Solved Trojan Horse hider! netbt.sys file discovered by AVG

[Broni]

Well, we removed couple of things through OTLPE so let it run.
Are you running it from safe mode?

 

[AlexR]

Thanks Broni. It's great to hear that we're moving in the right direction.

It's in normal mode.

 

[Broni]

Restart manually to safe mode and run Combofix from there.

 

[AlexR]

I've restarted in Safe Mode.

Firstly, on start up I got the message that the Wastepaper bin in C:\ is damaged & did I want to empty it - to which I said Yes.

On starting ComboFix, which I did with right click to run as administrator, it told me twice that access was denied as administrator permissions were required for something. After a couple of minutes the Autoscan has started & I'm back at the "typically doesn't take more than 10 minutes" screen.

Have I done something wrong? Shall I let it go for a while? Thanks

 

[Broni]

Yes, let it run.

 

[AlexR]

It's still running......

Should I stop it?

 

[Broni]

Yes.

Download OTL to your Desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\tasks\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
netbt.sys
/md5stop

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[AlexR]

I've still got OTL from when we did the same thing 3 or 4 days ago. I guess I don't need to download it again, do I? Also, should I do this in Safe Mode, or revert to normal?

Thanks

 

[Broni]

You can run existing OTL from normal mode.

 

[AlexR]

OTL.txt (Part 1 of 2)

OTL logfile created on: 08/03/2012 20:41:00 - Run 2
OTL by OldTimer - Version 3.2.35.1 Folder = C:\Users\Alex\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C0A | Country: España | Language: ESN | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,06 Gb Available Physical Memory | 52,90% Memory free
4,23 Gb Paging File | 3,19 Gb Available in Paging File | 75,48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139,27 Gb Total Space | 33,31 Gb Free Space | 23,92% Space Free | Partition Type: NTFS

Computer Name: ALEX1 | User Name: Alex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/04 22:25:58 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
PRC - [2011/12/21 00:41:44 | 006,676,808 | ---- | M] (COMODO) -- C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
PRC - [2011/12/19 18:59:00 | 001,960,584 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2011/11/23 11:27:04 | 001,052,472 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
PRC - [2011/11/23 11:27:04 | 000,992,056 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO GeekBuddy\CLPS.exe
PRC - [2011/10/27 22:00:19 | 000,273,528 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\realplayer\Update\realsched.exe
PRC - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/04/20 09:50:48 | 002,848,144 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/18 10:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2009/11/28 08:39:24 | 002,396,464 | ---- | M] () -- C:\Program Files\Hide My IP 2009\HideMyIpSrv.exe
PRC - [2009/07/08 02:53:36 | 000,472,112 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmapp.exe
PRC - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/06 12:59:12 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) -- C:\Windows\System32\atashost.exe
PRC - [2009/03/05 17:59:50 | 000,313,264 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2009/03/05 17:59:50 | 000,192,512 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2009/03/05 17:41:58 | 005,189,992 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/10/14 21:38:56 | 000,623,992 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
PRC - [2007/10/04 17:59:54 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2007/09/13 14:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/06/15 11:45:20 | 000,469,112 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
PRC - [2007/05/16 18:07:16 | 000,411,768 | ---- | M] (Sony Corporation) -- C:\Program Files\sony\VAIO Camera Utility\VCUServe.exe
PRC - [2007/02/13 14:19:48 | 000,182,392 | ---- | M] (Sony Corporation) -- C:\Program Files\sony\VAIO Event Service\VESMgr.exe
PRC - [2007/02/02 20:38:14 | 002,756,608 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2007/02/02 19:28:06 | 000,278,528 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
PRC - [2007/02/02 13:56:52 | 000,118,784 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2007/01/30 16:47:48 | 000,307,200 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
PRC - [2007/01/26 10:59:02 | 002,170,880 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
PRC - [2007/01/22 19:39:32 | 000,321,656 | ---- | M] (Sony Corporation) -- C:\Program Files\sony\ISB Utility\ISBMgr.exe
PRC - [2007/01/12 21:41:40 | 000,278,528 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2007/01/12 06:52:25 | 000,118,784 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2007/01/12 06:52:24 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apntex.exe
PRC - [2007/01/04 18:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\eEBAPI\eEBSVC.exe
PRC - [2006/11/02 13:35:35 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe
PRC - [2006/11/02 10:45:59 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe
PRC - [2006/10/27 19:13:48 | 000,270,336 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
PRC - [2006/01/23 22:14:10 | 000,069,632 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe


========== Modules (No Company Name) ==========

MOD - [2011/07/29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2007/05/16 18:07:16 | 000,040,960 | ---- | M] () -- C:\Program Files\sony\VAIO Camera Utility\VCULib.dll
MOD - [2005/07/22 20:30:20 | 000,065,536 | ---- | M] () -- C:\Windows\System32\TosCommAPI.dll
MOD - [2004/10/14 09:18:24 | 000,040,960 | ---- | M] () -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtAfh.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (winvnc)
SRV - File not found [Auto | Stopped] -- -- (V0080Dev)
SRV - File not found [Auto | Stopped] -- -- (twotrack)
SRV - File not found [Auto | Stopped] -- -- (TuneUp.ProgramStatisticsSvc)
SRV - File not found [Auto | Stopped] -- -- (tga)
SRV - File not found [Auto | Stopped] -- -- (symantecantibotfilter)
SRV - File not found [Auto | Stopped] -- -- (symantecantibotdriver)
SRV - File not found [Auto | Stopped] -- -- (sr_watchdog)
SRV - File not found [Auto | Stopped] -- -- (sony_ssm.sys)
SRV - File not found [Auto | Stopped] -- -- (sisnic)
SRV - File not found [Auto | Stopped] -- -- (sigfilt)
SRV - File not found [Auto | Stopped] -- -- (SerTVOutCtlr)
SRV - File not found [Auto | Stopped] -- -- (se59obex)
SRV - File not found [Auto | Stopped] -- -- (se58mdm)
SRV - File not found [Auto | Stopped] -- -- (SE2Cobex)
SRV - File not found [Auto | Stopped] -- -- (SE27mdfl)
SRV - File not found [Auto | Stopped] -- -- (s24trans)
SRV - File not found [Auto | Stopped] -- -- (rxmssync)
SRV - File not found [Auto | Stopped] -- -- (RTL8169)
SRV - File not found [Auto | Stopped] -- -- (qmofiltr)
SRV - File not found [Auto | Stopped] -- -- (Programador de LiveUpdate automático)
SRV - File not found [Auto | Stopped] -- -- (pavatscheduler)
SRV - File not found [Auto | Stopped] -- -- (pav_security)
SRV - File not found [Auto | Stopped] -- -- (pae_1394)
SRV - File not found [Auto | Stopped] -- -- (oracle_load_balancer_60_server-forms6ip14)
SRV - File not found [Auto | Stopped] -- -- (ood2000)
SRV - File not found [Auto | Stopped] -- -- (odysseyIM4)
SRV - File not found [Auto | Stopped] -- -- (nwrdr)
SRV - File not found [Auto | Stopped] -- -- (nvstor64)
SRV - File not found [Auto | Stopped] -- -- (nsausvc)
SRV - File not found [Auto | Stopped] -- -- (nisvcloc)
SRV - File not found [Auto | Stopped] -- -- (MTsensor)
SRV - File not found [Auto | Stopped] -- -- (mohfilt)
SRV - File not found [Auto | Stopped] -- -- (mhn)
SRV - File not found [Auto | Stopped] -- -- (mcproxy)
SRV - File not found [Auto | Stopped] -- -- (lxcf_device)
SRV - File not found [Auto | Stopped] -- -- (lvckap)
SRV - File not found [Auto | Stopped] -- -- (klblmain)
SRV - File not found [Auto | Stopped] -- -- (hnmsvc)
SRV - File not found [Auto | Stopped] -- -- (gotomypc)
SRV - File not found [Auto | Stopped] -- -- (EIO_XP)
SRV - File not found [Auto | Stopped] -- -- (e1express)
SRV - File not found [Auto | Stopped] -- -- (DivisCTP)
SRV - File not found [Auto | Stopped] -- -- (cpucoolserver)
SRV - File not found [Auto | Stopped] -- -- (cpqrcmc)
SRV - File not found [Auto | Stopped] -- -- (cdrbsdrv)
SRV - File not found [Auto | Stopped] -- -- (Cam5603C)
SRV - File not found [Auto | Stopped] -- -- (axinstsv)
SRV - File not found [Auto | Stopped] -- -- (ati2mpaa)
SRV - File not found [On_Demand | Stopped] -- -- (AresChatServer)
SRV - File not found [Auto | Stopped] -- -- (AppnBase)
SRV - File not found [Auto | Stopped] -- -- (alcan5wn)
SRV - File not found [Auto | Stopped] -- -- (aiclient)
SRV - [2011/12/19 18:59:00 | 001,960,584 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2011/11/23 11:27:04 | 001,052,472 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe -- (CLPSLS)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2009/11/28 08:39:24 | 002,396,464 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Hide My IP 2009\HideMyIpSrv.exe -- (HideMyIpSRV)
SRV - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2009/03/06 12:59:12 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) [Auto | Running] -- C:\Windows\System32\atashost.exe -- (atashost)
SRV - [2009/03/05 17:59:50 | 000,313,264 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2009/03/05 17:59:50 | 000,192,512 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2009/03/05 17:59:50 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2009/03/05 17:41:58 | 005,189,992 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/01/19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2007/10/04 17:59:54 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/09/13 14:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/05/31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/02/13 14:19:48 | 000,182,392 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2007/02/02 13:56:52 | 000,118,784 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2007/01/24 15:56:24 | 000,075,320 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AvLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2007/01/24 15:56:20 | 000,112,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AvLib\SsBeSvc.exe -- (SonicStage Back-End Service)
SRV - [2007/01/16 13:05:00 | 002,523,136 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2007/01/16 13:05:00 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-UCLS-UPnP) VAIO Media Content Collection (UPnP)
SRV - [2007/01/16 13:05:00 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP)
SRV - [2007/01/10 15:51:06 | 000,745,472 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\sony\VAIO Media Integrated Server\UCLS.exe -- (VAIOMediaPlatform-UCLS-AppServer)
SRV - [2007/01/08 16:06:40 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-UCLS-HTTP) VAIO Media Content Collection (HTTP)
SRV - [2007/01/08 16:06:40 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP)
SRV - [2007/01/08 16:01:34 | 000,491,520 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2007/01/04 18:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\eEBAPI\eEBSVC.exe -- (EpsonBidirectionalService)
SRV - [2006/12/14 01:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AvLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 01:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AvLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 00:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AvLib\PACSPTISVR.exe -- (PACSPTISVR)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (catchme)
DRV - [2012/01/17 21:00:32 | 000,491,816 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2011/12/19 18:59:06 | 000,082,400 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\inspect.sys -- (inspect)
DRV - [2011/12/19 18:59:06 | 000,038,616 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2011/05/10 07:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2010/09/08 11:19:51 | 000,031,848 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rrnetcap.sys -- (RRNetCapMP)
DRV - [2010/09/08 11:19:51 | 000,031,848 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rrnetcap.sys -- (RRNetCap)
DRV - [2010/07/02 12:41:30 | 000,057,800 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2009/07/07 14:48:44 | 000,027,696 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\purendis.sys -- (purendis)
DRV - [2009/07/07 14:48:44 | 000,026,672 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\pnarp.sys -- (pnarp)
DRV - [2009/05/26 10:35:50 | 008,235,648 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/04/11 05:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2008/06/19 09:51:54 | 000,101,632 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008/03/10 09:09:16 | 000,028,224 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PCAMp50.sys -- (PCAMp50)
DRV - [2008/03/10 09:09:16 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2008/01/19 07:14:59 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2008/01/19 07:14:12 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)
DRV - [2007/09/13 14:46:06 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/06/21 03:51:28 | 002,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Controlador del adaptador Intel(R)
DRV - [2007/04/23 12:29:00 | 000,812,544 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2007/04/17 19:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2007/04/05 02:03:44 | 000,031,104 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SonyImgF.sys -- (SonyImgF)
DRV - [2007/03/15 20:19:32 | 000,074,240 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FLx86.sys -- (R5U870FLx86)
DRV - [2007/03/15 20:19:32 | 000,043,904 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FUx86.sys -- (R5U870FUx86)
DRV - [2007/02/06 06:54:39 | 000,027,520 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SonyNC.sys -- (SNC)
DRV - [2007/01/24 13:57:38 | 000,073,728 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2007/01/22 09:43:26 | 000,053,376 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2007/01/12 20:41:32 | 000,113,792 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2007/01/12 20:16:54 | 000,040,576 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfusb.sys -- (tosrfusb)
DRV - [2007/01/12 06:52:24 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/01/10 12:09:12 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/11/20 16:55:16 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2006/11/08 08:02:38 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
DRV - [2006/11/02 08:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Controlador de adaptador Intel(R)
DRV - [2006/10/18 10:56:30 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2006/10/10 18:33:00 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte)
DRV - [2005/08/01 15:45:00 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005/01/06 12:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com
IE - HKLM\..\SearchScopes,DefaultScope = {83C89821-F781-45C7-9AE0-D60E9D25BAC2}
IE - HKLM\..\SearchScopes\{83C89821-F781-45C7-9AE0-D60E9D25BAC2}: "URL" = http://www.google.es/search?hl=es&q={searchTerms}&meta=


