Files Created from 2012-06-28 to 2012-07-30 )))))))))))))))))))))))))))))))
.
.
2012-07-30 04:53 . 2012-07-30 04:53--------d-----w-c:\users\UpdatusUser\AppData\Local\temp
2012-07-30 04:53 . 2012-07-30 04:53--------d-----w-c:\users\Default\AppData\Local\temp
2012-07-30 03:37 . 2012-07-30 03:37--------d-----w-C:\FRST
2012-07-29 00:40 . 2012-07-29 00:40--------d-----w-c:\users\FAC\AppData\Roaming\Malwarebytes
2012-07-29 00:39 . 2012-07-29 00:39--------d-----w-c:\programdata\Malwarebytes
2012-07-29 00:39 . 2012-07-03 18:4624904----a-w-c:\windows\system32\drivers\mbam.sys
2012-07-29 00:39 . 2012-07-29 00:39--------d-----w-c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-28 21:46 . 2012-07-29 00:04--------d-----w-c:\program files (x86)\stinger
2012-07-22 16:05 . 2012-07-22 16:05--------d-----w-c:\users\FAC\AppData\Roaming\runic games
2012-07-22 14:56 . 2012-07-22 14:56--------d-----w-c:\program files (x86)\THQ
2012-07-22 13:17 . 2012-07-22 13:17--------d-----w-c:\program files (x86)\Runic Games
2012-07-22 00:53 . 2012-07-22 00:53--------d-----w-c:\users\FAC\AppData\Local\FLT
2012-07-22 00:53 . 2012-07-22 00:53--------d-----w-c:\users\FAC\AppData\Local\2012
2012-07-12 11:01 . 2012-07-30 04:39--------d-s---w-c:\users\FAC\Google Drive
2012-07-12 10:51 . 2012-07-12 11:00--------d-----w-c:\program files (x86)\Google
2012-07-05 03:12 . 2012-07-05 03:12--------d-----w-c:\program files (x86)\Telltale Games
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-27 08:14 . 2012-04-10 04:15426184----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-27 08:14 . 2012-03-19 03:5170344----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-23 23:50 . 2012-06-23 23:5019736----a-w-c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-06-02 22:19 . 2012-06-22 01:3138424----a-w-c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 01:312428952----a-w-c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-22 01:3157880----a-w-c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 01:3144056----a-w-c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 01:31701976----a-w-c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-22 01:312622464----a-w-c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-22 01:3199840----a-w-c:\windows\system32\wudriver.dll
2012-06-02 20:19 . 2012-06-22 01:31186752----a-w-c:\windows\system32\wuwebv.dll
2012-06-02 20:15 . 2012-06-22 01:3136864----a-w-c:\windows\system32\wuapp.exe
2012-05-28 03:51 . 2012-05-28 03:51165232---ha-w-c:\users\FAC\AppData\Roaming\Microsoft\Virtual PC\VPCKeyboard.dll
2012-05-25 04:43 . 2012-01-07 04:0857848688----a-w-c:\windows\system32\MRT.exe
2012-05-08 17:02 . 2012-05-25 04:348955792----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{0986B423-0547-4B21-9624-5AAC35267A68}\mpengine.dll
2012-05-05 23:10 . 2012-05-05 23:1040960----a-r-c:\users\FAC\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
2012-05-05 23:10 . 2012-05-05 23:1040960----a-r-c:\users\FAC\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2009-11-15 33120]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-11 3672384]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2012-06-21 12163848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2010-11-02 93832]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-08-19 487562]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"vmware-tray"="c:\program files (x86)\VMware\VMware Workstation\vmware-tray.exe" [2011-08-22 103536]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SQL Prompt Query Analyzer Integration.lnk - c:\program files (x86)\Red Gate\SQL Prompt 4\RedGate.SQLPrompt.TrayApp.exe [2012-1-9 81920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]
2010-11-02 03:40147080----a-w-c:\program files (x86)\Sensible Vision\Fast Access\FALogNot.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification PackagesREG_MULTI_SZ scecli FAPassSync
Security PackagesREG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"CloneCDTray"="c:\program files (x86)\SlySoft\CloneCD\CloneCDTray.exe" /s
.
R1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2011-08-04 146432]
R1 nvkflt;nvkflt;c:\windows\system32\DRIVERS\nvkflt.sys [2012-03-01 249152]
R2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 98208]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-01-24 901184]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-01-24 991296]
R2 Board7;Board 7 Engine;c:\program files\Board\Board Server\BoardEngine.exe [2012-03-23 20480]
R2 Board7Silverlight;Board 7 Web Engine;c:\program files (x86)\Board\Board Web Server\BoardSilverlightService.exe [2012-03-23 134656]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2011-08-09 202576]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-09-06 974944]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2011-08-04 137144]
R2 gupdate;Google Update Servicio (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-12 116648]
R2 IEU_Service;NEC Projector USB Display Service;c:\program files (x86)\NEC Projector User Supportware\Image Express Utility Lite\IEU_Service.exe [2012-04-13 69120]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]
R2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2011-10-12 2072896]
R2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-08-22 846448]
R2 VMwareHostd;VMware Workstation Server;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2011-08-22 11837440]
R2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi10-shared.sys [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-27 250056]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-01-24 1298496]
R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [2011-01-24 58128]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [2011-11-15 327168]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2010-08-12 175168]
R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [2008-09-25 238848]
R3 gupdatem;Google Update Servicio (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-12 116648]
R3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [2011-12-10 60416]
R3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976]
R3 IntcDAud;Sonido Intel(R) para pantallas;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-16 317440]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2010-12-15 174168]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\DRIVERS\nvstusb.sys [2010-12-12 121960]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 qicflt;upper Device Filter Driver;c:\windows\system32\DRIVERS\qicflt.sys [2010-07-13 29288]
R3 Sound Blaster X-Fi MB Licensing Service;Sound Blaster X-Fi MB Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [2011-04-22 79360]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-09-22 11856]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 WatAdminSvc;Servicio de tecnologías de activación de Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-07 1255736]
R3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-12-01 42392]
R4 FAService;FAService;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe [2010-11-02 2428552]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-03-01 28992]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2010-08-20 21616]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2011-08-08 116336]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-12-13 27760]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 NETwNs64;___ Controlador del adaptador Intel(R) Wireless WiFi Link para Windows 7 de 64 bits;c:\windows\system32\DRIVERS\NETwNs64.sys [2010-12-22 8505856]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 82432]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 181760]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 08:14]
.
2012-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-12 10:51]
.
2012-07-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-12 10:51]
.
2012-07-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-657104428-2278183389-2821783934-1002Core.job
- c:\users\FAC\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-07 10:25]
.
2012-07-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-657104428-2278183389-2821783934-1002UA.job
- c:\users\FAC\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-07 10:25]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-06-21 00:02755224----a-w-c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-06-21 00:02755224----a-w-c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-06-21 00:02755224----a-w-c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-06-21 00:02755224----a-w-c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-12-14 6561384]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-12-11 2186856]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-12 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-12 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-12 418328]
"FreeFallProtection"="c:\program files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-12-17 686704]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-12-17 1933584]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-01-24 10355200]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2011-01-25 4479648]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"RunDLLEntry"="c:\windows\system32\AmbRunE.dll" [2009-02-26 17920]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-06 4030008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
LSP: %SystemRoot%\system32\vsocklib.dll
TCP: Interfaces\{27A3F84D-293F-4500-8062-4B28402863C9}: NameServer = 200.48.225.130,200.48.225.146
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-30 00:07:19 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-30 05:07
.
Pre-Run: 37,167,136,768 bytes libres
Post-Run: 37,358,067,712 bytes libres
.
- - End Of File - - 51DA236D9E3CFC2BC1AB9CC15B500F71

 

[Broni]

Looks good

Any current issues?

==============================

Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
NOTE. If you already have MBAM installed, update it before running the scan.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer IF MBAM asks you to do so.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

==============================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[FERAC]

Thanks a lot
You truly are a great help

No problems so far.

