Infected, cant access anti virus websites, install antivirus and even update antivirus

zhar2 · July 14, 2013

Besides what i stated in the title ,my pc runs just great, but at first i used malware bytes and it removed 5 then i was able to upgrade it and it removed 2 more but symptoms persisted, the kasperky tdsskiller didnt find anything. Im running ESET on safe mode as its the only way it can connect and it has found 39 things including: win32/bundled.toolbar.ask, sirefef.fl, opencandy, ponmocup and exploit.blacole.

Id like to hopefully restore my pc to its health without doing a reformat, i got alot of data (3TB) that i cant loose, and i need to finish a large complex graphical design job that i seriously cannot start over. Please help.

DDS (Ver_2012-11-20.01) - NTFS_x86 NETWORK

Internet Explorer: 9.0.8112.16496 BrowserJavaVersion: 10.17.2

Run by felipe at 23:41:32 on 2013-07-14

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3325.2314 [GMT 1:00]

.

AV: Norton 360 *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Spyware Doctor *Disabled/Outdated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}

SP: Norton 360 *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}

FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\Explorer.EXE

C:\Windows\helppane.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe

C:\Program Files\ESET\ESET Online Scanner\OnlineScannerApp.exe

C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k rpcss

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

.

============== Pseudo HJT Report ===============

.

uProxyOverride = local;*.local

BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - c:\program files\mcafee security scan\3.0.318\McAfeeMSS_IE.dll

BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\realnetworks\realdownloader\browserplugins\ie\rndlbrowserrecordplugin.dll

BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll

BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton 360\engine\4.4.0.12\coieplg.dll

BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton 360\engine\4.4.0.12\ipsbho.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll

BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL

BHO: FDMIECookiesBHO Class: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - c:\program files\free download manager\iefdm2.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

BHO: Microsoft Web Test Recorder 10.0 Helper: {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - c:\program files\microsoft visual studio 10.0\common7\ide\privateassemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll

TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360\engine\4.4.0.12\coieplg.dll

EB: Web Test Recorder 10.0: {5802D092-1784-4908-8CDB-99B6842D353D} -

uRun: [ares] "c:\program files\ares\Ares.exe" -h

uRun: [Google Update] "c:\users\felipe\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [Emmimob] c:\users\felipe\appdata\roaming\hezo\bolae.exe

mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices

mRun: [Ask and Record FLV Service] "c:\program files\ask & record toolbar\FLVSrvc.exe" /run

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW

mRun: [HTC Sync Loader] "c:\program files\htc\htc sync 3.0\htcUPCTLoader.exe" -startup

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"

mRun: [bambooCore] c:\program files\bamboo dock\BambooCore.exe

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide

StartupFolder: c:\users\felipe\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\felipe\appdata\roaming\dropbox\bin\Dropbox.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.318\SSScheduler.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wna3100\WNA3100.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:0

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: Download all with Free Download Manager - c:\program files\free download manager\dlall.htm

IE: Download selected with Free Download Manager - c:\program files\free download manager\dlselected.htm

IE: Download video with Free Download Manager - c:\program files\free download manager\dlfvideo.htm

IE: Download with Free Download Manager - c:\program files\free download manager\dllink.htm

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

LSP: c:\windows\system32\wpclsp.dll

TCP: NameServer = 192.168.0.1

TCP: Interfaces\{2F993426-CBA2-48A6-A761-F120EFAD21ED} : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{9D7EB45D-1B55-49CF-99C6-BAF9A0B87F0B} : DHCPNameServer = 192.168.42.129

TCP: Interfaces\{C93D68BD-EE98-4EBB-BCEC-99C368362932} : DHCPNameServer = 149.254.230.7 149.254.192.126

TCP: Interfaces\{E26B3BC0-5FD4-4526-BA88-F29BE9E0D228} : DHCPNameServer = 192.168.0.1

TCP: Interfaces\{F68B8DE4-8EE0-4545-AAD2-2855C0316F06} : DHCPNameServer = 192.168.0.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL

LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\28.0.1500.72\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\felipe\appdata\roaming\mozilla\firefox\profiles\qbudk8ws.default\

FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\download manager\npfpdlm.dll

FF - plugin: c:\program files\downloader\npdd.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\google updater\2.4.2432.1652\npCIDetect14.dll

FF - plugin: c:\program files\google\update\1.3.21.153\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\mcafee security scan\3.0.318\npMcAfeeMSS.dll

FF - plugin: c:\program files\microsoft silverlight\5.1.20513.0\npctrlui.dll

FF - plugin: c:\program files\microsoft\office live\npOLW.dll

FF - plugin: c:\program files\microsoft\web platform installer\NPWPIDetector.dll

FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll

FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll

FF - plugin: c:\program files\tabletplugins\npWacomTabletPlugin.dll

FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll

FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlchromebrowserrecordext.dll

FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlhtml5videoshim.dll

FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlpepperflashvideoshim.dll

FF - plugin: c:\programdata\realnetworks\realdownloader\browserplugins\npdlplugin.dll

FF - plugin: c:\users\felipe\appdata\local\google\update\1.3.21.145\npGoogleUpdate3.dll

FF - plugin: c:\users\felipe\appdata\roaming\mozilla\plugins\npgoogletalk.dll

FF - plugin: c:\users\felipe\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: c:\users\felipe\appdata\roaming\mozilla\plugins\npo1d.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_224.dll

FF - plugin: c:\windows\system32\npDeployJava1.dll

FF - plugin: c:\windows\system32\npmproxy.dll

FF - plugin: c:\windows\system32\NPSWF32.dll

FF - ExtSQL: 2013-05-27 22:59; ytd@mybrowserbar.com; c:\program files\ytd toolbar\FF

.

============= SERVICES / DRIVERS ===============

.

=============== File Associations ===============

.

FileExt: .txt: Applications\Winword.exe="c:\program files\microsoft office\office12\WINWORD.EXE" /n /dde [userChoice] [default=edit - 'Open' doesn't exist]

ShellExec: dreamweaver.exe: Open="c:\program files\adobe\adobe dreamweaver cs4\dreamweaver.exe", "%1"

.

=============== Created Last 30 ================

.

2013-07-14 14:49:13 -------- d-----w- c:\program files\ESET

2013-07-14 14:27:58 -------- d-----w- c:\windows\system32\MRT

2013-07-14 13:12:18 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files

2013-07-13 10:20:38 -------- d-s---w- C:\ComboFix

2013-07-11 18:08:26 2049024 ----a-w- c:\windows\system32\win32k.sys

2013-07-11 18:07:32 798208 ----a-w- c:\windows\system32\FntCache.dll

2013-07-11 18:07:32 1069056 ----a-w- c:\windows\system32\DWrite.dll

2013-07-11 18:07:31 683008 ----a-w- c:\windows\system32\d2d1.dll

2013-07-11 18:07:31 486400 ----a-w- c:\windows\system32\d3d10level9.dll

2013-07-11 18:07:31 219648 ----a-w- c:\windows\system32\d3d10_1core.dll

2013-07-11 18:07:31 189952 ----a-w- c:\windows\system32\d3d10core.dll

2013-07-11 18:07:31 160768 ----a-w- c:\windows\system32\d3d10_1.dll

2013-07-11 18:07:31 1172480 ----a-w- c:\windows\system32\d3d10warp.dll

2013-07-11 18:07:31 1029120 ----a-w- c:\windows\system32\d3d10.dll

2013-07-11 18:07:29 505344 ----a-w- c:\windows\system32\qedit.dll

2013-07-11 18:07:27 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL

2013-07-11 18:06:47 936960 ----a-w- c:\program files\common files\microsoft shared\ink\journal.dll

2013-07-11 18:06:46 983552 ----a-w- c:\program files\windows journal\JNTFiltr.dll

2013-07-11 18:06:46 964608 ----a-w- c:\program files\windows journal\JNWDRV.dll

2013-07-11 18:06:46 1218048 ----a-w- c:\program files\windows journal\NBDoc.DLL

2013-06-26 19:03:09 920472 ----a-w- c:\program files\mozilla firefox\firefox.exe

2013-06-26 19:03:09 59288 ----a-w- c:\program files\mozilla firefox\libEGL.dll

2013-06-26 19:03:09 478104 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll

2013-06-26 19:03:09 3727360 ----a-w- c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll

2013-06-26 19:03:09 3407256 ----a-w- c:\program files\mozilla firefox\gkmedias.dll

2013-06-26 19:03:09 279448 ----a-w- c:\program files\mozilla firefox\freebl3.dll

2013-06-26 19:03:08 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll

2013-06-26 19:03:08 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll

2013-06-26 19:03:08 116120 ----a-w- c:\program files\mozilla firefox\crashreporter.exe

2013-06-26 19:03:07 74136 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll

2013-06-26 19:03:07 263576 ----a-w- c:\program files\mozilla firefox\browser\components\browsercomps.dll

2013-06-26 19:03:07 19352 ----a-w- c:\program files\mozilla firefox\AccessibleMarshal.dll

2013-06-20 17:36:39 -------- d-sh--w- c:\windows\system32\%APPDATA%

2013-06-19 20:24:16 -------- d-----w- c:\users\felipe\appdata\roaming\Odikyd

2013-06-19 20:24:16 -------- d-----w- c:\users\felipe\appdata\roaming\Hezo

2013-06-19 20:24:16 -------- d-----w- c:\users\felipe\appdata\roaming\Foopme

2013-06-18 19:59:43 7068072 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{d88f7d5a-1fa3-4d52-9ddc-9642ba9d25b9}\mpengine.dll

2013-06-16 10:55:21 -------- d-----w- c:\program files\YTD Toolbar

.

==================== Find3M ====================

.

2013-06-11 21:55:52 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-06-11 21:55:51 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-05-29 01:50:14 1800704 ----a-w- c:\windows\system32\jscript9.dll

2013-05-29 01:41:52 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2013-05-29 01:41:08 1129472 ----a-w- c:\windows\system32\wininet.dll

2013-05-29 01:37:15 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2013-05-29 01:36:09 420864 ----a-w- c:\windows\system32\vbscript.dll

2013-05-29 01:33:22 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2013-05-08 04:37:21 905576 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-05-02 22:03:36 3603832 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-05-02 22:03:36 3551096 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-05-02 04:04:25 443904 ----a-w- c:\windows\system32\win32spl.dll

2013-05-02 04:03:42 37376 ----a-w- c:\windows\system32\printcom.dll

2013-05-02 01:06:08 238872 ------w- c:\windows\system32\MpSigStub.exe

2013-04-24 04:00:30 985600 ----a-w- c:\windows\system32\crypt32.dll

2013-04-24 04:00:30 98304 ----a-w- c:\windows\system32\cryptnet.dll

2013-04-24 04:00:30 133120 ----a-w- c:\windows\system32\cryptsvc.dll

2013-04-24 04:00:24 41984 ----a-w- c:\windows\system32\certenc.dll

2013-04-24 01:46:29 812544 ----a-w- c:\windows\system32\certutil.exe

2013-04-17 12:30:06 24576 ----a-w- c:\windows\system32\cryptdlg.dll

2009-02-13 08:49:05 892928 --sh--r- c:\windows\system32\MSKernelIO.dll

.