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3790430613-2635612168-4138667699-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-3790430613-2635612168-4138667699-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3790430613-2635612168-4138667699-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-3790430613-2635612168-4138667699-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3790430613-2635612168-4138667699-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3790430613-2635612168-4138667699-1003\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\InprocServer32 File not found
IE - HKU\S-1-5-21-3790430613-2635612168-4138667699-1003\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-3790430613-2635612168-4138667699-1003\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=100476&babsrc=SP_ss&mntrId=ce070d62000000000000001bfb199c1c
IE - HKU\S-1-5-21-3790430613-2635612168-4138667699-1003\..\SearchScopes\{3F040CC5-6409-419C-A0E6-3B7BC3D698A7}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=SPC2&o=15000&src=kw&q={searchTerms}&locale=es_ES&apn_ptnrs=PV&apn_dtid=YYYYYYYYES&apn_uid=2de66ec4-efc9-44ec-948f-537ffdd02f3d&apn_sauid=D915F3F0-03C6-479F-A3F7-384768212BA1&
IE - HKU\S-1-5-21-3790430613-2635612168-4138667699-1003\..\SearchScopes\{83C89821-F781-45C7-9AE0-D60E9D25BAC2}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SNYK_es
IE - HKU\S-1-5-21-3790430613-2635612168-4138667699-1003\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={5128D9CC-E9D3-4571-8B68-CFBE13FA6979}&mid=03057f60834647d197620f14772b30d6-b2e4715dece078f03028f46c6085068e2f763c30&lang=en&ds=AVG&pr=fr&d=2011-10-16 11:24:32&v=10.0.0.7&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-3790430613-2635612168-4138667699-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3790430613-2635612168-4138667699-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/10/27 22:01:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/01/08 11:40:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/25 12:44:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/26 00:51:22 | 000,000,000 | ---D | M]

[2012/03/05 21:48:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2008/04/03 08:25:32 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012/03/05 21:48:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2011/08/06 09:56:57 | 000,000,000 | ---D | M] (Hide My IP) -- C:\Program Files\mozilla firefox\extensions\staff@hide-my-ip.com
[2012/02/25 12:44:44 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/03/05 21:48:09 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/12 11:45:06 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/01/19 20:49:20 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2011/11/29 21:18:30 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012/02/12 11:45:06 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/12 11:45:06 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/02/12 11:45:06 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/02/12 11:45:06 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: AVG Secure Search (Enabled)
CHR - default_search_provider: search_url = http://isearch.avg.com/search?cid={5128D9CC-E9D3-4571-8B68-CFBE13FA6979}&mid=03057f60834647d197620f14772b30d6-b2e4715dece078f03028f46c6085068e2f763c30&lang=en&ds=AVG&pr=fr&d=2011-10-16 11:24:32&v=10.0.0.7&sap=dsp&q={searchTerms}
CHR - default_search_provider: suggest_url = http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: registryAccess (Enabled) = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaodiijipkjcmlclfmdmcoakmloobh\7.13.2.19441_0\background/registryAccess.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: ClickPotatoLite Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npclntax_ClickPotatoLiteSA.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: DivX\u00AE Content Upload Plugin (Enabled) = C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files\AutocompletePro\AutocompletePro.dll (SimplyGen)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll (Your Company Name)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O3 - HKU\S-1-5-21-3790430613-2635612168-4138667699-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-3790430613-2635612168-4138667699-1003\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe" File not found
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe (COMODO)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe (COMODO)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VAIOCameraUtility] C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe (Sony Corporation)
O4 - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe ()
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3790430613-2635612168-4138667699-1003..\Run: [Epson Stylus SX420W(Red)] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIGCE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-3790430613-2635612168-4138667699-1003..\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe ()
O7 - HKU\S-1-5-21-3790430613-2635612168-4138667699-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3790430613-2635612168-4138667699-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-3790430613-2635612168-4138667699-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found

 

[AlexR]

OTL.txt (Part 2 of 2)

