Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

BSOD, BSOD everywhere...


  • This topic is locked This topic is locked
20 replies to this topic

#1 medmelon

medmelon

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:39 PM

Posted 20 October 2013 - 11:33 AM

Hello Bleeping Computer!
 
Doing some "remote assistance" on my parents' computer, apparently BSOD is appearing as soon as Windows (win 7 64 bit) starts up, and then goes into endless BSOD-reset-BSOD loop. It won't start, not even in Safe Mode.
 
So first I tried to solve it myself with the BSOD code (0x74, BAD CONFIG SYSTEM INFO) and came across your website. Looking at similar cases, I booted with the command line, and run FRST64 to obtain the log. Took a look at it, there's some stuff that looks suspicious but to be honest I'm a bit out of my depth here, so I'd appreciate if you could give me a hand. I'm enclosing the txt log. Thanks!

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-10-2013
Ran by SYSTEM on MININT-0T5T4F7 on 20-10-2013 17:31:23
Running from J:\
Windows 7 Ultimate (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [lxcgmon.exe] - C:\Program Files (x86)\Lexmark 2300 Series\lxcgmon.exe [205744 2007-04-29] (Lexmark International, Inc.)
HKLM\...\Run: [EzPrint] - C:\Program Files (x86)\Lexmark 2300 Series\ezprint.exe [103344 2007-04-29] (Lexmark International Inc.)
HKLM\...\Run: [MSSE] - c:\Program Files\Microsoft Security Essentials\msseces.exe [1378528 2009-08-06] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-06-27] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Acrobat Assistant 7.0] - C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [483328 2004-12-13] (Adobe Systems Inc.)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-26] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-04-30] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-09-30] (Apple Inc.)
HKU\Casa\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20472992 2013-10-02] (Skype Technologies S.A.)
HKU\Casa\...\Run: [uTorrent] - C:\Users\Casa\AppData\Roaming\uTorrent\uTorrent.exe [902736 2013-10-17] (BitTorrent Inc.)
HKU\Casa\...\Run: [SearchProtection] - C:\Users\Casa\AppData\Roaming\Search Protection\SearchProtection.EXE [832360 2013-09-03] (Spigot, Inc.)
AppInit_DLLs-x32: c:\progra~3\browse~1\25976~1.107\{c16c1~1\mngr.dll [ ] ()

==================== Services (Whitelisted) =================

S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-06-27] (Advanced Micro Devices, Inc.)
S2 IBUpdaterService; C:\Windows\system32\dmwu.exe [1762608 2013-09-15] ()
S2 lxcg_device; C:\Windows\system32\lxcgcoms.exe [566704 2007-04-29] ( )
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S2 MsMpSvc; c:\Program Files\Microsoft Security Essentials\MsMpEng.exe [17400 2009-07-02] (Microsoft Corporation)
S2 Updater By Sweetpacks; C:\Program Files\Updater By Sweetpacks\ExtensionUpdaterService.exe [188760 2013-07-01] ()

==================== Drivers (Whitelisted) ====================

S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [164720 2009-06-18] (Microsoft Corporation)
S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-28] ()

========================== Drivers MD5 =======================

C:\Windows\System32\DRIVERS\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ACPI.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\agp440.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\aliide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\amdiox64.sys 6A2EEB0C4133B20773BB3DD0B7B377B4
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atikmdag.sys 37A897969B0082DBBBA7604A2149E7ED
C:\Windows\System32\DRIVERS\atikmpag.sys BD9DC4508A27CA893527A5F42CF9570F
C:\Windows\System32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdsata.sys 7A4B413614C055935567CF88A9734D38
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\amdxata.sys ==> MD5 is legit
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atapi.sys ==> MD5 is legit
C:\Windows\System32\drivers\AtihdW76.sys CBD14F698DEF12EE3557604B726CB8EB
C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys 4A6173C2279B498CD8F57CAE504564CB
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys EBCE0B0924835F635F620D19F0529DCE
C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fvevol.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\iaStorV.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\intelide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\isapnp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecpkg.sys ==> MD5 is legit
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mbam.sys 0BB97D43299910CBFBA59C461B99B910
C:\Windows\system32\drivers\mbam.sys 0BB97D43299910CBFBA59C461B99B910
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\MpFilter.sys 174A9F1F01F7A21AC5E5813D3FDDC0CE
C:\Windows\system32\DRIVERS\mpio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\MpNWMon.sys BA073A6810BA8F53EBC4AC2E4EEC61E1
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb10.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb20.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\msahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ASACPI.sys 03B7145C889603537E9FFEABB1AD1089
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nvraid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nvstor.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ohci1394.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys 9706B84DBABFC4B4CA46C5A82B14DFA3
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rt64win7.sys 4FBDA07EF0A3097CE14C5CABF723B278
C:\Windows\system32\DRIVERS\vms3cap.sys 88AF6E02AB19DF7FD07ECDF9C91E9AF6
C:\Windows\system32\DRIVERS\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv2.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srvnet.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vmstorfl.sys FFD7A6F15B14234B5B0E5D49E7961895
C:\Windows\system32\DRIVERS\storvsc.sys 8FCCBEFC5C440B3C23454656E551B09A
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tcpip.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpipreg.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbaapl64.sys C9E9D59C0099A9FF51697E9306A44240
C:\Windows\System32\drivers\usbaudio.sys 77B01BC848298223A95D4EC23E1785A1
C:\Windows\System32\DRIVERS\usbccgp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbehci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbhub.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbohci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS ==> MD5 is legit
C:\Windows\system32\DRIVERS\usbuhci.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbvideo.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\viaide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vmbus.sys 1501699D7EDA984ABC4155A7DA5738D1
C:\Windows\system32\DRIVERS\VMBusHID.sys AE10C35761889E65A6F7176937C5592C
C:\Windows\System32\DRIVERS\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\volsnap.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWow64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WUDFRd.sys ==> MD5 is legit

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-20 17:30 - 2013-10-20 17:30 - 00000000 ____D C:\FRST
2013-10-19 09:22 - 2013-10-19 13:39 - 02913223 _____ C:\Users\Casa\Desktop\sufrvivol.pptx
2013-10-17 12:24 - 2013-10-17 12:24 - 03789546 _____ C:\Users\Casa\Downloads\Outlook(8).zip
2013-10-12 09:01 - 2013-10-12 09:01 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-10-12 09:01 - 2013-10-12 09:01 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-12 09:01 - 2013-10-12 09:01 - 00000000 ____D C:\Program Files\iTunes
2013-10-12 09:01 - 2013-10-12 09:01 - 00000000 ____D C:\Program Files\iPod
2013-10-12 09:01 - 2013-10-12 09:01 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-10-12 09:01 - 2012-08-21 03:01 - 00033240 _____ (GEAR Software Inc.) C:\Windows\System32\Drivers\GEARAspiWDM.sys
2013-10-12 08:57 - 2013-10-12 08:57 - 00001845 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2013-10-12 08:57 - 2013-10-12 08:57 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-10-12 08:50 - 2013-10-12 08:50 - 00911534 _____ C:\Users\Casa\Downloads\Outlook(7).zip
2013-10-12 08:50 - 2013-10-12 08:50 - 00907255 _____ C:\Users\Casa\Downloads\Outlook(6).zip
2013-10-12 08:49 - 2013-10-12 08:49 - 00986603 _____ C:\Users\Casa\Downloads\Outlook(2).zip
2013-10-12 08:49 - 2013-10-12 08:49 - 00894690 _____ C:\Users\Casa\Downloads\Outlook(3).zip
2013-10-12 08:49 - 2013-10-12 08:49 - 00881376 _____ C:\Users\Casa\Downloads\Outlook(5).zip
2013-10-12 08:49 - 2013-10-12 08:49 - 00726957 _____ C:\Users\Casa\Downloads\Outlook(4).zip
2013-10-12 08:48 - 2013-10-12 08:48 - 00958748 _____ C:\Users\Casa\Downloads\Outlook.zip
2013-10-12 08:48 - 2013-10-12 08:48 - 00415367 _____ C:\Users\Casa\Downloads\Outlook(1).zip
2013-10-02 15:26 - 2013-10-02 15:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-27 09:30 - 2013-09-27 09:30 - 00000849 _____ C:\Users\Casa\Desktop\µTorrent.lnk
2013-09-27 09:30 - 2013-09-27 09:30 - 00000000 ____D C:\Users\Casa\AppData\Roaming\Search Protection
2013-09-25 11:24 - 2013-09-25 11:24 - 00000000 ____D C:\Windows\SysWOW64\jmdp
2013-09-25 11:24 - 2013-09-25 11:24 - 00000000 ____D C:\Windows\System32\ljkb_old