No malware in Mbam

This is OTL pt1

OTL logfile created on: 30/07/2012 10:33:55 p.m. - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\FAC\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000280A | Country: Perú | Language: ESR | Date Format: dd/MM/yyyy

6.92 Gb Total Physical Memory | 4.69 Gb Available Physical Memory | 67.83% Memory free
13.83 Gb Paging File | 10.56 Gb Available in Paging File | 76.32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.01 Gb Total Space | 34.87 Gb Free Space | 7.73% Space Free | Partition Type: NTFS

Computer Name: PC | User Name: FAC | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/30 22:28:42 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\FAC\Desktop\OTL.exe
PRC - [2012/06/20 19:02:30 | 012,163,848 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2012/05/23 03:56:17 | 000,880,496 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
PRC - [2012/02/29 19:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012/02/29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012/01/19 06:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012/01/09 08:59:12 | 000,081,920 | ---- | M] (Red Gate Software Ltd.) -- C:\Program Files (x86)\Red Gate\SQL Prompt 4\RedGate.SQLPrompt.TrayApp.exe
PRC - [2011/09/06 18:16:42 | 000,974,944 | ---- | M] (ESET) -- C:\Archivos de programa\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
PRC - [2011/08/22 17:07:32 | 000,354,416 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\SysWOW64\vmnetdhcp.exe
PRC - [2011/08/22 17:07:18 | 000,103,536 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
PRC - [2011/08/22 17:06:56 | 000,432,752 | ---- | M] (VMware, Inc.) -- C:\WINDOWS\SysWOW64\vmnat.exe
PRC - [2011/08/22 16:34:52 | 011,837,440 | ---- | M] () -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
PRC - [2011/08/22 15:28:42 | 000,079,872 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
PRC - [2011/01/24 15:34:06 | 000,991,296 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
PRC - [2011/01/24 15:34:04 | 001,298,496 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
PRC - [2011/01/24 15:33:30 | 000,901,184 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
PRC - [2011/01/24 15:33:24 | 000,979,008 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
PRC - [2010/12/20 18:24:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/12/20 18:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/12/17 10:25:22 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe

========== Modules (No Company Name) ==========

MOD - [2012/07/30 06:46:17 | 001,169,408 | ---- | M] () -- C:\Users\FAC\AppData\Local\Temp\_MEI20522\wx._core_.pyd
MOD - [2012/07/30 06:46:17 | 001,056,256 | ---- | M] () -- C:\Users\FAC\AppData\Local\Temp\_MEI20522\wx._controls_.pyd
MOD - [2012/07/30 06:46:17 | 001,018,368 | ---- | M] () -- C:\Users\FAC\AppData\Local\Temp\_MEI20522\windows._cacheinvalidation.pyd
MOD - [2012/07/30 06:46:17 | 000,807,424 | ---- | M] () -- C:\Users\FAC\AppData\Local\Temp\_MEI20522\wx._windows_.pyd
MOD - [2012/07/30 06:46:17 | 000,792,576 | ---- | M] () -- C:\Users\FAC\AppData\Local\Temp\_MEI20522\wx._gdi_.pyd
MOD - [2012/07/30 06:46:17 | 000,731,136 | ---- | M] () -- C:\Users\FAC\AppData\Local\Temp\_MEI20522\wx._misc_.pyd
MOD - [2012/07/30 06:46:17 | 000,645,120 | ---- | M] () -- C:\Users\FAC\AppData\Local\Temp\_MEI20522\_ssl.pyd
MOD - [2012/07/30 06:46:17 | 000,585,728 | ---- | M] () -- C:\Users\FAC\AppData\Local\Temp\_MEI20522\unicodedata.pyd
MOD - [2012/07/30 06:46:17 | 000,571,392 | ---- | M] () -- C:\Users\FAC\AppData\Local\Temp\_MEI20522\pysqlite2._sqlite.pyd
MOD - [2012/07/30 06:46:17 | 000,354,304 | ---- | M] () -- C:\Users\FAC\AppData\Local\Temp\_MEI20522\pythoncom26.dll
MOD - [2012/07/30 06:46:17 | 000,311,808 | ---- | M] () -- C:\Users\FAC\AppData\Local\Temp\_MEI20522\_hashlib.pyd
MOD - [2012/07/30 06:46:17 | 000,263,168 | ---- | M] () -- C:\Users\FAC\AppData\Local\Temp\_MEI20522\win32com.shell.shell.pyd
MOD - [2012/07/30 06:46:17 | 000,153,088 | ---- | M] () -- C:\Users\FAC\AppData\Local\Temp\_MEI20522\pyexpat.pyd
MOD - [2012/07/30 06:46:17 | 000,121,856 | ---- | M] () -- C:\Users\FAC\AppData\Local\Temp\_MEI20522\wx._wizard.pyd
MOD - [2012/07/30 06:46:17 | 000,111,104 | ---- | M] () -- C:\Users\FAC\AppData\Local\Temp\_MEI20522\win32file.pyd
MOD - [2012/07/30 06:46:17 | 000,110,592 | ---- | M] () -- C:\Users\FAC\AppData\Local\Temp\_MEI20522\pywintypes26.dll
MOD - [2012/07/30 06:46:17 | 000,096,256 | ---- | M] () -- C:\Users\FAC\AppData\Local\Temp\_MEI20522\win32api.pyd
MOD - [2012/07/30 06:46:17 | 000,086,016 | ---- | M] () -- C:\Users\FAC\AppData\Local\Temp\_MEI20522\_elementtree.pyd
MOD - [2012/07/30 06:46:17 | 000,073,728 | ---- | M] () -- C:\Users\FAC\AppData\Local\Temp\_MEI20522\_ctypes.pyd
MOD - [2012/07/30 06:46:17 | 000,070,656 | ---- | M] () -- C:\Users\FAC\AppData\Local\Temp\_MEI20522\wx._html2.pyd
MOD - [2012/07/30 06:46:17 | 000,040,448 | ---- | M] () -- C:\Users\FAC\AppData\Local\Temp\_MEI20522\_socket.pyd
MOD - [2012/07/30 06:46:17 | 000,039,424 | ---- | M] () -- C:\Users\FAC\AppData\Local\Temp\_MEI20522\win32inet.pyd
MOD - [2012/07/30 06:46:17 | 000,036,352 | ---- | M] () -- C:\Users\FAC\AppData\Local\Temp\_MEI20522\win32process.pyd
MOD - [2012/07/30 06:46:17 | 000,022,528 | ---- | M] () -- C:\Users\FAC\AppData\Local\Temp\_MEI20522\win32pdh.pyd
MOD - [2012/07/30 06:46:17 | 000,017,920 | ---- | M] () -- C:\Users\FAC\AppData\Local\Temp\_MEI20522\win32event.pyd
MOD - [2012/07/30 06:46:17 | 000,011,776 | ---- | M] () -- C:\Users\FAC\AppData\Local\Temp\_MEI20522\win32crypt.pyd
MOD - [2012/07/30 06:46:17 | 000,011,776 | ---- | M] () -- C:\Users\FAC\AppData\Local\Temp\_MEI20522\select.pyd
MOD - [2012/07/09 23:09:00 | 000,438,296 | ---- | M] () -- C:\Users\FAC\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
MOD - [2012/07/09 23:08:59 | 003,972,120 | ---- | M] () -- C:\Users\FAC\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
MOD - [2012/07/09 23:07:39 | 000,554,520 | ---- | M] () -- C:\Users\FAC\AppData\Local\Google\Chrome\Application\20.0.1132.57\libglesv2.dll
MOD - [2012/07/09 23:07:37 | 000,117,784 | ---- | M] () -- C:\Users\FAC\AppData\Local\Google\Chrome\Application\20.0.1132.57\libegl.dll
MOD - [2012/07/09 23:07:22 | 000,140,328 | ---- | M] () -- C:\Users\FAC\AppData\Local\Google\Chrome\Application\20.0.1132.57\avutil-51.dll
MOD - [2012/07/09 23:07:21 | 000,262,184 | ---- | M] () -- C:\Users\FAC\AppData\Local\Google\Chrome\Application\20.0.1132.57\avformat-54.dll
MOD - [2012/07/09 23:07:19 | 002,386,984 | ---- | M] () -- C:\Users\FAC\AppData\Local\Google\Chrome\Application\20.0.1132.57\avcodec-54.dll
MOD - [2012/07/09 21:17:27 | 009,255,112 | ---- | M] () -- C:\Users\FAC\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
MOD - [2012/07/09 21:17:27 | 009,255,112 | ---- | M] () -- C:\Users\FAC\AppData\Local\Google\Chrome\APPLIC~1\200113~1.57\gcswf32.dll
MOD - [2012/05/24 23:54:49 | 006,610,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\eeaa41950485f16229afc7b409c073cd\System.Data.ni.dll
MOD - [2012/05/24 23:54:30 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll
MOD - [2012/05/24 23:54:25 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll
MOD - [2012/05/24 23:54:12 | 002,508,288 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\4b5650fad63958eabd448eeacde84612\System.Data.SqlXml.ni.dll
MOD - [2012/05/24 23:54:10 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\a1a2e47980512815b030fce9a53cc4c8\System.Xml.ni.dll
MOD - [2012/05/24 23:54:08 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/24 23:54:07 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/24 23:54:03 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
MOD - [2010/12/17 10:25:22 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
MOD - [2010/11/12 19:33:59 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_es_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010/11/04 20:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/11/04 20:57:43 | 000,072,192 | ---- | M] () -- C:\Windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
MOD - [2010/10/20 15:45:26 | 008,801,120 | ---- | M] () -- C:\PROGRA~2\MIF5BA~1\Office14\1033\GrooveIntlResource.dll
MOD - [2009/07/14 04:29:44 | 000,163,840 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_es_b77a5c561934e089\System.Xml.resources.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2008/07/29 13:20:28 | 004,737,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90)
SRV - [2012/07/27 03:14:03 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/04/13 14:52:11 | 000,069,120 | ---- | M] (NEC Display Solutions, Ltd.) [Auto | Running] -- C:\Program Files (x86)\NEC Projector User Supportware\Image Express Utility Lite\IEU_Service.exe -- (IEU_Service)
SRV - [2012/03/23 13:17:38 | 000,020,480 | ---- | M] (Board International SA) [Auto | Running] -- C:\Archivos de programa\Board\Board Server\BoardEngine.exe -- (Board7)
SRV - [2012/03/23 13:15:28 | 000,134,656 | ---- | M] (Board International SA) [Auto | Running] -- C:\Program Files (x86)\Board\Board Web Server\BoardSilverlightService.exe -- (Board7Silverlight)
SRV - [2012/02/29 19:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/02/29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/01/19 06:47:20 | 003,027,840 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011/10/12 18:14:14 | 002,072,896 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/09/06 18:16:42 | 000,974,944 | ---- | M] (ESET) [Auto | Running] -- C:\Archivos de programa\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)
SRV - [2011/08/22 17:07:32 | 000,354,416 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\WINDOWS\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2011/08/22 17:06:56 | 000,432,752 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\WINDOWS\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2011/08/22 16:34:52 | 011,837,440 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe -- (VMwareHostd)
SRV - [2011/08/22 15:28:42 | 000,079,872 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2011/08/21 23:11:28 | 000,846,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService)
SRV - [2011/04/21 22:56:23 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\XMBLicensing.exe -- (Sound Blaster X-Fi MB Licensing Service)
SRV - [2011/03/28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011/01/24 15:34:06 | 000,991,296 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe -- (Bluetooth OBEX Service)
SRV - [2011/01/24 15:34:04 | 001,298,496 | ---- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe -- (Bluetooth Media Service)
SRV - [2011/01/24 15:33:30 | 000,901,184 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe -- (Bluetooth Device Monitor)
SRV - [2010/12/20 18:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/20 18:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/12/17 14:41:32 | 001,515,792 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Archivos de programa\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2010/12/17 14:28:46 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Archivos de programa\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV - [2010/12/17 14:26:50 | 000,836,880 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Archivos de programa\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2010/11/29 15:00:56 | 000,149,504 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV - [2010/11/01 22:40:28 | 002,428,552 | ---- | M] (Sensible Vision ) [Disabled | Stopped] -- C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe -- (FAService)
SRV - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Archivos de programa\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009/11/17 21:14:26 | 000,098,208 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Archivos de programa\Realtek\Audio\HDA\AERTSr64.exe -- (AERTFilters)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/13 12:28:43 | 000,560,184 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/29 19:02:00 | 000,249,152 | ---- | M] (NVIDIA Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\nvkflt.sys -- (nvkflt)