O9 - Extra Button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll ()
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe ()
O9 - Extra 'Tools' menuitem : PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\HMIPCore.dll (My Privacy Tools, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\HMIPCore.dll (My Privacy Tools, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\HMIPCore.dll (My Privacy Tools, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\HMIPCore.dll (My Privacy Tools, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\HMIPCore.dll (My Privacy Tools, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.58.61.250 80.58.61.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{15448C3D-5D86-4B6C-830E-B4CE2A799D7E}: DhcpNameServer = 212.166.132.110 212.73.32.67
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{72FA9FF1-F408-4D55-B2BB-392633706A67}: DhcpNameServer = 80.58.61.250 80.58.61.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ADC11338-86D6-4FA2-AEE2-7F464DC59742}: NameServer = 80.58.61.250,80.58.61.254
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Windows\System32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Users\Alex\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\Alex\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{155a87f1-cc16-11dd-bdf9-0013a9c3ea85}\Shell\AutoRun\command - "" = F:\AutoPlay.exe -c
O33 - MountPoints2\{3c1fcb7d-7455-11dd-8a6c-0013a9c3ea85}\Shell - "" = AutoRun
O33 - MountPoints2\{3c1fcb7d-7455-11dd-8a6c-0013a9c3ea85}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{480ecf4e-7686-11dc-8dfa-001bfb199c1c}\Shell - "" = AutoRun
O33 - MountPoints2\{480ecf4e-7686-11dc-8dfa-001bfb199c1c}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{480ecf76-7686-11dc-8dfa-001bfb199c1c}\Shell - "" = AutoRun
O33 - MountPoints2\{480ecf76-7686-11dc-8dfa-001bfb199c1c}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{480ecf78-7686-11dc-8dfa-001bfb199c1c}\Shell - "" = AutoRun
O33 - MountPoints2\{480ecf78-7686-11dc-8dfa-001bfb199c1c}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{82e1f752-7a69-11dc-9867-001bfb199c1c}\Shell - "" = AutoRun
O33 - MountPoints2\{82e1f752-7a69-11dc-9867-001bfb199c1c}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{82e1f754-7a69-11dc-9867-001bfb199c1c}\Shell - "" = AutoRun
O33 - MountPoints2\{82e1f754-7a69-11dc-9867-001bfb199c1c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{c9623c6b-768c-11dc-b171-0013a9c3ea85}\Shell - "" = AutoRun
O33 - MountPoints2\{c9623c6b-768c-11dc-b171-0013a9c3ea85}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{ddee3c90-d388-11de-818f-0013a9c3ea85}\Shell - "" = AutoRun
O33 - MountPoints2\{ddee3c90-d388-11de-818f-0013a9c3ea85}\Shell\AutoRun\command - "" = I:\AutoRunCardDetector.exe
O33 - MountPoints2\{f23bfbe2-4b7a-11de-85fc-0013a9c3ea85}\Shell - "" = AutoRun
O33 - MountPoints2\{f23bfbe2-4b7a-11de-85fc-0013a9c3ea85}\Shell\AutoRun\command - "" = I:\AutoRunCardDetector.exe
O33 - MountPoints2\{f23bfc16-4b7a-11de-85fc-0013a9c3ea85}\Shell - "" = AutoRun
O33 - MountPoints2\{f23bfc16-4b7a-11de-85fc-0013a9c3ea85}\Shell\AutoRun\command - "" = F:\AutoRunCardDetector.exe
O33 - MountPoints2\{fdd9e0e7-abdc-11dd-b1f3-0013a9c3ea85}\Shell - "" = AutoRun
O33 - MountPoints2\{fdd9e0e7-abdc-11dd-b1f3-0013a9c3ea85}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: nsausvc - File not found
NetSvcs: se58mdm - File not found
NetSvcs: aiclient - File not found
NetSvcs: DivisCTP - File not found
NetSvcs: gotomypc - File not found
NetSvcs: sigfilt - File not found
NetSvcs: EIO_XP - File not found
NetSvcs: mhn - File not found
NetSvcs: cdrbsdrv - File not found
NetSvcs: cpqrcmc - File not found
NetSvcs: RTL8169 - File not found
NetSvcs: pavatscheduler - File not found
NetSvcs: s24trans - File not found
NetSvcs: ati2mpaa - File not found
NetSvcs: SerTVOutCtlr - File not found
NetSvcs: e1express - File not found
NetSvcs: mcproxy - File not found
NetSvcs: pav_security - File not found
NetSvcs: SE27mdfl - File not found
NetSvcs: nvstor64 - File not found
NetSvcs: lxcf_device - File not found
NetSvcs: twotrack - File not found
NetSvcs: cpucoolserver - File not found
NetSvcs: V0080Dev - File not found
NetSvcs: alcan5wn - File not found
NetSvcs: ood2000 - File not found
NetSvcs: TuneUp.ProgramStatisticsSvc - File not found
NetSvcs: AppnBase - File not found
NetSvcs: clipsrv - File not found
NetSvcs: symantecantibotfilter - File not found
NetSvcs: SE2Cobex - File not found
NetSvcs: oracle_load_balancer_60_server-forms6ip14 - File not found
NetSvcs: tga - File not found
NetSvcs: sr_watchdog - File not found
NetSvcs: lvckap - File not found
NetSvcs: nisvcloc - File not found
NetSvcs: klblmain - File not found
NetSvcs: MTsensor - File not found
NetSvcs: Cam5603C - File not found
NetSvcs: hnmsvc - File not found
NetSvcs: se59obex - File not found
NetSvcs: rxmssync - File not found
NetSvcs: nwrdr - File not found
NetSvcs: symantecantibotdriver - File not found
NetSvcs: sisnic - File not found
NetSvcs: sony_ssm.sys - File not found
NetSvcs: winvnc - File not found
NetSvcs: axinstsv - File not found
NetSvcs: mohfilt - File not found
NetSvcs: odysseyIM4 - File not found
NetSvcs: pae_1394 - File not found
NetSvcs: qmofiltr - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm ()
Drivers32: msacm.l3acm - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.dvsd - C:\Program Files\Common Files\Sony Shared\VideoLib\sonydv.dll (Sony Corporation)
Drivers32: vidc.tscc - C:\Windows\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/03/08 20:36:18 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{49E4F41F-4207-4BDB-8CC3-F24612559CB0}
[2012/03/08 20:36:12 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{FAEDC772-A65F-4C9B-915D-3ACFB041CC34}
[2012/03/07 22:19:11 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/03/07 22:19:11 | 000,000,000 | --SD | C] -- \ComboFix
[2012/03/07 22:14:07 | 000,000,000 | ---D | C] -- C:\Users\Alex\Desktop\Nueva carpeta
[2012/03/07 19:47:16 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/03/07 19:47:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/03/07 19:47:16 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/03/07 19:46:42 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/07 19:46:42 | 000,000,000 | ---D | C] -- \Qoobox
[2012/03/07 19:38:54 | 004,430,732 | R--- | C] (Swearware) -- C:\Users\Alex\Desktop\ComboFix.exe
[2012/03/07 19:15:15 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{6AFF0E1D-D733-4D2D-99F1-B246AB28EFD2}
[2012/03/07 19:15:10 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{9FF795FB-14A0-4BB1-A40A-B09F28FAEA61}
[2012/03/07 12:19:19 | 002,237,440 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2012/03/07 12:19:06 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/03/07 12:19:06 | 000,000,000 | ---D | C] -- \_OTL
[2012/03/05 00:59:05 | 000,000,000 | ---D | C] -- C:\Users\Alex\Desktop\GrantPerms
[2012/03/04 23:54:05 | 001,153,912 | ---- | C] (Emsi Software GmbH) -- C:\Users\Alex\Desktop\BlitzBlank.exe
[2012/03/04 22:25:45 | 000,584,704 | ---- | C] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
[2012/03/04 22:22:12 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{3D239792-0F71-43FA-8809-62816A5E7122}
[2012/03/03 04:24:38 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{31DF9AB9-D44C-4ED3-870B-C5104ABE273C}
[2012/03/03 03:48:16 | 000,083,968 | ---- | C] (Esage Lab) -- C:\Users\Alex\Desktop\boot_cleaner.exe
[2012/03/03 02:13:21 | 004,730,880 | ---- | C] (AVAST Software) -- C:\Users\Alex\Desktop\aswMBR.exe
[2012/03/02 21:10:37 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{60558CDE-BCC0-437D-B65C-0780B60BC7F4}
[2012/03/02 21:10:21 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{03DF3C14-8A86-4D50-831D-4AF9496068FB}
[2012/03/01 23:33:08 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Alex\Desktop\dds.scr
[2012/03/01 22:42:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/01 22:42:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/03/01 22:42:45 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/03/01 22:42:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/03/01 05:34:22 | 000,000,000 | ---D | C] -- C:\Program Files\Pure Networks
[2012/02/29 23:22:24 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\ElevatedDiagnostics
[2012/02/29 23:18:26 | 000,000,000 | ---D | C] -- C:\MATS
[2012/02/29 23:18:26 | 000,000,000 | ---D | C] -- \MATS
[2012/02/29 22:47:00 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{F593320D-EEF6-43E0-AB98-49F8C2331379}
[2012/02/29 07:16:41 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{2ED913C6-D08D-4340-A84D-696886EFB76D}
[2012/02/29 07:16:39 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{5E093480-2754-40D4-8F6B-7C38230A89D7}
[2012/02/29 02:31:18 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/02/29 02:02:35 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{C8C65D31-2596-4BA9-B210-893FE5B9A2E5}
[2012/02/29 01:42:07 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{23AD7B5E-E160-4F30-972E-633037E6DAA9}
[2012/02/29 01:41:59 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{9E118399-76D7-4B01-A6E9-1AF55306457A}
[2012/02/29 01:41:01 | 000,000,000 | ---D | C] -- C:\ProgramData\CPA_VA
[2012/02/29 00:30:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2012/02/29 00:29:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
[2012/02/29 00:29:34 | 000,000,000 | ---D | C] -- C:\Program Files\Comodo
[2012/02/28 22:45:50 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{2DE96566-4A5C-45C3-A84B-9E65F6BECD59}
[2012/02/28 20:39:24 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012/02/28 20:39:24 | 000,000,000 | -H-D | C] -- \$AVG
[2012/02/28 13:58:33 | 000,000,000 | -HSD | C] -- C:\Users\Alex\AppData\Local\784db967
[2012/02/28 08:48:21 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{A954444E-9975-48CE-927C-68EC66877FDE}
[2012/02/28 08:48:01 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{FB506D39-0D68-4370-A4EE-0C103E9C6341}
[2012/02/27 07:50:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011
[2012/02/26 20:25:18 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{4FAFA812-F776-45FC-8672-D50D09663773}
[2012/02/26 20:24:58 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{59FFEBCF-7949-432D-8033-1987AB8A0177}
[2012/02/26 01:51:13 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/02/26 01:40:49 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{8141EBDD-C803-4730-ACF9-C39697BD4167}
[2012/02/26 01:01:52 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{88F79FF9-D064-4DF5-B911-1BFA9E3F5438}
[2012/02/26 01:01:42 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{D80E769F-FC79-4C6B-80F2-F9AFA48F8682}
[2012/02/26 00:32:08 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{6ADBBDF9-C208-4B8C-B778-23E8A8135C62}
[2012/02/26 00:31:37 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{C73A60B8-45A1-495A-90D7-E007758A540C}
[2012/02/25 23:42:45 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{66CC1A27-3490-41DC-B43F-95EC64E97836}
[2012/02/25 23:20:55 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{88D2767A-6FE7-45D8-8450-562039C2A909}
[2012/02/25 23:20:33 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{32AB2642-DB5E-4A62-8768-CB806D177981}
[2012/02/25 22:24:21 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{A0ED7053-E390-45E5-9009-495AA8C85C81}
[2012/02/25 22:24:02 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{C2E1EA9E-C816-4495-A2FF-80F06D6F9A6B}
[2012/02/25 17:10:05 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{15AA8A03-7E69-4502-8346-BBBBE59E0B79}
[2012/02/25 17:09:30 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{6A9263FF-D1CE-47CF-930F-EAF61C9DBA44}
[2012/02/25 12:24:48 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{7D9B443E-E5F2-43D4-8324-0D9F45A71DA1}
[2012/02/25 12:16:25 | 000,000,000 | ---D | C] -- C:\Program Files\Linksys
[2012/02/25 12:06:33 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{6FEE4590-E53C-48BC-8A53-0B8D4EF97126}
[2012/02/25 11:36:20 | 000,076,184 | ---- | C] (WebEx Communications, Inc.) -- C:\Windows\System32\atsckernel.exe
[2012/02/25 11:36:11 | 000,020,376 | ---- | C] (WebEx Communications, Inc.) -- C:\Windows\System32\atashost.exe
[2012/02/25 11:35:42 | 000,000,000 | ---D | C] -- C:\ProgramData\webex
[2012/02/25 11:29:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Pure Networks Shared
[2012/02/25 11:28:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Pure Networks
[2012/02/25 11:25:53 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{D8AB69F3-A6D9-4595-A98B-64A33605A736}
[2012/02/23 07:13:49 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{B56E4FCC-84F8-4A5A-947D-5324C0688AF9}
[2012/02/23 07:13:38 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{5625D403-FE33-4996-826C-A2E4D0ED6F2A}
[2012/02/15 07:05:42 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{516E1273-AFCD-4AB3-BEE9-F8BF06457136}
[2012/02/15 06:42:14 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{FFAF98B4-ADD5-4BAF-B23B-6C4BFD6C4023}
[2012/02/13 22:21:54 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{B97D186F-F691-4998-AFA1-FD6F50D6AB94}
[2012/02/13 22:21:02 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{88FACDBD-5293-4E49-A585-E08F367125D8}
[2012/02/08 20:59:51 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{C57E4485-B618-47A2-9C86-3F6443FE0073}