==================== One Month Modified Files and Folders =======

2013-10-20 17:30 - 2013-10-20 17:30 - 00000000 ____D C:\FRST
2013-10-19 15:16 - 2012-12-24 05:37 - 00000000 ____D C:\Users\Casa\AppData\Roaming\uTorrent
2013-10-19 15:16 - 2011-08-05 08:06 - 00000000 ____D C:\Users\Casa\AppData\Roaming\Skype
2013-10-19 15:16 - 2011-08-05 07:39 - 01711458 _____ C:\Windows\WindowsUpdate.log
2013-10-19 15:04 - 2011-08-06 03:40 - 00001096 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-19 14:04 - 2011-08-06 03:40 - 00001092 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-19 13:39 - 2013-10-19 09:22 - 02913223 _____ C:\Users\Casa\Desktop\sufrvivol.pptx
2013-10-19 01:35 - 2012-12-25 12:57 - 00003918 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{9CB8163C-BF27-494F-BDD8-57423A496C52}
2013-10-19 01:30 - 2009-07-13 21:13 - 00778150 _____ C:\Windows\System32\PerfStringBackup.INI
2013-10-19 01:26 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-19 01:26 - 2009-07-13 20:51 - 00104997 _____ C:\Windows\setupact.log
2013-10-18 14:57 - 2009-07-13 20:45 - 00010288 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-18 14:57 - 2009-07-13 20:45 - 00010288 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-17 12:30 - 2011-08-06 14:03 - 00000000 ____D C:\Program Files\Lx_cats
2013-10-17 12:24 - 2013-10-17 12:24 - 03789546 _____ C:\Users\Casa\Downloads\Outlook(8).zip
2013-10-15 13:59 - 2011-08-06 03:40 - 00004092 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-15 13:59 - 2011-08-06 03:40 - 00003840 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-14 07:03 - 2009-07-13 21:08 - 00032546 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-12 09:01 - 2013-10-12 09:01 - 00001783 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-10-12 09:01 - 2013-10-12 09:01 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-12 09:01 - 2013-10-12 09:01 - 00000000 ____D C:\Program Files\iTunes
2013-10-12 09:01 - 2013-10-12 09:01 - 00000000 ____D C:\Program Files\iPod
2013-10-12 09:01 - 2013-10-12 09:01 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-10-12 08:57 - 2013-10-12 08:57 - 00001845 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2013-10-12 08:57 - 2013-10-12 08:57 - 00000000 ____D C:\Program Files (x86)\QuickTime
2013-10-12 08:50 - 2013-10-12 08:50 - 00911534 _____ C:\Users\Casa\Downloads\Outlook(7).zip
2013-10-12 08:50 - 2013-10-12 08:50 - 00907255 _____ C:\Users\Casa\Downloads\Outlook(6).zip
2013-10-12 08:49 - 2013-10-12 08:49 - 00986603 _____ C:\Users\Casa\Downloads\Outlook(2).zip
2013-10-12 08:49 - 2013-10-12 08:49 - 00894690 _____ C:\Users\Casa\Downloads\Outlook(3).zip
2013-10-12 08:49 - 2013-10-12 08:49 - 00881376 _____ C:\Users\Casa\Downloads\Outlook(5).zip
2013-10-12 08:49 - 2013-10-12 08:49 - 00726957 _____ C:\Users\Casa\Downloads\Outlook(4).zip
2013-10-12 08:48 - 2013-10-12 08:48 - 00958748 _____ C:\Users\Casa\Downloads\Outlook.zip
2013-10-12 08:48 - 2013-10-12 08:48 - 00415367 _____ C:\Users\Casa\Downloads\Outlook(1).zip
2013-10-10 12:11 - 2011-08-05 08:05 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-10-10 12:11 - 2011-08-05 08:05 - 00000000 ____D C:\ProgramData\Skype
2013-10-03 14:04 - 2012-12-24 05:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-10-03 14:04 - 2011-08-06 11:24 - 00011342 _____ C:\Windows\PFRO.log
2013-10-03 12:51 - 2011-08-05 08:03 - 00000000 ____D C:\Users\Casa\AppData\Local\Mozilla
2013-10-03 12:50 - 2013-08-18 11:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox.bak
2013-10-02 15:26 - 2013-10-02 15:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-10-02 08:26 - 2013-07-28 01:55 - 00000868 _____ C:\Users\Casa\Desktop\Handbrake.lnk
2013-09-27 09:30 - 2013-09-27 09:30 - 00000849 _____ C:\Users\Casa\Desktop\µTorrent.lnk
2013-09-27 09:30 - 2013-09-27 09:30 - 00000000 ____D C:\Users\Casa\AppData\Roaming\Search Protection
2013-09-25 11:24 - 2013-09-25 11:24 - 00000000 ____D C:\Windows\SysWOW64\jmdp
2013-09-25 11:24 - 2013-09-25 11:24 - 00000000 ____D C:\Windows\System32\ljkb_old
2013-09-25 11:24 - 2013-07-28 01:57 - 00000000 ____D C:\Windows\SysWOW64\WNLT
2013-09-24 22:30 - 2013-07-28 01:57 - 00000000 ____D C:\Windows\SysWOW64\ARFC

Some content of TEMP:
====================
C:\Users\Casa\AppData\Local\Temp\amd_catalyst_11.6b_hotfix_win7_vista_july04.exe
C:\Users\Casa\AppData\Local\Temp\AskSLib.dll
C:\Users\Casa\AppData\Local\Temp\bundlesweetimsetup.exe
C:\Users\Casa\AppData\Local\Temp\firefoxjre_exe.exe
C:\Users\Casa\AppData\Local\Temp\ImationLOCKv229.exe
C:\Users\Casa\AppData\Local\Temp\mgsqlite3.dll
C:\Users\Casa\AppData\Local\Temp\SearchProtectionSetup.exe
C:\Users\Casa\AppData\Local\Temp\Shortcut_bundlesweetimsetup.exe
C:\Users\Casa\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Casa\AppData\Local\Temp\spacksyahoo_717_active.exe
C:\Users\Casa\AppData\Local\Temp\tbuTo0.dll
C:\Users\Casa\AppData\Local\Temp\tmp6853.exe
C:\Users\Casa\AppData\Local\Temp\utt1875.tmp.exe
C:\Users\Casa\AppData\Local\Temp\utt3DCC.tmp.exe
C:\Users\Casa\AppData\Local\Temp\utt804F.tmp.exe
C:\Users\Casa\AppData\Local\Temp\uttC1C6.tmp.exe
C:\Users\Casa\AppData\Local\Temp\winzip1664_2_wrapped.exe
C:\Users\Casa\AppData\Local\Temp\WSSetup.exe


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!


nointegritychecks: ==> Integrity Checks is disabled <===== ATTENTION!