DRV:64bit: - [2012/02/29 19:02:00 | 000,028,992 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011/12/09 19:45:00 | 000,060,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\iBtFltCoex.sys -- (iBtFltCoex)
DRV:64bit: - [2011/11/15 01:13:00 | 000,327,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\btmhsf.sys -- (btmhsf)
DRV:64bit: - [2011/08/22 17:07:58 | 000,062,064 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2011/08/22 17:06:14 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2011/08/22 15:12:26 | 000,045,680 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2011/08/22 15:12:26 | 000,020,080 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2011/08/21 23:11:26 | 000,039,024 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2011/08/21 23:01:22 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\vmusb.sys -- (vmusb)
DRV:64bit: - [2011/08/09 13:57:12 | 000,202,576 | ---- | M] (ESET) [File_System | Auto | Running] -- C:\WINDOWS\SysNative\drivers\eamonm.sys -- (eamonm)
DRV:64bit: - [2011/08/08 14:59:12 | 000,116,336 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2011/08/04 09:20:38 | 000,146,432 | ---- | M] (ESET) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\ehdrv.sys -- (ehdrv)
DRV:64bit: - [2011/08/04 09:20:38 | 000,137,144 | ---- | M] (ESET) [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)
DRV:64bit: - [2011/06/10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/02/10 17:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2011/02/10 17:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2011/01/28 03:57:14 | 012,273,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/01/24 02:24:52 | 000,058,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\btmaux.sys -- (btmaux)
DRV:64bit: - [2011/01/15 11:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2011/01/12 20:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/12/22 04:08:48 | 008,505,856 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\NETwNs64.sys -- (NETwNs64)
DRV:64bit: - [2010/12/17 12:06:32 | 001,404,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/12/16 17:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\WINDOWS\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010/12/15 12:02:04 | 000,174,168 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2010/12/13 12:34:14 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\Accelern.sys -- (Acceler)
DRV:64bit: - [2010/12/12 09:18:36 | 000,121,960 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\nvstusb.sys -- (NvStUSB)
DRV:64bit: - [2010/12/01 05:02:22 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:64bit: - [2010/11/29 15:00:04 | 000,016,120 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 04:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/10/19 19:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/15 19:28:18 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/08/20 04:05:12 | 000,021,616 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\stdcfltn.sys -- (stdcfltn)
DRV:64bit: - [2010/08/12 10:51:30 | 000,175,168 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2010/07/12 21:38:06 | 000,029,288 | ---- | M] (Quanta Computer) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\qicflt.sys -- (qicflt)
DRV:64bit: - [2010/03/19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/02/27 10:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/09/24 20:36:14 | 000,238,848 | ---- | M] (Sensible Vision ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\facap.sys -- (FACAP)
DRV:64bit: - [2007/02/18 00:22:48 | 000,296,816 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\SysNative\Controladores\VMM.sys -- (vmm)
DRV:64bit: - [2007/02/15 19:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV:64bit: - [2007/01/29 06:20:34 | 000,079,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysNative\drivers\VMNetSrv.sys -- (VPCNetS2)
DRV:64bit: - [2006/11/01 12:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2011/09/22 13:08:26 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2007/02/15 19:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SysWOW64\drivers\ElbyCDFL.sys -- (ElbyCDFL)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9ED34756-207A-4BCF-8B3A-04434208AFB3}
IE:64bit: - HKLM\..\SearchScopes\{9ED34756-207A-4BCF-8B3A-04434208AFB3}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {95BE5539-601F-4493-B419-8CD16FE5EC8C}
IE - HKLM\..\SearchScopes\{95BE5539-601F-4493-B419-8CD16FE5EC8C}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-657104428-2278183389-2821783934-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-657104428-2278183389-2821783934-1002\..\SearchScopes,DefaultScope = {95BE5539-601F-4493-B419-8CD16FE5EC8C}
IE - HKU\S-1-5-21-657104428-2278183389-2821783934-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\FAC\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\FAC\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fassoxpcom@sensiblevision.com: C:\Program Files (x86)\Sensible Vision\Fast Access\xpcom_fasso\ [2011/04/21 23:08:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012/01/10 15:00:35 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - homepage: https://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - homepage: https://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\FAC\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\FAC\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\FAC\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\FAC\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\FAC\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\FAC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\FAC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Do Not Track Plus = C:\Users\FAC\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd\2.2.0.510_0\
CHR - Extension: Lord of Ultima = C:\Users\FAC\AppData\Local\Google\Chrome\User Data\Default\Extensions\jdheeblenjmceeppomdgokgilmkonced\1.0.12_0\
CHR - Extension: Fieldrunners = C:\Users\FAC\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkpikhjbfbffdblahfidklcohlaeabak\1.0.0.5_0\
CHR - Extension: Gmail = C:\Users\FAC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/07/30 00:02:33 | 000,000,027 | ---- | M]) - C:\WINDOWS\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Archivos de programa\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Archivos de programa\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (SSOIEAddonBHO Class) - {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files (x86)\Sensible Vision\Fast Access\x64\FAIESSO.dll (Sensible Vision )
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (SSOIEAddonBHO Class) - {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll (Sensible Vision )
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [BTMTrayAgent] C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll (Intel Corporation)
O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\WINDOWS\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\WINDOWS\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RunDLLEntry] C:\Windows\SysNative\AmbRunE.DLL (Creative Technology Ltd.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe (Sensible Vision )
O4 - HKLM..\Run: [vmware-tray] C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
O4 - HKU\S-1-5-21-657104428-2278183389-2821783934-1002..\Run: [AlcoholAutomount] C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
O4 - HKU\S-1-5-21-657104428-2278183389-2821783934-1002..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-657104428-2278183389-2821783934-1002..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKU\S-1-5-21-657104428-2278183389-2821783934-1006..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-657104428-2278183389-2821783934-1006..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-657104428-2278183389-2821783934-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-657104428-2278183389-2821783934-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-657104428-2278183389-2821783934-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 File not found
O9:64bit: - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Archivos de programa\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Archivos de programa\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Archivos de programa\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Archivos de programa\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\WINDOWS\SysNative\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\WINDOWS\SysNative\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\SysWOW64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\SysWOW64\vsocklib.dll (VMware, Inc.)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab (DLC Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{27A3F84D-293F-4500-8062-4B28402863C9}: NameServer = 200.48.225.130,200.48.225.146
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\WINDOWS\System32\nvinitx.dll) - C:\WINDOWS\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\SysWOW64\nvinit.dll) - C:\WINDOWS\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\FastAccess: DllName - (C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll) - C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll ()
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Archivos de programa\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MIF5BA~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