========== Files - Modified Within 30 Days ==========

[2012/03/08 21:19:59 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/08 20:31:57 | 000,001,084 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/08 20:30:40 | 000,004,080 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/08 20:30:40 | 000,004,080 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/08 20:30:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/07 22:08:47 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/03/07 19:39:18 | 004,430,732 | R--- | M] (Swearware) -- C:\Users\Alex\Desktop\ComboFix.exe
[2012/03/05 19:20:32 | 000,008,268 | ---- | M] () -- C:\Users\Alex\AppData\Local\d3d9caps.dat
[2012/03/05 00:56:36 | 000,450,985 | ---- | M] () -- C:\Users\Alex\Desktop\GrantPerms.zip
[2012/03/04 23:54:08 | 001,153,912 | ---- | M] (Emsi Software GmbH) -- C:\Users\Alex\Desktop\BlitzBlank.exe
[2012/03/04 22:25:58 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
[2012/03/04 22:23:50 | 000,000,000 | ---- | M] () -- C:\Windows\tosOBEX.INI
[2012/03/03 03:44:48 | 000,000,512 | ---- | M] () -- C:\Users\Alex\Desktop\MBR.dat
[2012/03/03 02:13:28 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Users\Alex\Desktop\aswMBR.exe
[2012/03/02 07:02:05 | 000,354,280 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/03/01 23:33:10 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Alex\Desktop\dds.scr
[2012/03/01 22:50:09 | 000,302,592 | ---- | M] () -- C:\Users\Alex\Desktop\iqegc7xy.exe
[2012/03/01 05:33:24 | 008,892,928 | ---- | M] () -- C:\ProgramData\atscie.msi
[2012/02/26 03:00:02 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\RegInOut Scheduled Scan - Alex.job
[2012/02/25 22:55:25 | 000,731,210 | ---- | M] () -- C:\Windows\System32\perfh00A.dat
[2012/02/25 22:55:25 | 000,657,006 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/25 22:55:25 | 000,155,906 | ---- | M] () -- C:\Windows\System32\perfc00A.dat
[2012/02/25 22:55:25 | 000,131,020 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/25 16:33:39 | 000,009,472 | ---- | M] () -- C:\Users\Alex\Desktop\Wireless Security Settings.html

========== Files Created - No Company Name ==========

[2012/03/07 19:47:16 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/03/07 19:47:16 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/03/07 19:47:16 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/03/07 19:47:16 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/03/07 19:47:16 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/03/07 12:19:19 | 002,237,440 | R--- | C] () -- \OTLPE.exe
[2012/03/05 00:56:35 | 000,450,985 | ---- | C] () -- C:\Users\Alex\Desktop\GrantPerms.zip
[2012/03/04 22:23:50 | 000,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI
[2012/03/03 02:18:44 | 000,000,512 | ---- | C] () -- C:\Users\Alex\Desktop\MBR.dat
[2012/03/01 22:49:59 | 000,302,592 | ---- | C] () -- C:\Users\Alex\Desktop\iqegc7xy.exe
[2012/03/01 05:35:06 | 000,001,938 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Network Magic.lnk
[2012/03/01 05:20:25 | 000,007,637 | ---- | C] () -- C:\Users\Alex\Desktop\WiLstPrd.vbs
[2012/03/01 05:20:25 | 000,003,413 | ---- | C] () -- C:\Users\Alex\Desktop\Clean.cmd
[2012/02/25 16:33:39 | 000,009,472 | ---- | C] () -- C:\Users\Alex\Desktop\Wireless Security Settings.html
[2012/02/25 11:33:59 | 008,892,928 | ---- | C] () -- C:\ProgramData\atscie.msi
[2011/11/29 21:18:56 | 000,000,059 | ---- | C] () -- \user.js
[2011/08/07 20:36:39 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/08/07 20:36:39 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/05/26 14:54:23 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011/02/03 10:53:02 | 000,000,092 | ---- | C] () -- C:\Users\Alex\AppData\Local\fusioncache.dat
[2011/01/17 22:17:50 | 000,000,095 | ---- | C] () -- C:\Windows\ParrotFlashWiz.INI
[2010/10/30 10:49:32 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/04/02 06:28:28 | 000,000,282 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/04/01 11:26:49 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2010/04/01 10:50:49 | 000,000,256 | ---- | C] () -- C:\Windows\System32\pool.bin