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

10
Restore point made on: 2013-09-13 08:08:41
Restore point made on: 2013-09-16 09:03:01
Restore point made on: 2013-09-19 12:22:15
Restore point made on: 2013-09-24 13:23:18
Restore point made on: 2013-09-28 23:29:02
Restore point made on: 2013-10-02 08:28:04
Restore point made on: 2013-10-05 15:38:27
Restore point made on: 2013-10-10 12:18:37
Restore point made on: 2013-10-14 07:14:49
Restore point made on: 2013-10-17 08:25:04

==================== BCD ================================

Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=Y:
description Windows Boot Manager
locale en-US
inherit {globalsettings}
default {default}
resumeobject {f5d6e301-b0d8-11e0-a8dd-c5ebb00f60f8}
displayorder {default}
toolsdisplayorder {memdiag}
timeout 30

Windows Boot Loader
-------------------
identifier {42d967a3-c080-11e0-96a6-f46d0403c0fd}
device partition=C:
path \Windows\system32\winlaod.exe
description Reboot LXE
locale en-US
inherit {bootloadersettings}
recoverysequence {current}
recoveryenabled Yes
nointegritychecks Yes
testsigning Yes
osdevice partition=C:
systemroot \Windows
kernel ntoskrln.exe
resumeobject {f5d6e301-b0d8-11e0-a8dd-c5ebb00f60f8}
nx AlwaysOff
pae ForceDisable
sos No

Windows Boot Loader
-------------------
identifier {f5d6e2ff-b0d8-11e0-a8dd-c5ebb00f60f8}
device ramdisk=[C:]\Recovery\f5d6e2ff-b0d8-11e0-a8dd-c5ebb00f60f8\Winre.wim,{f5d6e300-b0d8-11e0-a8dd-c5ebb00f60f8}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[C:]\Recovery\f5d6e2ff-b0d8-11e0-a8dd-c5ebb00f60f8\Winre.wim,{f5d6e300-b0d8-11e0-a8dd-c5ebb00f60f8}
systemroot \windows
nx OptIn
winpe Yes

Windows Boot Loader
-------------------
identifier {default}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale en-US
inherit {bootloadersettings}
recoverysequence {current}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {f5d6e301-b0d8-11e0-a8dd-c5ebb00f60f8}
nx OptIn

Windows Boot Loader
-------------------
identifier {current}
device ramdisk=[C:]\Recovery\f5d6e303-b0d8-11e0-a8dd-c5ebb00f60f8\Winre.wim,{f5d6e304-b0d8-11e0-a8dd-c5ebb00f60f8}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[C:]\Recovery\f5d6e303-b0d8-11e0-a8dd-c5ebb00f60f8\Winre.wim,{f5d6e304-b0d8-11e0-a8dd-c5ebb00f60f8}
systemroot \windows
nx OptIn
winpe Yes

Resume from Hibernate
---------------------
identifier {f5d6e301-b0d8-11e0-a8dd-c5ebb00f60f8}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {memdiag}
device partition=Y:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes

EMS Settings
------------
identifier {emssettings}
bootems Yes

Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {badmemory}

Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}

Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}

Device options
--------------
identifier {f5d6e300-b0d8-11e0-a8dd-c5ebb00f60f8}
description Ramdisk Options
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\f5d6e2ff-b0d8-11e0-a8dd-c5ebb00f60f8\boot.sdi

Device options
--------------
identifier {f5d6e304-b0d8-11e0-a8dd-c5ebb00f60f8}
description Ramdisk Options
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\f5d6e303-b0d8-11e0-a8dd-c5ebb00f60f8\boot.sdi


==================== Memory info ===========================

Percentage of memory in use: 15%
Total physical RAM: 3839.11 MB
Available physical RAM: 3225.58 MB
Total Pagefile: 3837.26 MB
Available Pagefile: 3220.2 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.66 GB) (Free:290.39 GB) NTFS
Drive j: (USB STICK) (Removable) (Total:1.86 GB) (Free:1.86 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: E2E98519)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

========================================================
Disk: 5 (Size: 2 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=2 GB) - (Type=06)


LastRegBack: 2013-10-11 06:10

==================== End Of Log ============================

Attached Files


Edited by Oh My, 25 October 2013 - 08:16 AM.
Log posted


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,731 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:39 AM

Posted 25 October 2013 - 08:15 AM

Greetings medmelon and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please allow me some time to review the information you have provided and I will reply as soon as possible.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,731 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:39 AM

Posted 25 October 2013 - 12:47 PM

Greetings and thanks for your patience.

Please consider and run this for me.

===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have µTorrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Farbar's Recovery Scan Tool - Run Fix

--------------------
  • From a clean computer press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it on the flashdrive as fixlist.txt
HKU\Casa\...\Run: [SearchProtection] - C:\Users\Casa\AppData\Roaming\Search Protection\SearchProtection.EXE [832360 2013-09-03] (Spigot, Inc.)
AppInit_DLLs-x32: c:\progra~3\browse~1\25976~1.107\{c16c1~1\mngr.dll [ ] ()
S2 IBUpdaterService; C:\Windows\system32\dmwu.exe [1762608 2013-09-15] ()
S2 Updater By Sweetpacks; C:\Program Files\Updater By Sweetpacks\ExtensionUpdaterService.exe [188760 2013-07-01] ()
C:\Users\Casa\AppData\Local\Temp\amd_catalyst_11.6b_hotfix_win7_vista_july04.exe
C:\Users\Casa\AppData\Local\Temp\AskSLib.dll
C:\Users\Casa\AppData\Local\Temp\bundlesweetimsetup.exe
C:\Users\Casa\AppData\Local\Temp\firefoxjre_exe.exe
C:\Users\Casa\AppData\Local\Temp\ImationLOCKv229.exe
C:\Users\Casa\AppData\Local\Temp\mgsqlite3.dll
C:\Users\Casa\AppData\Local\Temp\SearchProtectionSetup.exe
C:\Users\Casa\AppData\Local\Temp\Shortcut_bundlesweetimsetup.exe
C:\Users\Casa\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Casa\AppData\Local\Temp\spacksyahoo_717_active.exe
C:\Users\Casa\AppData\Local\Temp\tbuTo0.dll
C:\Users\Casa\AppData\Local\Temp\tmp6853.exe
C:\Users\Casa\AppData\Local\Temp\utt1875.tmp.exe
C:\Users\Casa\AppData\Local\Temp\utt3DCC.tmp.exe
C:\Users\Casa\AppData\Local\Temp\utt804F.tmp.exe
C:\Users\Casa\AppData\Local\Temp\uttC1C6.tmp.exe
C:\Users\Casa\AppData\Local\Temp\winzip1664_2_wrapped.exe
C:\Users\Casa\AppData\Local\Temp\WSSetup.exe
  • Insert the USB device into your infected computer
  • Enter the System Recovery Options (press F8 during boot up) and select Command Prompt.
  • Run FRST as you did the first time and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the flashdrive (Fixlog.txt). Copy and paste that information in your reply.
  • Please attempt to boot your computer into Normal Mode, or if not, Safe Mode
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Were you able to boot?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 medmelon

medmelon
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:39 PM

Posted 26 October 2013 - 03:28 AM

Hello, Gary. Thanks for your assistance. I'll follow the steps and post the FRST info on my next reply.



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,731 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:39 AM

Posted 29 October 2013 - 08:38 AM

Are you still with me?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 medmelon

medmelon
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:39 PM

Posted 29 October 2013 - 12:02 PM

Here I am, sorry for the delay, fixlog follows. The status of the computer is unchanged, won't boot, goes into a reset loop of Windows loading:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-10-2013
Ran by SYSTEM at 2013-10-26 23:43:34 Run:1
Running from J:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
HKU\Casa\...\Run: [SearchProtection] - C:\Users\Casa\AppData\Roaming\Search Protection\SearchProtection.EXE [832360 2013-09-03] (Spigot, Inc.)
AppInit_DLLs-x32: c:\progra~3\browse~1\25976~1.107\{c16c1~1\mngr.dll [ ] ()
S2 IBUpdaterService; C:\Windows\system32\dmwu.exe [1762608 2013-09-15] ()
S2 Updater By Sweetpacks; C:\Program Files\Updater By Sweetpacks\ExtensionUpdaterService.exe [188760 2013-07-01] ()
C:\Users\Casa\AppData\Local\Temp\amd_catalyst_11.6b_hotfix_win7_vista_july04.exe
C:\Users\Casa\AppData\Local\Temp\AskSLib.dll
C:\Users\Casa\AppData\Local\Temp\bundlesweetimsetup.exe
C:\Users\Casa\AppData\Local\Temp\firefoxjre_exe.exe
C:\Users\Casa\AppData\Local\Temp\ImationLOCKv229.exe
C:\Users\Casa\AppData\Local\Temp\mgsqlite3.dll
C:\Users\Casa\AppData\Local\Temp\SearchProtectionSetup.exe
C:\Users\Casa\AppData\Local\Temp\Shortcut_bundlesweetimsetup.exe
C:\Users\Casa\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Casa\AppData\Local\Temp\spacksyahoo_717_active.exe
C:\Users\Casa\AppData\Local\Temp\tbuTo0.dll
C:\Users\Casa\AppData\Local\Temp\tmp6853.exe
C:\Users\Casa\AppData\Local\Temp\utt1875.tmp.exe
C:\Users\Casa\AppData\Local\Temp\utt3DCC.tmp.exe
C:\Users\Casa\AppData\Local\Temp\utt804F.tmp.exe
C:\Users\Casa\AppData\Local\Temp\uttC1C6.tmp.exe
C:\Users\Casa\AppData\Local\Temp\winzip1664_2_wrapped.exe
C:\Users\Casa\AppData\Local\Temp\WSSetup.exe
*****************

HKU\Casa\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtection => Value deleted successfully.
HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs => Value was restored successfully.
IBUpdaterService => Service deleted successfully.
Updater By Sweetpacks => Service deleted successfully.
C:\Users\Casa\AppData\Local\Temp\amd_catalyst_11.6b_hotfix_win7_vista_july04.exe => Moved successfully.
C:\Users\Casa\AppData\Local\Temp\AskSLib.dll => Moved successfully.
C:\Users\Casa\AppData\Local\Temp\bundlesweetimsetup.exe => Moved successfully.
C:\Users\Casa\AppData\Local\Temp\firefoxjre_exe.exe => Moved successfully.
C:\Users\Casa\AppData\Local\Temp\ImationLOCKv229.exe => Moved successfully.
C:\Users\Casa\AppData\Local\Temp\mgsqlite3.dll => Moved successfully.
C:\Users\Casa\AppData\Local\Temp\SearchProtectionSetup.exe => Moved successfully.
C:\Users\Casa\AppData\Local\Temp\Shortcut_bundlesweetimsetup.exe => Moved successfully.
C:\Users\Casa\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.
C:\Users\Casa\AppData\Local\Temp\spacksyahoo_717_active.exe => Moved successfully.
C:\Users\Casa\AppData\Local\Temp\tbuTo0.dll => Moved successfully.
C:\Users\Casa\AppData\Local\Temp\tmp6853.exe => Moved successfully.
C:\Users\Casa\AppData\Local\Temp\utt1875.tmp.exe => Moved successfully.
C:\Users\Casa\AppData\Local\Temp\utt3DCC.tmp.exe => Moved successfully.
C:\Users\Casa\AppData\Local\Temp\utt804F.tmp.exe => Moved successfully.
C:\Users\Casa\AppData\Local\Temp\uttC1C6.tmp.exe => Moved successfully.
C:\Users\Casa\AppData\Local\Temp\winzip1664_2_wrapped.exe => Moved successfully.
C:\Users\Casa\AppData\Local\Temp\WSSetup.exe => Moved successfully.

==== End of Fixlog ====

 

 



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,731 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:39 AM

Posted 29 October 2013 - 05:39 PM

Greetings,

Please do this.

===================================================

Last Known Good Configuration

--------------------
  • Reboot your computer
  • Gently tap the F8 key repeatedly until you are presented with a Windows Advanced Options menu
  • Select Last Known Good Configuration using the arrow keys
  • Press Enter on your keyboard and attempt to boot into Normal Mode
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Does your computer boot?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 medmelon

medmelon
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:39 PM

Posted 01 November 2013 - 11:01 AM

No luck. Restarts again. Did the "disable automatic restart" and it's the same BSOD as in the beginning.



#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,731 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:39 AM

Posted 01 November 2013 - 11:39 AM

Thanks for attempting that. Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix

--------------------
  • From a clean computer press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it on the flashdrive as fixlist.txt
LastRegBack: 2013-10-11 06:10
  • Insert the USB device into your infected computer
  • Enter the System Recovery Options (press F8 during boot up) and select Command Prompt.
  • Run FRST as you did the first time and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the flashdrive (Fixlog.txt). Copy and paste that information in your reply.
  • Please attempt to boot your computer into Normal Mode, or if not, Safe Mode
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog report
  • Does your computer boot?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 medmelon

medmelon
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:39 PM

Posted 01 November 2013 - 12:05 PM

Does your computer boot? Yes, normal boot. Haven't done anything else.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-10-2013
Ran by SYSTEM at 2013-11-01 12:02:23 Run:2
Running from J:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
LastRegBack: 2013-10-11 06:10
*****************

Could not copy DEFAULT hive.
DEFAULT hive was successfully restored from registry back up.
SAM hive was successfully copied to System32\config\HiveBackup
SAM hive was successfully restored from registry back up.
SECURITY hive was successfully copied to System32\config\HiveBackup
SECURITY hive was successfully restored from registry back up.
SOFTWARE hive was successfully copied to System32\config\HiveBackup
SOFTWARE hive was successfully restored from registry back up.
SYSTEM hive was successfully copied to System32\config\HiveBackup
SYSTEM hive was successfully restored from registry back up.

==== End of Fixlog ====



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,731 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:39 AM

Posted 01 November 2013 - 12:22 PM

Very nice.

I want to lock in our gains thus far. Please do this.

===================================================

Creating an ERUNT Registry Backup and a System Restore Point

--------------------
  • Please download ERUNT (Emergency Recovery Utility for NT) and save it to your desktop
  • Double click the icon
  • Select Run
  • Click OK, then click Next 3 times until you receive the Select Additional Tasks screen
  • Uncheck Create NTREGOPT desktop icon box
  • Select Next, then Install, then No
  • Uncheck Show documentation then Finish
  • Click OK, the OK again, then Yes
  • ERUNT will now back up your registry
  • Once completed click OK
===================================================

Please create a System Restore Point

===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Were you successful with both?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 medmelon

medmelon
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:39 PM

Posted 02 November 2013 - 04:36 AM

Were you successful with both? Yep.



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,731 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:39 AM

Posted 02 November 2013 - 09:32 AM

Great,

Let's take another snapshot of your computer to see what else may need to be dealt with. Please do this.

===================================================

OTL

--------------------
  • Please download OTL and save it to your desktop
  • Double click on the otlicon.png icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the runscan.png button.
  • Copy and paste the two reports in your next reply.

OTL.txt <-- Will be opened
Extra.txt <-- Will be minimized


===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • OTL reports
  • Describe any symptoms you are experiencing

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 medmelon

medmelon
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:39 PM

Posted 03 November 2013 - 10:18 AM

No weird symptoms or anything unusual. Enclosing reports.

 

OTL logfile created on: 03/11/2013 15:52:39 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Casa\Downloads
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c0a | Country: España | Language: ESN | Date Format: dd/MM/yyyy
 
3,75 Gb Total Physical Memory | 2,81 Gb Available Physical Memory | 74,89% Memory free
7,50 Gb Paging File | 5,16 Gb Available in Paging File | 68,84% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 329,42 Gb Free Space | 70,74% Space Free | Partition Type: NTFS
Drive D: | 56,09 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
Drive I: | 1,86 Gb Total Space | 1,86 Gb Free Space | 99,52% Space Free | Partition Type: FAT
 
Computer Name: CASA-PC | User Name: Casa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013/11/03 15:52:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Casa\Downloads\OTL.exe
PRC - [2013/10/17 17:14:56 | 000,902,736 | ---- | M] (BitTorrent Inc.) -- C:\Users\Casa\AppData\Roaming\uTorrent\uTorrent.exe
PRC - [2013/10/03 00:26:56 | 000,274,840 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/07/01 09:10:54 | 000,188,760 | ---- | M] () -- C:\Program Files\Updater By Sweetpacks\ExtensionUpdaterService.exe
PRC - [2013/04/04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 13:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2011/08/30 17:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2007/04/29 21:57:42 | 000,103,344 | ---- | M] (Lexmark International Inc.) -- C:\Program Files (x86)\Lexmark 2300 Series\ezprint.exe
PRC - [2007/04/29 21:55:32 | 000,205,744 | ---- | M] (Lexmark International, Inc.) -- C:\Program Files (x86)\Lexmark 2300 Series\lxcgmon.exe
PRC - [2004/12/14 01:12:02 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\acrotray.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013/10/03 00:26:40 | 003,279,768 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2006/10/26 12:56:46 | 000,757,008 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL
MOD - [2005/12/13 14:52:02 | 000,122,880 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2300 Series\lxcgdrec.dll
MOD - [2005/06/14 16:08:28 | 000,196,608 | ---- | M] () -- C:\Program Files (x86)\Lexmark 2300 Series\iptk.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013/09/15 13:33:12 | 001,762,608 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\dmwu.exe -- (IBUpdaterService)
SRV:64bit: - [2013/07/01 09:10:54 | 000,188,760 | ---- | M] () [Auto | Running] -- C:\Program Files\Updater By Sweetpacks\ExtensionUpdaterService.exe -- (Updater By Sweetpacks)
SRV:64bit: - [2011/06/27 20:44:46 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/06/27 14:52:00 | 000,365,568 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/07/02 18:42:36 | 000,017,400 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2007/04/29 21:55:08 | 000,566,704 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\SysNative\lxcgcoms.exe -- (lxcg_device)
SRV - [2013/10/03 00:26:56 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/09/05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/04/04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2011/08/30 17:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/04/29 21:54:44 | 000,537,520 | ---- | M] ( ) [Auto | Stopped] -- C:\Windows\SysWOW64\lxcgcoms.exe -- (lxcg_device)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013/04/04 13:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/12/13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2011/06/27 21:30:40 | 009,883,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/06/27 20:02:32 | 000,307,712 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/03/30 19:46:44 | 000,114,704 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/05/20 05:04:28 | 000,347,680 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/02/18 08:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/07/14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 02:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2005/03/29 00:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mysearch.sweetpacks.com/?src=10&st=12&crg=3.5000006.10061&barid={17714DD4-F76C-11E2-846F-F46D0403C0FD}
IE - HKLM\..\SearchScopes,DefaultScope = {EEE6C360-6118-11DC-9C72-001320C79847}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851619
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://mysearch.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10061&barid={17714DD4-F76C-11E2-846F-F46D0403C0FD}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://es.search.yahoo.com?type=714647&fr=spigot-yhp-ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://es.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = es
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BB 87 59 13 2E 12 CD 01  [binary data]
IE - HKCU\..\URLSearchHook: {db131c55-60c8-4adc-84dc-9e76ab06e2dc} - No CLSID value found
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {061BF555-CA3F-446B-9275-BCE14419EE8D}
IE - HKCU\..\SearchScopes\{061BF555-CA3F-446B-9275-BCE14419EE8D}: "URL" = http://es.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=714647&p={searchTerms}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.bing.com/search?FORM=UP97DF&PC=UP97&dt=072113&q={searchTerms}&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851619
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://mysearch.sweetpacks.com/?src=6&q={searchTerms}&st=12&crg=3.5000006.10061&barid={17714DD4-F76C-11E2-846F-F46D0403C0FD}
IE - HKCU\..\SearchScopes\BC4BB58BAEE44B45A08467B3856AC710: "URL" = http://search.babylon.com/?q={searchTerms}&affID=115036&tt=201112_ccp_ctrl_4812_8&babsrc=SP_ss&mntrId=e6cee152000000000000f46d0403c0fd
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "uTorrentBar_ES Customized Web Search"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.3: "Bing "
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=714647"
FF - prefs.js..browser.search.useDBForOrder: "false"
FF - prefs.js..browser.startup.homepage: "https://www.google.es/?gws_rd=cr&ei=0cBFUtfoDebw4QSL2oDYDA"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0
FF - prefs.js..keyword.URL: "http://es.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=714647&p="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "Bing "
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2851619&SearchSource=3&q={searchTerms}"
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "https://www.google.es/?gws_rd=cr"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://www.bing.com/search?FORM=UP97DF&PC=UP97&dt=072113&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8E9E3331-D360-4f87-8803-52DE43566502}: C:\PROGRAM FILES\UPDATER BY SWEETPACKS\FIREFOX [2013/07/28 10:58:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8E9E3331-D360-4f87-8803-52DE43566502}: C:\Program Files\Updater By Sweetpacks\Firefox [2013/07/28 10:58:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011/08/05 17:03:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Casa\AppData\Roaming\Mozilla\Extensions
[2013/10/09 22:00:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Casa\AppData\Roaming\Mozilla\Firefox\Profiles\mv4w7g7d.default\extensions
[2013/10/09 22:00:14 | 000,915,554 | ---- | M] () (No name found) -- C:\Users\Casa\AppData\Roaming\Mozilla\Firefox\Profiles\mv4w7g7d.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/07/28 10:58:27 | 000,196,269 | ---- | M] () (No name found) -- C:\Users\Casa\AppData\Roaming\Mozilla\Firefox\Profiles\mv4w7g7d.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
[2013/07/21 12:23:11 | 000,002,402 | ---- | M] () -- C:\Users\Casa\AppData\Roaming\Mozilla\Firefox\Profiles\mv4w7g7d.default\searchplugins\bingp.xml
[2012/04/18 01:59:52 | 000,000,931 | ---- | M] () -- C:\Users\Casa\AppData\Roaming\Mozilla\Firefox\Profiles\mv4w7g7d.default\searchplugins\conduit.xml
[2012/11/26 21:18:17 | 000,002,552 | ---- | M] () -- C:\Users\Casa\AppData\Roaming\Mozilla\Firefox\Profiles\mv4w7g7d.default\searchplugins\mngr.xml
[2013/07/28 10:57:54 | 000,002,076 | ---- | M] () -- C:\Users\Casa\AppData\Roaming\Mozilla\Firefox\Profiles\mv4w7g7d.default\searchplugins\sweetim.xml
[2013/10/07 09:07:41 | 000,001,652 | ---- | M] () -- C:\Users\Casa\AppData\Roaming\Mozilla\Firefox\Profiles\mv4w7g7d.default\searchplugins\Sweetpacks Search.xml
[2013/09/27 18:30:29 | 000,000,921 | ---- | M] () -- C:\Users\Casa\AppData\Roaming\Mozilla\Firefox\Profiles\mv4w7g7d.default\searchplugins\yahoo.xml
[2013/10/03 00:26:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/10/03 00:26:36 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/10/03 00:26:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/10/03 00:26:35 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/10/03 00:26:56 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/11/26 21:17:30 | 000,002,365 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Yahoo! (Enabled)
CHR - default_search_provider: search_url = http://es.search.yahoo.com/search?fr=chr-greentree_gc&ei=utf-8&ilc=12&type=714647&p={searchTerms}
CHR - default_search_provider: suggest_url = http://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms},
CHR - homepage: http://es.search.yahoo.com?type=714647&fr=spigot-yhp-ch
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\pdf.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Casa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - Extension: Google Drive = C:\Users\Casa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Casa\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google Search = C:\Users\Casa\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Skype Click to Call = C:\Users\Casa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.9.0.12585_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\Casa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0\
CHR - Extension: uTorrentBar_ES = C:\Users\Casa\AppData\Local\Google\Chrome\User Data\Default\Extensions\npiecjlhkngdinoeekmccdbjdgclmnbk\2.5.0.1_0\
CHR - Extension: SweetPacks Chrome Extension = C:\Users\Casa\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.4.0.4_0\
CHR - Extension: Gmail = C:\Users\Casa\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2011/12/26 13:56:25 | 000,000,935 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 validation.sls.microsoft.com
O1 - Hosts: 127.0.0.1 spynettest.microsoft.com
O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Updater By Sweetpacks) - {DEDAF650-12B8-48f5-A843-BBA100716106} - C:\Program Files\Updater By Sweetpacks\Extension64.dll ()
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Updater By Sweetpacks) - {DEDAF650-12B8-48f5-A843-BBA100716106} - C:\Program Files\Updater By Sweetpacks\Extension32.dll ()
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark 2300 Series\ezprint.exe (Lexmark International Inc.)
O4:64bit: - HKLM..\Run: [lxcgmon.exe] C:\Program Files (x86)\Lexmark 2300 Series\lxcgmon.exe (Lexmark International, Inc.)
O4:64bit: - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files (x86)\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [uTorrent] C:\Users\Casa\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.89.0.31
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{34530AF8-51A4-47E6-8934-6E08122DC796}: DhcpNameServer = 212.89.0.31
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (c:\progra~3\browse~1\25976~1.107\{c16c1~1\mngr.dll) -  File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/04/08 10:47:04 | 000,000,027 | R--- | M] () - D:\AUTORUN.INF -- [ UDF ]
O33 - MountPoints2\{918c0a4b-5017-11e2-8c9a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{918c0a4b-5017-11e2-8c9a-806e6f6e6963}\Shell\AutoRun\command - "" = D:\modem.exe -- [2009/04/20 17:00:24 | 004,059,574 | R--- | M] (Macromedia, Inc.)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/11/02 10:34:23 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2013/11/02 10:34:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2013/11/02 10:34:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2013/10/21 02:30:21 | 000,000,000 | ---D | C] -- C:\FRST
[2013/10/12 18:01:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013/10/12 18:01:51 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys
[2013/10/12 18:01:07 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/10/12 18:01:06 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/10/12 18:01:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2013/10/12 18:01:06 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2013/10/12 17:57:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013/10/12 17:57:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/11/03 15:51:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/11/03 15:12:13 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/02 21:56:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/02 18:39:16 | 000,778,150 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/11/02 18:39:16 | 000,651,450 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/11/02 18:39:16 | 000,120,382 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/11/02 10:39:51 | 000,010,288 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/02 10:39:51 | 000,010,288 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/02 10:34:05 | 000,000,909 | ---- | M] () -- C:\Users\Casa\Desktop\ERUNT.lnk
[2013/11/01 15:26:16 | 215,623,984 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013/11/01 11:03:46 | 3019,198,464 | -HS- | M] () -- C:\hiberfil.sys
[2013/10/12 18:01:58 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/10/12 17:57:45 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[2 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/11/02 10:34:05 | 000,000,909 | ---- | C] () -- C:\Users\Casa\Desktop\ERUNT.lnk
[2013/10/12 18:01:58 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013/10/12 17:57:45 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/07/16 15:16:18 | 000,000,294 | ---- | C] () -- C:\Users\Casa\AppData\Local\config.ini
[2012/03/03 00:29:02 | 000,007,597 | ---- | C] () -- C:\Users\Casa\AppData\Local\Resmon.ResmonCfg
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010/07/27 15:59:11 | 014,162,944 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010/07/27 15:03:24 | 012,867,584 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 168 bytes -> C:\Users\Casa\Desktop\DNI2.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 168 bytes -> C:\Users\Casa\Desktop\DNI.jpeg:3or4kl4x13tuuug3Byamue2s4b

< End of report >
 

 

 

EXTRAS.TXT

 

 

OTL Extras logfile created on: 03/11/2013 16:00:12 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Casa\Downloads
64bit- Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000c0a | Country: España | Language: ESN | Date Format: dd/MM/yyyy
 
3,75 Gb Total Physical Memory | 2,47 Gb Available Physical Memory | 65,79% Memory free
7,50 Gb Paging File | 4,94 Gb Available in Paging File | 65,83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 329,42 Gb Free Space | 70,74% Space Free | Partition Type: NTFS
Drive D: | 56,09 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
Drive I: | 1,86 Gb Total Space | 1,86 Gb Free Space | 99,52% Space Free | Partition Type: FAT
 
Computer Name: CASA-PC | User Name: Casa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3895280810-1075670001-1377199250-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C46040D-FD1B-4E5B-A885-B21D06E9DEEB}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{17986386-092C-40EF-B6C9-8587490BCAF8}" = lport=137 | protocol=17 | dir=in | app=system |
"{2386D412-C485-4F7E-9654-BE7393CDEFD2}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2BBE4CE5-D93D-4EDA-A1E9-2543FDC6F451}" = rport=10243 | protocol=6 | dir=out | app=system |
"{52469657-C996-4760-A6C8-718C4019553A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{56F81033-1F87-43D7-A412-C34F161ED558}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5CD89D5F-28D6-4299-A6ED-41E8E1376342}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{62BA3D10-771A-4D5A-84D5-DC9984A36B00}" = lport=138 | protocol=17 | dir=in | app=system |
"{7049EA18-3D16-47A3-9AE2-A073B0127A0F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{74497B9B-0F81-4A7D-9450-587BCD7141BF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{79FF3C9F-EFE6-4BC4-AA0A-3D5A50DF80C6}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{7EDACA06-50EF-452F-9014-C57F8970EA0E}" = rport=137 | protocol=17 | dir=out | app=system |
"{8EE978A8-1499-4AFF-AA2E-C8CF34F99C3E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{909DF75E-CDA5-4C04-9C14-064093290C15}" = rport=139 | protocol=6 | dir=out | app=system |
"{950361FA-C096-4BE3-8ED3-5FC75FB73DEB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9B738261-0BFD-4065-AD92-99F56FAA5581}" = lport=139 | protocol=6 | dir=in | app=system |
"{9DD69559-2C50-4414-8802-0195A9984E08}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{9E118D68-A400-4A32-98FD-C03E06469FE3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{AD27C46C-4C40-4AA1-9920-EE0DE6D6C059}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{B51F70BB-1138-4218-8C0D-D73BE9BDFD3B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{BBB05A6B-9840-4A0F-9DF7-C2CE0483E0C8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E3402EA6-8D92-4C1B-89CF-8FBC496920C6}" = rport=138 | protocol=17 | dir=out | app=system |
"{FCA41F4D-B5A4-4CD3-A6A0-29F7E92A5741}" = lport=445 | protocol=6 | dir=in | app=system |
"{FD35C8DA-F061-4285-932B-416407039D8C}" = rport=445 | protocol=6 | dir=out | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01E70B86-5421-4565-96A6-4475667F30F0}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxcgpswx.exe |
"{05FC0C7E-B9D6-452B-8544-275CF97240E9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{060E5695-317E-44FB-85B0-9595BBB0CA7D}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{111F150F-D93D-42BF-B9F0-159166E45E3E}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe |
"{16E74F20-0B41-4D19-A375-24EF1F583208}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{179D91E5-6F34-4970-953E-E6E932B959A2}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{230DB3CB-921F-45BD-BA68-194942798015}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe |
"{2428DA9C-12FB-43B1-9BD6-0B053A3428B6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{2A73DEF3-B15B-4945-8AB0-31A59242A47A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{384C3FD1-9328-4387-B108-485E16C56B9A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3965EDDC-90AC-4261-AD1B-76E35400B93C}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{3B751ABA-53F2-4A1E-91F6-5F2934442B16}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3E7BD887-81BC-4D93-B952-546AD322CDAF}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxcgcoms.exe |
"{42CD72C2-7A0E-4390-812F-888A9989C3C2}" = protocol=6 | dir=in | app=c:\users\casa\appdata\roaming\utorrent\utorrent.exe |
"{4708177E-13BD-4D57-BCE5-3E5660E6B2AE}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{48D9358D-11B8-4E3E-92D9-77A18580176A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4DC7CA2B-1E81-4972-9AC4-04C05A21F64F}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{52189029-10F4-4194-9A6D-F47D8CA7F5F8}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{6632803C-E3F7-4E6A-B71B-B9E9DC6B23E3}" = protocol=17 | dir=in | app=c:\users\casa\appdata\roaming\utorrent\utorrent.exe |
"{6A30920E-E6BB-4CB2-B8D5-1EB3B200056F}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\x64\3\lxcgpswx.exe |
"{6C757DDA-104D-4206-9664-2DF9268AF572}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{6D7B4A35-9205-4A3C-88C6-EC2FFC718C2D}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{708DADF6-D0BD-4370-8B23-CD0F594FBF62}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{7173A180-652C-40CA-A054-ED4D7F449274}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{743B6233-F6E6-48E4-8150-A79322CC9041}" = protocol=17 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{7C51FEBD-3744-440C-825E-DBD817E58ADE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{85AA89B8-D4BF-4411-BBD3-0AD3DA6D8625}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{88C44DB6-15DD-4ED1-8328-753DF2272C02}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe |
"{9188E10C-AFE3-40D8-A8DB-4B5EC2F7E005}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"{92049586-4BA5-4259-8450-0F4FD1C9E2D9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{92DB5FE4-560F-4DE4-AFE8-A2D83CE19A6D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{95365EE0-F975-479E-B071-AD5A92259495}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{977502D4-AD64-4640-A995-ABF8A9684F37}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxcgcoms.exe |
"{9903EF33-C48A-4711-8381-0F629F90403C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{9C869594-58DB-4551-9942-34F5441572DA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9E7FD9E5-67A5-4350-82A4-0A984901CE70}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A57FA87C-8815-4373-A7DA-2C5CA7F3D865}" = protocol=6 | dir=in | app=c:\windows\syswow64\arfc\wrtc.exe |
"{BC22DF47-6896-46CC-88AC-355F47544B58}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe |
"{BE3EA155-31A3-48AB-9A4D-3A313335C9AD}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe |
"{C8C0BEC2-22F7-419D-ABE6-E9F99B96CE4A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CBF925BB-4515-4914-B675-6638669BFB69}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{DB0BC8DD-C1A3-45CC-ACDF-58843017789C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{DB23DCE3-C2BF-4B05-AF56-AC67462DCC5C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DE74D118-E058-4AB1-ADF1-6071C4ADD683}" = protocol=6 | dir=in | app=c:\windows\system32\lxcgcoms.exe |
"{DF65E4C4-9662-4156-901C-181E72D8BB73}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{E2C063DA-B12A-4999-B2CA-A746156A08CF}" = protocol=6 | dir=out | app=system |
"{EC4A7FB1-9FF3-4E40-B72C-806AA3215BEA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F1C16E11-1E3F-4C01-823A-559FC24A3070}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{F6910AE0-2CA4-4C63-B99B-FD04A731FF4C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FA1B4948-03D7-43D6-939B-9961FB68AAE6}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{FB23E6CB-B5A1-4381-8A26-3A2C525F3162}" = protocol=17 | dir=in | app=c:\windows\system32\lxcgcoms.exe |
"{FCC76C36-2647-45E1-85D8-575CB21D9B96}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe |
"TCP Query User{072E37BD-6533-4B08-9E6D-32E1EC84B9E4}C:\program files\comicrack\comicrack.exe" = protocol=6 | dir=in | app=c:\program files\comicrack\comicrack.exe |
"TCP Query User{EC1FA0E9-618C-46EF-AE0A-4B4BD0FA58BE}C:\program files\comicrack\comicrack.exe" = protocol=6 | dir=in | app=c:\program files\comicrack\comicrack.exe |
"TCP Query User{FE11E8CB-E779-4262-A399-BC10F04B6A46}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"UDP Query User{0FDFAEDE-372D-4427-8FD6-D88E3FECADEF}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe |
"UDP Query User{52E15B9D-BDEF-482E-8D7E-B45FCC13B0A8}C:\program files\comicrack\comicrack.exe" = protocol=17 | dir=in | app=c:\program files\comicrack\comicrack.exe |
"UDP Query User{632B6C39-9CDA-4406-8F9A-9FB8950A7D4B}C:\program files\comicrack\comicrack.exe" = protocol=17 | dir=in | app=c:\program files\comicrack\comicrack.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{09F75D2E-0393-CE6B-C01A-79008E91B6EF}" = AMD Media Foundation Decoders
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{3F829160-B531-B9F0-5BC7-918167BB5DCE}" = ccc-utility64
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5E2EA26B-D8B0-0EB0-D2F1-0EBB99C83B98}" = AMD Fuel
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6A7F7056-14E1-D8E4-0B87-BC3F18EAC8AC}" = ATI AVIVO64 Codecs
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0C0A-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (Spanish) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A0A77CDC-2419-4D5C-AD2C-E09E5926B806}" = Microsoft Antimalware
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DEDAF650-12B8-48f5-A843-BBA100716106}_is1" = Updater By Sweetpacks 2.0.0.605
"{E6560A56-6135-872B-DE43-C0D1FFBE5D35}" = ATI Catalyst Install Manager
"{F480BE66-C9F2-608F-A47A-E9F966080883}" = AMD Drag and Drop Transcoding
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FDB84DE1-61F9-42E1-88D6-8D85B5D4221B}" = Microsoft Security Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"CCleaner" = CCleaner
"ComicRack" = ComicRack v0.9.141
"Lexmark 2300 Series" = Lexmark 2300 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Essentials" = Microsoft Security Essentials
"WinRAR archiver" = WinRAR 4.00 (64-bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{19D41B9A-C474-D1A9-CAA1-499D362F2DD1}" = CCC Help Dutch
"{1B7A4B3C-9A00-123A-1BC8-AD5DB6517EE4}" = CCC Help Turkish
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{298EEE62-A419-E250-9D01-58DFA08E0D11}" = Catalyst Control Center Graphics Previews Common
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2C5FF744-EE63-D37C-09B6-8DD5DD192578}" = Catalyst Control Center Localization All
"{3D8AAFC2-4DD0-89BB-5738-8FFC250918FE}" = CCC Help Czech
"{48C19885-4773-5A0B-4373-7F33594B195D}" = CCC Help Swedish
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.9
"{5047CFAD-8181-5563-68E0-EE3558E251AB}" = CCC Help Thai
"{51989139-5EBD-F77E-FE25-588CBC39078A}" = CCC Help Chinese Traditional
"{5352A52A-751E-FD13-7BF4-FC97A38E077F}" = CCC Help Japanese
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{592853AA-D990-339D-98B7-0F784A49C100}" = Catalyst Control Center InstallProxy
"{5CBBB59D-45C5-1FDF-B8B0-8176A2691C2F}" = CCC Help French
"{64F0B15A-A3BF-7943-2937-7DA4C2F0B2DC}" = CCC Help English
"{66EA0C27-9DE8-0390-9BD9-58F5F472F531}" = CCC Help Chinese Standard
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7CA1DEB6-FEDE-84E1-EAC3-F8C01D1DE1F2}" = CCC Help Norwegian
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{82A1CEEC-19D4-E243-82B6-A780DE1FC389}" = CCC Help Danish
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{90120000-0015-0C0A-0000-0000000FF1CE}" = Microsoft Office Access MUI (Spanish) 2007
"{90120000-0016-0C0A-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Spanish) 2007
"{90120000-0018-0C0A-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Spanish) 2007
"{90120000-0019-0C0A-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Spanish) 2007
"{90120000-001A-0C0A-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Spanish) 2007
"{90120000-001B-0C0A-0000-0000000FF1CE}" = Microsoft Office Word MUI (Spanish) 2007
"{90120000-001F-0403-0000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007
"{90120000-001F-042D-0000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2007
"{90120000-001F-0456-0000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing (Spanish) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0C0A-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (Spanish) 2007
"{90120000-006E-0C0A-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Spanish) 2007
"{90120000-00A1-0C0A-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Spanish) 2007
"{90120000-00BA-0C0A-0000-0000000FF1CE}" = Microsoft Office Groove MUI (Spanish) 2007
"{95CA013B-0AAE-E2F0-82CE-97160DDA9796}" = CCC Help Greek
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A97FB5C1-1064-7046-8806-F19B51D7FC7D}" = AMD VISION Engine Control Center
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-1033-0000-7760-100000000002}" = Adobe Acrobat 7.0 Professional
"{B4C4A2CE-F4A4-D2E7-85A5-828932A59D20}" = CCC Help German
"{B501D576-E145-AD74-9C12-18DDB082E87D}" = CCC Help Portuguese
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BE6E693C-F64D-702A-FE70-3D840094F882}" = CCC Help Finnish
"{C1ACD2C6-909C-EAD9-9AF6-C37318311BA7}" = CCC Help Korean
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7778B61-4D55-6290-7A37-993C91276039}" = CCC Help Italian
"{DB766BE3-CD84-18EE-6665-B9F836A7FDB4}" = CCC Help Spanish
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E6195FA5-1049-EC5F-3AD1-C570D38AC28E}" = CCC Help Hungarian
"{E8627DF4-F0B2-E7C1-0E66-2779E4F0AAC8}" = HydraVision
"{F15CED14-5BB9-65C7-122E-8A8499E2FF48}" = CCC Help Polish
"{F4E33CE5-A7AB-4F68-A7E7-F0AA84EF2D9E}" = Internet Explorer Toolbar 4.9 by SweetPacks
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE386918-377B-B94A-504B-064CFB00799D}" = CCC Help Russian
"Adobe Acrobat 7.0 Professional - V" = Adobe Acrobat 7.0 Professional
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"Google Chrome" = Google Chrome
"HandBrake" = HandBrake 0.9.9
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware versión 1.75.0.1300
"Mozilla Firefox 24.0 (x86 en-US)" = Mozilla Firefox 24.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Picasa 3" = Picasa 3
"SopCast" = SopCast 3.5.0
"TeamViewer 6" = TeamViewer 6
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite" = Windows Live Essentials
"WNLT" = SweetPacks Updater Service
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3895280810-1075670001-1377199250-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Search Protection" = Search Protection
"uTorrent" = µTorrent
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 08/12/2012 19:21:00 | Computer Name = Casa-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\system32\conhost.exe".
Dependent
 Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16816"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 08/12/2012 19:22:00 | Computer Name = Casa-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\system32\conhost.exe".
Dependent
 Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16816"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 08/12/2012 19:23:00 | Computer Name = Casa-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\system32\conhost.exe".
Dependent
 Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16816"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 08/12/2012 19:24:00 | Computer Name = Casa-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\system32\conhost.exe".
Dependent
 Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16816"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 08/12/2012 19:25:00 | Computer Name = Casa-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\system32\conhost.exe".
Dependent
 Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16816"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 08/12/2012 19:26:00 | Computer Name = Casa-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\system32\conhost.exe".
Dependent
 Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16816"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 08/12/2012 19:27:00 | Computer Name = Casa-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\system32\conhost.exe".
Dependent
 Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16816"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 08/12/2012 19:28:00 | Computer Name = Casa-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\system32\conhost.exe".
Dependent
 Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16816"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 08/12/2012 19:29:00 | Computer Name = Casa-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\system32\conhost.exe".
Dependent
 Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16816"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
Error - 08/12/2012 19:30:00 | Computer Name = Casa-PC | Source = SideBySide | ID = 16842785
Description = Activation context generation failed for "C:\Windows\system32\conhost.exe".
Dependent
 Assembly Microsoft.Windows.SystemCompatible,processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.7600.16816"
 could not be found.  Please use sxstrace.exe for detailed diagnosis.
 
[ System Events ]
Error - 01/11/2013 6:03:54 | Computer Name = Casa-PC | Source = Microsoft Antimalware | ID = 2004
Description = %%861 has encountered an error trying to load signatures and will
attempt reverting back to a known-good set of signatures.     Signatures Attempted: %%824

    Error
 Code: 0x80070003     Error description: The system cannot find the path specified.      Signature
 version: 0.0.0.0;0.0.0.0     Engine version: 0.0.0.0
 
Error - 01/11/2013 6:03:51 | Computer Name = Casa-PC | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk0\DR0, has a bad block.
 
Error - 01/11/2013 6:06:06 | Computer Name = Casa-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Servicio
 de Google Update (gupdate) service to connect.
 
Error - 01/11/2013 6:06:06 | Computer Name = Casa-PC | Source = Service Control Manager | ID = 7000
Description = The Servicio de Google Update (gupdate) service failed to start due
 to the following error:   %%1053
 
Error - 01/11/2013 6:14:12 | Computer Name = Casa-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures.     New Signature
 Version:      Previous Signature Version: 1.161.104.0     Update Source: %%859     Update Stage:
 %%852     Source Path:

    User:
 NT AUTHORITY\SYSTEM     Current Engine Version:      Previous Engine Version: 1.1.10003.0

    Error
 code: 0x8024402c     Error description: An unexpected problem occurred while checking
 for updates. For information on installing or troubleshooting updates, see Help
 and Support.
 
Error - 01/11/2013 6:14:12 | Computer Name = Casa-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures.     New Signature
 Version:      Previous Signature Version: 1.161.104.0     Update Source: %%851     Update Stage:
 %%852     Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.10003.0&avdelta=1.161.104.0&asdelta=1.161.104.0&prod=BCF43643-A118-4432-AEDE-D861FCBCFCDE

    Signature
 Type: %%800     Update Type: %%803     User: NT AUTHORITY\NETWORK SERVICE     Current Engine Version:
      Previous Engine Version: 1.1.10003.0     Error code: 0x80072ee7     Error description: The
 server name or address could not be resolved
 
Error - 01/11/2013 6:14:12 | Computer Name = Casa-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures.     New Signature
 Version:      Previous Signature Version: 1.161.104.0     Update Source: %%851     Update Stage:
 %%852     Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.10003.0&avdelta=1.161.104.0&asdelta=1.161.104.0&prod=BCF43643-A118-4432-AEDE-D861FCBCFCDE

    Signature
 Type: %%801     Update Type: %%803     User: NT AUTHORITY\NETWORK SERVICE     Current Engine Version:
      Previous Engine Version: 1.1.10003.0     Error code: 0x80072ee7     Error description: The
 server name or address could not be resolved
 
Error - 01/11/2013 6:14:12 | Computer Name = Casa-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures.     New Signature
 Version:      Previous Signature Version: 1.161.104.0     Update Source: %%851     Update Stage:
 %%852     Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.10003.0&avdelta=1.161.104.0&asdelta=1.161.104.0&prod=BCF43643-A118-4432-AEDE-D861FCBCFCDE

    Signature
 Type: %%800     Update Type: %%803     User: NT AUTHORITY\NETWORK SERVICE     Current Engine Version:
      Previous Engine Version: 1.1.10003.0     Error code: 0x80072ee7     Error description: The
 server name or address could not be resolved
 
Error - 01/11/2013 6:14:12 | Computer Name = Casa-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%861 has encountered an error trying to update signatures.     New Signature
 Version:      Previous Signature Version: 1.161.104.0     Update Source: %%851     Update Stage:
 %%852     Source Path: http://go.microsoft.com/fwlink/?LinkID=121721&clcid=0x409&arch=x64&eng=1.1.10003.0&avdelta=1.161.104.0&asdelta=1.161.104.0&prod=BCF43643-A118-4432-AEDE-D861FCBCFCDE

    Signature
 Type: %%801     Update Type: %%803     User: NT AUTHORITY\NETWORK SERVICE     Current Engine Version:
      Previous Engine Version: 1.1.10003.0     Error code: 0x80072ee7     Error description: The
 server name or address could not be resolved
 
Error - 01/11/2013 16:45:23 | Computer Name = Casa-PC | Source = Service Control Manager | ID = 7034
Description = The lxcg_device service terminated unexpectedly.  It has done this
 1 time(s).
 
 
< End of report >
 



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,731 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:08:39 AM

Posted 03 November 2013 - 05:42 PM

Here are our next steps.

===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, select OK, then Run
  • Click on Delete
  • Confirm each time with OK
  • Your computer will be rebooted automatically. A text file will open after the restart
  • Copy and paste the contents in your reply
  • You can find the logfile at C:\AdwCleaner[S1].txt
===================================================

Junkware Removal Tool by thisisu

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Run OTL Fix

--------------------
  • Double click on the otlicon.png icon on your desktop.
  • Copy and Paste the following code into the customscanfix.png textbox.
:OTL
O4 - HKLM..\Run: []  File not found
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O20 - AppInit_DLLs: (c:\progra~3\browse~1\25976~1.107\{c16c1~1\mngr.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
@Alternate Data Stream - 168 bytes -> C:\Users\Casa\Desktop\DNI2.jpeg:3or4kl4x13tuuug3Byamue2s4b
@Alternate Data Stream - 168 bytes -> C:\Users\Casa\Desktop\DNI.jpeg:3or4kl4x13tuuug3Byamue2s4b
:Commands
[emptytemp]
[emptyjava]
[emptyflash]
  • Push runfix.png
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click the OK button.
  • A report will open. Copy and Paste that report in your next reply.
===================================================

MGADiag Tool

-------------------
  • Download MGADiag Tool and save it to your desktop
  • Double click the icon then if necessary click OK on the Executable File warning
  • Click Run, then Continue
  • Once completed a Microsoft Genuine Advantage Diagnostic Tool screen will open
  • Click the Windows tab and click Copy
  • Paste the information in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • AdwCleaner log
  • Junkware log
  • OTL log
  • MGADiag information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users