[FERAC]

otl pt2

========== Files/Folders - Created Within 30 Days ==========

[2012/07/30 22:28:35 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\FAC\Desktop\OTL.exe
[2012/07/30 06:46:09 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/07/30 00:07:21 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/07/29 23:44:43 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/07/29 23:44:43 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/07/29 23:44:43 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/07/29 23:40:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/29 23:40:36 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/07/29 23:32:02 | 004,721,417 | R--- | C] (Swearware) -- C:\Users\FAC\Desktop\ComboFix.exe
[2012/07/29 22:37:50 | 000,000,000 | ---D | C] -- C:\FRST
[2012/07/29 14:37:38 | 000,000,000 | ---D | C] -- C:\Users\FAC\Desktop\RK_Quarantine
[2012/07/29 08:57:20 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\FAC\Desktop\dds.scr
[2012/07/29 08:49:33 | 001,438,391 | ---- | C] (Farbar) -- C:\Users\FAC\Desktop\FRST64.exe
[2012/07/29 08:39:43 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\FAC\Desktop\aswMBR.exe
[2012/07/28 23:42:38 | 000,000,000 | ---D | C] -- C:\Users\FAC\AppData\Local\{ED932E98-07C1-4612-99BE-5F80BFA50CB4}
[2012/07/28 23:42:25 | 000,000,000 | ---D | C] -- C:\Users\FAC\AppData\Local\{E61FEAB6-851D-4F72-8895-A140412C90B6}
[2012/07/28 19:40:06 | 000,000,000 | ---D | C] -- C:\Users\FAC\AppData\Roaming\Malwarebytes
[2012/07/28 19:39:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/07/28 19:39:48 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/07/28 19:39:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/07/28 19:39:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/07/28 19:35:25 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\FAC\Desktop\mbam-setup-1.62.0.1300.exe
[2012/07/28 16:46:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\stinger
[2012/07/28 15:13:25 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\astragon Software GmbH
[2012/07/22 11:05:24 | 000,000,000 | ---D | C] -- C:\Users\FAC\AppData\Roaming\runic games
[2012/07/22 10:13:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\THQ
[2012/07/22 09:56:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\THQ
[2012/07/22 08:19:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Torchlight
[2012/07/22 08:17:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Runic Games
[2012/07/22 07:47:21 | 000,000,000 | ---D | C] -- C:\Users\FAC\AppData\Local\{8A321CB4-F715-428A-B1F1-6EDEE9C49CDC}
[2012/07/22 07:47:10 | 000,000,000 | ---D | C] -- C:\Users\FAC\AppData\Local\{2D8A6715-0624-467B-BF6B-1C6AEF6B3961}
[2012/07/21 19:53:47 | 000,000,000 | ---D | C] -- C:\Users\FAC\AppData\Local\FLT
[2012/07/21 19:53:47 | 000,000,000 | ---D | C] -- C:\Users\FAC\AppData\Local\2012
[2012/07/15 08:32:03 | 000,000,000 | ---D | C] -- C:\Users\FAC\AppData\Local\{89B1F2E4-9720-44FF-97F6-79923C36F6BE}
[2012/07/15 08:31:52 | 000,000,000 | ---D | C] -- C:\Users\FAC\AppData\Local\{533E5A63-922A-4360-82A9-EDE670DAD33B}
[2012/07/14 20:31:26 | 000,000,000 | ---D | C] -- C:\Users\FAC\AppData\Local\{0F6A4ED6-B520-4E90-ADA6-A8491720BAB0}
[2012/07/14 20:31:14 | 000,000,000 | ---D | C] -- C:\Users\FAC\AppData\Local\{4A24130E-ED69-4BEA-A2FF-6AB9CE0AE6CB}
[2012/07/13 20:57:31 | 000,000,000 | ---D | C] -- C:\Users\FAC\AppData\Local\{4D3B1C14-1DC2-4C32-9B92-0E592917E361}
[2012/07/13 20:57:20 | 000,000,000 | ---D | C] -- C:\Users\FAC\AppData\Local\{1C847B92-75FC-4E42-9FDD-21A3A42A489F}
[2012/07/12 21:42:22 | 000,000,000 | ---D | C] -- C:\Users\FAC\AppData\Local\{653EC06C-C034-4362-849A-36806534566F}
[2012/07/12 21:42:03 | 000,000,000 | ---D | C] -- C:\Users\FAC\AppData\Local\{0930AB24-6963-4792-BC7A-2144B658AD6B}
[2012/07/12 06:01:39 | 000,000,000 | --SD | C] -- C:\Users\FAC\Google Drive
[2012/07/12 06:00:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[2012/07/12 05:51:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012/07/09 05:31:01 | 000,000,000 | ---D | C] -- C:\Users\FAC\AppData\Local\{946A31AA-6745-4759-B9A2-5DF168FF0E29}
[2012/07/09 05:30:49 | 000,000,000 | ---D | C] -- C:\Users\FAC\AppData\Local\{3E608C65-06F6-4BDF-9A36-BB4512C515F5}
[2012/07/08 17:30:24 | 000,000,000 | ---D | C] -- C:\Users\FAC\AppData\Local\{6F8AC0ED-B43E-4E02-A694-0B4C315E251A}
[2012/07/08 17:30:12 | 000,000,000 | ---D | C] -- C:\Users\FAC\AppData\Local\{FA59F42B-CF59-4277-B373-83CC033EA3C9}
[2012/07/07 21:15:32 | 000,000,000 | ---D | C] -- C:\Users\FAC\AppData\Local\{A30E3A44-C51F-4784-8F46-A8DC214B9E84}
[2012/07/07 21:15:17 | 000,000,000 | ---D | C] -- C:\Users\FAC\AppData\Local\{45D86823-9E61-47D0-BA61-FEB481C7FC50}
[2012/07/07 19:13:39 | 000,000,000 | ---D | C] -- C:\Users\FAC\Documents\JJ
[2012/07/07 01:22:17 | 000,000,000 | ---D | C] -- C:\Users\FAC\AppData\Local\{B7B5DC1F-64AD-458D-B9EE-614B51B2F6AF}
[2012/07/07 01:22:04 | 000,000,000 | ---D | C] -- C:\Users\FAC\AppData\Local\{77C57E54-220A-4385-BB22-DFA130EFE193}
[2012/07/04 22:12:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Telltale Games
[2012/07/03 21:28:54 | 000,000,000 | ---D | C] -- C:\Users\FAC\AppData\Local\{7DD2A09A-33C2-4700-9B9A-679226663AB6}
[2012/07/03 21:28:39 | 000,000,000 | ---D | C] -- C:\Users\FAC\AppData\Local\{6743AA27-EF15-421D-BD0D-CB7A21592D78}
[2012/07/02 02:44:25 | 000,000,000 | ---D | C] -- C:\Users\FAC\AppData\Local\{DE71E766-F71E-421F-B561-BBD7CD0C840C}
[2012/07/02 02:43:48 | 000,000,000 | ---D | C] -- C:\Users\FAC\AppData\Local\{AA5D7126-BA5E-497D-8364-9669F393928A}
[2012/07/01 07:19:29 | 000,000,000 | ---D | C] -- C:\Users\FAC\AppData\Local\{9AFBBE61-47C4-40C8-B01F-528A131984C2}
[2012/07/01 07:19:18 | 000,000,000 | ---D | C] -- C:\Users\FAC\AppData\Local\{FE825E6D-CF94-4CA8-AEBA-626CF0AD94A3}
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/07/30 22:28:42 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\FAC\Desktop\OTL.exe
[2012/07/30 22:23:00 | 000,000,838 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/30 22:04:56 | 000,001,026 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/30 22:04:46 | 000,001,038 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-657104428-2278183389-2821783934-1002UA.job
[2012/07/30 22:04:45 | 000,001,030 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/30 22:04:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/30 11:46:00 | 000,000,986 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-657104428-2278183389-2821783934-1002Core.job
[2012/07/30 06:56:23 | 001,678,594 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/30 06:56:23 | 000,749,872 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
[2012/07/30 06:56:23 | 000,655,532 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/30 06:56:23 | 000,159,906 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
[2012/07/30 06:56:23 | 000,122,990 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/30 06:55:24 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/30 06:55:24 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/30 06:45:36 | 1276,252,159 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/30 00:02:33 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/07/29 23:32:40 | 004,721,417 | R--- | M] (Swearware) -- C:\Users\FAC\Desktop\ComboFix.exe
[2012/07/29 20:58:30 | 000,000,512 | ---- | M] () -- C:\Users\FAC\Desktop\MBR.dat
[2012/07/29 08:57:22 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\FAC\Desktop\dds.scr
[2012/07/29 08:49:49 | 001,438,391 | ---- | M] (Farbar) -- C:\Users\FAC\Desktop\FRST64.exe
[2012/07/29 08:40:14 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\FAC\Desktop\aswMBR.exe
[2012/07/29 08:39:28 | 001,552,384 | ---- | M] () -- C:\Users\FAC\Desktop\RogueKiller.exe
[2012/07/29 08:38:46 | 002,117,108 | ---- | M] () -- C:\Users\FAC\Desktop\tdsskiller.zip
[2012/07/28 19:42:42 | 000,302,592 | ---- | M] () -- C:\Users\FAC\Desktop\ew5cejw4.exe
[2012/07/28 19:39:49 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/28 19:37:28 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\FAC\Desktop\mbam-setup-1.62.0.1300.exe
[2012/07/27 03:14:02 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/07/27 03:14:02 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/07/22 10:13:45 | 000,002,128 | ---- | M] () -- C:\Users\Public\Desktop\Saints Row The Third.lnk
[2012/07/12 06:01:39 | 000,001,709 | ---- | M] () -- C:\Users\FAC\Desktop\Google Drive.lnk
[2012/07/08 21:51:23 | 000,002,062 | -H-- | M] () -- C:\Users\FAC\Documents\Default.rdp
[2012/07/04 22:25:45 | 000,001,823 | ---- | M] () -- C:\Users\FAC\Desktop\WalkingDead.lnk
[2012/07/03 22:43:25 | 000,000,025 | ---- | M] () -- C:\Windows\LastUser.ini
[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/07/29 23:44:43 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/07/29 23:44:43 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/07/29 23:44:43 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/07/29 23:44:43 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/07/29 23:44:43 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/07/29 20:58:30 | 000,000,512 | ---- | C] () -- C:\Users\FAC\Desktop\MBR.dat
[2012/07/29 08:39:21 | 001,552,384 | ---- | C] () -- C:\Users\FAC\Desktop\RogueKiller.exe
[2012/07/29 08:38:20 | 002,117,108 | ---- | C] () -- C:\Users\FAC\Desktop\tdsskiller.zip
[2012/07/28 19:42:41 | 000,302,592 | ---- | C] () -- C:\Users\FAC\Desktop\ew5cejw4.exe
[2012/07/28 19:39:49 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/22 10:13:45 | 000,002,128 | ---- | C] () -- C:\Users\Public\Desktop\Saints Row The Third.lnk
[2012/07/12 06:01:39 | 000,001,709 | ---- | C] () -- C:\Users\FAC\Desktop\Google Drive.lnk
[2012/07/12 05:51:49 | 000,001,030 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/12 05:51:49 | 000,001,026 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/04 22:25:45 | 000,001,823 | ---- | C] () -- C:\Users\FAC\Desktop\WalkingDead.lnk
[2012/05/12 19:34:53 | 000,000,025 | ---- | C] () -- C:\Windows\LastUser.ini
[2012/04/23 10:56:42 | 001,589,248 | ---- | C] () -- C:\Windows\SysWow64\libmysql_d.dll
[2012/04/16 00:29:33 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/04/04 17:45:35 | 000,006,776 | ---- | C] () -- C:\Users\FAC\Links.rar
[2012/02/29 13:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012/02/22 21:03:44 | 000,000,813 | ---- | C] () -- C:\Users\FAC\AppData\Roaming\MPQEditor.ini
[2012/01/27 09:50:14 | 000,000,017 | ---- | C] () -- C:\Users\FAC\AppData\Local\resmon.resmoncfg
[2012/01/24 06:58:14 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
[2012/01/23 22:54:30 | 000,000,215 | ---- | C] () -- C:\Windows\disney.ini
[2012/01/20 20:49:30 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\pdtEnvioC.dll
[2012/01/20 20:49:30 | 000,000,272 | ---- | C] () -- C:\Windows\PM000.INI
[2012/01/09 17:58:55 | 000,001,217 | ---- | C] () -- C:\Windows\ODBC.INI
[2012/01/09 17:58:55 | 000,000,777 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2012/01/08 08:10:10 | 001,656,742 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/12/08 17:55:00 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\BDSSR160.dll
[2011/12/08 17:55:00 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\BDSSR.dll
[2011/04/22 01:11:27 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011/04/22 01:10:37 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/04/22 01:10:35 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/04/22 01:10:33 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2010/11/01 22:40:34 | 000,087,176 | ---- | C] () -- C:\Windows\SysWow64\FAIEExtension.dll
[2010/11/01 22:40:30 | 000,057,480 | ---- | C] () -- C:\Windows\SysWow64\FAib.dll
[2010/11/01 22:40:24 | 000,248,968 | ---- | C] () -- C:\Windows\SysWow64\FACrashRpt.dll
< End of report >