========== LOP Check ==========

[2011/08/07 20:35:08 | 000,000,000 | ---D | M] -- C:\Users\Alex\.bitrock
[2007/05/10 09:42:20 | 000,000,000 | -H-D | M] -- C:\Users\Alex\AppData
[2007/10/02 17:42:23 | 000,000,000 | -HSD | M] -- C:\Users\Alex\Configuración local
[2007/05/10 09:42:11 | 000,000,000 | R--D | M] -- C:\Users\Alex\Contacts
[2007/10/02 17:42:23 | 000,000,000 | -HSD | M] -- C:\Users\Alex\Cookies
[2007/10/02 17:42:23 | 000,000,000 | -HSD | M] -- C:\Users\Alex\Datos de programa
[2012/03/07 22:18:31 | 000,000,000 | R--D | M] -- C:\Users\Alex\Desktop
[2012/03/03 03:58:27 | 000,000,000 | R--D | M] -- C:\Users\Alex\Documents
[2012/03/07 19:44:33 | 000,000,000 | R--D | M] -- C:\Users\Alex\Downloads
[2007/10/02 17:42:23 | 000,000,000 | -HSD | M] -- C:\Users\Alex\Entorno de red
[2009/02/08 12:09:41 | 000,000,000 | R--D | M] -- C:\Users\Alex\Favorites
[2007/10/02 17:42:23 | 000,000,000 | -HSD | M] -- C:\Users\Alex\Impresoras
[2011/05/31 13:13:26 | 000,000,000 | ---D | M] -- C:\Users\Alex\JA3_1_0
[2007/10/03 13:51:19 | 000,000,000 | R--D | M] -- C:\Users\Alex\Links
[2007/10/02 17:42:23 | 000,000,000 | -HSD | M] -- C:\Users\Alex\Menú Inicio
[2007/10/02 17:42:23 | 000,000,000 | -HSD | M] -- C:\Users\Alex\Mis documentos
[2011/10/08 19:48:17 | 000,000,000 | R--D | M] -- C:\Users\Alex\Music
[2011/09/21 18:24:08 | 000,000,000 | ---D | M] -- C:\Users\Alex\MusicUntitled - 21-09-11
[2012/02/25 20:44:16 | 000,000,000 | R--D | M] -- C:\Users\Alex\Pictures
[2007/10/02 17:42:23 | 000,000,000 | -HSD | M] -- C:\Users\Alex\Plantillas
[2007/10/02 17:42:23 | 000,000,000 | -HSD | M] -- C:\Users\Alex\Reciente
[2007/05/10 09:42:21 | 000,000,000 | R--D | M] -- C:\Users\Alex\Saved Games
[2007/10/03 13:51:19 | 000,000,000 | R--D | M] -- C:\Users\Alex\Searches
[2007/10/02 17:42:23 | 000,000,000 | -HSD | M] -- C:\Users\Alex\SendTo
[2012/03/08 20:35:50 | 000,000,000 | ---D | M] -- C:\Users\Alex\Tracing
[2010/10/17 18:23:07 | 000,000,000 | R--D | M] -- C:\Users\Alex\Videos
[2007/05/10 09:42:20 | 000,000,000 | -H-D | M] -- C:\Users\Default\AppData
[2006/11/02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Application Data
[2007/05/10 09:40:00 | 000,000,000 | -HSD | M] -- C:\Users\Default\Configuración local
[2007/05/10 09:42:11 | 000,000,000 | R--D | M] -- C:\Users\Default\Contacts
[2006/11/02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Cookies
[2007/05/10 09:40:00 | 000,000,000 | -HSD | M] -- C:\Users\Default\Datos de programa
[2007/05/10 09:53:09 | 000,000,000 | R--D | M] -- C:\Users\Default\Desktop
[2007/05/19 20:08:00 | 000,000,000 | R--D | M] -- C:\Users\Default\Documents
[2007/05/10 09:42:20 | 000,000,000 | R--D | M] -- C:\Users\Default\Downloads
[2007/05/10 09:40:00 | 000,000,000 | -HSD | M] -- C:\Users\Default\Entorno de red
[2007/05/10 09:42:22 | 000,000,000 | R--D | M] -- C:\Users\Default\Favorites
[2007/05/10 09:40:00 | 000,000,000 | -HSD | M] -- C:\Users\Default\Impresoras
[2007/05/10 09:42:21 | 000,000,000 | R--D | M] -- C:\Users\Default\Links
[2006/11/02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Local Settings
[2007/05/10 09:40:00 | 000,000,000 | -HSD | M] -- C:\Users\Default\Menú Inicio
[2007/05/10 09:40:00 | 000,000,000 | -HSD | M] -- C:\Users\Default\Mis documentos
[2007/05/10 09:42:20 | 000,000,000 | R--D | M] -- C:\Users\Default\Music
[2006/11/02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\My Documents
[2006/11/02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\NetHood
[2007/05/10 12:50:50 | 000,000,000 | R--D | M] -- C:\Users\Default\Pictures
[2007/05/10 09:40:00 | 000,000,000 | -HSD | M] -- C:\Users\Default\Plantillas
[2006/11/02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\PrintHood
[2006/11/02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Recent
[2007/05/10 09:40:00 | 000,000,000 | -HSD | M] -- C:\Users\Default\Reciente
[2007/05/10 09:42:21 | 000,000,000 | R--D | M] -- C:\Users\Default\Saved Games
[2007/05/10 09:42:21 | 000,000,000 | R--D | M] -- C:\Users\Default\Searches
[2006/11/02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\SendTo
[2006/11/02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Start Menu
[2006/11/02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Templates
[2007/05/10 09:42:20 | 000,000,000 | R--D | M] -- C:\Users\Default\Videos
[2007/05/10 09:42:20 | 000,000,000 | -H-D | M] -- C:\Users\Girls\AppData
[2008/05/31 14:42:52 | 000,000,000 | -HSD | M] -- C:\Users\Girls\Configuración local
[2007/05/10 09:42:11 | 000,000,000 | R--D | M] -- C:\Users\Girls\Contacts
[2008/05/31 14:42:52 | 000,000,000 | -HSD | M] -- C:\Users\Girls\Cookies
[2008/05/31 14:42:52 | 000,000,000 | -HSD | M] -- C:\Users\Girls\Datos de programa
[2012/01/05 07:20:08 | 000,000,000 | R--D | M] -- C:\Users\Girls\Desktop
[2008/05/31 14:42:52 | 000,000,000 | R--D | M] -- C:\Users\Girls\Documents
[2007/05/10 09:42:20 | 000,000,000 | R--D | M] -- C:\Users\Girls\Downloads
[2008/05/31 14:42:52 | 000,000,000 | -HSD | M] -- C:\Users\Girls\Entorno de red
[2008/06/17 18:50:55 | 000,000,000 | R--D | M] -- C:\Users\Girls\Favorites
[2008/05/31 14:42:52 | 000,000,000 | -HSD | M] -- C:\Users\Girls\Impresoras
[2008/05/31 14:43:23 | 000,000,000 | R--D | M] -- C:\Users\Girls\Links
[2008/05/31 14:42:52 | 000,000,000 | -HSD | M] -- C:\Users\Girls\Menú Inicio
[2008/05/31 14:42:52 | 000,000,000 | -HSD | M] -- C:\Users\Girls\Mis documentos
[2007/05/10 09:42:20 | 000,000,000 | R--D | M] -- C:\Users\Girls\Music
[2007/05/10 12:50:50 | 000,000,000 | R--D | M] -- C:\Users\Girls\Pictures
[2008/05/31 14:42:52 | 000,000,000 | -HSD | M] -- C:\Users\Girls\Plantillas
[2008/05/31 14:42:52 | 000,000,000 | -HSD | M] -- C:\Users\Girls\Reciente
[2007/05/10 09:42:21 | 000,000,000 | R--D | M] -- C:\Users\Girls\Saved Games
[2008/05/31 14:43:23 | 000,000,000 | R--D | M] -- C:\Users\Girls\Searches
[2008/05/31 14:42:52 | 000,000,000 | -HSD | M] -- C:\Users\Girls\SendTo
[2007/05/10 09:42:20 | 000,000,000 | R--D | M] -- C:\Users\Girls\Videos
[2012/03/07 22:16:04 | 000,000,000 | RH-D | M] -- C:\Users\Public\Desktop
[2012/02/29 01:40:08 | 000,000,000 | R--D | M] -- C:\Users\Public\Documents
[2010/03/05 11:40:21 | 000,000,000 | R--D | M] -- C:\Users\Public\Downloads
[2007/05/19 19:52:23 | 000,000,000 | ---D | M] -- C:\Users\Public\DSD Direct
[2006/11/02 11:23:35 | 000,000,000 | RH-D | M] -- C:\Users\Public\Favorites
[2008/01/24 12:06:45 | 000,000,000 | ---D | M] -- C:\Users\Public\Invoice templates
[2006/11/02 13:50:50 | 000,000,000 | R--D | M] -- C:\Users\Public\Music
[2006/11/02 13:50:50 | 000,000,000 | R--D | M] -- C:\Users\Public\Pictures
[2011/08/07 20:15:15 | 000,000,000 | R--D | M] -- C:\Users\Public\Recorded TV
[2008/01/31 09:45:48 | 000,000,000 | R--D | M] -- C:\Users\Public\Videos
[2012/02/26 03:00:02 | 000,000,330 | ---- | M] () -- C:\Windows\Tasks\RegInOut Scheduled Scan - Alex.job
[2012/03/07 22:08:50 | 000,032,548 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/12/15 03:30:00 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{8EA7B817-37CB-4FEB-8F53-5D1E274A1B58}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2006/09/18 22:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2012/03/05 06:48:07 | 000,001,578 | ---- | M] () -- C:\blitzblank.log
[2009/04/11 07:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2007/05/10 19:32:16 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2008/10/28 16:05:53 | 000,000,000 | ---- | M] () -- C:\dbglev.ini
[2008/10/28 18:05:37 | 000,001,230 | ---- | M] () -- C:\DeskLog-.txt
[2008/10/28 18:07:24 | 000,000,846 | ---- | M] () -- C:\DeskLog.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 07:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 07:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 07:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2007/11/07 07:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2007/11/07 07:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 07:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 07:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 07:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 07:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 07:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 07:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 07:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 07:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 07:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2007/05/10 13:09:54 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2007/05/10 13:09:54 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2002/01/05 03:40:20 | 000,487,424 | ---- | M] (Microsoft Corporation) -- C:\msvcp70.dll
[2002/01/05 03:37:28 | 000,344,064 | ---- | M] (Microsoft Corporation) -- C:\msvcr70.dll
[2012/02/26 12:56:15 | 000,262,144 | ---- | M] () -- C:\ntuser.dat
[2012/02/26 12:56:15 | 000,005,120 | -H-- | M] () -- C:\ntuser.dat.LOG1
[2012/02/25 22:49:48 | 000,000,000 | -H-- | M] () -- C:\ntuser.dat.LOG2
[2012/02/25 22:49:49 | 000,065,536 | -HS- | M] () -- C:\ntuser.dat{f1f49046-5ff5-11e1-8bf3-aaca0ed4bf36}.TM.blf
[2012/02/25 22:49:49 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{f1f49046-5ff5-11e1-8bf3-aaca0ed4bf36}.TMContainer00000000000000000001.regtrans-ms
[2012/02/25 22:49:49 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{f1f49046-5ff5-11e1-8bf3-aaca0ed4bf36}.TMContainer00000000000000000002.regtrans-ms
[2012/02/26 12:56:15 | 000,065,536 | -HS- | M] () -- C:\ntuser.dat{f204f3a6-6011-11e1-ad6b-a2261d65536a}.TM.blf
[2012/02/26 12:56:15 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{f204f3a6-6011-11e1-ad6b-a2261d65536a}.TMContainer00000000000000000001.regtrans-ms
[2012/02/26 12:56:13 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{f204f3a6-6011-11e1-ad6b-a2261d65536a}.TMContainer00000000000000000002.regtrans-ms
[2012/03/07 03:30:35 | 000,139,376 | ---- | M] () -- C:\OTL.Txt
[2011/07/13 03:55:05 | 002,237,440 | R--- | M] (OldTimer Tools) -- C:\OTLPE.exe
[2012/03/08 20:30:15 | 2459,639,808 | -HS- | M] () -- C:\pagefile.sys
[2011/11/29 21:18:56 | 000,000,059 | ---- | M] () -- C:\user.js
[2007/11/07 07:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/05/19 19:45:56 | 000,390,520 | ---- | M] () -- C:\vcredist_x86.log
[2007/11/07 07:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 07:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

