Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malware identified ([email protected] and [email protected]) [Solved]


  • This topic is locked This topic is locked

#1
Axent

Axent

    New Member

  • Member
  • Pip
  • 5 posts
Hello, i use comodo internet security and the antivirus keep detecting the files [email protected] and [email protected] in a windows folder called installer. It puts the files into quarantine but somehow, those 2 files appear again. Moreover, im getting a message from google chrome saying that same pages like hotmail, twitter or facebook dont have the proper certificate or that a malware may be blocking it or something like that. Thanks in advance for your help.

Edited by Axent, 07 June 2012 - 01:27 PM.

  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there I will need some data first

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Select All Users
  • Under the Custom Scan box paste this in
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    consrv.dll
    explorer.exe
    winlogon.exe
    Userinit.exe
    svchost.exe
    /md5stop
    C:\Windows\assembly\tmp\U\*.* /s
    C:\Windows\installer\*.* /s
    CREATERESTOREPOINT
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Post both logs

THEN

Download aswMBR.exe ( 4.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image
  • 0

#3
Axent

Axent

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
First, thank you for your help. Second, I dont know if i am doing something wrong but i just get the otl.txt file and not the extras.txt file, so tell me please if you would like that log or me to do something differently
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Sorry there will only be one log this time please post that
  • 0

#5
Axent

Axent

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Here are the two logs attached, tell me if u prefer them attached or posted.

Attached Files


  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Nope I am happy either way

Warning This fix is only relevant for this system and no other, using on another computer may cause problems

Be advised that when the fix commences it will shut down all running processes and you may lose the desktop and icons, they will return on reboot

If you have Malwarebytes 1.6 or better installed please disable it for the duration of this run
To disable MBAM
Open the scanner and select the protection tab
Remove the tick from "Start with Windows"
Reboot and then run OTL
Posted Image

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    [2011/11/17 08:41:18 | 000,002,048 | -HS- | M] () -- C:\Windows\installer\{5295564a-4c76-dc7f-3b08-4387cd52c347}\@
    [2012/06/07 20:37:25 | 000,000,740 | ---- | M] () -- C:\Windows\installer\{5295564a-4c76-dc7f-3b08-4387cd52c347}\L\[email protected]
    [2012/06/06 19:11:58 | 000,000,074 | ---- | M] () -- C:\Windows\installer\{5295564a-4c76-dc7f-3b08-4387cd52c347}\L\1afb2d56
    [2012/06/07 22:42:21 | 000,000,187 | ---- | M] () -- C:\Windows\installer\{5295564a-4c76-dc7f-3b08-4387cd52c347}\L\201d3dde
    [2012/06/06 22:10:53 | 000,001,536 | ---- | M] () -- C:\Windows\installer\{5295564a-4c76-dc7f-3b08-4387cd52c347}\U\[email protected]
    [2012/06/07 20:59:09 | 000,232,960 | ---- | M] () -- C:\Windows\installer\{5295564a-4c76-dc7f-3b08-4387cd52c347}\U\[email protected]
    [2012/06/06 18:51:51 | 000,001,584 | ---- | M] () -- C:\Windows\installer\{5295564a-4c76-dc7f-3b08-4387cd52c347}\U\[email protected]
    [2012/06/07 21:20:31 | 000,016,896 | ---- | M] () -- C:\Windows\installer\{5295564a-4c76-dc7f-3b08-4387cd52c347}\U\[email protected]
    [2012/06/07 21:20:36 | 000,093,696 | ---- | M] () -- C:\Windows\installer\{5295564a-4c76-dc7f-3b08-4387cd52c347}\U\[email protected]
    [2012/06/06 18:51:58 | 000,076,800 | ---- | M] () -- C:\Windows\installer\{5295564a-4c76-dc7f-3b08-4387cd52c347}\U\[email protected]

    :Files
    ipconfig /flushdns /c
    C:\Windows\installer\{5295564a-4c76-dc7f-3b08-4387cd52c347}
    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
  • Accept the disclaimer and allow to update if it asks

    Posted Image

    Posted Image
  • When finished, it shall produce a log for you.
  • Please include the C:\ComboFix.txt in your next reply.

Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. If after the reboot you get errors about programmes being marked for deletion then reboot, that will cure it.



Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now
  • 0

#7
Axent

Axent

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Here are the two logs you requested. The computer seems to be working quite nicely. In fact, it appears to be running a little bit faster

OTL logfile created on: 07/06/2012 23:48:40 - Run 5
OTL by OldTimer - Version 3.2.46.2 Folder = C:\Users\Fede\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c0a | Country: España | Language: ESN | Date Format: dd/MM/yyyy

3,86 Gb Total Physical Memory | 2,24 Gb Available Physical Memory | 57,96% Memory free
7,71 Gb Paging File | 5,76 Gb Available in Paging File | 74,72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454,84 Gb Total Space | 303,85 Gb Free Space | 66,81% Space Free | Partition Type: NTFS