 

[FERAC]

OTL Extras logfile created on: 30/07/2012 10:33:55 p.m. - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\FAC\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 0000280A | Country: Perú | Language: ESR | Date Format: dd/MM/yyyy

6.92 Gb Total Physical Memory | 4.69 Gb Available Physical Memory | 67.83% Memory free
13.83 Gb Paging File | 10.56 Gb Available in Paging File | 76.32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.01 Gb Total Space | 34.87 Gb Free Space | 7.73% Space Free | Partition Type: NTFS

Computer Name: PC | User Name: FAC | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{0CB6A0CF-D09F-4971-9ABC-70B0A43DA1D9}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"UDP Query User{AE2853D5-C303-48B8-8C08-C245F77FF7ED}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{056E5A6F-BEF6-4094-8724-D45F0F564312}" = Microsoft SQL Server 2008 Setup Support Files
"{0C6C4C8A-3B96-4681-90BA-0E15CDE96298}" = Microsoft SQL Server 2008 Management Studio
"{108C8C1D-DA02-4A6C-94CD-5603F6A6FC72}" = Microsoft SQL Server 2008 Management Studio
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416024FF}" = Java(TM) 6 Update 24 (64-bit)
"{290D4DB2-F1B4-4B8E-918D-D71EF29A001B}" = Software Intel(R) PROSet/Wireless WiFi
"{29C93182-34F6-3275-A18D-59326851CD57}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools - enu
"{29D10287-B073-42C4-A3E5-FF922EDA471E}" = ESET NOD32 Antivirus
"{2BFA9B05-7418-4EDE-A6FC-620427BAAAA3}" = Crystal Reports Basic Runtime for Visual Studio 2008 (x64)
"{362A3FDF-B12E-436A-9097-1B795A9FFCC5}" = Microsoft SQL Server 2008 R2 Native Client
"{40A5B390-78B8-44EA-A063-DB06D5407AC3}" = HBMP Converter
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{528E2373-AE49-4802-B4A8-326BBFDAD6A0}" = VmciSockets
"{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
"{5CF8804D-7452-4461-9D61-5BE019600420}" = FastAccess
"{5DE154DF-A55E-4FA5-BE59-32E78FCACF3E}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{62EED300-E841-4083-A1D6-60B906271804}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Tools
"{64D5BBC6-5270-3711-AA39-31C1087AF4E6}" = Microsoft Visual Studio 2008 Remote Debugger - ENU
"{6532B2B4-A46C-4EE7-B7F7-468A26D83170}" = Board 7 Server
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{87CF757E-C1F1-4D22-865C-00C6950B5258}" = Quickset64
"{893F27E6-D6BE-4B9F-80E6-0ADA694A31A8}" = Microsoft SQL Server 2008 Common Files
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A7CAA24-7B23-410B-A7C3-F994B0944160}" = Microsoft Virtual PC 2007
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0C0A-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Spanish) 2007
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9aa5f39c-a8de-46b0-919a-0248f8bc8490}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{A992BBAA-723D-4574-A07F-983BF8FAA3E1}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Win32 Tools
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA Controlador de 3D Vision 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panel de control de NVIDIA 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Controlador de gráficos 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Software del sistema PhysX 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Actualización de NVIDIA 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA Controlador de audio HD 1.3.12.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Monitor de la tecnología Intel® Turbo Boost 2.0
"{C3600AE6-93A0-3DB7-B7AA-45BD58F133B5}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{C7B40C35-85AE-4303-9EEA-1A1EA779664D}" = Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology
"{D3E39E77-0EB4-36FB-B97A-8C8AB21B9A45}" = Visual Studio .NET Prerequisites - English
"{D59D0AA8-C9C4-4714-824B-E36C7179D2FF}" = Microsoft SQL Server 2005 Analysis Services ADOMD.NET
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{EF8B1A2E-9CCB-3AB2-91E3-4EEDAB1294E1}" = Microsoft Device Emulator (64 bit) version 3.0 - ENU
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
"Microsoft Visual Studio 2008 Remote Debugger - ENU" = Microsoft Visual Studio 2008 Remote Debugger - ENU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"novaPDF Professional Desktop 7 printer_is1" = novaPDF Professional Desktop 7.0 printer
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR 4.01 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd
"{020617D7-2F72-4D02-BF59-A5CBC1761177}" = SQL Server 2008 R2 Management Studio
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C19D563-5F25-4621-BF10-01F741BD283F}" = Microsoft SQL Server Compact 3.5 SP1 Design Tools English
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0D94F75A-0EA6-4951-B3AF-B145FA9E05C6}" = VMware Workstation
"{0DF3AE91-E533-3960-8516-B23737F8B7A2}" = Visual C++ 2008 x64 Runtime - (v9.0.30729)
"{0DF3AE91-E533-3960-8516-B23737F8B7A2}.vc_x64runtime_30729_01" = Visual C++ 2008 x64 Runtime - v9.0.30729.01
"{0EDC9BA0-016E-406a-86DA-04FC1BE00C21}" = Need for Speed™ The Run
"{121475F5-2598-4574-8801-8F6B3D6A99BB}" = SQL Server 2008 R2 Management Studio
"{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6A1825-474F-4124-9016-1168471D847B}" = Google Drive
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{22E23C71-C27A-3F30-8849-BB6129E50679}" = Visual C++ 2008 IA64 Runtime - (v9.0.30729)
"{22E23C71-C27A-3F30-8849-BB6129E50679}.vc_i64runtime_30729_01" = Visual C++ 2008 IA64 Runtime - v9.0.30729.01
"{241F2BF7-69EB-42A4-9156-96B2426C7504}" = Microsoft SQL Server Compact 3.5 for Devices ENU
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2864C41B-EF2D-4640-95A2-526276524519}" = Borland C++Builder 6
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{2AC9E096-C0EF-48B6-8347-C9520457BC58}" = SQL Prompt 4
"{31821EFE-1B31-4744-9FB0-208F92BD7168}" = Visual FoxPro ODBC Driver
"{319A3604-A562-4CA1-BEB2-9E4B70EC8043}" = DevExpress Example Runner
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{342D4AD7-EC4C-4EC8-AEA6-E70F5905A490}" = SQL Server System CLR Types
"{358A2F50-8885-4EDE-BBB0-130A5834E0B4}" = Visual FoxPro 9.0 Baseline - English
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3A762A82-618D-3CAA-B847-D074ABFA0B2E}" = MSDN Library for Visual Studio 2008 - ENU
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3DA245C5-23B1-4874-BFA7-287B7D6C1EF6}" = Microsoft Visual FoxPro OLE DB Provider
"{3F8D9A47-9C50-3F46-8F12-B92DD5CA0A2E}" = Visual C++ 2008 x86 Runtime - (v9.0.30729.6161)
"{3F8D9A47-9C50-3F46-8F12-B92DD5CA0A2E}.vc_x86runtime_30729_6161" = Visual C++ 2008 x86 Runtime - v9.0.30729.6161
"{45410935-B52C-468A-A836-0D1000018201}" = BulletStorm
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4ECF4BDC-8387-329A-ABE9-CF5798F84BB2}" = Microsoft Visual Studio Tools for Applications 2.0 - ENU
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{52877900-399C-4CAC-909D-61F47135174C}" = Board 7 Client
"{52CABE63-3144-4BEC-8968-38CFEB22F6C8}" = Embarcadero RAD Studio XE2
"{561BD069-5C63-4B48-98BD-91B743142304}" = MySQL Workbench 5.2 CE
"{57660847-B1F7-35BD-9118-F62EB863A598}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{579755BD-57F6-4A32-BF6D-14CB3CEF95A8}" = Board 7 Web Server
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{68180B21-DE6B-41AE-9826-3D65A1B3EF2C}" = Embarcadero Delphi and C++Builder XE2 Help System
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{6C9F6D23-E9AD-43C9-B43A-011562AAF876}" = Windows Mobile 5.0 SDK R2 for Pocket PC
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76866BE3-B2C7-40BB-B267-927792AED0C3}" = Microsoft SQL Server 2008 R2 Setup (English)
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{79DDA36F-B19E-4293-A4F2-FA3EC1C06E6E}_is1" = MDF to ISO version 1.0
"{7B33F480-496D-334A-BAC2-205DEC0CBC2D}" = Visual C++ 2008 x86 Runtime - (v9.0.30729.4148)
"{7B33F480-496D-334A-BAC2-205DEC0CBC2D}.vc_x86runtime_30729_4148" = Visual C++ 2008 x86 Runtime - v9.0.30729.4148
"{7C470FBA-F0E5-428C-8772-5414C920FA6C}" = Microsoft Dynamics Sure Step 2010
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8BB235BF-8740-48CF-9843-F502F5F07EC1}" = PostgreSQL OLE DB Provider
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{90120000-001F-0403-0000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007
"{90120000-001F-042D-0000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2007
"{90120000-001F-0456-0000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
"{90120000-0021-0409-0000-0000000FF1CE}_VisualWebDeveloper_{E1044ED2-E4AD-4B39-B500-31109750F6B4}" = Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
"{90120000-002C-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing (Spanish) 2007
"{90120000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2007
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0054-0C0A-0000-0000000FF1CE}" = Microsoft Office Visio MUI (Spanish) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0C0A-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Spanish) 2007
"{90120000-00B4-0C0A-0000-0000000FF1CE}" = Microsoft Office Project MUI (Spanish) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_VisualWebDeveloper_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00D1-0409-0000-0000000FF1CE}" = Microsoft Access database engine 2010 (English)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{939C80FA-96C9-44A6-B318-8E7D8BD8481B}" = Messenger Companion
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9559F7CA-5E34-4237-A2D9-D856464AD727}" = Project64 1.6
"{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}" = Windows Mobile 5.0 SDK R2 for Smartphone
"{97492AA4-2743-4C0A-8701-593652B73E43}" = Microsoft Dynamics Sure Step 2012 Language Pack (Spanish)
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.3
"{9BAAE963-E16D-4E17-AFE6-1965F5AA0292}" = Visual FoxPro 9.0 Professional - English
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A589DA26-51BD-475D-8C32-E19E34145842}" = Camtasia Studio 6
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A95A76C9-6F65-477E-83A0-9F884B6DC21B}" = TuneUp Utilities Language Pack (en-US)
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris
"{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k
"{C51059C0-E4D6-C24C-6C72-0FF78122D56E}" = Prezi Desktop
"{C7BB113C-4564-4DA2-8E34-451CDA9DD5AD}" = Microsoft Dynamics Sure Step 2012 Language Pack (English)
"{C9BEFDFB-A2DD-4D88-881C-3B303CCE384E}" = ActiveState Komodo Edit 7.0.2
"{CACEA8C8-3D38-4F51-953D-1E6FC3346FEF}" = SQL Server 2008 R2 Common Files
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D21BC5B2-CBAC-48FA-A701-B5A63C1CA7B8}" = Microsoft SQL Server 2008 R2 Policies
"{D441BD04-E548-4F8E-97A4-1B66135BAAA8}" = Microsoft SQL Server 2008 Setup Support Files
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7DAD1E4-45F4-3B2B-899A-EA728167EC4F}" = Microsoft Visual Studio 2008 Professional Edition - ENU
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DDFD8348-058C-4F4B-85E5-6D740D4AB3FE}" = Microsoft SQL Server Compact 3.5 SP2 Query Tools ENU
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E7F6A244-D989-4FBA-B388-77A50BFDADDA}" =
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E966F0CC-76B3-11D3-945B-00C04FB1760A}" = BDE_ENT
"{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F5E87B12-3C27-452F-8E78-21D42164FD83}" = Microsoft SQL Server 2008 Management Objects
"{F84906ED-BB54-4889-B131-FED9C9056FC8}" = Intel(R) Wireless Display
"{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE
"{FC835376-FF3B-4CAA-83E0-2148B3FB7C98}" = SQL Server 2008 R2 Common Files
"{FE384752-58AE-42F0-AB9F-2CD4141FF7B5}_is1" = RadPHP XE2
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"CloneCD" = CloneCD
"CodeSite Express 4.6.1" = CodeSite Express 4.6.1
"CollabNet Subversion Client" = CollabNet Subversion Client 1.6.12
"com.prezi.PreziDesktop" = Prezi Desktop
"DAEMON Tools Lite" = DAEMON Tools Lite
"Dell Webcam Central" = Dell Webcam Central
"Embarcadero Delphi and C++Builder XE2 Help System" = Embarcadero Delphi and C++Builder XE2 Help System
"Embarcadero RAD Studio XE2" = Embarcadero RAD Studio XE2
"Foxit Reader_is1" = Foxit Reader 5.1
"GOM Player" = GOM Player
"Image Express Utility Lite" = Image Express Utility Lite
"LMD-Tools Special Edition (CBuilder 6)" = LMD-Tools Special Edition (CBuilder 6)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft Report Viewer Redistributable 2008 (KB971119)" = Microsoft Report Viewer Redistributable 2008 SP1
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 R2
"Microsoft SQL Server 2008 R2" = Microsoft SQL Server 2008 R2
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Microsoft Visual Studio 2008 Professional Edition - ENU" = Microsoft Visual Studio 2008 Professional Edition - ENU
"MSDN Library for Visual Studio 2008 - ENU" = MSDN Library for Visual Studio 2008 - ENU
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"PremiumSoft Navicat Premium_is1" = PremiumSoft Navicat Premium 10.0
"PRJPRO" = Microsoft Office Project Professional 2007
"Pro VCL Extensions Library 1.85_is1" = Pro VCL Extensions Library 1.85
"psqlODBC 09.00.0310-1" = psqlODBC 09.00.0310
"Rage_is1" = Rage
"Runic Games Torchlight" = Torchlight
"Saints Row The Third_is1" = Saints Row The Third
"SMPlayer" = SMPlayer 0.6.9
"StarCraft II" = StarCraft II
"TeamViewer 7" = TeamViewer 7
"TMPGEnc Video Mastering Works" = TMPGEnc Video Mastering Works
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"uTorrent" = µTorrent
"VirtualCloneDrive" = VirtualCloneDrive
"VISPRO" = Microsoft Office Visio Professional 2007
"Visual FoxPro 9.0 Professional - English" = Microsoft Visual FoxPro 9.0 Professional - English
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"VMware_Workstation" = VMware Workstation
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-657104428-2278183389-2821783934-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 23/06/2012 07:51:44 p.m. | Computer Name = PC | Source = System Restore | ID = 8193
Description =