< %systemroot%\Fonts\*.com >
[2006/11/02 13:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 13:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 13:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/09/28 16:25:51 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 22:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/01/19 08:34:28 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\1_HPZPPLHN.DLL
[2008/01/19 08:34:28 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\HPZPPLHN.DLL
[2006/11/02 13:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
[2007/04/09 12:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\mdippr.dll
[2006/10/26 18:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/11/10 01:28:46 | 000,301,936 | ---- | M] () -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/09/09 18:38:58 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2007/05/10 19:32:02 | 006,664,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2007/05/10 19:32:01 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2007/05/10 19:32:02 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2007/05/10 19:32:11 | 015,720,448 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2007/05/10 19:32:13 | 006,012,928 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >
[2011/09/07 19:53:24 | 000,003,072 | ---- | M] () -- C:\Windows\system32\Cache.db

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/05/04 07:32:45 | 000,000,442 | -HS- | M] () -- C:\Users\Alex\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2012/03/03 02:13:28 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Users\Alex\Desktop\aswMBR.exe
[2012/03/04 23:54:08 | 001,153,912 | ---- | M] (Emsi Software GmbH) -- C:\Users\Alex\Desktop\BlitzBlank.exe
[2011/09/20 03:02:40 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Users\Alex\Desktop\boot_cleaner.exe
[2012/03/07 19:39:18 | 004,430,732 | R--- | M] (Swearware) -- C:\Users\Alex\Desktop\ComboFix.exe
[2012/03/01 22:50:09 | 000,302,592 | ---- | M] () -- C:\Users\Alex\Desktop\iqegc7xy.exe
[2012/03/04 22:25:58 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
[2008/10/28 12:37:10 | 000,176,526 | ---- | M] (UltraVnc) -- C:\Users\Alex\Desktop\remote.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\tasks\*.* >
[2012/03/08 20:31:57 | 000,001,084 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/08 21:32:26 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/26 03:00:02 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\RegInOut Scheduled Scan - Alex.job
[2012/03/08 20:30:32 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2012/03/07 22:08:50 | 000,032,548 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT
[2010/12/15 03:30:00 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{8EA7B817-37CB-4FEB-8F53-5D1E274A1B58}.job

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2009/11/08 20:29:08 | 000,000,402 | -HS- | M] () -- C:\Users\Alex\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2012/03/01 05:33:24 | 008,892,928 | ---- | M] () -- C:\ProgramData\atscie.msi
[2010/04/02 06:28:28 | 000,000,282 | RHS- | M] () -- C:\ProgramData\ntuser.pol

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2012/03/08 21:24:53 | 000,081,920 | -HS- | M] () -- C:\Users\Alex\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< MD5 for: NETBT.SYS >
[2008/01/19 06:55:35 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=7C5FEE5B1C5728507CD96FB4A13E7A02 -- C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6001.18000_none_6064c861f7442765\netbt.sys
[2006/11/02 09:57:20 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=E3A168912E7EEFC3BD3B814720D68B41 -- C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6000.16386_none_5e2e0665fa591691\netbt.sys
[2012/03/07 08:02:06 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=ECD64230A59CBD93C85F1CD1CAB9F3F6 -- C:\Windows\System32\drivers\netbt.sys
[2012/03/07 08:02:06 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=ECD64230A59CBD93C85F1CD1CAB9F3F6 -- C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6002.18005_none_6250416df465f2b1\netbt.sys

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB16085$] -> -> Unknown point type

< End of report >

 

[AlexR]

It appears as though the OTL.txt file has overridden the existing Run 1 file from 4 dats ago - but there is no Run 2 file for Extras.txt.

I guess I should have deleted the original Run 1 files from the desktop.....

Do I delete these files and do it again?

 

[Broni]

How is computer doing at the moment?

For x86 bit systems please download GrantPerms.zip and save it to your desktop.
For x64 bit systems please download GrantPerms64.zip and save it to your desktop.
Unzip the file and depending on the system run GrantPerms.exe or GrantPerms64.exe
Copy and paste the following in the edit box:

C:\Windows\$NtUninstallKB16085$

Click Unlock. When it is done click "OK".
Click List Permissions and post the result of Perms.txt file that pops up.
A copy of Perms.txt will be saved in the same directory the tool is run.