Computer Name: JUAN-VAIO | User Name: Fede | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/07 22:15:46 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Fede\Desktop\OTL.exe
PRC - [2012/05/19 13:52:44 | 000,529,232 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2012/05/16 17:52:58 | 011,921,064 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2012/03/26 20:54:53 | 000,180,648 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.111\GoogleCrashHandler.exe
PRC - [2012/03/23 18:20:12 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/02/15 18:41:41 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Users\Public\Documents\fede\Steam\steam.exe
PRC - [2012/01/16 18:22:12 | 000,421,736 | ---- | M] (Apple Inc.) -- C:\iTunesHelper.exe
PRC - [2011/12/09 19:22:26 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2011/01/29 05:36:18 | 000,081,016 | ---- | M] (Sony of America Corporation) -- C:\Archivos de programa\Sony\VAIO Care\listener.exe
PRC - [2010/05/28 11:14:24 | 000,205,168 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe
PRC - [2009/12/14 22:06:24 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
PRC - [2009/12/14 22:06:08 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
PRC - [2009/12/01 22:03:52 | 000,112,488 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\SONY\VAIO Event Service\VESMgrSub.exe
PRC - [2009/11/21 00:25:24 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009/11/21 00:25:22 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/10/24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2009/09/14 18:53:48 | 000,642,416 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
PRC - [2009/08/26 19:24:00 | 000,320,880 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\SONY\ISB Utility\ISBMgr.exe
PRC - [2008/09/18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/07 23:47:02 | 000,086,016 | ---- | M] () -- C:\Users\Fede\AppData\Local\Temp\_MEI33922\_elementtree.pyd
MOD - [2012/06/07 23:47:01 | 000,571,392 | ---- | M] () -- C:\Users\Fede\AppData\Local\Temp\_MEI33922\pysqlite2._sqlite.pyd
MOD - [2012/06/07 23:47:01 | 000,263,168 | ---- | M] () -- C:\Users\Fede\AppData\Local\Temp\_MEI33922\win32com.shell.shell.pyd
MOD - [2012/06/07 23:47:01 | 000,096,256 | ---- | M] () -- C:\Users\Fede\AppData\Local\Temp\_MEI33922\win32api.pyd
MOD - [2012/06/07 23:47:01 | 000,070,656 | ---- | M] () -- C:\Users\Fede\AppData\Local\Temp\_MEI33922\wx._html2.pyd
MOD - [2012/06/07 23:47:01 | 000,040,448 | ---- | M] () -- C:\Users\Fede\AppData\Local\Temp\_MEI33922\_socket.pyd
MOD - [2012/06/07 23:46:59 | 000,153,088 | ---- | M] () -- C:\Users\Fede\AppData\Local\Temp\_MEI33922\pyexpat.pyd
MOD - [2012/06/07 23:46:59 | 000,011,776 | ---- | M] () -- C:\Users\Fede\AppData\Local\Temp\_MEI33922\win32crypt.pyd
MOD - [2012/06/07 23:46:58 | 000,792,576 | ---- | M] () -- C:\Users\Fede\AppData\Local\Temp\_MEI33922\wx._gdi_.pyd
MOD - [2012/06/07 23:46:57 | 000,731,136 | ---- | M] () -- C:\Users\Fede\AppData\Local\Temp\_MEI33922\wx._misc_.pyd
MOD - [2012/06/07 23:46:57 | 000,354,304 | ---- | M] () -- C:\Users\Fede\AppData\Local\Temp\_MEI33922\pythoncom26.dll
MOD - [2012/06/07 23:46:57 | 000,073,728 | ---- | M] () -- C:\Users\Fede\AppData\Local\Temp\_MEI33922\_ctypes.pyd
MOD - [2012/06/07 23:46:56 | 000,110,592 | ---- | M] () -- C:\Users\Fede\AppData\Local\Temp\_MEI33922\pywintypes26.dll
MOD - [2012/06/07 23:46:54 | 000,645,120 | ---- | M] () -- C:\Users\Fede\AppData\Local\Temp\_MEI33922\_ssl.pyd
MOD - [2012/06/07 23:46:53 | 000,022,528 | ---- | M] () -- C:\Users\Fede\AppData\Local\Temp\_MEI33922\win32pdh.pyd
MOD - [2012/06/07 23:46:52 | 001,169,408 | ---- | M] () -- C:\Users\Fede\AppData\Local\Temp\_MEI33922\wx._core_.pyd
MOD - [2012/06/07 23:46:52 | 000,311,808 | ---- | M] () -- C:\Users\Fede\AppData\Local\Temp\_MEI33922\_hashlib.pyd
MOD - [2012/06/07 23:46:52 | 000,036,352 | ---- | M] () -- C:\Users\Fede\AppData\Local\Temp\_MEI33922\win32process.pyd
MOD - [2012/06/07 23:46:51 | 001,056,256 | ---- | M] () -- C:\Users\Fede\AppData\Local\Temp\_MEI33922\wx._controls_.pyd
MOD - [2012/06/07 23:46:51 | 000,807,424 | ---- | M] () -- C:\Users\Fede\AppData\Local\Temp\_MEI33922\wx._windows_.pyd
MOD - [2012/06/07 23:46:51 | 000,121,856 | ---- | M] () -- C:\Users\Fede\AppData\Local\Temp\_MEI33922\wx._wizard.pyd
MOD - [2012/06/07 23:46:51 | 000,111,104 | ---- | M] () -- C:\Users\Fede\AppData\Local\Temp\_MEI33922\win32file.pyd
MOD - [2012/06/07 23:46:51 | 000,039,424 | ---- | M] () -- C:\Users\Fede\AppData\Local\Temp\_MEI33922\win32inet.pyd
MOD - [2012/06/07 23:46:51 | 000,017,920 | ---- | M] () -- C:\Users\Fede\AppData\Local\Temp\_MEI33922\win32event.pyd
MOD - [2012/06/07 23:46:51 | 000,011,776 | ---- | M] () -- C:\Users\Fede\AppData\Local\Temp\_MEI33922\select.pyd
MOD - [2012/06/07 23:46:48 | 001,018,368 | ---- | M] () -- C:\Users\Fede\AppData\Local\Temp\_MEI33922\_cacheinvalidation.pyd
MOD - [2012/05/21 11:29:08 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/05/21 11:28:34 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\79b487ba3d893f59ce7e697d06721dd0\System.Windows.Forms.ni.dll
MOD - [2012/05/21 11:28:26 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\1dce8ad4aa93ed395af726c0e510846e\System.Drawing.ni.dll
MOD - [2012/05/21 11:28:17 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/05/21 11:28:11 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/05/21 11:27:52 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/05/21 11:27:48 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/05/21 11:27:17 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012/05/19 13:52:36 | 020,313,384 | ---- | M] () -- C:\Users\Public\Documents\fede\Steam\bin\libcef.dll
MOD - [2012/05/19 13:52:24 | 000,895,312 | ---- | M] () -- C:\Users\Public\Documents\fede\Steam\bin\chromehtml.DLL
MOD - [2012/05/19 13:52:23 | 000,123,192 | ---- | M] () -- C:\Users\Public\Documents\fede\Steam\bin\avutil-51.dll
MOD - [2012/05/19 13:52:21 | 000,190,776 | ---- | M] () -- C:\Users\Public\Documents\fede\Steam\bin\avformat-53.dll
MOD - [2012/05/19 13:52:20 | 001,099,576 | ---- | M] () -- C:\Users\Public\Documents\fede\Steam\bin\avcodec-53.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/11/20 14:19:56 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL
MOD - [2010/11/20 14:19:56 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll
MOD - [2010/11/13 01:35:42 | 000,307,200 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_es_b77a5c561934e089\mscorlib.resources.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/01/29 05:36:18 | 000,259,192 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector)
SRV:64bit: - [2010/11/20 15:26:50 | 000,084,992 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\Mcx2Svc.dll -- (Mcx2Svc)
SRV:64bit: - [2010/01/27 22:10:56 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/14 03:41:27 | 000,097,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysNative\mprdim.dll -- (RemoteAccess)
SRV:64bit: - [2007/06/25 22:17:18 | 000,567,024 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\dlbkcoms.exe -- (dlbk_device)
SRV - [2012/05/19 13:52:44 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/05/13 11:45:07 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/05/03 08:34:50 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/03/23 18:20:12 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/03/11 21:13:24 | 002,815,496 | ---- | M] (COMODO) [Auto | Running] -- C:\Archivos de programa\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2011/11/23 12:27:10 | 001,267,000 | ---- | M] (COMODO) [Auto | Running] -- C:\Archivos de programa\COMODO\COMODO GeekBuddy\CLPSLS.exe -- (CLPSLS)