============= FINISH: 23:56:44.22 ===============

kevinf80 · July 15, 2013

Download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Kevin....

zhar2 · July 15, 2013

Since last nighyt eset found 54 threads and deleted them. All symptoms have disappeared and I bought and installed kaspersky and will upgrade malwarebytes too to full. I left kaspersky running this morning and will check it when I get home. I will post eset logs and kaspersky and the ones you just recommend.

zhar2 · July 15, 2013

Im sorry I wrote that on my phone. Typos

kevinf80 · July 15, 2013

OK, post logs when you`re ready...

zhar2 · July 15, 2013

ESET:

===============================================================

C:\Program Files\Ask & Record Toolbar\askSBarSetup.exe   a variant of Win32/Bundled.Toolbar.Ask.A application   cleaned by deleting - quarantined
C:\Program Files\Vuze\bunndle.zip   a variant of Win32/Bunndle application   deleted - quarantined
C:\Program Files\YTD Toolbar\FF\components\ytdFF.dll   a variant of Win32/Toolbar.Widgi application   cleaned by deleting - quarantined
C:\Program Files\YTD Toolbar\FF\components\ytdFF.dll.10   a variant of Win32/Toolbar.Widgi application   cleaned by deleting - quarantined
C:\Program Files\YTD Toolbar\FF\components\ytdFF.dll.11   a variant of Win32/Toolbar.Widgi application   cleaned by deleting - quarantined
C:\Program Files\YTD Toolbar\FF\components\ytdFF.dll.12   a variant of Win32/Toolbar.Widgi application   cleaned by deleting - quarantined
C:\Program Files\YTD Toolbar\FF\components\ytdFF.dll.13   a variant of Win32/Toolbar.Widgi application   cleaned by deleting - quarantined
C:\Program Files\YTD Toolbar\FF\components\ytdFF.dll.14   a variant of Win32/Toolbar.Widgi application   cleaned by deleting - quarantined
C:\Program Files\YTD Toolbar\FF\components\ytdFF.dll.15   a variant of Win32/Toolbar.Widgi application   cleaned by deleting - quarantined
C:\Program Files\YTD Toolbar\FF\components\ytdFF.dll.16   a variant of Win32/Toolbar.Widgi application   cleaned by deleting - quarantined
C:\Program Files\YTD Toolbar\FF\components\ytdFF.dll.17   a variant of Win32/Toolbar.Widgi application   cleaned by deleting - quarantined
C:\Program Files\YTD Toolbar\FF\components\ytdFF.dll.18   a variant of Win32/Toolbar.Widgi application   cleaned by deleting - quarantined
C:\Program Files\YTD Toolbar\FF\components\ytdFF.dll.19   a variant of Win32/Toolbar.Widgi application   cleaned by deleting - quarantined
C:\Program Files\YTD Toolbar\FF\components\ytdFF.dll.20   a variant of Win32/Toolbar.Widgi application   cleaned by deleting - quarantined
C:\Program Files\YTD Toolbar\FF\components\ytdFF.dll.21   a variant of Win32/Toolbar.Widgi application   cleaned by deleting - quarantined
C:\Program Files\YTD Toolbar\FF\components\ytdFF.dll.22   a variant of Win32/Toolbar.Widgi application   cleaned by deleting - quarantined
C:\Program Files\YTD Toolbar\FF\components\ytdFF.dll.5   a variant of Win32/Toolbar.Widgi application   cleaned by deleting - quarantined
C:\Program Files\YTD Toolbar\FF\components\ytdFF.dll.6   a variant of Win32/Toolbar.Widgi application   cleaned by deleting - quarantined
C:\Program Files\YTD Toolbar\FF\components\ytdFF.dll.7   a variant of Win32/Toolbar.Widgi application   cleaned by deleting - quarantined
C:\Program Files\YTD Toolbar\FF\components\ytdFF.dll.8   a variant of Win32/Toolbar.Widgi application   cleaned by deleting - quarantined
C:\Program Files\YTD Toolbar\FF\components\ytdFF.dll.9   a variant of Win32/Toolbar.Widgi application   cleaned by deleting - quarantined
C:\Program Files\YTD Toolbar\IE\7.2\ytdToolbarIE.dll   a variant of Win32/Toolbar.Widgi application   cleaned by deleting - quarantined
C:\ProgramData\YTD YouTube Downloader & Converter\ytd_installer.exe   a variant of Win32/Bundled.Toolbar.Ask.D application   cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\$RECYCLE.BIN\S-1-5-21-3758605009-2065631798-276496836-1000\$c14ff6a3ad37445f54b18e425c370185\U\80000000.@.vir   probably a variant of Win32/Sirefef.FA trojan   cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\$RECYCLE.BIN\S-1-5-21-3758605009-2065631798-276496836-1000\$c14ff6a3ad37445f54b18e425c370185\U\800000cb.@.vir   a variant of Win32/Sirefef.FL trojan   cleaned by deleting - quarantined
C:\Users\felipe\AppData\Local\temp\setup.exe   a variant of Win32/Bundled.Toolbar.Ask application   cleaned by deleting - quarantined
C:\Users\felipe\AppData\Local\temp\toolbar3955608.exe   multiple threats   cleaned by deleting - quarantined
C:\Users\felipe\AppData\Local\temp\toolbar3958041.exe   a variant of Win32/Toolbar.Babylon.E application   cleaned by deleting - quarantined
C:\Users\felipe\AppData\Local\temp\uninstall4233601.exe   a variant of Win32/YourFileDownloader.B application   cleaned by deleting - quarantined
C:\Users\felipe\AppData\Local\temp\uninstall4311134.exe   Win32/YourFileDownloader.B application   cleaned by deleting - quarantined
C:\Users\felipe\AppData\Local\temp\YO3axXXE.zip.part   a variant of Win32/Ponmocup.GA trojan   deleted - quarantined
C:\Users\felipe\AppData\Local\temp\C4B30B8F-BAB0-7891-8287-4B57F0FDCF74\Latest\BExternal.dll   a variant of Win32/Toolbar.Babylon.C application   cleaned by deleting - quarantined
C:\Users\felipe\AppData\Local\temp\C4B30B8F-BAB0-7891-8287-4B57F0FDCF74\Latest\IEHelper.dll   Win32/Toolbar.Babylon.E application   cleaned by deleting - quarantined
C:\Users\felipe\AppData\Local\temp\C4B30B8F-BAB0-7891-8287-4B57F0FDCF74\Latest\Setup.exe   a variant of Win32/Toolbar.Babylon.E application   cleaned by deleting - quarantined
C:\Users\felipe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\4a2f654d-669879eb   a variant of Java/Exploit.CVE-2013-2423.DQ trojan   cleaned by deleting - quarantined
C:\Users\felipe\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\5de5191b-4fe2ae9b   Java/Exploit.Blacole.AN trojan   cleaned by deleting - quarantined
C:\Users\felipe\AppData\Roaming\Hezo\bolae.exe   a variant of Win32/Injector.AIJP trojan   cleaned by deleting - quarantined
C:\Users\felipe\AppData\Roaming\Mozilla\Firefox\Profiles\qbudk8ws.default\prefs.js   JS/SecurityDisabler.A.Gen application   cleaned by deleting - quarantined
C:\Users\felipe\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\stub_data\stubinst_pkg_en-uk.cab   Win32/OpenCandy application   deleted - quarantined
C:\Users\felipe\Downloads\avc-free.exe   Win32/OpenCandy application   cleaned by deleting - quarantined
C:\Users\felipe\Downloads\JDownloaderINTSetup_3.zip   Win32/OpenCandy application   deleted - quarantined
C:\Users\felipe\Downloads\Trimble SketchUp Pro 8 8.0 Build 15158.exe   Win32/InstalleRex.J application   cleaned by deleting - quarantined
C:\Windows\Installer\814d4.msi   probably a variant of Win32/Toolbar.Widgi application   deleted - quarantined
C:\Windows\temp\ckbdtcewsd.crx   multiple threats   deleted - quarantined
C:\Windows\temp\cydxuedwky.crx   multiple threats   deleted - quarantined
C:\Windows\temp\ncqgbjmbaq.crx   multiple threats   deleted - quarantined

===============================================================

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-07-2013
Ran by felipe (administrator) on 15-07-2013 19:09:25
Running from C:\Users\felipe\Downloads
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Autodesk) C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
() C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe
(Argonne National Lab) C:\Program Files\MPICH2\bin\smpd.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\8.4\bin\pg_ctl.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\8.4\bin\postgres.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Applian Technologies, Inc.) C:\Program Files\Ask & Record Toolbar\FLVSrvc.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
() C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe
() C:\Program Files\Bamboo Dock\BambooCore.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe
() C:\Program Files\NETGEAR\WNA3100\WNA3100.exe
(Dropbox, Inc.) C:\Users\felipe\AppData\Roaming\Dropbox\bin\Dropbox.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(RealNetworks, Inc.) C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe
(Microsoft Corporation) C:\Windows\system32\sdclt.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(Microsoft Corporation) C:\Windows\system32\sdclt.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmplayer.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [bCSSync] - "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [Ask and Record FLV Service] - "C:\Program Files\Ask & Record Toolbar\FLVSrvc.exe" /run [156672 2009-03-10] (Applian Technologies, Inc.)
HKLM\...\Run: [APSDaemon] - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-08-27] (Apple Inc.)
HKLM\...\Run: [AppleSyncNotifier] - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-11-02] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] - "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM\...\Run: [DivXUpdate] - "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-29] ()
HKLM\...\Run: [HTC Sync Loader] - "C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup [634880 2012-04-01] ()
HKLM\...\Run: [iTunesHelper] - "C:\Program Files\iTunes\iTunesHelper.exe" [421776 2012-09-10] (Apple Inc.)
HKLM\...\Run: [Zune Launcher] - "C:\Program Files\Zune\ZuneLauncher.exe" [159456 2011-08-05] (Microsoft Corporation)
HKLM\...\Run: [bambooCore] - C:\Program Files\Bamboo Dock\BambooCore.exe [646744 2012-10-16] ()
HKLM\...\Run: [Adobe Reader Speed Launcher] - "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [39792 2008-10-15] (Adobe Systems Incorporated)
HKLM\...\Run: [TkBellExe] - "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot [295512 2013-04-10] (RealNetworks, Inc.)
HKLM\...\Run: [sunJavaUpdateSched] - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [Windows Defender] - %ProgramFiles%\Windows Defender\MSASCui.exe -hide [1008184 2008-01-21] ()
HKLM\...\Run: [AVP] - "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe" [356376 2013-07-15] (Kaspersky Lab ZAO)
HKCU\...\Run: [ares] - "C:\Program Files\Ares\Ares.exe" -h [3209216 2012-02-02] (Ares Development Group)
HKCU\...\Run: [Google Update] - "C:\Users\felipe\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2013-02-20] (Google Inc.)
HKCU\...\Policies\system: [LogonHoursAction] 2
HKCU\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\DORIS\...\Run: [QuickTime Task] - "C:\Program Files\QuickTime\QTTask.exe" -atboottime [ 2012-04-18] (Apple Inc.)
HKU\DORIS\...\Policies\system: [LogonHoursAction] 2
HKU\DORIS\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\Users\felipe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\felipe\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - "C:\Program Files\Internet Explorer\iexplore.exe"
SearchScopes: HKCU - {66D94699-7779-447D-BD50-7D8FFE77E15D} URL = http://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
SearchScopes: HKCU - {C33035C1-A378-4D07-BF6A-D73B3D1C9C92} URL = http://start.funmoods.com/results.php?f=4&a=pvl&q={searchTerms}
BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~4\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll ()
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Microsoft Web Test Recorder 10.0 Helper - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKCU -No Name - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
Toolbar: HKCU -No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 02 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 03 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 04 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 05 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 06 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 07 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 08 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Winsock: Catalog9 20 C:\Windows\system32\wpclsp.dll [72192] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\felipe\AppData\Roaming\Mozilla\Firefox\Profiles\qbudk8ws.default

FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @fileplanet.com/fpdlm - C:\Program Files\Download Manager\npfpdlm.dll (IGN Entertainment)
FF Plugin: @gametap.com/npdd,version=1.0 - C:\Program Files\Downloader\npdd.dll (Metaboli)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.3 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/wpi,version=1.0 - C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll (Microsoft Corp)
FF Plugin: @pack.google.com/Google Updater;version=14 - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin: @real.com/nppl3260;version=16.0.1.18 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.6.14 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.1.18 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\felipe\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\felipe\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\felipe\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\felipe\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\felipe\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: wacom.com/WacomTabletPlugin - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\safesearch.xml
FF Extension: No Name - C:\Users\felipe\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
FF Extension: ytd - C:\Users\felipe\AppData\Roaming\Mozilla\Firefox\Profiles\qbudk8ws.default\Extensions\ytd@mybrowserbar.com
FF Extension: Click to call with Skype - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [{9051303c-7e41-4311-a783-d6fe5ef2832d}] C:\Program Files\FVD Suite\addons\Firefox
FF Extension: No Name - C:\Program Files\FVD Suite\addons\Firefox
FF HKLM\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF HKLM\...\Firefox\Extensions: [{DAC3F861-B30D-40dd-9166-F4E75327FAC7}] C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF HKLM\...\Firefox\Extensions: [url_advisor@kaspersky.com] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com
FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com
FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Content Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com

Chrome:
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\28.0.1500.72\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (DivX Player Netscape Plugin) - C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin8.dll (Apple Inc.)
CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpplugin.dll (RealPlayer)
CHR Plugin: (Google Talk Plugin) - C:\Users\felipe\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\felipe\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\felipe\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (IGN Download Manager Plug-in) - C:\Program Files\Download Manager\npfpdlm.dll (IGN Entertainment)
CHR Plugin: (Downloader Detector) - C:\Program Files\Downloader\npdd.dll (Metaboli)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Updater) - C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java Platform SE 7 U17) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (WPI Application Detector) - C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll (Microsoft Corp)
CHR Plugin: (WacomTabletPlugin) - C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealNetworks RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
CHR Plugin: (RealNetworks Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (Kaspersky URL Advisor) - C:\Users\felipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0
CHR Extension: (RealDownloader) - C:\Users\felipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.1_0
CHR Extension: (Virtual Keyboard) - C:\Users\felipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\felipe\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0

========================== Services (Whitelisted) =================

R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [356376 2013-07-15] (Kaspersky Lab ZAO)
S4 bufssvr; C:\Program Files\BUFFALO\SLManagerEasy\Bufssvr.exe [90112 2010-03-12] (BUFFALO INC.)
S4 CGVPNCliSrvc; C:\Program Files\S.A.D\CyberGhost VPN\CGVPNCliService.exe [2404488 2010-07-28] (mobile concepts GmbH)
S4 CVCompressionService; C:\Program Files\CVision\PdfCompressor 5.0\Service\CVCompressionService.exe [576512 2011-07-13] (CVISION Technologies)
R2 DAZContentManagementService; C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe [18432 2011-05-05] ()
S4 EnterpriseDBApachePHP; C:\Program Files\PostgreSQL\EnterpriseDB-ApachePhp\apache\bin\httpd.exe [18432 2009-07-13] (Apache Software Foundation)
S2 gupdate1c985fe7e348d8a; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-02-03] (Google Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
S4 mi-raysat_3dsMax2009_32; C:\Program Files\Autodesk\3ds Max 2009\mentalray\satellite\raysat_3dsMax2009_32server.exe [65536 2008-03-10] ()
R2 mpich2_smpd; C:\Program Files\MPICH2\bin\smpd.exe [483328 2010-10-22] (Argonne National Lab)
R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [43010392 2009-03-30] (Microsoft Corporation)
S4 MSSQLServerADHelper100; C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [47128 2009-07-23] (Microsoft Corporation)
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [87040 2012-03-23] ()
S4 PdfCompressorFtpService; C:\Program Files\CVision\PdfCompressor 5.0\ftpsvc.exe [162816 2011-07-13] (CVISION Technologies Inc.)
S4 rcp_service; C:\Program Files\ReaConverter 5.5 Pro\rcp_scheduler.exe [558592 2007-11-30] (ReaSoft)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-03-06] ()
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [366936 2009-03-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] ()
S4 WinTabService; C:\Windows\System32\Drivers\WTSRV.EXE [53248 2007-05-31] (Tablet Driver)
S2 WSWNA3100; C:\Program Files\NETGEAR\WNA3100\WifiSvc.exe [285152 2010-08-26] ()
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [528256 2012-12-11] (Wacom Technology, Corp.)
S3 BDPXZNELOW; C:\Users\felipe\AppData\Local\Temp\BDPXZNELOW.exe [x]
S3 FFBBDL; C:\Users\felipe\AppData\Local\Temp\FFBBDL.exe [x]
S3 FMTAYHC; C:\Users\felipe\AppData\Local\Temp\FMTAYHC.exe [x]
R2 postgresql-8.4; C:/Program Files/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "C:/Program Files/PostgreSQL/8.4/data" -w [x]
S3 RMXIWGPXF; C:\Users\felipe\AppData\Local\Temp\RMXIWGPXF.exe [x]

==================== Drivers (Whitelisted) ====================

S3 appliand; C:\Windows\System32\DRIVERS\appliand.sys [28256 2011-06-26] (Applian Technologies Inc.)
R3 appliandMP; C:\Windows\System32\DRIVERS\appliand.sys [28256 2011-06-26] (Applian Technologies Inc.)
R3 AVerBDA3x; C:\Windows\System32\DRIVERS\AVerBDA3x.sys [1183744 2007-08-29] (AVerMedia TECHNOLOGIES, Inc.)
R3 BCMH43XX; C:\Windows\System32\DRIVERS\bcmwlhigh6.sys [699896 2009-11-06] (Broadcom Corporation)
S3 hidkmdf; C:\Windows\System32\DRIVERS\hidkmdf.sys [11680 2012-12-03] (Windows ® Win 7 DDK provider)
S3 htcnprot; C:\Windows\System32\DRIVERS\htcnprot.sys [23040 2010-06-23] (Windows ® Win 7 DDK provider)
R3 irsir; C:\Windows\System32\DRIVERS\irsir.sys [20992 2008-01-21] (Microsoft Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [136024 2012-06-19] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [594528 2013-07-15] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [24408 2012-08-02] (Kaspersky Lab ZAO)
S3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25944 2013-07-15] (Kaspersky Lab)
S3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25944 2013-07-15] (Kaspersky Lab)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [44000 2013-07-15] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [145040 2013-07-15] (Kaspersky Lab ZAO)
S3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [599040 2008-01-31] (Ralink Technology Corp.)
S3 PAC207; C:\Windows\System32\DRIVERS\PFC027.SYS [618112 2008-02-13] (PixArt Imaging Inc.)
R0 PCTCore; C:\Windows\System32\drivers\PCTCore.sys [218592 2010-03-29] (PC Tools)
R3 PTSimBus; C:\Windows\System32\DRIVERS\PTSimBus.sys [18944 2007-06-07] (PenTablet Driver)
S3 PTSimHid; C:\Windows\System32\DRIVERS\PTSimHid.sys [10752 2007-04-23] (PenTablet Driver)
S4 RsFx0103; C:\Windows\System32\DRIVERS\RsFx0103.sys [239336 2009-03-30] (Microsoft Corporation)
R3 RTL85n86; C:\Windows\System32\DRIVERS\RTL85n86.sys [354816 2007-03-12] (Realtek)
R1 RtlProt; C:\Windows\System32\DRIVERS\rtlprot.sys [25896 2007-04-23] (Windows ® Codename Longhorn DDK provider)
R0 SCMNdisP; C:\Windows\System32\DRIVERS\scmndisp.sys [21728 2007-01-19] (Windows ® Codename Longhorn DDK provider)
R3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [25216 2010-02-25] (The OpenVPN Project)
S3 TClass2k; C:\Windows\System32\DRIVERS\TClass2k.sys [18432 2007-04-23] (Tablet Driver)
S3 UCTblHid; C:\Windows\System32\DRIVERS\UCTblHid.sys [14848 2008-09-08] (Tablet Driver)
S3 usbbus; C:\Windows\System32\DRIVERS\lgusbbus.sys [12416 2007-07-11] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgusbdiag.sys [19840 2007-07-11] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgusbmodem.sys [21632 2007-07-11] (LG Electronics Inc.)
S3 usbUDisc; C:\Windows\System32\DRIVERS\USBDrv.sys [7040 2011-08-02] (Scott)
S3 VSPerfDrv100; C:\Program Files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys [54144 2011-01-18] (Microsoft Corporation)
S3 WacHidRouter; C:\Windows\System32\DRIVERS\wachidrouter.sys [70048 2012-12-03] (Wacom Technology)
S3 wacomrouterfilter; C:\Windows\System32\DRIVERS\wacomrouterfilter.sys [13728 2012-11-15] (Wacom Technology)
R2 WIBUKEY; C:\Windows\System32\DRIVERS\WibuKey.sys [72704 2006-11-22] (WIBU-SYSTEMS AG)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 MEMSWEEP2; \??\C:\Windows\system32\E709.tmp [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
U2 srservice;
S3 Tablet2k; "%SystemRoot%\System32\Drivers\Tablet2k.sys" [x]
U2 wuaserv;

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-07-15 18:58 - 2013-07-15 18:58 - 00000000 ____D C:\FRST
2013-07-15 18:54 - 2013-07-15 18:54 - 01218214 _____ (Farbar) C:\Users\felipe\Downloads\FRST.exe
2013-07-15 18:23 - 2013-07-15 18:24 - 00006222 _____ C:\Users\felipe\Desktop\2p.txt
2013-07-15 06:50 - 2013-07-15 06:49 - 00000993 _____ C:\Users\Public\Desktop\Kaspersky Anti-Virus 2013.lnk
2013-07-15 06:46 - 2013-07-15 06:46 - 00000000 ____D C:\Windows\LastGood
2013-07-15 06:43 - 2013-07-15 18:50 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-07-15 06:43 - 2013-07-15 06:43 - 00000000 ____D C:\Program Files\Kaspersky Lab
2013-07-15 06:29 - 2013-07-15 07:05 - 00594528 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2013-07-15 06:29 - 2013-07-15 07:05 - 00074848 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2013-07-15 05:50 - 2013-07-15 05:50 - 00007221 _____ C:\Users\felipe\Desktop\p.txt
2013-07-15 00:54 - 2013-07-15 01:01 - 124713128 _____ C:\Users\felipe\Downloads\drweb-cureit.exe
2013-07-15 00:17 - 2013-07-15 00:17 - 00025637 _____ C:\Users\felipe\Desktop\attach.txt
2013-07-15 00:17 - 2013-07-14 23:56 - 00017264 _____ C:\Users\felipe\Desktop\dds.txt
2013-07-14 23:40 - 2013-07-14 23:40 - 00688992 ____R (Swearware) C:\Users\felipe\Downloads\dds.com
2013-07-14 23:00 - 2013-07-14 23:00 - 00915456 _____ C:\Users\felipe\Downloads\RogueKiller.exe
2013-07-14 19:21 - 2013-07-14 19:21 - 00065162 _____ C:\Users\felipe\.recently-used.xbel
2013-07-14 15:49 - 2013-07-14 15:49 - 02347384 _____ (ESET) C:\Users\felipe\Downloads\esetsmartinstaller_enu.exe
2013-07-14 15:49 - 2013-07-14 15:49 - 00000000 ____D C:\Program Files\ESET
2013-07-14 15:27 - 2013-07-14 15:27 - 00000000 ____D C:\Windows\system32\MRT
2013-07-14 14:48 - 2013-07-14 14:49 - 00035118 _____ C:\AdwCleaner[s1].txt
2013-07-14 14:47 - 2013-07-14 14:47 - 00034786 _____ C:\AdwCleaner[R2].txt
2013-07-14 14:40 - 2013-07-14 14:42 - 00034725 _____ C:\AdwCleaner[R1].txt
2013-07-14 14:38 - 2013-07-14 14:47 - 00001438 _____ C:\Users\felipe\Desktop\Rkill.txt
2013-07-14 14:21 - 2013-07-14 14:21 - 00662345 _____ C:\Users\felipe\Downloads\AdwCleaner.exe
2013-07-14 14:20 - 2013-07-14 14:20 - 02240864 _____ (Kaspersky Lab ZAO) C:\Users\felipe\Downloads\tdsskiller.exe
2013-07-14 14:12 - 2013-07-14 14:12 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2013-07-13 11:20 - 2013-07-13 11:20 - 00000000 ___SD C:\ComboFix
2013-07-13 11:03 - 2013-07-13 11:03 - 05088739 ____R (Swearware) C:\Users\felipe\Downloads\ComboFix.exe
2013-07-13 11:01 - 2013-07-13 11:01 - 00724952 _____ C:\Users\felipe\Downloads\avenger.zip
2013-07-13 10:45 - 2013-07-13 10:57 - 154504888 _____ (Kaspersky Lab) C:\Users\felipe\Downloads\kav13.0.1.4190en-gb_3571.exe
2013-07-13 10:38 - 2013-07-13 10:38 - 04464544 _____ (AVG Technologies) C:\Users\felipe\Downloads\avg_free_stb_all_2013_3345_free.exe
2013-07-12 19:06 - 2013-05-29 02:56 - 12333568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-12 19:06 - 2013-05-29 02:50 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-12 19:06 - 2013-05-29 02:48 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-12 19:06 - 2013-05-29 02:41 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-07-12 19:06 - 2013-05-29 02:41 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-12 19:06 - 2013-05-29 02:41 - 01104384 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-12 19:06 - 2013-05-29 02:40 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-07-12 19:06 - 2013-05-29 02:38 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-12 19:06 - 2013-05-29 02:37 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-07-12 19:06 - 2013-05-29 02:36 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-07-12 19:06 - 2013-05-29 02:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-12 19:06 - 2013-05-29 02:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-12 19:06 - 2013-05-29 02:33 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-12 19:06 - 2013-05-29 02:33 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-12 19:06 - 2013-05-29 02:33 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-07-12 19:06 - 2013-05-29 02:29 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-11 22:57 - 2013-07-11 22:57 - 07297056 _____ C:\Users\felipe\Downloads\ACCESSIBILITY2.svg
2013-07-11 19:08 - 2013-06-04 02:50 - 02049024 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-11 19:07 - 2013-06-01 05:06 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-11 19:07 - 2013-05-08 04:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-11 19:07 - 2013-04-17 12:28 - 01029120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-07-11 19:07 - 2013-04-17 12:28 - 00219648 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-07-11 19:07 - 2013-04-17 12:28 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-07-11 19:07 - 2013-04-17 12:28 - 00160768 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-07-11 19:07 - 2013-04-17 11:34 - 01172480 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-07-11 19:07 - 2013-04-17 11:33 - 00486400 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-07-11 19:07 - 2013-04-17 11:14 - 00683008 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-07-11 19:07 - 2013-04-17 11:10 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-11 19:07 - 2013-04-17 11:10 - 00798208 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-06-26 20:03 - 2013-06-27 19:48 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-06-23 20:10 - 2013-06-23 20:35 - 00212866 _____ C:\Users\felipe\Desktop\stats bind.xlsx
2013-06-20 18:36 - 2013-06-20 18:36 - 00000000 __SHD C:\Windows\system32\%APPDATA%
2013-06-19 21:24 - 2013-07-15 04:40 - 00000000 ____D C:\Users\felipe\AppData\Roaming\Hezo
2013-06-19 21:24 - 2013-06-27 18:54 - 00000000 ____D C:\Users\felipe\AppData\Roaming\Odikyd
2013-06-19 21:24 - 2013-06-19 21:24 - 00000000 ____D C:\Users\felipe\AppData\Roaming\Foopme
2013-06-18 23:53 - 2013-07-15 18:20 - 00000370 _____ C:\Windows\Tasks\ReclaimerUpdateXML_felipe.job
2013-06-18 23:53 - 2013-07-15 06:27 - 00000380 _____ C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_felipe.job
2013-06-18 23:53 - 2013-07-14 14:24 - 00000374 _____ C:\Windows\Tasks\ReclaimerUpdateFiles_felipe.job
2013-06-17 21:39 - 2013-06-17 21:39 - 00808382 _____ C:\Users\felipe\Downloads\Ledger_7569(1).xlsx
2013-06-16 11:55 - 2013-06-16 11:55 - 00000000 ____D C:\Program Files\YTD Toolbar

==================== One Month Modified Files and Folders =======

2013-07-15 19:08 - 2010-06-03 21:55 - 00115200 _____ C:\Users\felipe\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-07-15 18:58 - 2013-07-15 18:58 - 00000000 ____D C:\FRST
2013-07-15 18:55 - 2012-08-27 09:50 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-15 18:54 - 2013-07-15 18:54 - 01218214 _____ (Farbar) C:\Users\felipe\Downloads\FRST.exe
2013-07-15 18:53 - 2009-01-10 19:17 - 47042867 _____ C:\Windows\WindowsUpdate.log
2013-07-15 18:50 - 2013-07-15 06:43 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2013-07-15 18:39 - 2013-04-30 18:26 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3758605009-2065631798-276496836-1000UA.job
2013-07-15 18:32 - 2006-11-02 13:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-15 18:32 - 2006-11-02 13:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-15 18:29 - 2009-07-01 10:34 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-07-15 18:24 - 2013-07-15 18:23 - 00006222 _____ C:\Users\felipe\Desktop\2p.txt
2013-07-15 18:23 - 2009-01-10 19:20 - 00000000 ___RD C:\Users\felipe\Desktop
2013-07-15 18:20 - 2013-06-18 23:53 - 00000370 _____ C:\Windows\Tasks\ReclaimerUpdateXML_felipe.job
2013-07-15 17:07 - 2010-09-06 15:45 - 00000476 ____H C:\Windows\Tasks\Norton Security Scan for felipe.job
2013-07-15 15:39 - 2013-04-30 18:26 - 00000860 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3758605009-2065631798-276496836-1000Core.job
2013-07-15 14:27 - 2009-02-03 13:50 - 00000868 _____ C:\Windows\Tasks\Google Software Updater.job
2013-07-15 09:39 - 2010-08-01 18:01 - 00001356 _____ C:\Users\felipe\AppData\Local\d3d9caps.dat
2013-07-15 07:05 - 2013-07-15 06:29 - 00594528 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2013-07-15 07:05 - 2013-07-15 06:29 - 00074848 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2013-07-15 07:05 - 2012-08-13 16:49 - 00145040 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kneps.sys
2013-07-15 07:05 - 2012-07-25 14:53 - 00025944 _____ (Kaspersky Lab) C:\Windows\system32\Drivers\klmouflt.sys
2013-07-15 07:05 - 2012-06-08 11:38 - 00044000 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kltdi.sys
2013-07-15 07:05 - 2012-05-25 19:38 - 00025944 _____ (Kaspersky Lab) C:\Windows\system32\Drivers\klkbdflt.sys
2013-07-15 06:55 - 2010-07-25 20:02 - 00000000 ___RD C:\Users\felipe\Documents\My Dropbox
2013-07-15 06:55 - 2010-07-25 20:01 - 00000000 ____D C:\Users\felipe\AppData\Roaming\Dropbox
2013-07-15 06:50 - 2006-11-02 12:18 - 00000000 __RHD C:\Users\Public\Desktop
2013-07-15 06:49 - 2013-07-15 06:50 - 00000993 _____ C:\Users\Public\Desktop\Kaspersky Anti-Virus 2013.lnk
2013-07-15 06:48 - 2009-01-10 19:20 - 00000000 ____D C:\Users\felipe
2013-07-15 06:46 - 2013-07-15 06:46 - 00000000 ____D C:\Windows\LastGood
2013-07-15 06:43 - 2013-07-15 06:43 - 00000000 ____D C:\Program Files\Kaspersky Lab
2013-07-15 06:29 - 2012-07-21 20:16 - 00000000 ____D C:\Users\felipe\AppData\Local\Htc
2013-07-15 06:27 - 2013-06-18 23:53 - 00000380 _____ C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_felipe.job
2013-07-15 06:27 - 2009-07-01 10:34 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-07-15 06:27 - 2006-11-02 14:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-15 06:26 - 2010-04-29 01:08 - 00000000 ____D C:\ProgramData\Norton
2013-07-15 06:26 - 2008-01-21 03:47 - 00684130 _____ C:\Windows\PFRO.log
2013-07-15 06:24 - 2006-11-02 14:01 - 00032644 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-15 06:18 - 2009-01-10 20:34 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2013-07-15 05:50 - 2013-07-15 05:50 - 00007221 _____ C:\Users\felipe\Desktop\p.txt
2013-07-15 04:40 - 2013-06-19 21:24 - 00000000 ____D C:\Users\felipe\AppData\Roaming\Hezo
2013-07-15 04:39 - 2012-05-21 17:57 - 00000000 ____D C:\ProgramData\YTD YouTube Downloader & Converter
2013-07-15 04:39 - 2009-07-07 14:52 - 00000000 ____D C:\Program Files\Ask & Record Toolbar
2013-07-15 04:39 - 2009-02-26 23:10 - 00000000 ____D C:\Program Files\Vuze
2013-07-15 01:01 - 2013-07-15 00:54 - 124713128 _____ C:\Users\felipe\Downloads\drweb-cureit.exe
2013-07-15 00:17 - 2013-07-15 00:17 - 00025637 _____ C:\Users\felipe\Desktop\attach.txt
2013-07-14 23:56 - 2013-07-15 00:17 - 00017264 _____ C:\Users\felipe\Desktop\dds.txt
2013-07-14 23:40 - 2013-07-14 23:40 - 00688992 ____R (Swearware) C:\Users\felipe\Downloads\dds.com
2013-07-14 23:00 - 2013-07-14 23:00 - 00915456 _____ C:\Users\felipe\Downloads\RogueKiller.exe
2013-07-14 19:21 - 2013-07-14 19:21 - 00065162 _____ C:\Users\felipe\.recently-used.xbel
2013-07-14 18:27 - 2011-05-12 19:36 - 00001940 _____ C:\Users\felipe\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
2013-07-14 18:08 - 2010-05-04 11:29 - 00000000 ____D C:\Users\felipe\AppData\Local\CrashDumps
2013-07-14 15:49 - 2013-07-14 15:49 - 02347384 _____ (ESET) C:\Users\felipe\Downloads\esetsmartinstaller_enu.exe
2013-07-14 15:49 - 2013-07-14 15:49 - 00000000 ____D C:\Program Files\ESET
2013-07-14 15:27 - 2013-07-14 15:27 - 00000000 ____D C:\Windows\system32\MRT
2013-07-14 14:49 - 2013-07-14 14:48 - 00035118 _____ C:\AdwCleaner[s1].txt
2013-07-14 14:47 - 2013-07-14 14:47 - 00034786 _____ C:\AdwCleaner[R2].txt
2013-07-14 14:47 - 2013-07-14 14:38 - 00001438 _____ C:\Users\felipe\Desktop\Rkill.txt
2013-07-14 14:42 - 2013-07-14 14:40 - 00034725 _____ C:\AdwCleaner[R1].txt
2013-07-14 14:24 - 2013-06-18 23:53 - 00000374 _____ C:\Windows\Tasks\ReclaimerUpdateFiles_felipe.job
2013-07-14 14:21 - 2013-07-14 14:21 - 00662345 _____ C:\Users\felipe\Downloads\AdwCleaner.exe
2013-07-14 14:20 - 2013-07-14 14:20 - 02240864 _____ (Kaspersky Lab ZAO) C:\Users\felipe\Downloads\tdsskiller.exe
2013-07-14 14:12 - 2013-07-14 14:12 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2013-07-14 13:40 - 2006-11-02 13:37 - 00000000 ____D C:\Windows\DigitalLocker
2013-07-13 15:57 - 2010-07-15 15:58 - 00001976 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-13 15:20 - 2006-11-02 12:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-07-13 12:23 - 2010-09-25 10:43 - 00000000 ____D C:\Users\felipe\AppData\Roaming\Skype
2013-07-13 11:20 - 2013-07-13 11:20 - 00000000 ___SD C:\ComboFix
2013-07-13 11:20 - 2012-07-07 17:26 - 00000000 ____D C:\Qoobox
2013-07-13 11:03 - 2013-07-13 11:03 - 05088739 ____R (Swearware) C:\Users\felipe\Downloads\ComboFix.exe
2013-07-13 11:01 - 2013-07-13 11:01 - 00724952 _____ C:\Users\felipe\Downloads\avenger.zip
2013-07-13 10:57 - 2013-07-13 10:45 - 154504888 _____ (Kaspersky Lab) C:\Users\felipe\Downloads\kav13.0.1.4190en-gb_3571.exe
2013-07-13 10:38 - 2013-07-13 10:38 - 04464544 _____ (AVG Technologies) C:\Users\felipe\Downloads\avg_free_stb_all_2013_3345_free.exe
2013-07-13 10:00 - 2006-11-02 13:47 - 02354864 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-13 01:06 - 2006-11-02 13:37 - 00000000 ____D C:\Windows\system32\XPSViewer
2013-07-12 19:38 - 2006-11-02 11:33 - 00858256 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-12 19:34 - 2008-06-17 13:07 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-12 19:26 - 2012-10-11 22:43 - 00000127 _____ C:\Windows\system32\MRT.INI
2013-07-12 18:37 - 2006-11-02 13:37 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-11 23:00 - 2009-01-11 12:14 - 00000000 ____D C:\Users\felipe\.gimp-2.6
2013-07-11 22:57 - 2013-07-11 22:57 - 07297056 _____ C:\Users\felipe\Downloads\ACCESSIBILITY2.svg
2013-07-11 22:56 - 2013-06-13 21:04 - 12153372 _____ C:\Users\felipe\Downloads\ACCESSIBILITY.svg
2013-07-11 20:01 - 2011-01-22 16:05 - 00037726 _____ C:\Windows\setupact.log
2013-07-11 19:41 - 2009-01-10 20:54 - 00000000 ____D C:\Users\felipe\AppData\Roaming\Mozilla
2013-07-10 22:00 - 2010-01-07 12:05 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-09 23:15 - 2011-01-02 19:24 - 00000000 ____D C:\Users\felipe\Desktop\Files gotha
2013-07-05 00:01 - 2009-01-19 17:12 - 00000000 ____D C:\Users\felipe\AppData\Roaming\gtk-2.0
2013-06-28 18:38 - 2012-06-26 00:49 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-06-27 19:48 - 2013-06-26 20:03 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-06-27 18:54 - 2013-06-19 21:24 - 00000000 ____D C:\Users\felipe\AppData\Roaming\Odikyd
2013-06-24 00:37 - 2006-11-02 11:24 - 75733144 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-06-23 20:35 - 2013-06-23 20:10 - 00212866 _____ C:\Users\felipe\Desktop\stats bind.xlsx
2013-06-22 01:41 - 2010-06-10 22:43 - 00000000 ____D C:\Users\felipe\AppData\Roaming\vlc
2013-06-20 18:36 - 2013-06-20 18:36 - 00000000 __SHD C:\Windows\system32\%APPDATA%
2013-06-19 21:24 - 2013-06-19 21:24 - 00000000 ____D C:\Users\felipe\AppData\Roaming\Foopme
2013-06-17 21:39 - 2013-06-17 21:39 - 00808382 _____ C:\Users\felipe\Downloads\Ledger_7569(1).xlsx
2013-06-16 11:55 - 2013-06-16 11:55 - 00000000 ____D C:\Program Files\YTD Toolbar

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

LastRegBack: 2013-07-15 15:28

==================== End Of Log ============================

zhar2 · July 15, 2013

ADDITION.TXT

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 14-07-2013
Ran by felipe at 2013-07-15 19:17:39
Running from C:\Users\felipe\Downloads
Boot Mode: Normal
==========================================================

Update for Microsoft Office 2007 (KB2508958)
001 Joiner (Version: 1.0.2)
AC3Filter (remove only)
Adobe AIR (Version: 3.2.0.2070)
Adobe Anchor Service CS3 (Version: 1.0)
Adobe Anchor Service CS4 (Version: 2.0)
Adobe Asset Services CS3 (Version: 3)
Adobe Bridge CS3 (Version: 2)
Adobe Bridge CS4 (Version: 3)
Adobe Bridge Start Meeting (Version: 1.0)
Adobe Camera Raw 4.0 (Version: 4.0)
Adobe CMaps CS4 (Version: 2.0)
Adobe Color - Photoshop Specific CS4 (Version: 2.0)
Adobe Color EU Extra Settings CS4 (Version: 2.0)
Adobe Color EU Recommended Settings CS4 (Version: 2.0)
Adobe Color JA Extra Settings CS4 (Version: 2.0)
Adobe Color NA Extra Settings CS4 (Version: 2.0)
Adobe Color NA Recommended Settings CS4 (Version: 2.0)
Adobe Color Video Profiles CS CS4 (Version: 2.0)
Adobe CSI CS4 (Version: 1)
Adobe Default Language CS4 (Version: 2.0)
Adobe Device Central CS3 (Version: 1.0)
Adobe Device Central CS4 (Version: 2)
Adobe Dreamweaver CS4 (Version: 10.0)
Adobe Drive CS4 (Version: 1)
Adobe Dynamiclink Support (Version: 1)
Adobe ExtendScript Toolkit 2 (Version: 2.0)
Adobe ExtendScript Toolkit CS4 (Version: 3.0.0)
Adobe Extension Manager CS4 (Version: 2.0)
Adobe Flash CS3 Professional (Version: 9.0.0)
Adobe Flash CS4 (Version: 10.0)
Adobe Flash CS4 Extension - Flash Lite STI en (Version: 3.0)
Adobe Flash CS4 Professional (Version: 10.0)
Adobe Flash CS4 STI-en (Version: 10.0)
Adobe Flash Player 11 Plugin (Version: 11.7.700.224)
Adobe Flash Video Encoder (Version: 2.0)
Adobe Fonts All (Version: 2.0)
Adobe Help Viewer CS3 (Version: 1)
Adobe Linguistics CS3 (Version: 3.0.0)
Adobe Linguistics CS4 (Version: 4.0.0)
Adobe Media Encoder CS4 (Version: 1.0)
Adobe Media Encoder CS4 Importer (Version: 1.0)
Adobe Media Player (Version: 0.0.0)
Adobe Media Player (Version: 1.1)
Adobe Output Module (Version: 2.0)
Adobe PDF Library Files CS4 (Version: 9.0)
Adobe Photoshop CS4 (Version: 11.0)
Adobe Photoshop CS4 Support (Version: 11.0)
Adobe Reader 8.1.4 (Version: 8.1.4)
Adobe Search for Help (Version: 1.0)
Adobe Service Manager Extension (Version: 1.0)
Adobe Setup (Version: 1.0)
Adobe Setup (Version: 2.0)
Adobe Shockwave Player 11.5 (Version: 11.5.9.620)
Adobe Type Support CS4 (Version: 9.0)
Adobe Update Manager CS3 (Version: 5.1.0)
Adobe Update Manager CS4 (Version: 6.0.0)
Adobe Version Cue CS3 Client (Version: 3)
Adobe WinSoft Linguistics Plugin (Version: 1.0)
Adobe WinSoft Linguistics Plugin (Version: 1.1)
Adobe XMP Panels CS4 (Version: 2.0)
AdobeColorCommonSetCMYK (Version: 2.0)
AdobeColorCommonSetRGB (Version: 2.0)
Advertising Center (Version: 0.0.0.2)
ANIWZCS2 Service
Any Video Converter 3.3.8
ApachePhp 2.2.11-5.2.9 (Version: 2.2.11-5.2.9-2)
Apple Application Support (Version: 2.2.2)
Apple Mobile Device Support (Version: 6.0.0.59)
Apple Software Update (Version: 2.1.3.127)
Ares 2.1.8 (Version: 2.1.8-Build#3042)
Ask & Record Toolbar 4.01 (Version: 4.01)
AstroSynthesis v2.01d
Audacity 1.2.6
Audible Download Manager (Version: 6.6.0.12)
AudibleManager (Version: 4759644.48.2147348480.4759644)
Autodesk 3ds Max 2009 32-bit (Version: 11.0)
Autodesk 3ds Max 2009 32-bit Additional Maps and Material Libraries (Version: 11.0)
Autodesk 3ds Max 2009 32-bit Architectural Materials Library (Version: 11.0)
Autodesk 3ds Max 2009 32-bit Movies (Version: 11.0)
Autodesk 3ds Max 2009 32-bit ProMaterials™ Library (Version: 11.0)
Autodesk 3ds Max 2009 32-bit Vault 2008 Plug-In (Version: 11.0)
Autodesk 3ds Max 2009 32-bit Vault 2009 Plug-In (Version: 11.0)
Autodesk 3ds Max ACDDS Anchor (Version: 11.0)
Autodesk Backburner 2008.1 (Version: 2008.1)
Autodesk FBX Plug-in 2010.2.1 - 3ds Max 2009
Autodesk SketchBookPro 2010 (Version: 4.00.0000)
AVerMedia M135-Series PCI TV Tuner 3.5.0.69 (Version: 3.5.0.69)
AVerMedia MCE Encoder x86 3.2.1.84 (Version: 3.2.1.84)
AviSynth 2.5
Bamboo Dock (Version: 4.1)
Bamboo Dock (Version: 4.1.0)
Belkin 54Mbps Wireless Network Adapter (Version: 1.00.01)
Bing Bar (Version: 7.0.609.0)
BitZipper 5.1
Blender (remove only)
Blendigo-2.6
Bluerock Technologies Flight Studio 3ds Max 2009 32-bit (Version: 11.0)
BODYPAINT 3D (Version: 3.1.1)
Bonjour (Version: 3.0.0.10)
Brazil r/s (Version: 1.2.58)
Bryce 6
BUFFALO SecureLockManagerEasy for HD
Carrara (Version: 7.0.0)
Celestia 1.6.0
Cities XL - Demo (Version: 1.0.0 - Demo)
CityEngine (Version: 2008.3)
Civilization III Complete Edition (Version: 1.00.0000)
Click to Call with Skype (Version: 5.5.8013)
ClustalW2 (Version: 2.1)
ClustalX2 (Version: 2.1)
CNTDesigner (Version: 2.2.1)
Command & Conquer 3 (Version: 1.00.0000)
Command & Conquer The First Decade (Version: 1.00.0000)
Command & Conquer™ 4 Tiberian Twilight (Version: 1.0.0.0)
Command & Conquer™ Red Alert™ 3 (Version: 1.0.1.0)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Connect (Version: 1.0.0.1)
Crazybump (remove only)
Crystal Reports for Visual Studio (Version: 12.51.0.240)
CyberGhost VPN
D3DX10 (Version: 15.4.2368.0902)
Darkest Hour
DAZ Content Management Service (Version: 4.8.1.7)
DAZ Studio 3 (Version: 3.1.1.73)
DAZ Studio 4 (Version: 4.0.3.47)
DAZ|Studio 1.7.1.5
DDS Converter 2.1
DDVideoDPGAVI 4.9
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DesktopX
Divine Wind version 5.0 (Version: 5.0)
DivX Converter (Version: 7.1.0)
DivX Plus DirectShow Filters
DivX Setup (Version: 2.6.1.9)
DivX Version Checker (Version: 7.1.0.2)
D-Link Wireless N DWA-140
Dotfuscator Software Services - Community Edition (Version: 5.0.2500.0)
Download Manager 2.3.9 (Version: 2.3.9)
Downloader
Dragonfly ActiveX Instrumentation Extension Components (Version: 3.50.0000)
Dropbox (HKCU Version: 2.0.22)
drupal 6.12 (Version: 6.12-1)
DS4 Default Content (Version: 4.0.0.19)
DVDStyler v1.8.1
EA Download Manager (Version: 6.0.0.100)
Easy DVD Creator 2.2.0
EasyBits GO
EnterpriseDB MigrationWizard 1.1 (Version: 1.1-2)
EnterpriseDB phpWiki (Version: 1.2.11)
EnterpriseDB TuningWizard 1.3 (Version: 1.3-1)
EPSON Printer Software
ESET Online Scanner v3
Europa Universalis III
EVEMon (Version: 1.2.8.1385)
Explorer Suite III
Fallout 3 (Version: 1.00.0000)
Fallout: New Vegas
FBX Plugin 2009.0 for Max 2009
Flash Slideshow Maker Pro 4.61 (Version: 4.61)
Fluids6 6 (Version: 6)
FLV Player 2.0 (build 25) (Version: 2.0 (build 25))
FlvCatcher
FontCreator 5.5
Fractal Terrains 3 (Version: 3.0.2)
Fractal Terrains Pro 2.3.0.8 Update
Free Download Manager 2.5
Free Mp3 Wma Ogg Converter 7.1.2
Free Video Cutter 1.1
Free Window Registry Repair
FreeOrion 0.3.12 (Version: 0.3.12)
From Dust
FVD Suite 2.7.5
FyTek's PDF Secured Optimizer 2.0 (Version: 1.0)
GearDrvs (Version: 1.00.0000)
GearDrvs (Version: 5.0.0.2)
Genebase Login (Version: 1.00.0000)
GEODAS Uninstall
GhostWord
GIMP 2.6.11 (Version: 2.6.11)
GISConverter
Global Mapper 12 (Version: 12.00.0010)
Google Chrome (Version: 28.0.1500.72)
Google Earth (Version: 7.0.3.8542)
Google SketchUp Pro 7 (Version: 2.0.8657)
Google SketchUp Pro 8 (Version: 3.0.14346)
Google Talk (remove only)
Google Talk Plugin (Version: 4.2.1.14031)
Google Update Helper (Version: 1.3.21.153)
Google Updater (Version: 2.4.2432.1652)
GPL Ghostscript (Version: 9.05)
GPL MPEG-1/2 DirectShow Decoder Filter (Version: 0.1.2)
Gravit 0.4.2
GravitySimulator 2.0.000 (Version: 1.1.104)
Gtk+ Runtime Environment 2.10.11-1 (Version: 2.10.11-1)
gtkmm Runtime Environment 2.10 (Version: 2.10.11-1)
Hearts of Iron 2
Hearts of Iron III
HiJackThis (Version: 1.0.0)
holmes state agents (HKCU Version: 1.0.0.1)
Homeworld2
HTC BMP USB Driver (Version: 1.0.5375)
HTC Driver Installer (Version: 3.0.0.021)
HTC Sync (Version: 3.2.10)
iCloud (Version: 1.0.2.17)
ImgBurn (Version: 2.4.4.0)
Impulse (Version: 1.0)
In Nomine 3.2
Indigo Renderer v3.4.18 (Version: 3.4.18)
InfraRecorder
Inkscape 0.48.2 (Version: 0.48.2)
iTudou 2.6.3.4 (Version: 2.6.3.4)
iTunes (Version: 10.7.0.21)
IVONA 2 (Version: 1.6.30)
IVONA ControlCenter (Version: 1.0.21)
IVONA MiniReader
IVONA Reader
iWebcamera (Version: 2.0.0)
Jahplayer
Jahshaka
Java 7 Update 17 (Version: 7.0.170)
Java Auto Updater (Version: 2.1.9.0)
Java 6 Update 26 (Version: 6.0.260)
Java 6 Update 7 (Version: 1.6.0.70)
JDownloader
Junk Mail filter update (Version: 15.4.3502.0922)
Kaspersky Anti-Virus 2013 (Version: 13.0.1.4190)
kuler (Version: 2.0)
LG PC Suite (Version: 1.00.0000)
LG USB Modem driver (Version: 4.8.1)
Ligand Explorer
LimeWire 5.1.2 (Version: 5.1.2)
Macro Express 3 (Version: 3.0)
Magic ISO Maker v5.5 (build 0274)
MagicDisc 2.7.105
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Map Generator (Version: 1.0.0)
Mass Effect (Version: 1.00)
Mass Effect 2 (Version: 1.00)
McAfee Security Scan Plus (Version: 3.0.318.3)
Media Player Max 1.0.0.3
mediaWiki 1.15.0 (Version: 1.15.0-1)
Mesh Runtime (Version: 15.4.5722.2)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft .NET Framework 4 Multi-Targeting Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools (Version: 2.0.50217.0)
Microsoft ASP.NET MVC 2 (Version: 2.0.50217.0)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.88.0)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0)
Microsoft Help Viewer 1.1 (Version: 1.1.40219)
Microsoft Keyboard Layout Creator 1.4 (Version: 1.4.6000)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Live Add-in 1.3 (Version: 2.0.2313.0)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Standard 2007 (Version: 12.0.6612.1000)
Microsoft Office Word Add-in For MediaWiki (Version: 1.0.0)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Reader
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Silverlight 3 SDK (Version: 3.0.40818.0)
Microsoft Silverlight 4 SDK (Version: 4.0.50826.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Common Files (Version: 10.0.1600.22)
Microsoft SQL Server 2008 Common Files (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Database Engine Services (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Database Engine Shared (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Native Client (Version: 10.1.2531.0)
Microsoft SQL Server 2008 R2 Data-Tier Application Framework (Version: 10.50.1750.9)
Microsoft SQL Server 2008 R2 Data-Tier Application Project (Version: 10.50.1750.9)
Microsoft SQL Server 2008 R2 Management Objects (Version: 10.50.1750.9)
Microsoft SQL Server 2008 R2 Transact-SQL Language Service (Version: 10.50.1750.9)
Microsoft SQL Server 2008 RsFx Driver (Version: 10.1.2531.0)
Microsoft SQL Server 2008 Setup Support Files (Version: 10.1.2731.0)
Microsoft SQL Server Compact 3.5 SP2 ENU (Version: 3.5.8080.0)
Microsoft SQL Server Database Publishing Wizard 1.4 (Version: 10.1.2512.8)
Microsoft SQL Server Management Studio Express (Version: 9.00.2047.00)
Microsoft SQL Server Native Client (Version: 9.00.3042.00)
Microsoft SQL Server System CLR Types (Version: 10.50.1750.9)
Microsoft SQL Server VSS Writer (Version: 10.1.2531.0)
Microsoft Sync Framework Runtime v1.0 SP1 (x86) (Version: 1.0.3010.0)
Microsoft Sync Framework SDK v1.0 SP1 (Version: 1.0.3010.0)
Microsoft Sync Framework Services v1.0 SP1 (x86) (Version: 1.0.3010.0)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x86) (Version: 2.0.3010.0)
Microsoft Team Foundation Server 2010 Object Model - ENU (Version: 10.0.40219)
Microsoft Visual Basic 2010 Express - ENU (Version: 10.0.40219)
Microsoft Visual C++ Compilers 2010 Standard - enu - x86 (Version: 10.0.40219)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (Version: 9.0.30411)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual F# 2.0 Runtime (Version: 10.0.40219)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (Version: 10.0.40219)
Microsoft Visual Studio 2010 Office Developer Tools (x86) (Version: 10.0.40219)
Microsoft Visual Studio 2010 Performance Collection Tools SP1 - ENU (Version: 10.0.40219)
Microsoft Visual Studio 2010 Service Pack 1 (Version: 10.0.40219)
Microsoft Visual Studio 2010 SharePoint Developer Tools (Version: 10.0.40219)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (Version: 10.0.40303)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (Version: 10.0.40308)
Microsoft Visual Studio 2010 Ultimate - ENU (Version: 10.0.30319)
Microsoft Visual Studio 2010 Ultimate - ENU (Version: 10.0.40219)
Microsoft Visual Studio Macro Tools (Version: 9.0.30729)
Microsoft Web Platform Installer 2.0 RC (Version: 2.0.5)
Microsoft Works (Version: 9.7.0621)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0)
Microsoft XNA Framework Redistributable 3.0 (Version: 3.0.11010.0)
MIKSOFT Mobile Media Converter
Mirror's Edge™ (Version: 1.0.1.0)
MobileMe Control Panel (Version: 3.1.8.0)
Mozilla Firefox 22.0 (x86 en-US) (Version: 22.0)
Mozilla Maintenance Service (Version: 22.0)
MPICH2 (Version: 1.3)
MSVCRT (Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
msxml4 (Version: 1.0.0)
My POS (Version: 2.4.2)
Nero 9 Lite
Nero ControlCenter (Version: 9.0.0.1)
Nero Installer (Version: 4.4.9.0)
Nero Online Upgrade (Version: 1.3.0.0)
Nero StartSmart (Version: 9.4.31.100)
neroxml (Version: 1.0.0)
NETGEAR WNA3100 wireless USB 2.0 adapter (Version: 1.01.206)
NormalMapper 1.2 (Version: 1.2)
Norton 360 (Version: 2.0.0.242)
Norton Security Scan (Version: 2.7.3.34)
Norton Utilities (Version: 14.5)
Npgsql 2.0.5 (Version: 2.0.5-1)
NVIDIA 3D Vision Controller Driver 314.22 (Version: 314.22)
NVIDIA Control Panel 314.22 (Version: 314.22)
NVIDIA Graphics Driver 314.22 (Version: 314.22)
NVIDIA Install Application (Version: 2.1002.115.743)
NVIDIA PhysX (Version: 9.12.1031)
NVIDIA PhysX System Software 9.12.1031 (Version: 9.12.1031)
NVIDIA Update 1.12.12 (Version: 1.12.12)
NVIDIA Update Components (Version: 1.12.12)
O2 Connection Manager (Version: 3.3.25)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
OpenLibraries
OpenOffice.org 3.0 (Version: 3.0.9379)
Outerra - Anteworld - Outerra Anteworld Demo (Version: "0.7.11-2982")
Paint.NET v3.5.8 (Version: 3.58.0)
Pazera Free MP4 to AVI Converter 1.6 (Version: 1.6)
PDF Settings CS4 (Version: 9.0)
PdfCompressor 5.0 Professional (Version: 5.0)
pgJDBC 8.4-701 (Version: 8.4-701-1)
Photoshop Camera Raw (Version: 5.0)
PHP 5.3.0 (Version: 5.3.0)
phpBB 3.0.5 (Version: 3.0.5-1)
phpPgAdmin 4.2.2 (Version: 4.2.2)
Pixel Bender Toolkit (Version: 1.0)
PlanetGen (Version: 4.0)
Poser Pro
PostgreSQL 8.4 (Version: 8.4)
PostgreSQL OLE DB Provider (Version: 1.0.0.20)
Power2Go (Version: 5.6.3321a)
psqlODBC 08.04.0100 (Version: 08.04.0100-1)
PStill PostScript to PDF Converter (remove only)
pstoedit and importps 3.60 (Version: 3.60)
PyMOL (32 bit) (Version: 1.3.0.0)
Python 2.6 (Version: 2.6.150)
QuickTime (Version: 7.72.80.56)
ReaConverter 5.5 Pro
RealDownloader (Version: 1.3.1)
RealFlow (Version: 4.00.0081)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0)
RealPlayer (Version: 16.0.0)
Realtek 8169 8168 8101E 8102E Ethernet Driver (Version: 1.00.0000)
Realtek High Definition Audio Driver (Version: 6.0.1.5624)
RealUpgrade 1.1 (Version: 1.1.0)
Replay Media Catcher 4 (4.3.2) (Version: 4.3.2)
Roleplaying City Map Generator 5.40 (Version: 5.4.0.0)
RoR for PostgreSQL and EnterpriseDB (Version: 1.8.5.22)
Scribus 1.3.3.13 (Version: 1.3.3.13)
Scribus 1.4.0 (Version: 1.4.0)
Segoe UI (Version: 15.4.2271.0615)
Service Pack 1 for SQL Server 2008 (KB968369) (Version: 10.1.2531.0)
Sid Meier's Civilization 4 (Version: 1.00.0000)
Sid Meier's Civilization 4 (Version: 1.74)
SimCity™ Societies (Version: 1.0.0.0)
SimVector 4.6 (Version: 4.6)
Sins of a Solar Empire
Sins of a Solar Empire (Version: 1.16.051)
SkyMonk Client (Version: 1.41)
Skype™ 6.3 (Version: 6.3.107)
Slony 2.0.2 (Version: 2.0.2-1)
SolveigMM AVI Trimmer (Version: 2.0.1204.27)
Sophos Anti-Rootkit 1.5.20 (Version: 1.5.20)
Sp5 (Version: 5.1.4324.0)
Sp5Intl (Version: 5.1.4324.0)
Sp5TTInt (Version: 5.1.4324.0)
SpaceMonger 2.1.1 (Version: 2.1.1)
Spare Messaging (Version: 1.00.0000)
SpCommon (Version: 5.1.4324.0)
SPORE™ (Version: 1.05.0001)
SPORE™ Creepy & Cute Parts Pack (Version: 1.00.0000)
SPORE™ Galactic Adventures (Version: 1.01.0001)
SpPhones (Version: 6.0.3122.0)
Spyware Doctor 7.0 (Version: 7.0)
Sql Server Customer Experience Improvement Program (Version: 10.1.2531.0)
Steam (Version: 1.0.0.0)
Strawberry Perl (Version: 5.10.257)
Suite Shared Configuration CS4 (Version: 1.0)
Supreme Ruler 2020 5.05.08
Swirl GIS View 1.0
Synfig Core (Version: 0.61.09)
Synfig Studio (Version: 0.61.09)
System Requirements Lab
Terragen (Version: 0.9.43)
Terragen 2 Free Edition (Beta) (Version: 1.10.23)
Terragen 2 Free Edition (Version: 2.0.3)
TextPad 6 (Version: 6.1.3)
The Sims 2
The Sims™ 3 (Version: 1.12.70)
TileMage 2.0.1
Toolbar Cleaner 1.0
TreeView 1.6.6
TrueCrypt (Version: 7.1a)
Trust Tablet Driver
Turbo Squid Tentacles 3ds Max 2009 32-bit (Version: 3.2.0)
Ubisoft Game Launcher (Version: 1.0.0.0)
UniConvertor (Version: 1.1.5)
Universal Document Converter (Version: 4.2)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB2836940) (Version: 1)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2817563) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
Vextractor 5.20 Demo (Version: 5.20)
Victoria 2
Victoria 4.2 Morphs++ (Version: ps_pe070_V4Morphs)
Victoria 4.2 Morphs++ DAZ Studio Content (Version: ps_pe070_V4MorphsDS)
Victoria II A House Divided version 2.31 (Version: 2.31)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (Version: 4.0.8080.0)
VLC media player 1.0.5 (Version: 1.0.5)
VoiceOver Kit (Version: 1.42.128.0)
VST Bridge 1.1
Vue 8 (Version: 8)
Vuze (Version: 4.8)
Wacom (Version: 5.3.2-1)
WCF RIA Services V1.0 SP1 (Version: 4.1.60114.0)
Web Deployment Tool (Version: 1.1.0618)
WebTablet FB Plugin 32 bit (Version: 2.1.0.2)
WIBU-KEY Setup (WIBU-KEY Remove) (Version: Version 5.20b of 2007-Apr-18 (Setup))
Wilbur 1.65 (32-bit) (Version: 1.65)
Wilbur 1.76 (32-bit) (Version: 1.76)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3508.1109)
Windows Live Family Safety (Version: 15.4.3502.0922)
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3502.0922)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Windows Mobile Device Updater Component (Version: 04.08.2345.00)
Windows Resource Kit Tools - SubInAcl.exe (Version: 5.2.3790.1164)
WinRAR 4.00 beta 7 (32-bit) (Version: 4.00.7)
WinZip 12.0 (Version: 12.0.8252)
World Machine 2 Basic Edition
x264vfw - H.264/MPEG-4 AVC codec (remove only)
XFLR5 v5.00
Xilisoft DVD Creator 6 (Version: 6.0.6.0326)
Xiph QuickTime Components
xNormal 3.16.10
xNormal 3.17.2
Xvid 1.2.1 final uninstall (Version: 1.2)
Yahoo! Messenger
Yahoo! Toolbar
YTD Toolbar v7.2 (Version: 7.2)
YTD Video Downloader 3.9.2
ZBrush3 (Version: 3.01.0001)
Zune (Version: 04.08.2345.00)
Zune Language Pack (CHS) (Version: 04.08.2345.00)
Zune Language Pack (CHT) (Version: 04.08.2345.00)
Zune Language Pack (CSY) (Version: 04.08.2345.00)
Zune Language Pack (DAN) (Version: 04.08.2345.00)
Zune Language Pack (DEU) (Version: 04.08.2345.00)
Zune Language Pack (ELL) (Version: 04.08.2345.00)
Zune Language Pack (ESP) (Version: 04.08.2345.00)
Zune Language Pack (FIN) (Version: 04.08.2345.00)
Zune Language Pack (FRA) (Version: 04.08.2345.00)
Zune Language Pack (HUN) (Version: 04.08.2345.00)
Zune Language Pack (IND) (Version: 04.08.2345.00)
Zune Language Pack (ITA) (Version: 04.08.2345.00)
Zune Language Pack (JPN) (Version: 04.08.2345.00)
Zune Language Pack (KOR) (Version: 04.08.2345.00)
Zune Language Pack (MSL) (Version: 04.08.2345.00)
Zune Language Pack (NLD) (Version: 04.08.2345.00)
Zune Language Pack (NOR) (Version: 04.08.2345.00)
Zune Language Pack (PLK) (Version: 04.08.2345.00)
Zune Language Pack (PTB) (Version: 04.08.2345.00)
Zune Language Pack (PTG) (Version: 04.08.2345.00)
Zune Language Pack (RUS) (Version: 04.08.2345.00)
Zune Language Pack (SVE) (Version: 04.08.2345.00)

==================== Restore Points =========================

03-06-2013 18:34:34 Scheduled Checkpoint
04-06-2013 17:21:58 Windows Update
08-06-2013 15:31:46 Scheduled Checkpoint
08-06-2013 16:46:15 Windows Update
09-06-2013 13:21:51 Scheduled Checkpoint
10-06-2013 17:47:21 Scheduled Checkpoint
11-06-2013 18:01:20 Windows Update
12-06-2013 17:17:25 Windows Update
14-06-2013 19:00:09 Scheduled Checkpoint
15-06-2013 22:04:01 Scheduled Checkpoint
16-06-2013 12:15:36 Scheduled Checkpoint
18-06-2013 19:52:03 Windows Update
19-06-2013 18:04:15 Scheduled Checkpoint
20-06-2013 19:09:33 Scheduled Checkpoint
22-06-2013 09:21:06 Scheduled Checkpoint
25-06-2013 21:38:17 Scheduled Checkpoint
26-06-2013 18:08:42 Scheduled Checkpoint
27-06-2013 18:35:37 Scheduled Checkpoint
03-07-2013 20:54:18 Scheduled Checkpoint
04-07-2013 17:57:05 Scheduled Checkpoint
09-07-2013 19:10:13 Scheduled Checkpoint
09-07-2013 23:21:05 Windows Update
10-07-2013 21:54:38 Scheduled Checkpoint
11-07-2013 18:06:28 Scheduled Checkpoint
12-07-2013 17:36:14 Windows Update
13-07-2013 22:14:49 Scheduled Checkpoint
14-07-2013 14:24:43 Windows Update
15-07-2013 05:31:48 First Restore Point
15-07-2013 05:45:47 Device Driver Package Install: Kaspersky Lab Network Service
15-07-2013 06:06:46 First Restore Point
15-07-2013 06:09:54 First Restore Point
15-07-2013 06:14:57 First Restore Point

==================== Hosts content: ==========================

2006-11-02 11:23 - 2012-07-07 17:58 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {014C9302-7F0F-4FAF-9D56-0829DA7D9A85} - System32\Tasks\ReclaimerUpdateXML_felipe => C:\Users\felipe\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe [2013-06-18] (RealNetworks, Inc.)
Task: {096D40A7-92AF-40B7-86C8-24AF0F468AEA} - System32\Tasks\GoforFilesUpdate => C:\Program Files\GoforFiles\GFFUpdater.exe No File
Task: {179EB459-4A3B-4CE4-A785-DA6ED2A0931F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-03] (Google Inc.)
Task: {1A458FC8-9029-443B-BAD1-D5A7E56490F4} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\schtasks.exe [2008-01-21] (Microsoft Corporation)
Task: {1BAA6F43-E34F-419C-B1D6-26760288EDCD} - System32\Tasks\{5F8F0589-5CDA-475E-BA94-EB4D885812C3} => c:\program files\google\chrome\application\chrome.exe [2013-07-12] (Google Inc.)
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {205F61AC-A62E-4AF8-858B-93CF55360223} - System32\Tasks\{50B9DFD3-BEF6-4D22-BE1A-79FFDF63FE4F} => c:\program files\google\chrome\application\chrome.exe [2013-07-12] (Google Inc.)
Task: {2D8C04CE-F2D2-4F99-9CD4-41CACD2547C5} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task
Task: {2E5B9082-1DEC-4BA4-AEF8-7DF7DD258AFF} - System32\Tasks\ReclaimerUpdateFiles_felipe => C:\Users\felipe\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe [2013-06-18] (RealNetworks, Inc.)
Task: {30CDE820-7FC9-4693-99B6-944BCE5BF6F9} - System32\Tasks\RealCreateProcessScheduledTask40771875S-1-5-21-3758605009-2065631798-276496836-1000 => c:\program files\real\realplayer\update\realsched.exe [2013-04-10] (RealNetworks, Inc.)
Task: {30FE5FCA-0479-4BF4-8696-451ADF658690} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3758605009-2065631798-276496836-1000Core => C:\Users\felipe\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-20] (Google Inc.)
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3318696D-BCF3-4B8A-9E4C-D89BD6A2AC39} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\System32\sdclt.exe [2010-12-14] (Microsoft Corporation)
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {429AC2FB-18BC-4202-A68A-1EC2B9FDCB4C} - System32\Tasks\{2F67C1B5-C39B-4914-BC4E-4C94014BB958} => c:\program files\google\chrome\application\chrome.exe [2013-07-12] (Google Inc.)
Task: {446830F4-9CBA-4090-A964-8B172420069E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-03] (Google Inc.)
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {46A3BC09-A5DB-4AC7-AC52-0A5A00D0690D} - System32\Tasks\{63F01585-A418-451C-A39B-341F8B47BBC7} => c:\program files\google\chrome\application\chrome.exe [2013-07-12] (Google Inc.)
Task: {48523AC0-B2C9-4954-A3FB-AA8246A6A772} - System32\Tasks\Microsoft\Windows\Defrag\ManualDefrag => C:\Windows\system32\defrag.exe [2008-01-21] (Microsoft Corp.)
Task: {4B45F93B-04A2-4F26-B993-D02677338CC2} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-3758605009-2065631798-276496836-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {4E776774-2715-41A5-9FAD-8FBB912D2A7D} - System32\Tasks\RNUpgradeHelperLogonPrompt_felipe => C:\Users\felipe\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe [2013-06-18] (RealNetworks, Inc.)
Task: {509A278E-7C51-447B-843B-4ED7C0110EEB} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2006-11-02] (Microsoft Corporation)
Task: {5892B553-01B5-4E6A-B7A0-BBC5D4C86A5D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3758605009-2065631798-276496836-1000UA => C:\Users\felipe\AppData\Local\Google\Update\GoogleUpdate.exe [2013-02-20] (Google Inc.)
Task: {58A4468E-6049-4550-8EC3-E517E9341678} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3758605009-2065631798-276496836-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {5A24FF15-9A62-4353-977A-EF6CE773B7A2} - System32\Tasks\{066B6E82-BCA0-4251-A5BC-3AE17CABA616} => c:\program files\google\chrome\application\chrome.exe [2013-07-12] (Google Inc.)
Task: {5B3DF638-A886-4F6C-818F-E9601429BF13} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files\Ask.com\UpdateTask.exe No File
Task: {68957E5E-02F8-4A61-A584-06F072C219BE} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3758605009-2065631798-276496836-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {6BBB4312-74CD-4C51-80F2-CB80AD0E248C} - System32\Tasks\{7056DFC5-3658-415A-B334-0785EDFA42AA} => C:\Program Files\Skype\Phone\Skype.exe [2013-04-19] (Skype Technologies S.A.)
Task: {6F644976-AF84-4A09-87A3-C7005BFBE0C9} - System32\Tasks\RNUpgradeHelperResumePrompt_felipe => C:\Users\felipe\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe [2013-06-18] (RealNetworks, Inc.)
Task: {7E8007FC-9A5B-4234-A7F4-07CAD739D881} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {811A8C53-3E6B-4FD7-B3AA-839DEDECACD3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-11] (Adobe Systems Incorporated)
Task: {822C53F8-89AC-4622-B842-7F27A7DC68A7} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => c:\program files\windows defender\MpCmdRun.exe [2008-01-21] ()
Task: {8D43EAF6-64BA-438C-A577-2796D29EF46C} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-3758605009-2065631798-276496836-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {9A380460-87EB-46E4-8E6E-F1BBAD7A848F} - System32\Tasks\Microsoft\Windows\WindowsBackup\CheckFull => C:\Windows\System32\sdclt.exe [2010-12-14] (Microsoft Corporation)
Task: {9B3253B6-5A2C-4725-B0D9-6509EF28C032} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3758605009-2065631798-276496836-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {A61555D3-7840-45C1-A5A9-0D49851DE37A} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-21] (Microsoft Corporation)
Task: {C255B41B-C7EE-46E6-A892-781B08D13BEC} - System32\Tasks\Google Software Updater => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-09-13] (Google)
Task: {C8071B02-69E3-427F-809C-58C31C6B7840} - System32\Tasks\Norton Security Scan for felipe => C:\Program Files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-08-24] (Symantec Corporation)
Task: {DAEBE273-B4BC-4E23-8906-6ED3B769E08C} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3758605009-2065631798-276496836-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2013-03-06] (RealNetworks, Inc.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: {E939840F-0C17-4B3B-AFB7-4795FC181A42} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe [2012-04-01] ()
Task: {F6A3619D-738C-4A3A-B3AE-53E1BD8081AF} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3758605009-2065631798-276496836-1000 => C:\Program Files\RealNetworks\RealDownloader\recordingmanager.exe [2013-03-06] (RealNetworks, Inc.)
Task: {F9DD1863-2A41-4EF5-A958-4020FC555E43} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2008-01-21] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Google Software Updater.job => C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3758605009-2065631798-276496836-1000Core.job => C:\Users\felipe\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3758605009-2065631798-276496836-1000UA.job => C:\Users\felipe\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Norton Security Scan for felipe.job => C:\Program Files\Norton Security Scan\Engine\2.7.3.34\Nss.exe
Task: C:\Windows\Tasks\ReclaimerUpdateFiles_felipe.job => C:\Users\felipe\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe
Task: C:\Windows\Tasks\ReclaimerUpdateXML_felipe.job => C:\Users\felipe\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe
Task: C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_felipe.job => C:\Users\felipe\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\rnupgagent.exe

==================== Faulty Device Manager Devices =============

Name: Microsoft ISATAP Adapter #7
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

==================== Event log errors: =========================

Application errors:
==================
Error: (07/15/2013 07:24:02 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.

Error: (07/15/2013 07:19:25 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.

Error: (07/15/2013 07:19:25 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.

Error: (07/15/2013 07:14:55 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {2350f8e7-57d8-4122-aa62-36b1ac8f143d}

Error: (07/15/2013 07:09:46 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {2350f8e7-57d8-4122-aa62-36b1ac8f143d}

Error: (07/15/2013 07:06:42 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {2350f8e7-57d8-4122-aa62-36b1ac8f143d}

Error: (07/15/2013 06:49:39 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.

Error: (07/15/2013 06:49:39 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.

Error: (07/15/2013 06:31:20 AM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005.
This is often caused by incorrect security settings in either the writer or requestor process.

Operation:
   Gathering Writer Data

Context:
   Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
   Writer Name: System Writer
   Writer Instance ID: {2350f8e7-57d8-4122-aa62-36b1ac8f143d}

Error: (07/15/2013 06:31:01 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="*",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

System errors:
=============
Error: (07/15/2013 07:29:30 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: 0x80070643Definition Update for Windows Defender - KB915597 (Definition 1.153.1833.0){F024C6B9-09D1-4E35-86E9-714A3E8EBC85}200

Error: (07/15/2013 06:32:46 AM) (Source: Service Control Manager) (User: )
Description: Windows Update

Error: (07/15/2013 06:30:16 AM) (Source: Service Control Manager) (User: )
Description: NVIDIA Update Service Daemon%%1069

Error: (07/15/2013 06:30:16 AM) (Source: Service Control Manager) (User: )
Description: nvUpdatusService.\UpdatusUser%%1330

Error: (07/15/2013 06:27:44 AM) (Source: Service Control Manager) (User: )
Description: i8042prt

Error: (07/15/2013 06:27:44 AM) (Source: Service Control Manager) (User: )
Description: Windows Firewall5 (0x5)

Error: (07/15/2013 06:02:15 AM) (Source: Service Control Manager) (User: )
Description: NVIDIA Update Service Daemon%%1069

Error: (07/15/2013 06:02:15 AM) (Source: Service Control Manager) (User: )
Description: nvUpdatusService.\UpdatusUser%%1330

Error: (07/15/2013 05:59:05 AM) (Source: Service Control Manager) (User: )
Description: i8042prt

Error: (07/15/2013 05:59:05 AM) (Source: Service Control Manager) (User: )
Description: Norton 360%%1053

Microsoft Office Sessions:
=========================
Error: (04/29/2013 00:36:38 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 22886 seconds with 2880 seconds of active time. This session ended with a crash.

Error: (04/11/2013 01:27:20 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 24519 seconds with 120 seconds of active time. This session ended with a crash.

Error: (04/03/2013 01:14:44 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 10251 seconds with 0 seconds of active time. This session ended with a crash.

Error: (01/13/2013 03:03:48 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 16218 seconds with 2640 seconds of active time. This session ended with a crash.

Error: (05/01/2012 02:11:06 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 26512 seconds with 1500 seconds of active time. This session ended with a crash.

Error: (04/10/2012 00:42:16 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 5167 seconds with 900 seconds of active time. This session ended with a crash.

Error: (04/02/2012 02:02:42 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 22592 seconds with 120 seconds of active time. This session ended with a crash.

Error: (03/19/2012 03:32:14 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 23789 seconds with 0 seconds of active time. This session ended with a crash.

Error: (09/21/2011 03:52:45 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 16866 seconds with 3360 seconds of active time. This session ended with a crash.

Error: (06/17/2011 09:32:15 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2273 seconds with 1380 seconds of active time. This session ended with a crash.

CodeIntegrity Errors:
===================================
Date: 2013-07-15 19:13:46.391
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\kneps.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-07-15 19:13:46.049
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\kneps.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-07-15 19:13:45.792
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\kneps.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-07-15 19:13:45.540
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\kneps.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-07-15 19:13:45.228
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\kltdi.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-07-15 19:13:44.958
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\kltdi.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-07-15 19:13:44.713
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\kltdi.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-07-15 19:13:44.464
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\kltdi.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-07-15 19:13:44.168
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\klmouflt.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-07-15 19:13:43.872
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\klmouflt.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 68%
Total physical RAM: 3325.45 MB
Available physical RAM: 1044.36 MB
Total Pagefile: 9244.48 MB
Available Pagefile: 5843.69 MB
Total Virtual: 2047.88 MB
Available Virtual: 1902.04 MB

==================== Drives ================================

Drive c: (Vista) (Fixed) (Total:455.02 GB) (Free:46.06 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:465.76 GB) (Free:377.57 GB) NTFS
Drive f: (Bamboo CD) (CDROM) (Total:0.06 GB) (Free:0 GB) CDFS
Drive k: (HD-LBU2) (Fixed) (Total:931.51 GB) (Free:549.31 GB) NTFS
Drive s: (System) (Fixed) (Total:1.46 GB) (Free:1.42 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: DD555DE6)
Partition 1: (Not Active) - (Size=9 GB) - (Type=27)
Partition 2: (Active) - (Size=1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=455 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: F004AD94)
Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 932 GB) (Disk ID: D0256E16)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

==================== End Of Log ============================

kevinf80 · July 15, 2013

I see you`ve been dealing with ZeroAccess, still remnants to sort out....

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST/FRST64 and press the Fix button just once and wait.

The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

Next,

Delete any versions of Combofix that you may have on your system, download a fresh copy from the following link :-

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Ensure that Combofix is saved directly to the Desktop <--- Very important do not save it anywhere else!!
Disable all security programs as they will have a negative effect on Combofix, instructions available here http://www.bleepingcomputer.com/forums/topic114351.html if required. Be aware the list may not have all programs listed, if you need more help please ask.
Close any open browsers and any other programs you might have running
Double click the icon to run the tool (Vista or Windows 7 users right click and select "Run as Administrator)
Instructions for running Combofix available here http://www.bleepingcomputer.com/combofix/how-to-use-combofix if required.
If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?" Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
When finished, it will produce a report for you. Please post the "C:\ComboFix.txt" for further review

****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.

Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell us when you reply. Read here http://thespykiller.co.uk/index.php?page=20 why disabling autoruns is recommended.

*EXTRA NOTES*

If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
If Combofix reboot's due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the logs in next reply please...

Kevin

fixlist.txt

zhar2 · July 15, 2013

I also ran Rogue killer and got this:

it seems to have deleted some key registry stuff, but im getting a few key registry errors, shall i run combofix still?

¤¤¤ Entrees de registre: 2 ¤¤¤
[ZeroAccess] HKCR\[...]\InprocServer32 : (\\.\globalroot\systemroot\Installer\{848ec4ef-b4fb-6501-ab69-678738a3a5c6}\n.) -> REPLACED (c:\windows\system32\wbem\wbemess.dll)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Fichiers / Dossiers particuliers: ¤¤¤
[ZeroAccess][FILE] n : c:\windows\installer\{848ec4ef-b4fb-6501-ab69-678738a3a5c6}\n --> REMOVED
[ZeroAccess][FILE] @ : c:\windows\installer\{848ec4ef-b4fb-6501-ab69-678738a3a5c6}\@ --> REMOVED AT REBOOT
[Del.Parent][FILE] 00000001.@ : c:\windows\installer\{848ec4ef-b4fb-6501-ab69-678738a3a5c6}\U\00000001.@ --> REMOVED
[Del.Parent][FILE] 80000000.@ : c:\windows\installer\{848ec4ef-b4fb-6501-ab69-678738a3a5c6}\U\80000000.@ --> REMOVED
[Del.Parent][FILE] 800000cb.@ : c:\windows\installer\{848ec4ef-b4fb-6501-ab69-678738a3a5c6}\U\800000cb.@ --> REMOVED
[ZeroAccess][FOLDER] U : c:\windows\installer\{848ec4ef-b4fb-6501-ab69-678738a3a5c6}\U --> REMOVED
[ZeroAccess][FILE] n : c:\documents and settings\tigzy\local settings\application data\{848ec4ef-b4fb-6501-ab69-678738a3a5c6}\n --> REMOVED
[ZeroAccess][FILE] @ : c:\documents and settings\tigzy\local settings\application data\{848ec4ef-b4fb-6501-ab69-678738a3a5c6}\@ --> REMOVED

¤¤¤ Driver: [CHARGE] ¤¤¤
SSDT[98] : NtLoadKey @ 0x8061C482 -> HOOKED (Unknown @ 0xF8CD30E2)
SSDT[122] : NtOpenProcess @ 0x805C1296 -> HOOKED (Unknown @ 0xF8CD30B0)
SSDT[128] : NtOpenThread @ 0x805C1522 -> HOOKED (Unknown @ 0xF8CD30B5)
SSDT[193] : NtReplaceKey @ 0x8061C332 -> HOOKED (Unknown @ 0xF8CD30EC)
SSDT[204] : NtRestoreKey @ 0x8061BC3E -> HOOKED (Unknown @ 0xF8CD30E7)

¤¤¤ Infection : ZeroAccess ¤¤¤
[...]

Type d'examen: Examen complet
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 189868
Temps écoulé: 7 minute(s), 1 seconde(s)

Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 1
HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> Mis en quarantaine et supprimé avec succès.

Valeur(s) du Registre détectée(s): 1
HKCU\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Données: C:\Documents and Settings\tigzy\Local Settings\Application Data\{848ec4ef-b4fb-6501-ab69-678738a3a5c6}\n. -> Mis en quarantaine et supprimé avec succès.

Elément(s) de données du Registre détecté(s): 0
(Aucun élément nuisible détecté)

Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)

Fichier(s) détecté(s): 5
C:\Documents and Settings\tigzy\Bureau\LogicielsDesinfection\HideProc(v1.0)\HideProcDrv.sys (Rootkit.Agent) -> Aucune action effectuée.
C:\Documents and Settings\tigzy\Bureau\RK_Quarantine\00000001.@.vir (Trojan.Small) -> Mis en quarantaine et supprimé avec succès.
C:\Documents and Settings\tigzy\Bureau\RK_Quarantine\80000000.@.vir (Trojan.Sirefef) -> Mis en quarantaine et supprimé avec succès.
C:\Documents and Settings\tigzy\Bureau\RK_Quarantine\800000cb.@.vir (Rootkit.0Access) -> Mis en quarantaine et supprimé avec succès.
C:\Documents and Settings\tigzy\Bureau\RK_Quarantine\n.vir (Trojan.Dropper.PE4) -> Mis en quarantaine et supprimé avec succès.

(fin)

zhar2 · July 15, 2013

error message

kevinf80 · July 15, 2013

ZeroAccess is known to create junctions in certain system files, if you are not careful you will end up with an unbootable system... You will note that Windows Defender has such a Junction, i`ve given you a fix to run with FRST, hopefully we can remove the junction before too much damage is done...

Why did you choose to ignore my instruction and run yet another tool, also I do not speak or understand French so have no idea what damage you`ve done. Maybe your best option is to Format your Hard drive and reinstall windows.

zhar2 · July 15, 2013

I am sorry i did that prior to receiving your instruction. but thank you.

zhar2 · July 15, 2013

I dont understand this step:

"Run FRST/FRST64 and press the Fix button just once and wait."

How do i do it?

zhar2 · July 15, 2013

i have run combo fix once before, how do i remove it, im sorry i dont want to make a mistake, btw after explorer crashed and restarted the registry error message stopped appearing and all seems fine (error wise)

Im assuming i have to uninstall it,

then run FRST/FRST64 (im assuming by pasting that in RUN, right? i tried it and got an error message aout the pathway being wrong.)

then install a fresh copy of combofix?

kevinf80 · July 15, 2013

I dont understand this step:
"Run FRST/FRST64 and press the Fix button just once and wait."
How do i do it?

You are running FRST from here: C:\Users\felipe\Downloads Your system is 32 bit version so you will be using FRST not FRST64. I attached a file named Fixlist.txt you must d/l that to the same folder as FRST. I did recommend that FRST was saved to the Desktop but you do not do that... No big deal as long as FRST and Fixlist.txt are n the same place.

Run FRST, from the GUI tap the Fix button just once and wait, FRST will create a new log on completon.

You have been running Combofix previously, I guess it will be in the same folder as FRST C:\Users\felipe\Downloads Navigate to that folder, right click on Combofix and select Delete. Download new version and run as I previously posted before.

zhar2 · July 15, 2013

Ok i understand, i am backing up all my working stock, my current work and data (minus executable and so on) before running the fix, just in case. i seriously appreciate your help thank you so much!

kevinf80 · July 15, 2013

I`m in the UK so will be online maybe 2 more hours....

zhar2 · July 15, 2013

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 14-07-2013
Ran by felipe at 2013-07-15 23:03:38 Run:1
Running from C:\Users\felipe\Downloads
Boot Mode: Normal

==============================================

"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed.

==== End of Fixlog ====

kevinf80 · July 15, 2013

Are you also following on with Combofix?

zhar2 · July 15, 2013

Yes its currently running , stage 4 atm.

kevinf80 · July 15, 2013

Ok, we like this...

zhar2 · July 15, 2013

Combofix rebooted my pc before creating a log, it deleted some files then rebooted

zhar2 · July 15, 2013

Preparing log im sorry. It did reboot, im just on edge lol

kevinf80 · July 15, 2013

you`re doin` just fine...

zhar2 · July 15, 2013

I havent posted the report becouse i am getting "Illegal operation attempted on registry key that has been marked for deletion"

Infected, cant access anti virus websites, install antivirus and even update antivirus

Recommended Posts

Link to post

Share on other sites

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Posted Images

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information