=====================================================================

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  IE - HKU\S-1-5-21-3790430613-2635612168-4138667699-1003\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\InprocServer32 File not found
  IE - HKU\S-1-5-21-3790430613-2635612168-4138667699-1003\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
  IE - HKU\S-1-5-21-3790430613-2635612168-4138667699-1003\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=100476&babsrc=SP_ss&mntrId=ce070d62000000000000001bfb19 9c1c
  IE - HKU\S-1-5-21-3790430613-2635612168-4138667699-1003\..\SearchScopes\{3F040CC5-6409-419C-A0E6-3B7BC3D698A7}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=SPC2&o=15000&src=kw&q={searchTerms}&locale=es_ES&apn_ ptnrs=PV&apn_dtid=YYYYYYYYES&apn_uid=2de66ec4-efc9-44ec-948f-537ffdd02f3d&apn_sauid=D915F3F0-03C6-479F-A3F7-384768212BA1&
  IE - HKU\S-1-5-21-3790430613-2635612168-4138667699-1003\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={5128D9CC-E9D3-4571-8B68-CFBE13FA6979}&mid=03057f60834647d197620f14772b30d6-b2e4715dece078f03028f46c6085068e2f763c30&lang=en&ds=AVG&pr=fr&d=2011-10-16 11:24:32&v=10.0.0.7&sap=dsp&q={searchTerms}
  [2012/01/19 20:49:20 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
  [2011/11/29 21:18:30 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
  CHR - default_search_provider: AVG Secure Search (Enabled)
  CHR - default_search_provider: search_url = http://isearch.avg.com/search?cid={5128D9CC-E9D3-4571-8B68-CFBE13FA6979}&mid=03057f60834647d197620f14772b30d6-b2e4715dece078f03028f46c6085068e2f763c30&lang=en&ds=AVG&pr=fr&d=2011-10-16 11:24:32&v=10.0.0.7&sap=dsp&q={searchTerms}
  O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
  O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
  O3 - HKU\S-1-5-21-3790430613-2635612168-4138667699-1003\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
  O4 - HKLM..\Run: [] File not found
  O4 - HKLM..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe" File not found
  O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 File not found
  O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
  O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found 
  O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
  O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
  O33 - MountPoints2\{155a87f1-cc16-11dd-bdf9-0013a9c3ea85}\Shell\AutoRun\command - "" = F:\AutoPlay.exe -c
  O33 - MountPoints2\{3c1fcb7d-7455-11dd-8a6c-0013a9c3ea85}\Shell - "" = AutoRun
  O33 - MountPoints2\{3c1fcb7d-7455-11dd-8a6c-0013a9c3ea85}\Shell\AutoRun\command - "" = F:\AutoRun.exe
  O33 - MountPoints2\{480ecf4e-7686-11dc-8dfa-001bfb199c1c}\Shell - "" = AutoRun
  O33 - MountPoints2\{480ecf4e-7686-11dc-8dfa-001bfb199c1c}\Shell\AutoRun\command - "" = G:\AutoRun.exe
  O33 - MountPoints2\{480ecf76-7686-11dc-8dfa-001bfb199c1c}\Shell - "" = AutoRun
  O33 - MountPoints2\{480ecf76-7686-11dc-8dfa-001bfb199c1c}\Shell\AutoRun\command - "" = G:\AutoRun.exe
  O33 - MountPoints2\{480ecf78-7686-11dc-8dfa-001bfb199c1c}\Shell - "" = AutoRun
  O33 - MountPoints2\{480ecf78-7686-11dc-8dfa-001bfb199c1c}\Shell\AutoRun\command - "" = G:\AutoRun.exe
  O33 - MountPoints2\{82e1f752-7a69-11dc-9867-001bfb199c1c}\Shell - "" = AutoRun
  O33 - MountPoints2\{82e1f752-7a69-11dc-9867-001bfb199c1c}\Shell\AutoRun\command - "" = G:\AutoRun.exe
  O33 - MountPoints2\{82e1f754-7a69-11dc-9867-001bfb199c1c}\Shell - "" = AutoRun
  O33 - MountPoints2\{82e1f754-7a69-11dc-9867-001bfb199c1c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
  O33 - MountPoints2\{c9623c6b-768c-11dc-b171-0013a9c3ea85}\Shell - "" = AutoRun
  O33 - MountPoints2\{c9623c6b-768c-11dc-b171-0013a9c3ea85}\Shell\AutoRun\command - "" = H:\AutoRun.exe
  O33 - MountPoints2\{ddee3c90-d388-11de-818f-0013a9c3ea85}\Shell - "" = AutoRun
  O33 - MountPoints2\{ddee3c90-d388-11de-818f-0013a9c3ea85}\Shell\AutoRun\command - "" = I:\AutoRunCardDetector.exe
  O33 - MountPoints2\{f23bfbe2-4b7a-11de-85fc-0013a9c3ea85}\Shell - "" = AutoRun
  O33 - MountPoints2\{f23bfbe2-4b7a-11de-85fc-0013a9c3ea85}\Shell\AutoRun\command - "" = I:\AutoRunCardDetector.exe
  O33 - MountPoints2\{f23bfc16-4b7a-11de-85fc-0013a9c3ea85}\Shell - "" = AutoRun
  O33 - MountPoints2\{f23bfc16-4b7a-11de-85fc-0013a9c3ea85}\Shell\AutoRun\command - "" = F:\AutoRunCardDetector.exe
  O33 - MountPoints2\{fdd9e0e7-abdc-11dd-b1f3-0013a9c3ea85}\Shell - "" = AutoRun
  O33 - MountPoints2\{fdd9e0e7-abdc-11dd-b1f3-0013a9c3ea85}\Shell\AutoRun\command - "" = F:\AutoRun.exe
  O33 - MountPoints2\F\Shell - "" = AutoRun
  O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
  O33 - MountPoints2\G\Shell - "" = AutoRun
  O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe
  O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\Autorun.exe
  [2012/02/28 20:39:24 | 000,000,000 | -H-D | C] -- C:\$AVG
  [2012/02/28 20:39:24 | 000,000,000 | -H-D | C] -- \$AVG
  [2012/02/28 13:58:33 | 000,000,000 | -HSD | C] -- C:\Users\Alex\AppData\Local\784db967
  
  :Files
  C:\Program Files\Ask.com
  
  :Commands
  [purity]
  [emptytemp]
  [emptyjava]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

===================================================================

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  
  NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

4. Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click on List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

 

[AlexR]

Perms.txt

GrantPerms by Farbar
Ran by Alex (administrator) at 2012-03-08 22:07:22

===============================================
\\?\C:\Windows\$NtUninstallKB16085$

Owner: BUILTIN\Administradores

DACL(P)(AI):
NT SERVICE\TrustedInstaller FULL ALLOW container_inherit
NT AUTHORITY\SYSTEM FULL ALLOW (CI)(OI)
BUILTIN\Administradores FULL ALLOW (CI)(OI)
CREATOR OWNER FULL ALLOW (CI)(OI)(IO)

 

[AlexR]

I'm running OTL, as you asked.

It's hard to say how the computer is as I haven't used it for anything except for the exercises I'm doing with you.

It does have a problem on booting up and tries to fix its own Restart. Then it asks if I want to go to a Restore POint, which I say "no". And then it runs out of juice and then lets me choose if I want to start normally or doing a repair (recommended) - to which I choose normal & it restarts. Then I get the message about a damaged Recycle Bin in C\:, which it offers to let me empty - which I do - & then it starts up. I would say it's probably even slower than before.

BTW, OTL seems to be hanging on the "Emptying Temp folders. DO NOT INTERRUPT..." stage. I'll leave it for a while...

 

[Broni]

If still stuck reboot to safe mode and run OTL fix from there.

 

[AlexR]

OTL log

OTL completed in normal mode:

All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-3790430613-2635612168-4138667699-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ deleted successfully.
HKEY_USERS\S-1-5-21-3790430613-2635612168-4138667699-1003\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3790430613-2635612168-4138667699-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_USERS\S-1-5-21-3790430613-2635612168-4138667699-1003\Software\Microsoft\Internet Explorer\SearchScopes\{3F040CC5-6409-419C-A0E6-3B7BC3D698A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F040CC5-6409-419C-A0E6-3B7BC3D698A7}\ not found.
Registry key HKEY_USERS\S-1-5-21-3790430613-2635612168-4138667699-1003\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml moved successfully.
C:\Program Files\mozilla firefox\searchplugins\babylon.xml moved successfully.
Unable to fix default_search_provider items.
Unable to fix default_search_provider items.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_USERS\S-1-5-21-3790430613-2635612168-4138667699-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xportar a Microsoft Excel\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
C:\ProgramData\webex\ieatgpc.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{155a87f1-cc16-11dd-bdf9-0013a9c3ea85}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{155a87f1-cc16-11dd-bdf9-0013a9c3ea85}\ not found.
File F:\AutoPlay.exe -c not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3c1fcb7d-7455-11dd-8a6c-0013a9c3ea85}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3c1fcb7d-7455-11dd-8a6c-0013a9c3ea85}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3c1fcb7d-7455-11dd-8a6c-0013a9c3ea85}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3c1fcb7d-7455-11dd-8a6c-0013a9c3ea85}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{480ecf4e-7686-11dc-8dfa-001bfb199c1c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{480ecf4e-7686-11dc-8dfa-001bfb199c1c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{480ecf4e-7686-11dc-8dfa-001bfb199c1c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{480ecf4e-7686-11dc-8dfa-001bfb199c1c}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{480ecf76-7686-11dc-8dfa-001bfb199c1c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{480ecf76-7686-11dc-8dfa-001bfb199c1c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{480ecf76-7686-11dc-8dfa-001bfb199c1c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{480ecf76-7686-11dc-8dfa-001bfb199c1c}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{480ecf78-7686-11dc-8dfa-001bfb199c1c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{480ecf78-7686-11dc-8dfa-001bfb199c1c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{480ecf78-7686-11dc-8dfa-001bfb199c1c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{480ecf78-7686-11dc-8dfa-001bfb199c1c}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{82e1f752-7a69-11dc-9867-001bfb199c1c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82e1f752-7a69-11dc-9867-001bfb199c1c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{82e1f752-7a69-11dc-9867-001bfb199c1c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82e1f752-7a69-11dc-9867-001bfb199c1c}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{82e1f754-7a69-11dc-9867-001bfb199c1c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82e1f754-7a69-11dc-9867-001bfb199c1c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{82e1f754-7a69-11dc-9867-001bfb199c1c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82e1f754-7a69-11dc-9867-001bfb199c1c}\ not found.
File H:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c9623c6b-768c-11dc-b171-0013a9c3ea85}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c9623c6b-768c-11dc-b171-0013a9c3ea85}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c9623c6b-768c-11dc-b171-0013a9c3ea85}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c9623c6b-768c-11dc-b171-0013a9c3ea85}\ not found.
File H:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ddee3c90-d388-11de-818f-0013a9c3ea85}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ddee3c90-d388-11de-818f-0013a9c3ea85}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ddee3c90-d388-11de-818f-0013a9c3ea85}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ddee3c90-d388-11de-818f-0013a9c3ea85}\ not found.
File I:\AutoRunCardDetector.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f23bfbe2-4b7a-11de-85fc-0013a9c3ea85}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f23bfbe2-4b7a-11de-85fc-0013a9c3ea85}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f23bfbe2-4b7a-11de-85fc-0013a9c3ea85}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f23bfbe2-4b7a-11de-85fc-0013a9c3ea85}\ not found.
File I:\AutoRunCardDetector.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f23bfc16-4b7a-11de-85fc-0013a9c3ea85}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f23bfc16-4b7a-11de-85fc-0013a9c3ea85}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f23bfc16-4b7a-11de-85fc-0013a9c3ea85}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f23bfc16-4b7a-11de-85fc-0013a9c3ea85}\ not found.
File F:\AutoRunCardDetector.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fdd9e0e7-abdc-11dd-b1f3-0013a9c3ea85}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fdd9e0e7-abdc-11dd-b1f3-0013a9c3ea85}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fdd9e0e7-abdc-11dd-b1f3-0013a9c3ea85}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fdd9e0e7-abdc-11dd-b1f3-0013a9c3ea85}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ deleted successfully.
File H:\Autorun.exe not found.
C:\$AVG\$VAULT folder moved successfully.
C:\$AVG folder moved successfully.
Folder \$AVG\ not found.
C:\Users\Alex\AppData\Local\784db967\U folder moved successfully.
C:\Users\Alex\AppData\Local\784db967 folder moved successfully.
========== FILES ==========
File\Folder C:\Program Files\Ask.com not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Alex
->Temp folder emptied: 141673344 bytes
-> No Temporary Internet Files cache folder defined!
->Java cache emptied: 127184 bytes
->FireFox cache emptied: 32653330 bytes
->Google Chrome cache emptied: 26951848 bytes
->Apple Safari cache emptied: 94318592 bytes