SRV - [2011/04/01 21:17:08 | 000,067,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Archivos de programa\IIS\Microsoft Web Deploy\MsDepSvc.exe -- (MsDepSvc)
SRV - [2011/03/28 21:51:25 | 004,323,256 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2011/02/14 13:23:50 | 000,044,736 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Sony\VAIO Care\VCService.exe -- (VCService)
SRV - [2010/05/28 11:14:24 | 000,205,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2010/04/03 20:00:12 | 061,913,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Archivos de programa\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS)
SRV - [2010/04/03 20:00:10 | 000,428,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Archivos de programa\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS) Agente SQL Server (SQLEXPRESS)
SRV - [2010/04/03 20:00:08 | 000,059,744 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Archivos de programa\Microsoft SQL Server\100\Shared\sqladhlp.exe -- (MSSQLServerADHelper100)
SRV - [2010/04/03 12:56:08 | 000,267,616 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2010/04/03 12:00:10 | 000,146,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Archivos de programa\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/12/14 22:06:24 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS) Intel®
SRV - [2009/12/14 22:06:08 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS) Intel®
SRV - [2009/11/30 19:51:18 | 000,571,248 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Archivos de programa\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV - [2009/11/21 00:25:24 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2009/10/30 09:50:40 | 001,165,680 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Archivos de programa\Sony\VAIO Update 5\VUAgent.exe -- (VUAgent)
SRV - [2009/10/24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2009/10/15 16:34:36 | 000,427,304 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
SRV - [2009/10/15 16:34:36 | 000,091,432 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe -- (SOHPlMgr)
SRV - [2009/10/15 16:34:36 | 000,075,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2009/10/15 16:34:34 | 000,120,104 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2009/10/15 16:34:34 | 000,070,952 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe -- (SOHDBSvr)
SRV - [2009/09/16 13:27:12 | 000,480,624 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2009/09/14 19:24:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2009/09/14 18:53:48 | 000,642,416 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2009/09/08 18:09:20 | 000,110,960 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV - [2009/09/04 22:35:12 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Archivos de programa\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/09/01 21:42:00 | 000,361,840 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Archivos de programa\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr)
SRV - [2009/08/31 01:59:30 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10)
SRV - [2009/08/31 01:59:18 | 000,313,840 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10)
SRV - [2009/08/18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/07/14 03:15:41 | 000,075,264 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\mprdim.dll -- (RemoteAccess)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/10 22:39:58 | 000,089,920 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_64)
SRV - [2008/09/18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
SRV - [2007/03/28 13:08:32 | 000,538,096 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\dlbkcoms.exe -- (dlbk_device)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/11 21:13:40 | 000,022,696 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\cmderd.sys -- (cmderd)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/06 20:37:35 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/05/10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/04 21:44:12 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 11:26:11 | 000,328,192 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\udfs.sys -- (udfs)
DRV:64bit: - [2010/07/21 18:00:06 | 000,045,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2010/04/03 11:30:40 | 000,313,696 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\RsFx0150.sys -- (RsFx0150)
DRV:64bit: - [2010/01/27 22:10:59 | 006,106,624 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/12/16 04:49:48 | 000,213,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009/12/14 22:06:07 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/11/21 00:09:48 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/11/18 06:30:44 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/11/18 06:30:32 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/11/18 06:30:32 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/11/18 06:30:21 | 000,052,264 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2009/11/18 06:23:46 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009/11/13 22:08:21 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/11/12 22:16:19 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/11/12 22:06:44 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/11/06 22:27:30 | 000,093,696 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssne64.sys -- (rimspci)
DRV:64bit: - [2009/11/04 11:59:59 | 000,253,488 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009/09/15 22:09:08 | 000,075,776 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsne64.sys -- (risdsnpe)
DRV:64bit: - [2009/08/19 22:09:21 | 000,011,392 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:64bit: - [2009/08/05 23:24:16 | 000,061,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:47:48 | 000,024,144 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\crcdisk.sys -- (crcdisk)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\ws2ifsl.sys -- (ws2ifsl)
DRV:64bit: - [2009/07/14 01:19:47 | 000,092,160 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\drivers\cdfs.sys -- (cdfs)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/26 14:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2007/05/14 17:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2010/05/26 10:45:04 | 000,018,816 | ---- | M] (Sophos Plc) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\SAVRKBootTasks.sys -- (SAVRKBootTasks)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005/01/02 23:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoo...earchTerms}&f=4
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://dts.search-re...q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=SVEC&bmod=EU01
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.es/
IE - HKCU\..\SearchScopes,DefaultScope = {236B63D2-C830-4D50-BF8D-72341EB4E5E0}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0941DDD1-2D97-4133-A902-2D031DCF7E3F}: "URL" = http://rover.ebay.co...e={searchTerms}
IE - HKCU\..\SearchScopes\{236B63D2-C830-4D50-BF8D-72341EB4E5E0}: "URL" = http://www.google.co...1I7SVEC_esES402
IE - HKCU\..\SearchScopes\{3D3B741D-956C-4E8D-B642-E5EA46D61C7C}: "URL" = http://www.zinio.com...f=sonyie8search
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}: "URL" = http://dts.search-re...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.4: c:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.4: c:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Fede\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Fede\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)