Error - 23/06/2012 07:51:45 p.m. | Computer Name = PC | Source = System Restore | ID = 8193
Description =

Error - 23/06/2012 07:51:46 p.m. | Computer Name = PC | Source = System Restore | ID = 8193
Description =

Error - 23/06/2012 07:51:47 p.m. | Computer Name = PC | Source = System Restore | ID = 8193
Description =

Error - 23/06/2012 07:51:48 p.m. | Computer Name = PC | Source = System Restore | ID = 8193
Description =

Error - 23/06/2012 07:51:49 p.m. | Computer Name = PC | Source = System Restore | ID = 8193
Description =

Error - 23/06/2012 07:51:50 p.m. | Computer Name = PC | Source = System Restore | ID = 8193
Description =

Error - 23/06/2012 07:51:50 p.m. | Computer Name = PC | Source = System Restore | ID = 8193
Description =

Error - 23/06/2012 07:51:51 p.m. | Computer Name = PC | Source = System Restore | ID = 8193
Description =

Error - 01/07/2012 12:57:13 p.m. | Computer Name = PC | Source = System Restore | ID = 8193
Description =

Error - 02/07/2012 07:32:26 a.m. | Computer Name = PC | Source = Application Error | ID = 1000
Description = Nombre de la aplicación con errores: Explorer.EXE, versión: 6.1.7601.17567,
marca de tiempo: 0x4d672ee4 Nombre del módulo con errores: FACredProv2.dll, versión:
3.0.85.1, marca de tiempo: 0x4ccfa00d Código de excepción: 0xc0000005 Desplazamiento
de errores: 0x00000000000025b2 Id. del proceso con errores: 0xdcc Hora de inicio
de la aplicación con errores: 0x01cd51a00163b1b1 Ruta de acceso de la aplicación
con errores: C:\Windows\Explorer.EXE Ruta de acceso del módulo con errores: C:\Windows\system32\FACredProv2.dll
Id.
del informe: 98976ec8-c439-11e1-afac-bc77373509cf

Error - 03/07/2012 09:35:16 p.m. | Computer Name = PC | Source = System Restore | ID = 8193
Description =

[ Red Gate Software Events ]
Error - 10/07/2012 04:08:59 a.m. | Computer Name = PC | Source = SQL Prompt 4 | ID = 0
Description = 2012-07-10 03:08:59,959 [14] ERROR RedGate.SqlPrompt.Engine.LogService
[(null)] - LogService caught unhandled exception in AppDomain: 'Thread was being
aborted.' System.Threading.ThreadAbortException: Thread was being aborted. at
Microsoft.VisualStudio.Package.LanguageService.ParseThread() at System.Threading.ThreadHelper.ThreadStart_Context(Object
state) at System.Threading.ExecutionContext.Run(ExecutionContext executionContext,
ContextCallback callback, Object state) at System.Threading.ThreadHelper.ThreadStart()

Error - 10/07/2012 04:40:43 a.m. | Computer Name = PC | Source = SQL Prompt 4 | ID = 0
Description = 2012-07-10 03:40:43,325 [11] ERROR RedGate.SqlPrompt.Engine.LogService
[(null)] - LogService caught unhandled exception in AppDomain: 'Subproceso anulado.'
System.Threading.ThreadAbortException:
Subproceso anulado. en RedGate.SQLPrompt.CommonUI.TaskExecuter.Executer.a()
en System.Threading.ThreadHelper.ThreadStart_Context(Object state) en System.Threading.ExecutionContext.Run(ExecutionContext
executionContext, ContextCallback callback, Object state) en System.Threading.ThreadHelper.ThreadStart()

Error - 10/07/2012 04:46:37 a.m. | Computer Name = PC | Source = SQL Prompt 4 | ID = 0
Description = 2012-07-10 03:46:37,508 [6] ERROR RedGate.SqlPrompt.Engine.LogService
[(null)] - LogService caught unhandled exception in AppDomain: 'Thread was being
aborted.' System.Threading.ThreadAbortException: Thread was being aborted. at
Microsoft.VisualStudio.Package.LanguageService.ParseThread() at System.Threading.ThreadHelper.ThreadStart_Context(Object
state) at System.Threading.ExecutionContext.Run(ExecutionContext executionContext,
ContextCallback callback, Object state) at System.Threading.ThreadHelper.ThreadStart()

Error - 10/07/2012 04:48:02 a.m. | Computer Name = PC | Source = SQL Prompt 4 | ID = 0
Description = 2012-07-10 03:48:02,476 [11] ERROR RedGate.SqlPrompt.Engine.LogService
[(null)] - LogService caught unhandled exception in AppDomain: 'Subproceso anulado.'
System.Threading.ThreadAbortException:
Subproceso anulado. en RedGate.SQLPrompt.CommonUI.TaskExecuter.Executer.a()
en System.Threading.ThreadHelper.ThreadStart_Context(Object state) en System.Threading.ExecutionContext.Run(ExecutionContext
executionContext, ContextCallback callback, Object state) en System.Threading.ThreadHelper.ThreadStart()

Error - 10/07/2012 04:49:22 a.m. | Computer Name = PC | Source = SQL Prompt 4 | ID = 0
Description = 2012-07-10 03:49:22,973 [11] ERROR RedGate.SqlPrompt.Engine.LogService
[(null)] - LogService caught unhandled exception in AppDomain: 'Subproceso anulado.'
System.Threading.ThreadAbortException:
Subproceso anulado. en RedGate.SQLPrompt.CommonUI.TaskExecuter.Executer.a()
en System.Threading.ThreadHelper.ThreadStart_Context(Object state) en System.Threading.ExecutionContext.Run(ExecutionContext
executionContext, ContextCallback callback, Object state) en System.Threading.ThreadHelper.ThreadStart()

Error - 10/07/2012 05:01:03 a.m. | Computer Name = PC | Source = SQL Prompt 4 | ID = 0
Description = 2012-07-10 04:01:03,416 [11] ERROR RedGate.SqlPrompt.Engine.LogService
[(null)] - LogService caught unhandled exception in AppDomain: 'Subproceso anulado.'
System.Threading.ThreadAbortException:
Subproceso anulado. en RedGate.SQLPrompt.CommonUI.TaskExecuter.Executer.a()
en System.Threading.ThreadHelper.ThreadStart_Context(Object state) en System.Threading.ExecutionContext.Run(ExecutionContext
executionContext, ContextCallback callback, Object state) en System.Threading.ThreadHelper.ThreadStart()

Error - 10/07/2012 05:13:46 a.m. | Computer Name = PC | Source = SQL Prompt 4 | ID = 0
Description = 2012-07-10 04:13:46,361 [11] ERROR RedGate.SqlPrompt.Engine.LogService
[(null)] - LogService caught unhandled exception in AppDomain: 'Subproceso anulado.'
System.Threading.ThreadAbortException:
Subproceso anulado. en RedGate.SQLPrompt.CommonUI.TaskExecuter.Executer.a()
en System.Threading.ThreadHelper.ThreadStart_Context(Object state) en System.Threading.ExecutionContext.Run(ExecutionContext
executionContext, ContextCallback callback, Object state) en System.Threading.ThreadHelper.ThreadStart()