User: All Users
-> No Temporary Internet Files cache folder defined!

User: Default
->Temp folder emptied: 0 bytes
-> No Temporary Internet Files cache folder defined!

User: Default User
-> No Temporary Internet Files cache folder defined!

User: Girls
-> No Temporary Internet Files cache folder defined!

User: Public
-> No Temporary Internet Files cache folder defined!

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 38799648 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 319,00 mb


[EMPTYJAVA]

User: Alex
->Java cache emptied: 0 bytes

User: All Users

User: Default

User: Default User

User: Girls

User: Public

Total Java Files Cleaned = 0,00 mb


[EMPTYFLASH]

User: Alex

User: All Users

User: Default

User: Default User

User: Girls

User: Public

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.35.1 log created on 03082012_221110

Files\Folders moved on Reboot...
C:\Windows\temp\WebEx\Log\38\atashost.log moved successfully.
File\Folder C:\Windows\temp\JETD41F.tmp not found!
File\Folder C:\Windows\temp\SEP2798.tmp not found!

Registry entries deleted on Reboot...

 

[AlexR]

Checkup.txt

Results of screen317's Security Check version 0.99.24
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
AVG PC Tuneup
SonicStage Mastering Studio Audio Filter Custom Preset
COMODO Internet Security
Norton 360
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
Spybot - Search & Destroy
AVG PC Tuneup
Java(TM) 6 Update 31
Java(TM) SE Runtime Environment 6 Update 1
Out of date Java installed!
Adobe Flash Player 11.1.102.62
````````````````````````````````
Process Check:
objlist.exe by Laurent
Spybot Teatimer.exe is disabled!
Comodo Firewall cmdagent.exe
Comodo Firewall cfp.exe
``````````End of Log````````````

 

[AlexR]

FSS.txt

Farbar Service Scanner Version: 01-03-2012
Ran by Alex (administrator) on 09-03-2012 at 07:54:25
Running from "C:\Users\Alex\Downloads"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.
Checking LEGACY_MpsSvc: Attention! Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ImagePath: Attention! Unable to open bfe registry key. The service key does not exist.
Checking ServiceDll: Attention! Unable to open bfe registry key. The service key does not exist.
Checking LEGACY_bfe: Attention! Unable to open LEGACY_bfe\0000 registry key. The key does not exist.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

 

[AlexR]

ESETScan.txt

To an untrained eye it looks like you've done it!!

C:\Users\Alex\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WYO2ZXG5\espana_com-winner_com[1].htm HTML/ScrInject.B.Gen virus deleted - quarantined
C:\_OTL\MovedFiles\03082012_221110\C_Users\Alex\AppData\Local\784db967\U\00000001.@ a variant of Win32/Sirefef.CR trojan cleaned by deleting - quarantined
C:\_OTL\MovedFiles\03082012_221110\C_Users\Alex\AppData\Local\784db967\U\000000c0.@ Win32/Redirector.A trojan cleaned by deleting - quarantined
C:\_OTL\MovedFiles\03082012_221110\C_Users\Alex\AppData\Local\784db967\U\000000cb.@ Win32/Redirector.A trojan cleaned by deleting - quarantined
C:\_OTL\MovedFiles\03082012_221110\C_Users\Alex\AppData\Local\784db967\U\000000cf.@ Win32/Redirector.A trojan cleaned by deleting - quarantined
C:\_OTL\MovedFiles\03082012_221110\C_Users\Alex\AppData\Local\784db967\U\80000000.@ probably a variant of Win32/Sirefef.DV trojan cleaned by deleting - quarantined
C:\_OTL\MovedFiles\03082012_221110\C_Users\Alex\AppData\Local\784db967\U\800000c0.@ Win32/Sirefef.EN trojan cleaned by deleting - quarantined
C:\_OTL\MovedFiles\03082012_221110\C_Users\Alex\AppData\Local\784db967\U\800000cb.@ a variant of Win32/Agent.TEO trojan cleaned by deleting - quarantined
C:\_OTL\MovedFiles\03082012_221110\C_Users\Alex\AppData\Local\784db967\U\800000cf.@ Win32/Sirefef.DV trojan cleaned by deleting - quarantined

 

[Broni]

It looks like we're almost there
Hold on for next instructions....

 

[Broni]

Uninstall Java(TM) SE Runtime Environment 6 Update 1.

I strongly suggest you also uninstall AVG PC Tuneup, which deals with registry - never good news.

Then I can see two AV programs:
COMODO Internet Security
Norton 360
You must uninstall one of them.
If Norton use this tool: https://www-secure.symantec.com/nor...&version=1&pvid=f-home&entsrc=redirect_pubweb

Next....
We have couple of registry keys missing.

Following steps involve registry editing. Please create new restore point before proceeding!!!
How to:
XP - http://support.microsoft.com/kb/948247
Vista and Seven - http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/

Please go to Start=>Run (alternatively use Windows key+R), type regedit and click OK.
Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root
Right-Click Root and select Permissions...
Click Advanced.
Under Owner tab select the entry starting with you user name, example: Farbar(Farbar-PC\Farbar)
Put a check mark next to Replace owner on subcontainers and objects and click Apply and OK.
Under Security type while Everyone is selected put a check mark in the box under Allow next to Full Control.
Click Apply and OK.

Download Vista.zip file from here: http://www.smartestcomputing.us.com/files/download/9-registry-network-keys/
Unzip downloaded file.
You'll find several files inside.
Double-click legacy_mpssvc.reg and confirm the prompt.
Double-click legacy_bfe and confirm the prompt.
Double-click bfe.reg and confirm the prompt.
Double-click mpssvc.reg and confirm the prompt.

Please go back to the the Root key again while Everyone is selected remove check mark in the box under Allow next to Full Control and close the registry.
Restart computer.
Post new FSS log.

 

[AlexR]

1st problem... "... don't have access to Windows Installer", which may be due to Windows Installer not being properly installed. Net result is I can't uninstall Java Runtime Environment 6 Update 1 without doing something....

I'll try the others....

 

[Broni]

What is the exact error message you're getting regarding installer?

 

[AlexR]

It is a box that comes up after giving permission to Windows Installer to remove the program. The title bar says "Java(TM) SE Runtime Environment 6 Update 1" and the text, translated from Spanish, says: "Does not have access to the serviice Windows Installer. This can occur if Windows Installer is not correctly installed. Contact personnel of technical support for help,"

AVG PC Tune-up & last remnants of Norton 360 are gone.

Do I do the System Restore Point, or are we going to try to get rid of the Java element first?