[2011/11/13 04:40:58 | 000,002,048 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Fede\AppData\Local\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Fede\AppData\Local\Google\Chrome\Application\19.0.1084.52\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Fede\AppData\Local\Google\Chrome\Application\19.0.1084.52\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Fede\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Fede\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\plugins/avgnpss.dll
CHR - plugin: Bitdefender QuickScan (Enabled) = C:\Users\Fede\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.115_0\npqscan.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.160.1 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java™ Platform SE 6 U16 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Mozilla Plugins\npitunes.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: WPI Detector 1.4 (Enabled) = c:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll
CHR - Extension: YouTube = C:\Users\Fede\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: B\u00FAsqueda de Google = C:\Users\Fede\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: MonsterDivx = C:\Users\Fede\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkinfljboeildloankgjmljfibngeefa\0.95_0\
CHR - Extension: PricePeep = C:\Users\Fede\AppData\Local\Google\Chrome\User Data\Default\Extensions\licjnkifamhpbaefhdpacpmihicfbomb\2.1.83.0_0\
CHR - Extension: Skype Click to Call = C:\Users\Fede\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.10.0.9560_0\
CHR - Extension: Cuevana Stream = C:\Users\Fede\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooagbcohbmlpkfkdnodbomgphbcecalj\4.2_0\
CHR - Extension: Cuevana Stream = C:\Users\Fede\AppData\Local\Google\Chrome\User Data\Default\Extensions\ooagbcohbmlpkfkdnodbomgphbcecalj\4.2_0\.svn\props\.svn-work
CHR - Extension: Bitdefender QuickScan = C:\Users\Fede\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.115_0\
CHR - Extension: Gmail = C:\Users\Fede\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/06/07 23:41:20 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Archivos de programa\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {B0744341-96E0-4341-9ED2-8BC36CE0CCD0} - No CLSID value found.
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll (facemoods.com)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Apoint] C:\Archivos de programa\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [COMODO] C:\Archivos de programa\COMODO\COMODO GeekBuddy\CLPSLA.exe (COMODO)
O4 - HKLM..\Run: [CPA] C:\Archivos de programa\COMODO\COMODO GeekBuddy\VALA.exe (COMODO)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [Steam] C:\Users\Public\Documents\fede\Steam\steam.exe (Valve Corporation)
O4 - HKLM..\RunOnceEx: [Flags] Reg Error: Invalid data type. File not found
O4 - HKLM..\RunOnceEx: [Title] UnHackMe Rootkit Check File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Enviar imagen al dispositivo &Bluetooth... - C:\Archivos de programa\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Enviar página al dispositivo &Bluetooth... - C:\Archivos de programa\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Enviar imagen al dispositivo &Bluetooth... - C:\Archivos de programa\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Enviar página al dispositivo &Bluetooth... - C:\Archivos de programa\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Archivos de programa\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Archivos de programa\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Tri&xie Options... - {20CCCFEC-D26F-4ffe-996B-388B39C8CCCA} - Reg Error: Key error. File not found
O9 - Extra Button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Archivos de programa\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Archivos de programa\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Archivos de programa\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - c:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - c:\Archivos de programa\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.4.1)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.4.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.58.61.250 80.58.61.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1EFB8A60-ADE3-4852-AA62-C8616E1EABDA}: DhcpNameServer = 80.58.61.250 80.58.61.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1EFB8A60-ADE3-4852-AA62-C8616E1EABDA}: NameServer = 80.58.61.250,80.58.61.254
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Archivos de programa\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - C:\Windows\SysNative\guard64.dll (COMODO)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - C:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {F552DDE6-2090-4bf4-B924-6141E87789A5} - C:\PROGRA~2\Greatis\REGRUN~1\RRShell.dll File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (MACHINE BootExecut)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Value error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/07 23:41:17 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/06/07 23:20:53 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Fede\Desktop\aswMBR.exe
[2012/06/07 22:15:46 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Fede\Desktop\OTL.exe
[2012/06/07 21:11:07 | 000,000,000 | -H-D | C] -- C:\Users\Fede\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Disabled Startup Items
[2012/06/07 21:11:07 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Disabled Startup Items
[2012/06/07 21:09:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Greatis
[2012/06/07 21:06:04 | 000,039,184 | ---- | C] (Greatis Software) -- C:\Windows\SysNative\Partizan.exe
[2012/06/07 20:59:19 | 000,000,000 | ---D | C] -- C:\ProgramData\RegRun
[2012/06/07 20:59:05 | 000,000,000 | ---D | C] -- C:\Users\Fede\Documents\RegRun2
[2012/06/07 20:58:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\UnHackMe
[2012/06/07 20:32:00 | 000,000,000 | ---D | C] -- C:\Users\Fede\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/06/07 19:31:30 | 000,018,816 | ---- | C] (Sophos Plc) -- C:\Windows\SysWow64\SAVRKBootTasks.sys