Error - 10/07/2012 08:36:58 a.m. | Computer Name = PC | Source = SQL Prompt 4 | ID = 0
Description = 2012-07-10 07:36:58,933 [11] ERROR RedGate.SqlPrompt.Engine.LogService
[(null)] - LogService caught unhandled exception in AppDomain: 'Subproceso anulado.'
System.Threading.ThreadAbortException:
Subproceso anulado. en RedGate.SQLPrompt.CommonUI.TaskExecuter.Executer.a()
en System.Threading.ThreadHelper.ThreadStart_Context(Object state) en System.Threading.ExecutionContext.Run(ExecutionContext
executionContext, ContextCallback callback, Object state) en System.Threading.ThreadHelper.ThreadStart()

Error - 12/07/2012 08:05:10 a.m. | Computer Name = PC | Source = SQL Prompt 4 | ID = 0
Description = 2012-07-12 07:05:10,386 [11] ERROR RedGate.SqlPrompt.Engine.LogService
[(null)] - LogService caught unhandled exception in AppDomain: 'Subproceso anulado.'
System.Threading.ThreadAbortException:
Subproceso anulado. en RedGate.SQLPrompt.CommonUI.TaskExecuter.Executer.a()
en System.Threading.ThreadHelper.ThreadStart_Context(Object state) en System.Threading.ExecutionContext.Run(ExecutionContext
executionContext, ContextCallback callback, Object state) en System.Threading.ThreadHelper.ThreadStart()

Error - 20/07/2012 04:41:58 a.m. | Computer Name = PC | Source = SQL Prompt 4 | ID = 0
Description = 2012-07-20 03:41:58,913 [11] ERROR RedGate.SqlPrompt.Engine.LogService
[(null)] - LogService caught unhandled exception in AppDomain: 'Subproceso anulado.'
System.Threading.ThreadAbortException:
Subproceso anulado. en RedGate.SQLPrompt.CommonUI.TaskExecuter.Executer.a()
en System.Threading.ThreadHelper.ThreadStart_Context(Object state) en System.Threading.ExecutionContext.Run(ExecutionContext
executionContext, ContextCallback callback, Object state) en System.Threading.ThreadHelper.ThreadStart()

[ System Events ]
Error - 21/03/2012 10:33:30 a.m. | Computer Name = PC | Source = Disk | ID = 262155
Description = El controlador detectó un error de controladora en \Device\Harddisk1\DR12.

Error - 21/03/2012 10:35:27 a.m. | Computer Name = PC | Source = Disk | ID = 262155
Description = El controlador detectó un error de controladora en \Device\Harddisk1\DR13.

Error - 21/03/2012 10:35:28 a.m. | Computer Name = PC | Source = Disk | ID = 262155
Description = El controlador detectó un error de controladora en \Device\Harddisk1\DR13.

Error - 21/03/2012 10:35:29 a.m. | Computer Name = PC | Source = Disk | ID = 262155
Description = El controlador detectó un error de controladora en \Device\Harddisk1\DR13.

Error - 21/03/2012 09:21:31 p.m. | Computer Name = PC | Source = EventLog | ID = 6008
Description = El cierre anterior del sistema a las 07:18:35 p.m. del ?21/?03/?2012
resultó inesperado.

Error - 22/03/2012 09:11:33 a.m. | Computer Name = PC | Source = Tcpip | ID = 4199
Description = El sistema ha detectado un conflicto por la dirección IP 192.168.1.109.
La dirección de hardware de red es 70-CA-9B-6A-EA-46, las operaciones de red en
este sistema pueden verse afectadas por este problema.

Error - 22/03/2012 11:06:34 p.m. | Computer Name = PC | Source = Service Control Manager | ID = 7011
Description = Se agotó el tiempo de espera (30000 ms) para la respuesta de transacción
del servicio lmhosts.

Error - 23/03/2012 12:29:15 a.m. | Computer Name = PC | Source = JMCR | ID = 262148
Description = El controlador detectó un error interno en la estructura de datos
de \Device\Scsi\JMCR1.

Error - 23/03/2012 12:29:15 a.m. | Computer Name = PC | Source = JMCR | ID = 262148
Description = El controlador detectó un error interno en la estructura de datos
de \Device\Scsi\JMCR2.

Error - 23/03/2012 12:29:15 a.m. | Computer Name = PC | Source = JMCR | ID = 262148
Description = El controlador detectó un error interno en la estructura de datos
de \Device\Scsi\JMCR3.


< End of report >

 

[FERAC]

just did a little donation thanks a lot

 

[Broni]

Thank you

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
  O4 - HKU\S-1-5-21-657104428-2278183389-2821783934-1006..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
  O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 File not found
  O8:64bit: - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 File not found
  O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 File not found
  [2012/07/29 22:37:50 | 000,000,000 | ---D | C] -- C:\FRST
  
  :Commands
  [purity]
  [emptytemp]
  [emptyjava]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

==========================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  
  NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
  • Windows Defender
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

4. Please, run F-Secure Online Scanner

• Disable your Antivirus program.
• Checkmark I have read and accepted the license terms.
• Click on Run Check button.
• Quick scan (recommended) option will come pre-checked. Don't change it.
• Click on Start button.
• When scan is done, in Step 3: Clean the files, leave all settings as they're.
• Click Next button.
• Click Full report... button.
• Copy report's content and paste it into your next reply.

 

[FERAC]

No problems anymore
Thanks a lot

OTL

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-657104428-2278183389-2821783934-1006\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Se&nd to OneNote\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ not found.
C:\FRST\Quarantine\{dda59d07-63fd-4192-f593-a6e3c17885d9}\U folder moved successfully.
C:\FRST\Quarantine\{dda59d07-63fd-4192-f593-a6e3c17885d9}\L folder moved successfully.
C:\FRST\Quarantine\{dda59d07-63fd-4192-f593-a6e3c17885d9} folder moved successfully.
Folder move failed. C:\FRST\Quarantine scheduled to be moved on reboot.
C:\FRST\Logs folder moved successfully.
C:\FRST\Hives folder moved successfully.
C:\FRST folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56466 bytes

User: Default User

User: FAC
->Temp folder emptied: 25605226 bytes
->Temporary Internet Files folder emptied: 221919037 bytes
->Java cache emptied: 512660 bytes
->Google Chrome cache emptied: 259173522 bytes
->Flash cache emptied: 14926275 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 401408 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 11218 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50539 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 498.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: FAC
->Java cache emptied: 0 bytes

User: Public

User: UpdatusUser

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User

User: FAC
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.55.0 log created on 07302012_231830

Files\Folders moved on Reboot...
File\Folder C:\FRST\Quarantine not found!
C:\Users\FAC\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\vmware-SYSTEM\vmauthd.log scheduled to be moved on reboot.
C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-3676.log moved successfully.

PendingFileRenameOperations files...
File C:\FRST\Quarantine not found!
File C:\Users\FAC\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
[2012/07/30 23:20:34 | 000,002,015 | ---- | M] () C:\Windows\temp\vmware-SYSTEM\vmauthd.log : Unable to obtain MD5
File C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-3676.log not found!

Registry entries deleted on Reboot...

 

[FERAC]

FSS
Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
ESET NOD32 Antivirus 5.0
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
TuneUp Utilities 2012
TuneUp Utilities Language Pack (en-US)
Java(TM) 6 Update 31
Java version out of Date!
Google Chrome 20.0.1132.47
Google Chrome 20.0.1132.57
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````

 

[FERAC]

Thanks a lot!

TFC did restart the PC

[FONT=verdana][FONT=Arial]Scanning Report[/FONT][/FONT]

[FONT=verdana][FONT=Arial]Wednesday, August 1, 2012 23:48:35 - 23:51:27[/FONT][/FONT]

[FONT=verdana]Computer name: PC
Scanning type: Quick scan
Target: System[/FONT]
[FONT=verdana][/FONT]
[FONT=verdana][FONT=Arial]No malware found[/FONT][/FONT]

[FONT=verdana][/FONT]
[FONT=verdana][FONT=Arial]Statistics[/FONT][/FONT]

[FONT=verdana]Scanned:[/FONT]

• Files: 6266
• System: 6266
• Not scanned: 0

[FONT=verdana]Actions:[/FONT]

• Disinfected: 0
• Renamed: 0
• Deleted: 0
• Not cleaned: 0
• Submitted: 0

 

[Broni]

I still need FSS log.

 

[FERAC]

Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
ESET NOD32 Antivirus 5.0
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
TuneUp Utilities 2012
TuneUp Utilities Language Pack (en-US)
Java(TM) 6 Update 31
Java version out of Date!
Google Chrome 20.0.1132.47
Google Chrome 20.0.1132.57
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````