[2012/06/07 15:00:36 | 000,000,000 | ---D | C] -- C:\Users\Fede\AppData\Roaming\GlarySoft
[2012/06/07 13:58:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
[2012/06/07 13:58:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2012/06/07 13:37:59 | 000,000,000 | -H-D | C] -- C:\VritualRoot
[2012/06/07 13:37:59 | 000,000,000 | ---D | C] -- C:\Users\Fede\Pavark
[2012/06/06 19:42:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Transport Giant Gold
[2012/06/06 19:41:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Transport Giant Gold
[2012/06/06 19:05:28 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/06/06 15:07:30 | 000,000,000 | ---D | C] -- C:\Users\Fede\AppData\Local\SniperV2
[2012/06/06 15:02:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rebellion
[2012/06/05 15:05:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2012/06/05 15:05:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/06/03 02:08:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rockstar Games
[2012/06/03 01:21:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Rockstar Games
[2012/05/31 22:53:19 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Sports Interactive
[2012/05/31 22:53:19 | 000,000,000 | ---D | C] -- C:\Users\Fede\Documents\Sports Interactive
[2012/05/31 22:51:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SEGA
[2012/05/31 21:52:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/05/31 21:52:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2012/05/28 07:11:48 | 000,000,000 | ---D | C] -- C:\sintaxis
[2012/05/27 17:10:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECache
[2012/05/27 13:55:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft
[2012/05/21 16:48:49 | 000,000,000 | ---D | C] -- C:\Users\Fede\Application Data
[2012/05/21 16:44:12 | 000,000,000 | ---D | C] -- C:\Users\Fede\AppData\Roaming\Ubisoft
[2012/05/21 13:58:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
[2012/05/20 17:07:20 | 000,000,000 | ---D | C] -- C:\Users\Fede\Documents\The Movies
[2012/05/20 17:05:28 | 000,000,000 | -HSD | C] -- C:\Windows\ftpcache
[2012/05/20 17:04:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Movies
[2012/05/20 17:02:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Lionhead Studios
[2012/05/20 16:57:32 | 000,000,000 | ---D | C] -- C:\Users\Fede\AppData\Roaming\Lionhead Studios
[2012/05/19 13:57:18 | 000,000,000 | ---D | C] -- C:\ProgramData\GFI Software
[2012/05/19 12:32:46 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2012/05/18 12:49:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/05/18 12:48:59 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/05/18 12:31:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Startup Inspector
[2012/05/18 12:31:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Startup Inspector
[2012/05/18 12:24:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2012/05/18 12:24:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus
[2012/05/18 12:22:25 | 000,000,000 | ---D | C] -- C:\Users\Fede\AppData\Roaming\Ad-Aware Antivirus
[2012/05/17 20:21:55 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care
[2012/05/17 11:04:40 | 000,000,000 | ---D | C] -- C:\Users\Fede\AppData\Local\Comodo
[2012/05/17 11:04:17 | 000,000,000 | ---D | C] -- C:\ProgramData\CPA_VA
[2012/05/17 11:03:00 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\COMODO
[2012/05/17 10:45:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2012/05/17 10:45:22 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2012/05/17 10:45:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
[2012/05/17 10:45:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Comodo
[2012/05/17 10:40:40 | 000,000,000 | ---D | C] -- C:\Users\Fede\AppData\Roaming\wsInspector
[2012/05/17 10:39:52 | 000,000,000 | ---D | C] -- C:\Users\Fede\Documents\wsInspector
[2012/05/17 10:38:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup Inspector for Windows
[2012/05/17 10:38:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Startup Inspector for Windows
[2012/05/17 10:36:39 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2012/05/17 00:01:20 | 000,116,224 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll
[2012/05/17 00:00:54 | 000,093,696 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll
[2012/05/16 23:47:23 | 000,000,000 | ---D | C] -- C:\Users\Fede\AppData\Roaming\QuickScan
[2012/05/15 19:19:46 | 000,000,000 | ---D | C] -- C:\Windows\system64
[2012/05/15 19:06:08 | 000,000,000 | ---D | C] -- C:\FRST
[2012/05/15 18:40:48 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/05/15 18:37:53 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/05/15 18:13:39 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/05/15 18:13:36 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/05/15 14:28:01 | 000,000,000 | ---D | C] -- C:\Users\Fede\AppData\Roaming\Easeware
[2012/05/15 14:27:41 | 000,000,000 | ---D | C] -- C:\Program Files\Easeware
[2012/05/14 21:20:10 | 000,000,000 | ---D | C] -- C:\Users\Fede\Documents\DisabledCUStartItems
[2012/05/14 21:20:10 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DisabledAUStartItems
[2012/05/14 21:02:53 | 000,000,000 | ---D | C] -- C:\Users\Fede\AppData\Local\MigWiz
[2012/05/14 20:42:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/05/14 20:42:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/05/11 23:28:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
[2012/05/11 23:10:38 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012/05/11 10:59:48 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/05/11 10:58:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2012/05/10 23:18:01 | 000,000,000 | ---D | C] -- C:\Users\Fede\Documents\Notas Fuenca
[2012/05/10 20:04:13 | 000,000,000 | ---D | C] -- C:\Update
[2012/05/09 17:07:35 | 000,000,000 | ---D | C] -- C:\Users\Fede\AppData\Roaming\Xidicone
[2012/05/09 17:06:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Xidicone
[2012/05/09 16:45:44 | 000,000,000 | ---D | C] -- C:\Users\Fede\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 2.7
[2012/05/09 13:00:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012/02/24 19:04:20 | 000,171,008 | ---- | C] (RAD Game Tools, Inc.) -- C:\Program Files (x86)\binkw32.dll

========== Files - Modified Within 30 Days ==========

[2012/06/07 23:53:35 | 000,013,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/06/07 23:53:35 | 000,013,872 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/06/07 23:46:11 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/07 23:45:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/06/07 23:45:51 | 3106,480,128 | -HS- | M] () -- C:\hiberfil.sys
[2012/06/07 23:43:00 | 000,000,838 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/06/07 23:41:20 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2012/06/07 23:35:02 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-308961309-1451343532-2030891354-1001UA.job
[2012/06/07 23:22:28 | 000,000,512 | ---- | M] () -- C:\Users\Fede\Desktop\MBR.dat
[2012/06/07 23:20:53 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Fede\Desktop\aswMBR.exe
[2012/06/07 23:00:01 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/07 22:15:46 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Fede\Desktop\OTL.exe
[2012/06/07 21:17:20 | 001,474,832 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
[2012/06/07 21:11:12 | 000,000,002 | RHS- | M] () -- C:\Windows\winstart.bat
[2012/06/07 21:11:12 | 000,000,002 | RHS- | M] () -- C:\Windows\SysWow64\CONFIG.NT
[2012/06/07 21:11:12 | 000,000,002 | RHS- | M] () -- C:\Windows\SysWow64\AUTOEXEC.NT
[2012/06/07 21:06:04 | 000,039,184 | ---- | M] (Greatis Software) -- C:\Windows\SysNative\Partizan.exe
[2012/06/07 21:06:04 | 000,000,079 | ---- | M] () -- C:\Windows\SysWow64\Partizan.RRI
[2012/06/07 20:35:02 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-308961309-1451343532-2030891354-1001Core.job
[2012/06/07 20:32:02 | 000,002,269 | ---- | M] () -- C:\Users\Fede\Desktop\Google Chrome.lnk
[2012/05/31 21:52:28 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/05/20 15:27:57 | 001,860,422 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/05/20 15:27:57 | 000,812,434 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat
[2012/05/20 15:27:57 | 000,719,096 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/05/20 15:27:57 | 000,183,864 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat
[2012/05/20 15:27:57 | 000,146,990 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/05/20 10:55:02 | 000,459,296 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/05/18 12:49:02 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/05/17 10:46:16 | 000,001,846 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Internet Security.lnk
[2012/05/15 19:47:38 | 000,000,178 | ---- | M] () -- C:\Users\Fede\defogger_reenable
[2012/05/11 11:41:25 | 000,000,073 | -H-- | M] () -- C:\splash.idx
[2012/05/10 23:21:48 | 000,001,406 | ---- | M] () -- C:\Users\Fede\Desktop\Winamp.lnk

========== Files Created - No Company Name ==========

[2012/06/07 23:22:28 | 000,000,512 | ---- | C] () -- C:\Users\Fede\Desktop\MBR.dat
[2012/06/07 21:09:54 | 000,057,556 | ---- | C] () -- C:\Windows\guard.bmp
[2012/06/07 21:06:04 | 000,000,079 | ---- | C] () -- C:\Windows\SysWow64\Partizan.RRI
[2012/06/07 20:59:09 | 000,000,002 | RHS- | C] () -- C:\Windows\winstart.bat
[2012/06/07 20:59:09 | 000,000,002 | RHS- | C] () -- C:\Windows\SysWow64\CONFIG.NT
[2012/06/07 20:59:09 | 000,000,002 | RHS- | C] () -- C:\Windows\SysWow64\AUTOEXEC.NT
[2012/06/07 20:32:02 | 000,002,269 | ---- | C] () -- C:\Users\Fede\Desktop\Google Chrome.lnk
[2012/06/07 20:30:55 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-308961309-1451343532-2030891354-1001UA.job
[2012/06/07 20:30:54 | 000,001,054 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-308961309-1451343532-2030891354-1001Core.job
[2012/05/27 17:14:14 | 000,002,555 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visor de Microsoft Office PowerPoint 2007.lnk
[2012/05/21 13:58:35 | 000,001,338 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk
[2012/05/18 12:49:02 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012/05/17 20:21:51 | 000,002,017 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care.lnk
[2012/05/17 20:16:35 | 000,002,153 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Transferencias VAIO.lnk
[2012/05/17 10:49:31 | 001,474,832 | ---- | C] () -- C:\Windows\SysNative\drivers\sfi.dat
[2012/05/17 10:46:16 | 000,001,846 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Internet Security.lnk
[2012/05/17 10:34:50 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012/05/17 00:02:24 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
[2012/05/17 00:00:27 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml
[2012/05/17 00:00:16 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml
[2012/05/17 00:00:16 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml
[2012/05/16 23:59:48 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml
[2012/05/15 19:47:38 | 000,000,178 | ---- | C] () -- C:\Users\Fede\defogger_reenable
[2012/05/13 11:45:08 | 000,000,838 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/05/10 23:21:48 | 000,001,406 | ---- | C] () -- C:\Users\Fede\Desktop\Winamp.lnk
[2012/05/06 20:14:09 | 000,000,767 | ---- | C] () -- C:\Users\Fede\AppData\Roaming\SMRBackup250.dat
[2012/05/06 13:49:37 | 000,034,814 | ---- | C] () -- C:\Users\Fede\AppData\Local\dt.dat
[2012/03/17 20:11:16 | 000,007,605 | ---- | C] () -- C:\Users\Fede\AppData\Local\Resmon.ResmonCfg
[2012/03/09 20:39:05 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/03/09 20:39:00 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/02/24 19:04:20 | 1267,728,384 | ---- | C] () -- C:\Program Files (x86)\chunks1.vpp_pc
[2012/02/24 19:04:20 | 000,785,632 | ---- | C] () -- C:\Program Files (x86)\bitmaps_pc
[2012/02/24 19:03:54 | 390,983,680 | ---- | C] () -- C:\Program Files (x86)\audio.vpp_pc
[2012/02/24 19:03:46 | 243,096,384 | ---- | C] () -- C:\Program Files (x86)\anims.vpp_pc
[2012/01/29 18:38:53 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbkserv.dll
[2012/01/29 18:38:53 | 000,995,328 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbkusb1.dll
[2012/01/29 18:38:53 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbkhbn3.dll
[2012/01/29 18:38:53 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbkpmui.dll
[2012/01/29 18:38:53 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbklmpm.dll
[2012/01/29 18:38:53 | 000,538,096 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbkcoms.exe
[2012/01/29 18:38:53 | 000,462,848 | ---- | C] () -- C:\Windows\SysWow64\dlbkjswr.dll
[2012/01/29 18:38:53 | 000,413,696 | ---- | C] () -- C:\Windows\SysWow64\dlbkutil.dll
[2012/01/29 18:38:53 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbkinpa.dll
[2012/01/29 18:38:53 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbkiesc.dll
[2012/01/29 18:38:53 | 000,386,544 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbkih.exe
[2012/01/29 18:38:53 | 000,323,584 | ---- | C] ( ) -- C:\Windows\SysWow64\DLBKhcp.dll
[2012/01/29 18:38:53 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\DLBKinst.dll
[2012/01/29 18:38:53 | 000,181,744 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbkppls.exe
[2012/01/29 18:38:53 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbkprox.dll
[2012/01/29 18:38:53 | 000,155,648 | ---- | C] () -- C:\Windows\SysWow64\dlbkinsb.dll
[2012/01/29 18:38:53 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbkpplc.dll
[2012/01/29 18:38:53 | 000,090,112 | ---- | C] () -- C:\Windows\SysWow64\dlbkcur.dll
[2012/01/29 18:38:53 | 000,073,728 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbkcu.dll
[2012/01/29 18:38:52 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbkcomc.dll
[2012/01/29 18:38:52 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbkcomm.dll
[2012/01/29 18:38:52 | 000,382,448 | ---- | C] ( ) -- C:\Windows\SysWow64\dlbkcfg.exe
[2012/01/29 18:18:58 | 000,000,139 | ---- | C] () -- C:\Windows\dellstat.ini
[2011/08/10 17:04:41 | 001,524,557 | ---- | C] () -- C:\Program Files\wrar401es[1].exe
[2011/04/09 18:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/04/08 18:47:31 | 001,838,396 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/12/16 14:35:55 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

========== LOP Check ==========

[2012/05/11 14:51:17 | 000,000,000 | ---D | M] -- C:\Users\Fede\AppData\Roaming\2K Sports
[2012/05/19 13:56:02 | 000,000,000 | ---D | M] -- C:\Users\Fede\AppData\Roaming\Ad-Aware Antivirus
[2012/04/22 12:33:16 | 000,000,000 | ---D | M] -- C:\Users\Fede\AppData\Roaming\Auslogics
[2012/03/14 19:34:26 | 000,000,000 | ---D | M] -- C:\Users\Fede\AppData\Roaming\Azureus
[2012/05/18 13:03:16 | 000,000,000 | ---D | M] -- C:\Users\Fede\AppData\Roaming\BitTorrent
[2012/02/06 21:10:15 | 000,000,000 | ---D | M] -- C:\Users\Fede\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/06/07 11:43:14 | 000,000,000 | ---D | M] -- C:\Users\Fede\AppData\Roaming\DAEMON Tools Pro
[2012/03/17 21:45:22 | 000,000,000 | ---D | M] -- C:\Users\Fede\AppData\Roaming\DarknessII
[2012/05/15 14:28:01 | 000,000,000 | ---D | M] -- C:\Users\Fede\AppData\Roaming\Easeware
[2012/06/07 15:00:36 | 000,000,000 | ---D | M] -- C:\Users\Fede\AppData\Roaming\GlarySoft
[2012/05/09 12:50:08 | 000,000,000 | ---D | M] -- C:\Users\Fede\AppData\Roaming\Kalypso Media
[2012/05/20 16:57:32 | 000,000,000 | ---D | M] -- C:\Users\Fede\AppData\Roaming\Lionhead Studios
[2012/04/23 20:51:28 | 000,000,000 | ---D | M] -- C:\Users\Fede\AppData\Roaming\LolClient
[2012/02/05 22:03:33 | 000,000,000 | ---D | M] -- C:\Users\Fede\AppData\Roaming\MusicNet
[2012/05/09 12:50:10 | 000,000,000 | ---D | M] -- C:\Users\Fede\AppData\Roaming\Opera
[2011/11/29 21:03:37 | 000,000,000 | ---D | M] -- C:\Users\Fede\AppData\Roaming\Publish Providers
[2012/05/09 12:50:10 | 000,000,000 | ---D | M] -- C:\Users\Fede\AppData\Roaming\PunkBuster
[2012/05/16 23:47:30 | 000,000,000 | ---D | M] -- C:\Users\Fede\AppData\Roaming\QuickScan
[2012/05/09 12:50:10 | 000,000,000 | ---D | M] -- C:\Users\Fede\AppData\Roaming\SecondLife
[2012/02/24 00:22:19 | 000,000,000 | ---D | M] -- C:\Users\Fede\AppData\Roaming\SmartDraw
[2012/05/09 12:50:10 | 000,000,000 | ---D | M] -- C:\Users\Fede\AppData\Roaming\Sony
[2012/05/09 12:50:10 | 000,000,000 | ---D | M] -- C:\Users\Fede\AppData\Roaming\Sports Interactive
[2012/05/09 12:50:14 | 000,000,000 | ---D | M] -- C:\Users\Fede\AppData\Roaming\Transparent
[2012/03/30 21:53:53 | 000,000,000 | ---D | M] -- C:\Users\Fede\AppData\Roaming\Tropico 4
[2012/05/15 20:14:16 | 000,000,000 | ---D | M] -- C:\Users\Fede\AppData\Roaming\TS3Client
[2012/05/21 16:44:12 | 000,000,000 | ---D | M] -- C:\Users\Fede\AppData\Roaming\Ubisoft
[2012/06/07 11:43:12 | 000,000,000 | ---D | M] -- C:\Users\Fede\AppData\Roaming\uTorrent
[2012/05/18 12:33:14 | 000,000,000 | ---D | M] -- C:\Users\Fede\AppData\Roaming\wsInspector
[2012/05/10 15:44:04 | 000,000,000 | ---D | M] -- C:\Users\Fede\AppData\Roaming\Xidicone
[2012/05/06 13:05:48 | 000,032,518 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\system64] -> \systemroot\system32 -> Mount Point

< End of report >

Attached Files


Edited by Essexboy, 08 June 2012 - 03:16 AM.

  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK a final sweep for orphans I feel, this is a new variant that you have and at the moment no protection has been added so it is relatively easy to remove for now

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

THEN

Go to this MS siteand run the Fixit about halfway down

Once you have completed this could you let me know what problems remain
  • 0

#9
Axent

Axent

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Heres the MBAM log. The computer´s behaviour is normal and apparently, MBAM did not find any malware

Attached Files


  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :thumbsup:

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Remove ComboFix

  • Hold down the Windows key + R on your keyboard. This will display the Run dialogue box
  • In the Run box, type in ComboFix /Uninstall (Notice the space between the "x" and "/") then click OK

    Posted Image
  • Follow the prompts on the screen
  • A message should appear confirming that ComboFix was uninstalled

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Go to this site and click Do I have Java
  • It will check your current version and then offer to update to the latest version

SPRING CLEAN

To manually create a new Restore Point
  • Go to Control Panel and select System
  • Select System
  • On the left select System Protection and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create

Now we can purge the infected ones
  • GoStart > All programs > Accessories > system tools
  • Right click Disc cleanup and select run as administrator
  • Select Your main drive and accept the warning if you get one
  • For a few moments the system will make some calculations
  • Select the More Options tab
  • In the System Restore and Shadow Backups select Clean up
  • Select Delete on the pop up
  • Select OK
  • Select Delete

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
Posted Image
Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated. To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

Keep safe :wave:
  • 0

#11
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP