TechSpot

Trojan Horse hider! netbt.sys file discovered by AVG

Solved
By AlexR
Mar 1, 2012
  1. Broni

    Broni Malware Annihilator Posts: 47,076   +257

    Well, we removed couple of things through OTLPE so let it run.
    Are you running it from safe mode?
     
  2. AlexR

    AlexR TS Rookie Topic Starter Posts: 58

    Thanks Broni. It's great to hear that we're moving in the right direction.

    It's in normal mode.
     
  3. Broni

    Broni Malware Annihilator Posts: 47,076   +257

    Restart manually to safe mode and run Combofix from there.
     
  4. AlexR

    AlexR TS Rookie Topic Starter Posts: 58

    I've restarted in Safe Mode.

    Firstly, on start up I got the message that the Wastepaper bin in C:\ is damaged & did I want to empty it - to which I said Yes.

    On starting ComboFix, which I did with right click to run as administrator, it told me twice that access was denied as administrator permissions were required for something. After a couple of minutes the Autoscan has started & I'm back at the "typically doesn't take more than 10 minutes" screen.

    Have I done something wrong? Shall I let it go for a while? Thanks
     
  5. Broni

    Broni Malware Annihilator Posts: 47,076   +257

    Yes, let it run.
     
  6. AlexR

    AlexR TS Rookie Topic Starter Posts: 58

    It's still running......

    Should I stop it?
     
  7. Broni

    Broni Malware Annihilator Posts: 47,076   +257

    Yes.

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\tasks\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    netbt.sys
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  8. AlexR

    AlexR TS Rookie Topic Starter Posts: 58

    I've still got OTL from when we did the same thing 3 or 4 days ago. I guess I don't need to download it again, do I? Also, should I do this in Safe Mode, or revert to normal?

    Thanks
     
  9. Broni

    Broni Malware Annihilator Posts: 47,076   +257

    You can run existing OTL from normal mode.
     
  10. AlexR

    AlexR TS Rookie Topic Starter Posts: 58

    OTL.txt (Part 1 of 2)

    OTL logfile created on: 08/03/2012 20:41:00 - Run 2
    OTL by OldTimer - Version 3.2.35.1 Folder = C:\Users\Alex\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000C0A | Country: España | Language: ESN | Date Format: dd/MM/yyyy

    2,00 Gb Total Physical Memory | 1,06 Gb Available Physical Memory | 52,90% Memory free
    4,23 Gb Paging File | 3,19 Gb Available in Paging File | 75,48% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 139,27 Gb Total Space | 33,31 Gb Free Space | 23,92% Space Free | Partition Type: NTFS

    Computer Name: ALEX1 | User Name: Alex | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/03/04 22:25:58 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
    PRC - [2011/12/21 00:41:44 | 006,676,808 | ---- | M] (COMODO) -- C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
    PRC - [2011/12/19 18:59:00 | 001,960,584 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    PRC - [2011/11/23 11:27:04 | 001,052,472 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
    PRC - [2011/11/23 11:27:04 | 000,992,056 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO GeekBuddy\CLPS.exe
    PRC - [2011/10/27 22:00:19 | 000,273,528 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\realplayer\Update\realsched.exe
    PRC - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    PRC - [2011/04/20 09:50:48 | 002,848,144 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
    PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
    PRC - [2011/02/18 10:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    PRC - [2009/11/28 08:39:24 | 002,396,464 | ---- | M] () -- C:\Program Files\Hide My IP 2009\HideMyIpSrv.exe
    PRC - [2009/07/08 02:53:36 | 000,472,112 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmapp.exe
    PRC - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009/03/06 12:59:12 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) -- C:\Windows\System32\atashost.exe
    PRC - [2009/03/05 17:59:50 | 000,313,264 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
    PRC - [2009/03/05 17:59:50 | 000,192,512 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
    PRC - [2009/03/05 17:41:58 | 005,189,992 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
    PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    PRC - [2008/10/14 21:38:56 | 000,623,992 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
    PRC - [2007/10/04 17:59:54 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    PRC - [2007/09/13 14:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
    PRC - [2007/06/15 11:45:20 | 000,469,112 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
    PRC - [2007/05/16 18:07:16 | 000,411,768 | ---- | M] (Sony Corporation) -- C:\Program Files\sony\VAIO Camera Utility\VCUServe.exe
    PRC - [2007/02/13 14:19:48 | 000,182,392 | ---- | M] (Sony Corporation) -- C:\Program Files\sony\VAIO Event Service\VESMgr.exe
    PRC - [2007/02/02 20:38:14 | 002,756,608 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    PRC - [2007/02/02 19:28:06 | 000,278,528 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
    PRC - [2007/02/02 13:56:52 | 000,118,784 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    PRC - [2007/01/30 16:47:48 | 000,307,200 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
    PRC - [2007/01/26 10:59:02 | 002,170,880 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
    PRC - [2007/01/22 19:39:32 | 000,321,656 | ---- | M] (Sony Corporation) -- C:\Program Files\sony\ISB Utility\ISBMgr.exe
    PRC - [2007/01/12 21:41:40 | 000,278,528 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    PRC - [2007/01/12 06:52:25 | 000,118,784 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
    PRC - [2007/01/12 06:52:24 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apntex.exe
    PRC - [2007/01/04 18:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    PRC - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\eEBAPI\eEBSVC.exe
    PRC - [2006/11/02 13:35:35 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe
    PRC - [2006/11/02 10:45:59 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe
    PRC - [2006/10/27 19:13:48 | 000,270,336 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    PRC - [2006/01/23 22:14:10 | 000,069,632 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/07/29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
    MOD - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    MOD - [2007/05/16 18:07:16 | 000,040,960 | ---- | M] () -- C:\Program Files\sony\VAIO Camera Utility\VCULib.dll
    MOD - [2005/07/22 20:30:20 | 000,065,536 | ---- | M] () -- C:\Windows\System32\TosCommAPI.dll
    MOD - [2004/10/14 09:18:24 | 000,040,960 | ---- | M] () -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtAfh.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- -- (winvnc)
    SRV - File not found [Auto | Stopped] -- -- (V0080Dev)
    SRV - File not found [Auto | Stopped] -- -- (twotrack)
    SRV - File not found [Auto | Stopped] -- -- (TuneUp.ProgramStatisticsSvc)
    SRV - File not found [Auto | Stopped] -- -- (tga)
    SRV - File not found [Auto | Stopped] -- -- (symantecantibotfilter)
    SRV - File not found [Auto | Stopped] -- -- (symantecantibotdriver)
    SRV - File not found [Auto | Stopped] -- -- (sr_watchdog)
    SRV - File not found [Auto | Stopped] -- -- (sony_ssm.sys)
    SRV - File not found [Auto | Stopped] -- -- (sisnic)
    SRV - File not found [Auto | Stopped] -- -- (sigfilt)
    SRV - File not found [Auto | Stopped] -- -- (SerTVOutCtlr)
    SRV - File not found [Auto | Stopped] -- -- (se59obex)
    SRV - File not found [Auto | Stopped] -- -- (se58mdm)
    SRV - File not found [Auto | Stopped] -- -- (SE2Cobex)
    SRV - File not found [Auto | Stopped] -- -- (SE27mdfl)
    SRV - File not found [Auto | Stopped] -- -- (s24trans)
    SRV - File not found [Auto | Stopped] -- -- (rxmssync)
    SRV - File not found [Auto | Stopped] -- -- (RTL8169)
    SRV - File not found [Auto | Stopped] -- -- (qmofiltr)
    SRV - File not found [Auto | Stopped] -- -- (Programador de LiveUpdate automático)
    SRV - File not found [Auto | Stopped] -- -- (pavatscheduler)
    SRV - File not found [Auto | Stopped] -- -- (pav_security)
    SRV - File not found [Auto | Stopped] -- -- (pae_1394)
    SRV - File not found [Auto | Stopped] -- -- (oracle_load_balancer_60_server-forms6ip14)
    SRV - File not found [Auto | Stopped] -- -- (ood2000)
    SRV - File not found [Auto | Stopped] -- -- (odysseyIM4)
    SRV - File not found [Auto | Stopped] -- -- (nwrdr)
    SRV - File not found [Auto | Stopped] -- -- (nvstor64)
    SRV - File not found [Auto | Stopped] -- -- (nsausvc)
    SRV - File not found [Auto | Stopped] -- -- (nisvcloc)
    SRV - File not found [Auto | Stopped] -- -- (MTsensor)
    SRV - File not found [Auto | Stopped] -- -- (mohfilt)
    SRV - File not found [Auto | Stopped] -- -- (mhn)
    SRV - File not found [Auto | Stopped] -- -- (mcproxy)
    SRV - File not found [Auto | Stopped] -- -- (lxcf_device)
    SRV - File not found [Auto | Stopped] -- -- (lvckap)
    SRV - File not found [Auto | Stopped] -- -- (klblmain)
    SRV - File not found [Auto | Stopped] -- -- (hnmsvc)
    SRV - File not found [Auto | Stopped] -- -- (gotomypc)
    SRV - File not found [Auto | Stopped] -- -- (EIO_XP)
    SRV - File not found [Auto | Stopped] -- -- (e1express)
    SRV - File not found [Auto | Stopped] -- -- (DivisCTP)
    SRV - File not found [Auto | Stopped] -- -- (cpucoolserver)
    SRV - File not found [Auto | Stopped] -- -- (cpqrcmc)
    SRV - File not found [Auto | Stopped] -- -- (cdrbsdrv)
    SRV - File not found [Auto | Stopped] -- -- (Cam5603C)
    SRV - File not found [Auto | Stopped] -- -- (axinstsv)
    SRV - File not found [Auto | Stopped] -- -- (ati2mpaa)
    SRV - File not found [On_Demand | Stopped] -- -- (AresChatServer)
    SRV - File not found [Auto | Stopped] -- -- (AppnBase)
    SRV - File not found [Auto | Stopped] -- -- (alcan5wn)
    SRV - File not found [Auto | Stopped] -- -- (aiclient)
    SRV - [2011/12/19 18:59:00 | 001,960,584 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
    SRV - [2011/11/23 11:27:04 | 001,052,472 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe -- (CLPSLS)
    SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
    SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
    SRV - [2009/11/28 08:39:24 | 002,396,464 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Hide My IP 2009\HideMyIpSrv.exe -- (HideMyIpSRV)
    SRV - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
    SRV - [2009/03/06 12:59:12 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) [Auto | Running] -- C:\Windows\System32\atashost.exe -- (atashost)
    SRV - [2009/03/05 17:59:50 | 000,313,264 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
    SRV - [2009/03/05 17:59:50 | 000,192,512 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
    SRV - [2009/03/05 17:59:50 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
    SRV - [2009/03/05 17:41:58 | 005,189,992 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
    SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
    SRV - [2008/01/19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
    SRV - [2007/10/04 17:59:54 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2007/09/13 14:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
    SRV - [2007/05/31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
    SRV - [2007/05/31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
    SRV - [2007/02/13 14:19:48 | 000,182,392 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
    SRV - [2007/02/02 13:56:52 | 000,118,784 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
    SRV - [2007/01/24 15:56:24 | 000,075,320 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AvLib\SSScsiSV.exe -- (SSScsiSV)
    SRV - [2007/01/24 15:56:20 | 000,112,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AvLib\SsBeSvc.exe -- (SonicStage Back-End Service)
    SRV - [2007/01/16 13:05:00 | 002,523,136 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
    SRV - [2007/01/16 13:05:00 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-UCLS-UPnP) VAIO Media Content Collection (UPnP)
    SRV - [2007/01/16 13:05:00 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP)
    SRV - [2007/01/10 15:51:06 | 000,745,472 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\sony\VAIO Media Integrated Server\UCLS.exe -- (VAIOMediaPlatform-UCLS-AppServer)
    SRV - [2007/01/08 16:06:40 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-UCLS-HTTP) VAIO Media Content Collection (HTTP)
    SRV - [2007/01/08 16:06:40 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP)
    SRV - [2007/01/08 16:01:34 | 000,491,520 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
    SRV - [2007/01/04 18:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
    SRV - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\eEBAPI\eEBSVC.exe -- (EpsonBidirectionalService)
    SRV - [2006/12/14 01:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AvLib\MSCSPTISRV.exe -- (MSCSPTISRV)
    SRV - [2006/12/14 01:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AvLib\SPTISRV.exe -- (SPTISRV)
    SRV - [2006/12/14 00:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AvLib\PACSPTISVR.exe -- (PACSPTISVR)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (IpInIp)
    DRV - File not found [Kernel | On_Demand | Stopped] -- -- (catchme)
    DRV - [2012/01/17 21:00:32 | 000,491,816 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmdGuard.sys -- (cmdGuard)
    DRV - [2011/12/19 18:59:06 | 000,082,400 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\inspect.sys -- (inspect)
    DRV - [2011/12/19 18:59:06 | 000,038,616 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\cmdhlp.sys -- (cmdHlp)
    DRV - [2011/05/10 07:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
    DRV - [2010/09/08 11:19:51 | 000,031,848 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rrnetcap.sys -- (RRNetCapMP)
    DRV - [2010/09/08 11:19:51 | 000,031,848 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rrnetcap.sys -- (RRNetCap)
    DRV - [2010/07/02 12:41:30 | 000,057,800 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
    DRV - [2009/07/07 14:48:44 | 000,027,696 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\purendis.sys -- (purendis)
    DRV - [2009/07/07 14:48:44 | 000,026,672 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\pnarp.sys -- (pnarp)
    DRV - [2009/05/26 10:35:50 | 008,235,648 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2009/04/11 05:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
    DRV - [2008/06/19 09:51:54 | 000,101,632 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
    DRV - [2008/03/10 09:09:16 | 000,028,224 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PCAMp50.sys -- (PCAMp50)
    DRV - [2008/03/10 09:09:16 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PCASp50.sys -- (PCASp50)
    DRV - [2008/01/19 07:14:59 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
    DRV - [2008/01/19 07:14:12 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)
    DRV - [2007/09/13 14:46:06 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
    DRV - [2007/06/21 03:51:28 | 002,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Controlador del adaptador Intel(R)
    DRV - [2007/04/23 12:29:00 | 000,812,544 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony)
    DRV - [2007/04/17 19:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
    DRV - [2007/04/05 02:03:44 | 000,031,104 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SonyImgF.sys -- (SonyImgF)
    DRV - [2007/03/15 20:19:32 | 000,074,240 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FLx86.sys -- (R5U870FLx86)
    DRV - [2007/03/15 20:19:32 | 000,043,904 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FUx86.sys -- (R5U870FUx86)
    DRV - [2007/02/06 06:54:39 | 000,027,520 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SonyNC.sys -- (SNC)
    DRV - [2007/01/24 13:57:38 | 000,073,728 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid)
    DRV - [2007/01/22 09:43:26 | 000,053,376 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd)
    DRV - [2007/01/12 20:41:32 | 000,113,792 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd)
    DRV - [2007/01/12 20:16:54 | 000,040,576 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfusb.sys -- (tosrfusb)
    DRV - [2007/01/12 06:52:24 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
    DRV - [2007/01/10 12:09:12 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
    DRV - [2006/11/20 16:55:16 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp)
    DRV - [2006/11/08 08:02:38 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
    DRV - [2006/11/02 08:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Controlador de adaptador Intel(R)
    DRV - [2006/10/18 10:56:30 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
    DRV - [2006/10/10 18:33:00 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte)
    DRV - [2005/08/01 15:45:00 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
    DRV - [2005/01/06 12:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com
    IE - HKLM\..\SearchScopes,DefaultScope = {83C89821-F781-45C7-9AE0-D60E9D25BAC2}
    IE - HKLM\..\SearchScopes\{83C89821-F781-45C7-9AE0-D60E9D25BAC2}: "URL" = http://www.google.es/search?hl=es&q={searchTerms}&meta=


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-3790430613-2635612168-4138667699-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
    IE - HKU\S-1-5-21-3790430613-2635612168-4138667699-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
    IE - HKU\S-1-5-21-3790430613-2635612168-4138667699-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
    IE - HKU\S-1-5-21-3790430613-2635612168-4138667699-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKU\S-1-5-21-3790430613-2635612168-4138667699-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-3790430613-2635612168-4138667699-1003\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\InprocServer32 File not found
    IE - HKU\S-1-5-21-3790430613-2635612168-4138667699-1003\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
    IE - HKU\S-1-5-21-3790430613-2635612168-4138667699-1003\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=100476&babsrc=SP_ss&mntrId=ce070d62000000000000001bfb199c1c
    IE - HKU\S-1-5-21-3790430613-2635612168-4138667699-1003\..\SearchScopes\{3F040CC5-6409-419C-A0E6-3B7BC3D698A7}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=SPC2&o=15000&src=kw&q={searchTerms}&locale=es_ES&apn_ptnrs=PV&apn_dtid=YYYYYYYYES&apn_uid=2de66ec4-efc9-44ec-948f-537ffdd02f3d&apn_sauid=D915F3F0-03C6-479F-A3F7-384768212BA1&
    IE - HKU\S-1-5-21-3790430613-2635612168-4138667699-1003\..\SearchScopes\{83C89821-F781-45C7-9AE0-D60E9D25BAC2}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SNYK_es
    IE - HKU\S-1-5-21-3790430613-2635612168-4138667699-1003\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={5128D9CC-E9D3-4571-8B68-CFBE13FA6979}&mid=03057f60834647d197620f14772b30d6-b2e4715dece078f03028f46c6085068e2f763c30&lang=en&ds=AVG&pr=fr&d=2011-10-16 11:24:32&v=10.0.0.7&sap=dsp&q={searchTerms}
    IE - HKU\S-1-5-21-3790430613-2635612168-4138667699-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-3790430613-2635612168-4138667699-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/10/27 22:01:13 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/01/08 11:40:18 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/25 12:44:44 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/26 00:51:22 | 000,000,000 | ---D | M]

    [2012/03/05 21:48:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
    [2008/04/03 08:25:32 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    [2012/03/05 21:48:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
    [2011/08/06 09:56:57 | 000,000,000 | ---D | M] (Hide My IP) -- C:\Program Files\mozilla firefox\extensions\staff@hide-my-ip.com
    [2012/02/25 12:44:44 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2012/03/05 21:48:09 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2012/02/12 11:45:06 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
    [2012/01/19 20:49:20 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
    [2011/11/29 21:18:30 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
    [2012/02/12 11:45:06 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2012/02/12 11:45:06 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
    [2012/02/12 11:45:06 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
    [2012/02/12 11:45:06 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

    ========== Chrome ==========

    CHR - default_search_provider: AVG Secure Search (Enabled)
    CHR - default_search_provider: search_url = http://isearch.avg.com/search?cid={5128D9CC-E9D3-4571-8B68-CFBE13FA6979}&mid=03057f60834647d197620f14772b30d6-b2e4715dece078f03028f46c6085068e2f763c30&lang=en&ds=AVG&pr=fr&d=2011-10-16 11:24:32&v=10.0.0.7&sap=dsp&q={searchTerms}
    CHR - default_search_provider: suggest_url = http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding}
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.56\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.56\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: registryAccess (Enabled) = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaodiijipkjcmlclfmdmcoakmloobh\7.13.2.19441_0\background/registryAccess.dll
    CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Browser\nppdf32.dll
    CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
    CHR - plugin: ClickPotatoLite Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npclntax_ClickPotatoLiteSA.dll
    CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
    CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
    CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
    CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
    CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
    CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
    CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
    CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
    CHR - plugin: DivX\u00AE Content Upload Plugin (Enabled) = C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
    CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
    CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
    CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
    CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa3.dll
    CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
    CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin

    O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files\AutocompletePro\AutocompletePro.dll (SimplyGen)
    O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
    O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll (Your Company Name)
    O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
    O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
    O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
    O3 - HKU\S-1-5-21-3790430613-2635612168-4138667699-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKU\S-1-5-21-3790430613-2635612168-4138667699-1003\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
    O4 - HKLM..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe" File not found
    O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe (COMODO)
    O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
    O4 - HKLM..\Run: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe (COMODO)
    O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
    O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
    O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
    O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
    O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
    O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
    O4 - HKLM..\Run: [VAIOCameraUtility] C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe (Sony Corporation)
    O4 - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe ()
    O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-3790430613-2635612168-4138667699-1003..\Run: [Epson Stylus SX420W(Red)] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIGCE.EXE (SEIKO EPSON CORPORATION)
    O4 - HKU\S-1-5-21-3790430613-2635612168-4138667699-1003..\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe ()
    O7 - HKU\S-1-5-21-3790430613-2635612168-4138667699-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-3790430613-2635612168-4138667699-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
    O7 - HKU\S-1-5-21-3790430613-2635612168-4138667699-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
    O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 File not found
    O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
     
  11. AlexR

    AlexR TS Rookie Topic Starter Posts: 58

    OTL.txt (Part 2 of 2)

    O9 - Extra Button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll ()
    O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll ()
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)
    O9 - Extra Button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe ()
    O9 - Extra 'Tools' menuitem : PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe ()
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\HMIPCore.dll (My Privacy Tools, Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\HMIPCore.dll (My Privacy Tools, Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\HMIPCore.dll (My Privacy Tools, Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\HMIPCore.dll (My Privacy Tools, Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\HMIPCore.dll (My Privacy Tools, Inc.)
    O13 - gopher Prefix: missing
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
    O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
    O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.58.61.250 80.58.61.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{15448C3D-5D86-4B6C-830E-B4CE2A799D7E}: DhcpNameServer = 212.166.132.110 212.73.32.67
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{72FA9FF1-F408-4D55-B2BB-392633706A67}: DhcpNameServer = 80.58.61.250 80.58.61.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ADC11338-86D6-4FA2-AEE2-7F464DC59742}: NameServer = 80.58.61.250,80.58.61.254
    O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
    O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
    O20 - AppInit_DLLs: (C:\Windows\System32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO)
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
    O24 - Desktop WallPaper: C:\Users\Alex\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
    O24 - Desktop BackupWallPaper: C:\Users\Alex\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O33 - MountPoints2\{155a87f1-cc16-11dd-bdf9-0013a9c3ea85}\Shell\AutoRun\command - "" = F:\AutoPlay.exe -c
    O33 - MountPoints2\{3c1fcb7d-7455-11dd-8a6c-0013a9c3ea85}\Shell - "" = AutoRun
    O33 - MountPoints2\{3c1fcb7d-7455-11dd-8a6c-0013a9c3ea85}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\{480ecf4e-7686-11dc-8dfa-001bfb199c1c}\Shell - "" = AutoRun
    O33 - MountPoints2\{480ecf4e-7686-11dc-8dfa-001bfb199c1c}\Shell\AutoRun\command - "" = G:\AutoRun.exe
    O33 - MountPoints2\{480ecf76-7686-11dc-8dfa-001bfb199c1c}\Shell - "" = AutoRun
    O33 - MountPoints2\{480ecf76-7686-11dc-8dfa-001bfb199c1c}\Shell\AutoRun\command - "" = G:\AutoRun.exe
    O33 - MountPoints2\{480ecf78-7686-11dc-8dfa-001bfb199c1c}\Shell - "" = AutoRun
    O33 - MountPoints2\{480ecf78-7686-11dc-8dfa-001bfb199c1c}\Shell\AutoRun\command - "" = G:\AutoRun.exe
    O33 - MountPoints2\{82e1f752-7a69-11dc-9867-001bfb199c1c}\Shell - "" = AutoRun
    O33 - MountPoints2\{82e1f752-7a69-11dc-9867-001bfb199c1c}\Shell\AutoRun\command - "" = G:\AutoRun.exe
    O33 - MountPoints2\{82e1f754-7a69-11dc-9867-001bfb199c1c}\Shell - "" = AutoRun
    O33 - MountPoints2\{82e1f754-7a69-11dc-9867-001bfb199c1c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
    O33 - MountPoints2\{c9623c6b-768c-11dc-b171-0013a9c3ea85}\Shell - "" = AutoRun
    O33 - MountPoints2\{c9623c6b-768c-11dc-b171-0013a9c3ea85}\Shell\AutoRun\command - "" = H:\AutoRun.exe
    O33 - MountPoints2\{ddee3c90-d388-11de-818f-0013a9c3ea85}\Shell - "" = AutoRun
    O33 - MountPoints2\{ddee3c90-d388-11de-818f-0013a9c3ea85}\Shell\AutoRun\command - "" = I:\AutoRunCardDetector.exe
    O33 - MountPoints2\{f23bfbe2-4b7a-11de-85fc-0013a9c3ea85}\Shell - "" = AutoRun
    O33 - MountPoints2\{f23bfbe2-4b7a-11de-85fc-0013a9c3ea85}\Shell\AutoRun\command - "" = I:\AutoRunCardDetector.exe
    O33 - MountPoints2\{f23bfc16-4b7a-11de-85fc-0013a9c3ea85}\Shell - "" = AutoRun
    O33 - MountPoints2\{f23bfc16-4b7a-11de-85fc-0013a9c3ea85}\Shell\AutoRun\command - "" = F:\AutoRunCardDetector.exe
    O33 - MountPoints2\{fdd9e0e7-abdc-11dd-b1f3-0013a9c3ea85}\Shell - "" = AutoRun
    O33 - MountPoints2\{fdd9e0e7-abdc-11dd-b1f3-0013a9c3ea85}\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\F\Shell - "" = AutoRun
    O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
    O33 - MountPoints2\G\Shell - "" = AutoRun
    O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe
    O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\Autorun.exe
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: nsausvc - File not found
    NetSvcs: se58mdm - File not found
    NetSvcs: aiclient - File not found
    NetSvcs: DivisCTP - File not found
    NetSvcs: gotomypc - File not found
    NetSvcs: sigfilt - File not found
    NetSvcs: EIO_XP - File not found
    NetSvcs: mhn - File not found
    NetSvcs: cdrbsdrv - File not found
    NetSvcs: cpqrcmc - File not found
    NetSvcs: RTL8169 - File not found
    NetSvcs: pavatscheduler - File not found
    NetSvcs: s24trans - File not found
    NetSvcs: ati2mpaa - File not found
    NetSvcs: SerTVOutCtlr - File not found
    NetSvcs: e1express - File not found
    NetSvcs: mcproxy - File not found
    NetSvcs: pav_security - File not found
    NetSvcs: SE27mdfl - File not found
    NetSvcs: nvstor64 - File not found
    NetSvcs: lxcf_device - File not found
    NetSvcs: twotrack - File not found
    NetSvcs: cpucoolserver - File not found
    NetSvcs: V0080Dev - File not found
    NetSvcs: alcan5wn - File not found
    NetSvcs: ood2000 - File not found
    NetSvcs: TuneUp.ProgramStatisticsSvc - File not found
    NetSvcs: AppnBase - File not found
    NetSvcs: clipsrv - File not found
    NetSvcs: symantecantibotfilter - File not found
    NetSvcs: SE2Cobex - File not found
    NetSvcs: oracle_load_balancer_60_server-forms6ip14 - File not found
    NetSvcs: tga - File not found
    NetSvcs: sr_watchdog - File not found
    NetSvcs: lvckap - File not found
    NetSvcs: nisvcloc - File not found
    NetSvcs: klblmain - File not found
    NetSvcs: MTsensor - File not found
    NetSvcs: Cam5603C - File not found
    NetSvcs: hnmsvc - File not found
    NetSvcs: se59obex - File not found
    NetSvcs: rxmssync - File not found
    NetSvcs: nwrdr - File not found
    NetSvcs: symantecantibotdriver - File not found
    NetSvcs: sisnic - File not found
    NetSvcs: sony_ssm.sys - File not found
    NetSvcs: winvnc - File not found
    NetSvcs: axinstsv - File not found
    NetSvcs: mohfilt - File not found
    NetSvcs: odysseyIM4 - File not found
    NetSvcs: pae_1394 - File not found
    NetSvcs: qmofiltr - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm ()
    Drivers32: msacm.l3acm - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
    Drivers32: VIDC.dvsd - C:\Program Files\Common Files\Sony Shared\VideoLib\sonydv.dll (Sony Corporation)
    Drivers32: vidc.tscc - C:\Windows\System32\tsccvid.dll (TechSmith Corporation)
    Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
    Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/03/08 20:36:18 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{49E4F41F-4207-4BDB-8CC3-F24612559CB0}
    [2012/03/08 20:36:12 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{FAEDC772-A65F-4C9B-915D-3ACFB041CC34}
    [2012/03/07 22:19:11 | 000,000,000 | --SD | C] -- C:\ComboFix
    [2012/03/07 22:19:11 | 000,000,000 | --SD | C] -- \ComboFix
    [2012/03/07 22:14:07 | 000,000,000 | ---D | C] -- C:\Users\Alex\Desktop\Nueva carpeta
    [2012/03/07 19:47:16 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/03/07 19:47:16 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/03/07 19:47:16 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/03/07 19:46:42 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/03/07 19:46:42 | 000,000,000 | ---D | C] -- \Qoobox
    [2012/03/07 19:38:54 | 004,430,732 | R--- | C] (Swearware) -- C:\Users\Alex\Desktop\ComboFix.exe
    [2012/03/07 19:15:15 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{6AFF0E1D-D733-4D2D-99F1-B246AB28EFD2}
    [2012/03/07 19:15:10 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{9FF795FB-14A0-4BB1-A40A-B09F28FAEA61}
    [2012/03/07 12:19:19 | 002,237,440 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe
    [2012/03/07 12:19:06 | 000,000,000 | ---D | C] -- C:\_OTL
    [2012/03/07 12:19:06 | 000,000,000 | ---D | C] -- \_OTL
    [2012/03/05 00:59:05 | 000,000,000 | ---D | C] -- C:\Users\Alex\Desktop\GrantPerms
    [2012/03/04 23:54:05 | 001,153,912 | ---- | C] (Emsi Software GmbH) -- C:\Users\Alex\Desktop\BlitzBlank.exe
    [2012/03/04 22:25:45 | 000,584,704 | ---- | C] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
    [2012/03/04 22:22:12 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{3D239792-0F71-43FA-8809-62816A5E7122}
    [2012/03/03 04:24:38 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{31DF9AB9-D44C-4ED3-870B-C5104ABE273C}
    [2012/03/03 03:48:16 | 000,083,968 | ---- | C] (Esage Lab) -- C:\Users\Alex\Desktop\boot_cleaner.exe
    [2012/03/03 02:13:21 | 004,730,880 | ---- | C] (AVAST Software) -- C:\Users\Alex\Desktop\aswMBR.exe
    [2012/03/02 21:10:37 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{60558CDE-BCC0-437D-B65C-0780B60BC7F4}
    [2012/03/02 21:10:21 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{03DF3C14-8A86-4D50-831D-4AF9496068FB}
    [2012/03/01 23:33:08 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Alex\Desktop\dds.scr
    [2012/03/01 22:42:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/03/01 22:42:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/03/01 22:42:45 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2012/03/01 22:42:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2012/03/01 05:34:22 | 000,000,000 | ---D | C] -- C:\Program Files\Pure Networks
    [2012/02/29 23:22:24 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\ElevatedDiagnostics
    [2012/02/29 23:18:26 | 000,000,000 | ---D | C] -- C:\MATS
    [2012/02/29 23:18:26 | 000,000,000 | ---D | C] -- \MATS
    [2012/02/29 22:47:00 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{F593320D-EEF6-43E0-AB98-49F8C2331379}
    [2012/02/29 07:16:41 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{2ED913C6-D08D-4340-A84D-696886EFB76D}
    [2012/02/29 07:16:39 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{5E093480-2754-40D4-8F6B-7C38230A89D7}
    [2012/02/29 02:31:18 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2012/02/29 02:02:35 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{C8C65D31-2596-4BA9-B210-893FE5B9A2E5}
    [2012/02/29 01:42:07 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{23AD7B5E-E160-4F30-972E-633037E6DAA9}
    [2012/02/29 01:41:59 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{9E118399-76D7-4B01-A6E9-1AF55306457A}
    [2012/02/29 01:41:01 | 000,000,000 | ---D | C] -- C:\ProgramData\CPA_VA
    [2012/02/29 00:30:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
    [2012/02/29 00:29:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
    [2012/02/29 00:29:34 | 000,000,000 | ---D | C] -- C:\Program Files\Comodo
    [2012/02/28 22:45:50 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{2DE96566-4A5C-45C3-A84B-9E65F6BECD59}
    [2012/02/28 20:39:24 | 000,000,000 | -H-D | C] -- C:\$AVG
    [2012/02/28 20:39:24 | 000,000,000 | -H-D | C] -- \$AVG
    [2012/02/28 13:58:33 | 000,000,000 | -HSD | C] -- C:\Users\Alex\AppData\Local\784db967
    [2012/02/28 08:48:21 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{A954444E-9975-48CE-927C-68EC66877FDE}
    [2012/02/28 08:48:01 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{FB506D39-0D68-4370-A4EE-0C103E9C6341}
    [2012/02/27 07:50:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011
    [2012/02/26 20:25:18 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{4FAFA812-F776-45FC-8672-D50D09663773}
    [2012/02/26 20:24:58 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{59FFEBCF-7949-432D-8033-1987AB8A0177}
    [2012/02/26 01:51:13 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
    [2012/02/26 01:40:49 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{8141EBDD-C803-4730-ACF9-C39697BD4167}
    [2012/02/26 01:01:52 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{88F79FF9-D064-4DF5-B911-1BFA9E3F5438}
    [2012/02/26 01:01:42 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{D80E769F-FC79-4C6B-80F2-F9AFA48F8682}
    [2012/02/26 00:32:08 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{6ADBBDF9-C208-4B8C-B778-23E8A8135C62}
    [2012/02/26 00:31:37 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{C73A60B8-45A1-495A-90D7-E007758A540C}
    [2012/02/25 23:42:45 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{66CC1A27-3490-41DC-B43F-95EC64E97836}
    [2012/02/25 23:20:55 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{88D2767A-6FE7-45D8-8450-562039C2A909}
    [2012/02/25 23:20:33 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{32AB2642-DB5E-4A62-8768-CB806D177981}
    [2012/02/25 22:24:21 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{A0ED7053-E390-45E5-9009-495AA8C85C81}
    [2012/02/25 22:24:02 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{C2E1EA9E-C816-4495-A2FF-80F06D6F9A6B}
    [2012/02/25 17:10:05 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{15AA8A03-7E69-4502-8346-BBBBE59E0B79}
    [2012/02/25 17:09:30 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{6A9263FF-D1CE-47CF-930F-EAF61C9DBA44}
    [2012/02/25 12:24:48 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{7D9B443E-E5F2-43D4-8324-0D9F45A71DA1}
    [2012/02/25 12:16:25 | 000,000,000 | ---D | C] -- C:\Program Files\Linksys
    [2012/02/25 12:06:33 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{6FEE4590-E53C-48BC-8A53-0B8D4EF97126}
    [2012/02/25 11:36:20 | 000,076,184 | ---- | C] (WebEx Communications, Inc.) -- C:\Windows\System32\atsckernel.exe
    [2012/02/25 11:36:11 | 000,020,376 | ---- | C] (WebEx Communications, Inc.) -- C:\Windows\System32\atashost.exe
    [2012/02/25 11:35:42 | 000,000,000 | ---D | C] -- C:\ProgramData\webex
    [2012/02/25 11:29:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Pure Networks Shared
    [2012/02/25 11:28:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Pure Networks
    [2012/02/25 11:25:53 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{D8AB69F3-A6D9-4595-A98B-64A33605A736}
    [2012/02/23 07:13:49 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{B56E4FCC-84F8-4A5A-947D-5324C0688AF9}
    [2012/02/23 07:13:38 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{5625D403-FE33-4996-826C-A2E4D0ED6F2A}
    [2012/02/15 07:05:42 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{516E1273-AFCD-4AB3-BEE9-F8BF06457136}
    [2012/02/15 06:42:14 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{FFAF98B4-ADD5-4BAF-B23B-6C4BFD6C4023}
    [2012/02/13 22:21:54 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{B97D186F-F691-4998-AFA1-FD6F50D6AB94}
    [2012/02/13 22:21:02 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{88FACDBD-5293-4E49-A585-E08F367125D8}
    [2012/02/08 20:59:51 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{C57E4485-B618-47A2-9C86-3F6443FE0073}

    ========== Files - Modified Within 30 Days ==========

    [2012/03/08 21:19:59 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/03/08 20:31:57 | 000,001,084 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/03/08 20:30:40 | 000,004,080 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/03/08 20:30:40 | 000,004,080 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/03/08 20:30:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/03/07 22:08:47 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
    [2012/03/07 19:39:18 | 004,430,732 | R--- | M] (Swearware) -- C:\Users\Alex\Desktop\ComboFix.exe
    [2012/03/05 19:20:32 | 000,008,268 | ---- | M] () -- C:\Users\Alex\AppData\Local\d3d9caps.dat
    [2012/03/05 00:56:36 | 000,450,985 | ---- | M] () -- C:\Users\Alex\Desktop\GrantPerms.zip
    [2012/03/04 23:54:08 | 001,153,912 | ---- | M] (Emsi Software GmbH) -- C:\Users\Alex\Desktop\BlitzBlank.exe
    [2012/03/04 22:25:58 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
    [2012/03/04 22:23:50 | 000,000,000 | ---- | M] () -- C:\Windows\tosOBEX.INI
    [2012/03/03 03:44:48 | 000,000,512 | ---- | M] () -- C:\Users\Alex\Desktop\MBR.dat
    [2012/03/03 02:13:28 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Users\Alex\Desktop\aswMBR.exe
    [2012/03/02 07:02:05 | 000,354,280 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2012/03/01 23:33:10 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Alex\Desktop\dds.scr
    [2012/03/01 22:50:09 | 000,302,592 | ---- | M] () -- C:\Users\Alex\Desktop\iqegc7xy.exe
    [2012/03/01 05:33:24 | 008,892,928 | ---- | M] () -- C:\ProgramData\atscie.msi
    [2012/02/26 03:00:02 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\RegInOut Scheduled Scan - Alex.job
    [2012/02/25 22:55:25 | 000,731,210 | ---- | M] () -- C:\Windows\System32\perfh00A.dat
    [2012/02/25 22:55:25 | 000,657,006 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/02/25 22:55:25 | 000,155,906 | ---- | M] () -- C:\Windows\System32\perfc00A.dat
    [2012/02/25 22:55:25 | 000,131,020 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/02/25 16:33:39 | 000,009,472 | ---- | M] () -- C:\Users\Alex\Desktop\Wireless Security Settings.html

    ========== Files Created - No Company Name ==========

    [2012/03/07 19:47:16 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/03/07 19:47:16 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/03/07 19:47:16 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/03/07 19:47:16 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/03/07 19:47:16 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/03/07 12:19:19 | 002,237,440 | R--- | C] () -- \OTLPE.exe
    [2012/03/05 00:56:35 | 000,450,985 | ---- | C] () -- C:\Users\Alex\Desktop\GrantPerms.zip
    [2012/03/04 22:23:50 | 000,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI
    [2012/03/03 02:18:44 | 000,000,512 | ---- | C] () -- C:\Users\Alex\Desktop\MBR.dat
    [2012/03/01 22:49:59 | 000,302,592 | ---- | C] () -- C:\Users\Alex\Desktop\iqegc7xy.exe
    [2012/03/01 05:35:06 | 000,001,938 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Network Magic.lnk
    [2012/03/01 05:20:25 | 000,007,637 | ---- | C] () -- C:\Users\Alex\Desktop\WiLstPrd.vbs
    [2012/03/01 05:20:25 | 000,003,413 | ---- | C] () -- C:\Users\Alex\Desktop\Clean.cmd
    [2012/02/25 16:33:39 | 000,009,472 | ---- | C] () -- C:\Users\Alex\Desktop\Wireless Security Settings.html
    [2012/02/25 11:33:59 | 008,892,928 | ---- | C] () -- C:\ProgramData\atscie.msi
    [2011/11/29 21:18:56 | 000,000,059 | ---- | C] () -- \user.js
    [2011/08/07 20:36:39 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
    [2011/08/07 20:36:39 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
    [2011/05/26 14:54:23 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
    [2011/02/03 10:53:02 | 000,000,092 | ---- | C] () -- C:\Users\Alex\AppData\Local\fusioncache.dat
    [2011/01/17 22:17:50 | 000,000,095 | ---- | C] () -- C:\Windows\ParrotFlashWiz.INI
    [2010/10/30 10:49:32 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2010/04/02 06:28:28 | 000,000,282 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2010/04/01 11:26:49 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
    [2010/04/01 10:50:49 | 000,000,256 | ---- | C] () -- C:\Windows\System32\pool.bin

    ========== LOP Check ==========

    [2011/08/07 20:35:08 | 000,000,000 | ---D | M] -- C:\Users\Alex\.bitrock
    [2007/05/10 09:42:20 | 000,000,000 | -H-D | M] -- C:\Users\Alex\AppData
    [2007/10/02 17:42:23 | 000,000,000 | -HSD | M] -- C:\Users\Alex\Configuración local
    [2007/05/10 09:42:11 | 000,000,000 | R--D | M] -- C:\Users\Alex\Contacts
    [2007/10/02 17:42:23 | 000,000,000 | -HSD | M] -- C:\Users\Alex\Cookies
    [2007/10/02 17:42:23 | 000,000,000 | -HSD | M] -- C:\Users\Alex\Datos de programa
    [2012/03/07 22:18:31 | 000,000,000 | R--D | M] -- C:\Users\Alex\Desktop
    [2012/03/03 03:58:27 | 000,000,000 | R--D | M] -- C:\Users\Alex\Documents
    [2012/03/07 19:44:33 | 000,000,000 | R--D | M] -- C:\Users\Alex\Downloads
    [2007/10/02 17:42:23 | 000,000,000 | -HSD | M] -- C:\Users\Alex\Entorno de red
    [2009/02/08 12:09:41 | 000,000,000 | R--D | M] -- C:\Users\Alex\Favorites
    [2007/10/02 17:42:23 | 000,000,000 | -HSD | M] -- C:\Users\Alex\Impresoras
    [2011/05/31 13:13:26 | 000,000,000 | ---D | M] -- C:\Users\Alex\JA3_1_0
    [2007/10/03 13:51:19 | 000,000,000 | R--D | M] -- C:\Users\Alex\Links
    [2007/10/02 17:42:23 | 000,000,000 | -HSD | M] -- C:\Users\Alex\Menú Inicio
    [2007/10/02 17:42:23 | 000,000,000 | -HSD | M] -- C:\Users\Alex\Mis documentos
    [2011/10/08 19:48:17 | 000,000,000 | R--D | M] -- C:\Users\Alex\Music
    [2011/09/21 18:24:08 | 000,000,000 | ---D | M] -- C:\Users\Alex\MusicUntitled - 21-09-11
    [2012/02/25 20:44:16 | 000,000,000 | R--D | M] -- C:\Users\Alex\Pictures
    [2007/10/02 17:42:23 | 000,000,000 | -HSD | M] -- C:\Users\Alex\Plantillas
    [2007/10/02 17:42:23 | 000,000,000 | -HSD | M] -- C:\Users\Alex\Reciente
    [2007/05/10 09:42:21 | 000,000,000 | R--D | M] -- C:\Users\Alex\Saved Games
    [2007/10/03 13:51:19 | 000,000,000 | R--D | M] -- C:\Users\Alex\Searches
    [2007/10/02 17:42:23 | 000,000,000 | -HSD | M] -- C:\Users\Alex\SendTo
    [2012/03/08 20:35:50 | 000,000,000 | ---D | M] -- C:\Users\Alex\Tracing
    [2010/10/17 18:23:07 | 000,000,000 | R--D | M] -- C:\Users\Alex\Videos
    [2007/05/10 09:42:20 | 000,000,000 | -H-D | M] -- C:\Users\Default\AppData
    [2006/11/02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Application Data
    [2007/05/10 09:40:00 | 000,000,000 | -HSD | M] -- C:\Users\Default\Configuración local
    [2007/05/10 09:42:11 | 000,000,000 | R--D | M] -- C:\Users\Default\Contacts
    [2006/11/02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Cookies
    [2007/05/10 09:40:00 | 000,000,000 | -HSD | M] -- C:\Users\Default\Datos de programa
    [2007/05/10 09:53:09 | 000,000,000 | R--D | M] -- C:\Users\Default\Desktop
    [2007/05/19 20:08:00 | 000,000,000 | R--D | M] -- C:\Users\Default\Documents
    [2007/05/10 09:42:20 | 000,000,000 | R--D | M] -- C:\Users\Default\Downloads
    [2007/05/10 09:40:00 | 000,000,000 | -HSD | M] -- C:\Users\Default\Entorno de red
    [2007/05/10 09:42:22 | 000,000,000 | R--D | M] -- C:\Users\Default\Favorites
    [2007/05/10 09:40:00 | 000,000,000 | -HSD | M] -- C:\Users\Default\Impresoras
    [2007/05/10 09:42:21 | 000,000,000 | R--D | M] -- C:\Users\Default\Links
    [2006/11/02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Local Settings
    [2007/05/10 09:40:00 | 000,000,000 | -HSD | M] -- C:\Users\Default\Menú Inicio
    [2007/05/10 09:40:00 | 000,000,000 | -HSD | M] -- C:\Users\Default\Mis documentos
    [2007/05/10 09:42:20 | 000,000,000 | R--D | M] -- C:\Users\Default\Music
    [2006/11/02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\My Documents
    [2006/11/02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\NetHood
    [2007/05/10 12:50:50 | 000,000,000 | R--D | M] -- C:\Users\Default\Pictures
    [2007/05/10 09:40:00 | 000,000,000 | -HSD | M] -- C:\Users\Default\Plantillas
    [2006/11/02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\PrintHood
    [2006/11/02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Recent
    [2007/05/10 09:40:00 | 000,000,000 | -HSD | M] -- C:\Users\Default\Reciente
    [2007/05/10 09:42:21 | 000,000,000 | R--D | M] -- C:\Users\Default\Saved Games
    [2007/05/10 09:42:21 | 000,000,000 | R--D | M] -- C:\Users\Default\Searches
    [2006/11/02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\SendTo
    [2006/11/02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Start Menu
    [2006/11/02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Templates
    [2007/05/10 09:42:20 | 000,000,000 | R--D | M] -- C:\Users\Default\Videos
    [2007/05/10 09:42:20 | 000,000,000 | -H-D | M] -- C:\Users\Girls\AppData
    [2008/05/31 14:42:52 | 000,000,000 | -HSD | M] -- C:\Users\Girls\Configuración local
    [2007/05/10 09:42:11 | 000,000,000 | R--D | M] -- C:\Users\Girls\Contacts
    [2008/05/31 14:42:52 | 000,000,000 | -HSD | M] -- C:\Users\Girls\Cookies
    [2008/05/31 14:42:52 | 000,000,000 | -HSD | M] -- C:\Users\Girls\Datos de programa
    [2012/01/05 07:20:08 | 000,000,000 | R--D | M] -- C:\Users\Girls\Desktop
    [2008/05/31 14:42:52 | 000,000,000 | R--D | M] -- C:\Users\Girls\Documents
    [2007/05/10 09:42:20 | 000,000,000 | R--D | M] -- C:\Users\Girls\Downloads
    [2008/05/31 14:42:52 | 000,000,000 | -HSD | M] -- C:\Users\Girls\Entorno de red
    [2008/06/17 18:50:55 | 000,000,000 | R--D | M] -- C:\Users\Girls\Favorites
    [2008/05/31 14:42:52 | 000,000,000 | -HSD | M] -- C:\Users\Girls\Impresoras
    [2008/05/31 14:43:23 | 000,000,000 | R--D | M] -- C:\Users\Girls\Links
    [2008/05/31 14:42:52 | 000,000,000 | -HSD | M] -- C:\Users\Girls\Menú Inicio
    [2008/05/31 14:42:52 | 000,000,000 | -HSD | M] -- C:\Users\Girls\Mis documentos
    [2007/05/10 09:42:20 | 000,000,000 | R--D | M] -- C:\Users\Girls\Music
    [2007/05/10 12:50:50 | 000,000,000 | R--D | M] -- C:\Users\Girls\Pictures
    [2008/05/31 14:42:52 | 000,000,000 | -HSD | M] -- C:\Users\Girls\Plantillas
    [2008/05/31 14:42:52 | 000,000,000 | -HSD | M] -- C:\Users\Girls\Reciente
    [2007/05/10 09:42:21 | 000,000,000 | R--D | M] -- C:\Users\Girls\Saved Games
    [2008/05/31 14:43:23 | 000,000,000 | R--D | M] -- C:\Users\Girls\Searches
    [2008/05/31 14:42:52 | 000,000,000 | -HSD | M] -- C:\Users\Girls\SendTo
    [2007/05/10 09:42:20 | 000,000,000 | R--D | M] -- C:\Users\Girls\Videos
    [2012/03/07 22:16:04 | 000,000,000 | RH-D | M] -- C:\Users\Public\Desktop
    [2012/02/29 01:40:08 | 000,000,000 | R--D | M] -- C:\Users\Public\Documents
    [2010/03/05 11:40:21 | 000,000,000 | R--D | M] -- C:\Users\Public\Downloads
    [2007/05/19 19:52:23 | 000,000,000 | ---D | M] -- C:\Users\Public\DSD Direct
    [2006/11/02 11:23:35 | 000,000,000 | RH-D | M] -- C:\Users\Public\Favorites
    [2008/01/24 12:06:45 | 000,000,000 | ---D | M] -- C:\Users\Public\Invoice templates
    [2006/11/02 13:50:50 | 000,000,000 | R--D | M] -- C:\Users\Public\Music
    [2006/11/02 13:50:50 | 000,000,000 | R--D | M] -- C:\Users\Public\Pictures
    [2011/08/07 20:15:15 | 000,000,000 | R--D | M] -- C:\Users\Public\Recorded TV
    [2008/01/31 09:45:48 | 000,000,000 | R--D | M] -- C:\Users\Public\Videos
    [2012/02/26 03:00:02 | 000,000,330 | ---- | M] () -- C:\Windows\Tasks\RegInOut Scheduled Scan - Alex.job
    [2012/03/07 22:08:50 | 000,032,548 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2010/12/15 03:30:00 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{8EA7B817-37CB-4FEB-8F53-5D1E274A1B58}.job

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2012/03/05 06:48:07 | 000,001,578 | ---- | M] () -- C:\blitzblank.log
    [2009/04/11 07:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
    [2007/05/10 19:32:16 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
    [2006/09/18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2008/10/28 16:05:53 | 000,000,000 | ---- | M] () -- C:\dbglev.ini
    [2008/10/28 18:05:37 | 000,001,230 | ---- | M] () -- C:\DeskLog-.txt
    [2008/10/28 18:07:24 | 000,000,846 | ---- | M] () -- C:\DeskLog.txt
    [2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
    [2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
    [2007/11/07 07:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
    [2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
    [2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
    [2007/11/07 07:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
    [2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
    [2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
    [2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
    [2007/11/07 07:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
    [2007/11/07 07:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
    [2007/11/07 07:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
    [2007/11/07 07:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
    [2007/11/07 07:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
    [2007/11/07 07:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
    [2007/11/07 07:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
    [2007/11/07 07:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
    [2007/11/07 07:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
    [2007/11/07 07:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
    [2007/11/07 07:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
    [2007/11/07 07:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
    [2007/05/10 13:09:54 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2007/05/10 13:09:54 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2002/01/05 03:40:20 | 000,487,424 | ---- | M] (Microsoft Corporation) -- C:\msvcp70.dll
    [2002/01/05 03:37:28 | 000,344,064 | ---- | M] (Microsoft Corporation) -- C:\msvcr70.dll
    [2012/02/26 12:56:15 | 000,262,144 | ---- | M] () -- C:\ntuser.dat
    [2012/02/26 12:56:15 | 000,005,120 | -H-- | M] () -- C:\ntuser.dat.LOG1
    [2012/02/25 22:49:48 | 000,000,000 | -H-- | M] () -- C:\ntuser.dat.LOG2
    [2012/02/25 22:49:49 | 000,065,536 | -HS- | M] () -- C:\ntuser.dat{f1f49046-5ff5-11e1-8bf3-aaca0ed4bf36}.TM.blf
    [2012/02/25 22:49:49 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{f1f49046-5ff5-11e1-8bf3-aaca0ed4bf36}.TMContainer00000000000000000001.regtrans-ms
    [2012/02/25 22:49:49 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{f1f49046-5ff5-11e1-8bf3-aaca0ed4bf36}.TMContainer00000000000000000002.regtrans-ms
    [2012/02/26 12:56:15 | 000,065,536 | -HS- | M] () -- C:\ntuser.dat{f204f3a6-6011-11e1-ad6b-a2261d65536a}.TM.blf
    [2012/02/26 12:56:15 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{f204f3a6-6011-11e1-ad6b-a2261d65536a}.TMContainer00000000000000000001.regtrans-ms
    [2012/02/26 12:56:13 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{f204f3a6-6011-11e1-ad6b-a2261d65536a}.TMContainer00000000000000000002.regtrans-ms
    [2012/03/07 03:30:35 | 000,139,376 | ---- | M] () -- C:\OTL.Txt
    [2011/07/13 03:55:05 | 002,237,440 | R--- | M] (OldTimer Tools) -- C:\OTLPE.exe
    [2012/03/08 20:30:15 | 2459,639,808 | -HS- | M] () -- C:\pagefile.sys
    [2011/11/29 21:18:56 | 000,000,059 | ---- | M] () -- C:\user.js
    [2007/11/07 07:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
    [2007/05/19 19:45:56 | 000,390,520 | ---- | M] () -- C:\vcredist_x86.log
    [2007/11/07 07:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
    [2007/11/07 07:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

    < %systemroot%\Fonts\*.com >
    [2006/11/02 13:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2006/11/02 13:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2006/11/02 13:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/09/28 16:25:51 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006/09/18 22:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2008/01/19 08:34:28 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\1_HPZPPLHN.DLL
    [2008/01/19 08:34:28 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\HPZPPLHN.DLL
    [2006/11/02 13:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
    [2007/04/09 12:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\mdippr.dll
    [2006/10/26 18:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2010/11/10 01:28:46 | 000,301,936 | ---- | M] () -- C:\Windows\WLXPGSS.SCR

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2008/09/09 18:38:58 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2007/05/10 19:32:02 | 006,664,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
    [2007/05/10 19:32:01 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
    [2007/05/10 19:32:02 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
    [2007/05/10 19:32:11 | 015,720,448 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
    [2007/05/10 19:32:13 | 006,012,928 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >
    [2011/09/07 19:53:24 | 000,003,072 | ---- | M] () -- C:\Windows\system32\Cache.db

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2011/05/04 07:32:45 | 000,000,442 | -HS- | M] () -- C:\Users\Alex\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2012/03/03 02:13:28 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Users\Alex\Desktop\aswMBR.exe
    [2012/03/04 23:54:08 | 001,153,912 | ---- | M] (Emsi Software GmbH) -- C:\Users\Alex\Desktop\BlitzBlank.exe
    [2011/09/20 03:02:40 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Users\Alex\Desktop\boot_cleaner.exe
    [2012/03/07 19:39:18 | 004,430,732 | R--- | M] (Swearware) -- C:\Users\Alex\Desktop\ComboFix.exe
    [2012/03/01 22:50:09 | 000,302,592 | ---- | M] () -- C:\Users\Alex\Desktop\iqegc7xy.exe
    [2012/03/04 22:25:58 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
    [2008/10/28 12:37:10 | 000,176,526 | ---- | M] (UltraVnc) -- C:\Users\Alex\Desktop\remote.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\tasks\*.* >
    [2012/03/08 20:31:57 | 000,001,084 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2012/03/08 21:32:26 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2012/02/26 03:00:02 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\RegInOut Scheduled Scan - Alex.job
    [2012/03/08 20:30:32 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
    [2012/03/07 22:08:50 | 000,032,548 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT
    [2010/12/15 03:30:00 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{8EA7B817-37CB-4FEB-8F53-5D1E274A1B58}.job

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2009/11/08 20:29:08 | 000,000,402 | -HS- | M] () -- C:\Users\Alex\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2012/03/01 05:33:24 | 008,892,928 | ---- | M] () -- C:\ProgramData\atscie.msi
    [2010/04/02 06:28:28 | 000,000,282 | RHS- | M] () -- C:\ProgramData\ntuser.pol

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2012/03/08 21:24:53 | 000,081,920 | -HS- | M] () -- C:\Users\Alex\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < MD5 for: NETBT.SYS >
    [2008/01/19 06:55:35 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=7C5FEE5B1C5728507CD96FB4A13E7A02 -- C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6001.18000_none_6064c861f7442765\netbt.sys
    [2006/11/02 09:57:20 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=E3A168912E7EEFC3BD3B814720D68B41 -- C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6000.16386_none_5e2e0665fa591691\netbt.sys
    [2012/03/07 08:02:06 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=ECD64230A59CBD93C85F1CD1CAB9F3F6 -- C:\Windows\System32\drivers\netbt.sys
    [2012/03/07 08:02:06 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=ECD64230A59CBD93C85F1CD1CAB9F3F6 -- C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6002.18005_none_6250416df465f2b1\netbt.sys

    ========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
    [C:\Windows\$NtUninstallKB16085$] -> -> Unknown point type

    < End of report >
     
     
  12. AlexR

    AlexR TS Rookie Topic Starter Posts: 58

    It appears as though the OTL.txt file has overridden the existing Run 1 file from 4 dats ago - but there is no Run 2 file for Extras.txt.

    I guess I should have deleted the original Run 1 files from the desktop.....

    Do I delete these files and do it again?
     
  13. Broni

    Broni Malware Annihilator Posts: 47,076   +257

    How is computer doing at the moment?

    For x86 bit systems please download GrantPerms.zip and save it to your desktop.
    For x64 bit systems please download GrantPerms64.zip and save it to your desktop.
    Unzip the file and depending on the system run GrantPerms.exe or GrantPerms64.exe
    Copy and paste the following in the edit box:

    Code:
    C:\Windows\$NtUninstallKB16085$
    
    Click Unlock. When it is done click "OK".
    Click List Permissions and post the result of Perms.txt file that pops up.
    A copy of Perms.txt will be saved in the same directory the tool is run.

    =====================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      IE - HKU\S-1-5-21-3790430613-2635612168-4138667699-1003\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\InprocServer32 File not found
      IE - HKU\S-1-5-21-3790430613-2635612168-4138667699-1003\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
      IE - HKU\S-1-5-21-3790430613-2635612168-4138667699-1003\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=100476&babsrc=SP_ss&mntrId=ce070d62000000000000001bfb19 9c1c
      IE - HKU\S-1-5-21-3790430613-2635612168-4138667699-1003\..\SearchScopes\{3F040CC5-6409-419C-A0E6-3B7BC3D698A7}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=SPC2&o=15000&src=kw&q={searchTerms}&locale=es_ES&apn_ ptnrs=PV&apn_dtid=YYYYYYYYES&apn_uid=2de66ec4-efc9-44ec-948f-537ffdd02f3d&apn_sauid=D915F3F0-03C6-479F-A3F7-384768212BA1&
      IE - HKU\S-1-5-21-3790430613-2635612168-4138667699-1003\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={5128D9CC-E9D3-4571-8B68-CFBE13FA6979}&mid=03057f60834647d197620f14772b30d6-b2e4715dece078f03028f46c6085068e2f763c30&lang=en&ds=AVG&pr=fr&d=2011-10-16 11:24:32&v=10.0.0.7&sap=dsp&q={searchTerms}
      [2012/01/19 20:49:20 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
      [2011/11/29 21:18:30 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
      CHR - default_search_provider: AVG Secure Search (Enabled)
      CHR - default_search_provider: search_url = http://isearch.avg.com/search?cid={5128D9CC-E9D3-4571-8B68-CFBE13FA6979}&mid=03057f60834647d197620f14772b30d6-b2e4715dece078f03028f46c6085068e2f763c30&lang=en&ds=AVG&pr=fr&d=2011-10-16 11:24:32&v=10.0.0.7&sap=dsp&q={searchTerms}
      O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
      O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
      O3 - HKU\S-1-5-21-3790430613-2635612168-4138667699-1003\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
      O4 - HKLM..\Run: [] File not found
      O4 - HKLM..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe" File not found
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 File not found
      O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
      O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found 
      O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
      O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
      O33 - MountPoints2\{155a87f1-cc16-11dd-bdf9-0013a9c3ea85}\Shell\AutoRun\command - "" = F:\AutoPlay.exe -c
      O33 - MountPoints2\{3c1fcb7d-7455-11dd-8a6c-0013a9c3ea85}\Shell - "" = AutoRun
      O33 - MountPoints2\{3c1fcb7d-7455-11dd-8a6c-0013a9c3ea85}\Shell\AutoRun\command - "" = F:\AutoRun.exe
      O33 - MountPoints2\{480ecf4e-7686-11dc-8dfa-001bfb199c1c}\Shell - "" = AutoRun
      O33 - MountPoints2\{480ecf4e-7686-11dc-8dfa-001bfb199c1c}\Shell\AutoRun\command - "" = G:\AutoRun.exe
      O33 - MountPoints2\{480ecf76-7686-11dc-8dfa-001bfb199c1c}\Shell - "" = AutoRun
      O33 - MountPoints2\{480ecf76-7686-11dc-8dfa-001bfb199c1c}\Shell\AutoRun\command - "" = G:\AutoRun.exe
      O33 - MountPoints2\{480ecf78-7686-11dc-8dfa-001bfb199c1c}\Shell - "" = AutoRun
      O33 - MountPoints2\{480ecf78-7686-11dc-8dfa-001bfb199c1c}\Shell\AutoRun\command - "" = G:\AutoRun.exe
      O33 - MountPoints2\{82e1f752-7a69-11dc-9867-001bfb199c1c}\Shell - "" = AutoRun
      O33 - MountPoints2\{82e1f752-7a69-11dc-9867-001bfb199c1c}\Shell\AutoRun\command - "" = G:\AutoRun.exe
      O33 - MountPoints2\{82e1f754-7a69-11dc-9867-001bfb199c1c}\Shell - "" = AutoRun
      O33 - MountPoints2\{82e1f754-7a69-11dc-9867-001bfb199c1c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
      O33 - MountPoints2\{c9623c6b-768c-11dc-b171-0013a9c3ea85}\Shell - "" = AutoRun
      O33 - MountPoints2\{c9623c6b-768c-11dc-b171-0013a9c3ea85}\Shell\AutoRun\command - "" = H:\AutoRun.exe
      O33 - MountPoints2\{ddee3c90-d388-11de-818f-0013a9c3ea85}\Shell - "" = AutoRun
      O33 - MountPoints2\{ddee3c90-d388-11de-818f-0013a9c3ea85}\Shell\AutoRun\command - "" = I:\AutoRunCardDetector.exe
      O33 - MountPoints2\{f23bfbe2-4b7a-11de-85fc-0013a9c3ea85}\Shell - "" = AutoRun
      O33 - MountPoints2\{f23bfbe2-4b7a-11de-85fc-0013a9c3ea85}\Shell\AutoRun\command - "" = I:\AutoRunCardDetector.exe
      O33 - MountPoints2\{f23bfc16-4b7a-11de-85fc-0013a9c3ea85}\Shell - "" = AutoRun
      O33 - MountPoints2\{f23bfc16-4b7a-11de-85fc-0013a9c3ea85}\Shell\AutoRun\command - "" = F:\AutoRunCardDetector.exe
      O33 - MountPoints2\{fdd9e0e7-abdc-11dd-b1f3-0013a9c3ea85}\Shell - "" = AutoRun
      O33 - MountPoints2\{fdd9e0e7-abdc-11dd-b1f3-0013a9c3ea85}\Shell\AutoRun\command - "" = F:\AutoRun.exe
      O33 - MountPoints2\F\Shell - "" = AutoRun
      O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
      O33 - MountPoints2\G\Shell - "" = AutoRun
      O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe
      O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\Autorun.exe
      [2012/02/28 20:39:24 | 000,000,000 | -H-D | C] -- C:\$AVG
      [2012/02/28 20:39:24 | 000,000,000 | -H-D | C] -- \$AVG
      [2012/02/28 13:58:33 | 000,000,000 | -HSD | C] -- C:\Users\Alex\AppData\Local\784db967
      
      :Files
      C:\Program Files\Ask.com
      
      :Commands
      [purity]
      [emptytemp]
      [emptyjava]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ===================================================================

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  14. AlexR

    AlexR TS Rookie Topic Starter Posts: 58

    Perms.txt

    GrantPerms by Farbar
    Ran by Alex (administrator) at 2012-03-08 22:07:22

    ===============================================
    \\?\C:\Windows\$NtUninstallKB16085$

    Owner: BUILTIN\Administradores

    DACL(P)(AI):
    NT SERVICE\TrustedInstaller FULL ALLOW container_inherit
    NT AUTHORITY\SYSTEM FULL ALLOW (CI)(OI)
    BUILTIN\Administradores FULL ALLOW (CI)(OI)
    CREATOR OWNER FULL ALLOW (CI)(OI)(IO)
     
  15. AlexR

    AlexR TS Rookie Topic Starter Posts: 58

    I'm running OTL, as you asked.

    It's hard to say how the computer is as I haven't used it for anything except for the exercises I'm doing with you.

    It does have a problem on booting up and tries to fix its own Restart. Then it asks if I want to go to a Restore POint, which I say "no". And then it runs out of juice and then lets me choose if I want to start normally or doing a repair (recommended) - to which I choose normal & it restarts. Then I get the message about a damaged Recycle Bin in C\:, which it offers to let me empty - which I do - & then it starts up. I would say it's probably even slower than before.

    BTW, OTL seems to be hanging on the "Emptying Temp folders. DO NOT INTERRUPT..." stage. I'll leave it for a while...
     
  16. Broni

    Broni Malware Annihilator Posts: 47,076   +257

    If still stuck reboot to safe mode and run OTL fix from there.
     
  17. AlexR

    AlexR TS Rookie Topic Starter Posts: 58

    OTL log

    OTL completed in normal mode:

    All processes killed
    ========== OTL ==========
    Registry value HKEY_USERS\S-1-5-21-3790430613-2635612168-4138667699-1003\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ deleted successfully.
    HKEY_USERS\S-1-5-21-3790430613-2635612168-4138667699-1003\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
    Registry key HKEY_USERS\S-1-5-21-3790430613-2635612168-4138667699-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
    Registry key HKEY_USERS\S-1-5-21-3790430613-2635612168-4138667699-1003\Software\Microsoft\Internet Explorer\SearchScopes\{3F040CC5-6409-419C-A0E6-3B7BC3D698A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3F040CC5-6409-419C-A0E6-3B7BC3D698A7}\ not found.
    Registry key HKEY_USERS\S-1-5-21-3790430613-2635612168-4138667699-1003\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
    C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml moved successfully.
    C:\Program Files\mozilla firefox\searchplugins\babylon.xml moved successfully.
    Unable to fix default_search_provider items.
    Unable to fix default_search_provider items.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
    Registry value HKEY_USERS\S-1-5-21-3790430613-2635612168-4138667699-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xport to Microsoft Excel\ deleted successfully.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\E&xportar a Microsoft Excel\ deleted successfully.
    Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully.
    Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
    Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\DownloadInformation\\INF .
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
    Starting removal of ActiveX control {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
    C:\ProgramData\webex\ieatgpc.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{155a87f1-cc16-11dd-bdf9-0013a9c3ea85}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{155a87f1-cc16-11dd-bdf9-0013a9c3ea85}\ not found.
    File F:\AutoPlay.exe -c not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3c1fcb7d-7455-11dd-8a6c-0013a9c3ea85}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3c1fcb7d-7455-11dd-8a6c-0013a9c3ea85}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3c1fcb7d-7455-11dd-8a6c-0013a9c3ea85}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3c1fcb7d-7455-11dd-8a6c-0013a9c3ea85}\ not found.
    File F:\AutoRun.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{480ecf4e-7686-11dc-8dfa-001bfb199c1c}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{480ecf4e-7686-11dc-8dfa-001bfb199c1c}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{480ecf4e-7686-11dc-8dfa-001bfb199c1c}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{480ecf4e-7686-11dc-8dfa-001bfb199c1c}\ not found.
    File G:\AutoRun.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{480ecf76-7686-11dc-8dfa-001bfb199c1c}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{480ecf76-7686-11dc-8dfa-001bfb199c1c}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{480ecf76-7686-11dc-8dfa-001bfb199c1c}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{480ecf76-7686-11dc-8dfa-001bfb199c1c}\ not found.
    File G:\AutoRun.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{480ecf78-7686-11dc-8dfa-001bfb199c1c}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{480ecf78-7686-11dc-8dfa-001bfb199c1c}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{480ecf78-7686-11dc-8dfa-001bfb199c1c}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{480ecf78-7686-11dc-8dfa-001bfb199c1c}\ not found.
    File G:\AutoRun.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{82e1f752-7a69-11dc-9867-001bfb199c1c}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82e1f752-7a69-11dc-9867-001bfb199c1c}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{82e1f752-7a69-11dc-9867-001bfb199c1c}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82e1f752-7a69-11dc-9867-001bfb199c1c}\ not found.
    File G:\AutoRun.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{82e1f754-7a69-11dc-9867-001bfb199c1c}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82e1f754-7a69-11dc-9867-001bfb199c1c}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{82e1f754-7a69-11dc-9867-001bfb199c1c}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82e1f754-7a69-11dc-9867-001bfb199c1c}\ not found.
    File H:\AutoRun.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c9623c6b-768c-11dc-b171-0013a9c3ea85}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c9623c6b-768c-11dc-b171-0013a9c3ea85}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c9623c6b-768c-11dc-b171-0013a9c3ea85}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c9623c6b-768c-11dc-b171-0013a9c3ea85}\ not found.
    File H:\AutoRun.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ddee3c90-d388-11de-818f-0013a9c3ea85}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ddee3c90-d388-11de-818f-0013a9c3ea85}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ddee3c90-d388-11de-818f-0013a9c3ea85}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ddee3c90-d388-11de-818f-0013a9c3ea85}\ not found.
    File I:\AutoRunCardDetector.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f23bfbe2-4b7a-11de-85fc-0013a9c3ea85}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f23bfbe2-4b7a-11de-85fc-0013a9c3ea85}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f23bfbe2-4b7a-11de-85fc-0013a9c3ea85}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f23bfbe2-4b7a-11de-85fc-0013a9c3ea85}\ not found.
    File I:\AutoRunCardDetector.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f23bfc16-4b7a-11de-85fc-0013a9c3ea85}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f23bfc16-4b7a-11de-85fc-0013a9c3ea85}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f23bfc16-4b7a-11de-85fc-0013a9c3ea85}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f23bfc16-4b7a-11de-85fc-0013a9c3ea85}\ not found.
    File F:\AutoRunCardDetector.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fdd9e0e7-abdc-11dd-b1f3-0013a9c3ea85}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fdd9e0e7-abdc-11dd-b1f3-0013a9c3ea85}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fdd9e0e7-abdc-11dd-b1f3-0013a9c3ea85}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fdd9e0e7-abdc-11dd-b1f3-0013a9c3ea85}\ not found.
    File F:\AutoRun.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
    File F:\AutoRun.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
    File G:\AutoRun.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ deleted successfully.
    File H:\Autorun.exe not found.
    C:\$AVG\$VAULT folder moved successfully.
    C:\$AVG folder moved successfully.
    Folder \$AVG\ not found.
    C:\Users\Alex\AppData\Local\784db967\U folder moved successfully.
    C:\Users\Alex\AppData\Local\784db967 folder moved successfully.
    ========== FILES ==========
    File\Folder C:\Program Files\Ask.com not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Alex
    ->Temp folder emptied: 141673344 bytes
    -> No Temporary Internet Files cache folder defined!
    ->Java cache emptied: 127184 bytes
    ->FireFox cache emptied: 32653330 bytes
    ->Google Chrome cache emptied: 26951848 bytes
    ->Apple Safari cache emptied: 94318592 bytes

    User: All Users
    -> No Temporary Internet Files cache folder defined!

    User: Default
    ->Temp folder emptied: 0 bytes
    -> No Temporary Internet Files cache folder defined!

    User: Default User
    -> No Temporary Internet Files cache folder defined!

    User: Girls
    -> No Temporary Internet Files cache folder defined!

    User: Public
    -> No Temporary Internet Files cache folder defined!

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 38799648 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 319,00 mb


    [EMPTYJAVA]

    User: Alex
    ->Java cache emptied: 0 bytes

    User: All Users

    User: Default

    User: Default User

    User: Girls

    User: Public

    Total Java Files Cleaned = 0,00 mb


    [EMPTYFLASH]

    User: Alex

    User: All Users

    User: Default

    User: Default User

    User: Girls

    User: Public

    Total Flash Files Cleaned = 0,00 mb


    OTL by OldTimer - Version 3.2.35.1 log created on 03082012_221110

    Files\Folders moved on Reboot...
    C:\Windows\temp\WebEx\Log\38\atashost.log moved successfully.
    File\Folder C:\Windows\temp\JETD41F.tmp not found!
    File\Folder C:\Windows\temp\SEP2798.tmp not found!

    Registry entries deleted on Reboot...
     
  18. AlexR

    AlexR TS Rookie Topic Starter Posts: 58

    Checkup.txt

    Results of screen317's Security Check version 0.99.24
    Windows Vista Service Pack 2 x86 (UAC is enabled)
    Internet Explorer 9
    ``````````````````````````````
    Antivirus/Firewall Check:

    AVG PC Tuneup
    SonicStage Mastering Studio Audio Filter Custom Preset
    COMODO Internet Security
    Norton 360
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Spybot - Search & Destroy
    AVG PC Tuneup
    Java(TM) 6 Update 31
    Java(TM) SE Runtime Environment 6 Update 1
    Out of date Java installed!
    Adobe Flash Player 11.1.102.62
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Spybot Teatimer.exe is disabled!
    Comodo Firewall cmdagent.exe
    Comodo Firewall cfp.exe
    ``````````End of Log````````````
     
  19. AlexR

    AlexR TS Rookie Topic Starter Posts: 58

    FSS.txt

    Farbar Service Scanner Version: 01-03-2012
    Ran by Alex (administrator) on 09-03-2012 at 07:54:25
    Running from "C:\Users\Alex\Downloads"
    Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Yahoo IP is accessible.


    Windows Firewall:
    =============
    mpsdrv Service is not running. Checking service configuration:
    The start type of mpsdrv service is OK.
    The ImagePath of mpsdrv service is OK.

    MpsSvc Service is not running. Checking service configuration:
    Checking Start type: Attention! Unable to open MpsSvc registry key. The service key does not exist.
    Checking ImagePath: Attention! Unable to open MpsSvc registry key. The service key does not exist.
    Checking ServiceDll: Attention! Unable to open MpsSvc registry key. The service key does not exist.
    Checking LEGACY_MpsSvc: Attention! Unable to open LEGACY_MpsSvc\0000 registry key. The key does not exist.

    bfe Service is not running. Checking service configuration:
    Checking Start type: Attention! Unable to open bfe registry key. The service key does not exist.
    Checking ImagePath: Attention! Unable to open bfe registry key. The service key does not exist.
    Checking ServiceDll: Attention! Unable to open bfe registry key. The service key does not exist.
    Checking LEGACY_bfe: Attention! Unable to open LEGACY_bfe\0000 registry key. The key does not exist.


    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Security Center:
    ============

    Windows Update:
    ============

    File Check:
    ========
    C:\Windows\system32\nsisvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\afd.sys => MD5 is legit
    C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
    C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\system32\dnsrslvr.dll => MD5 is legit
    C:\Windows\system32\mpssvc.dll => MD5 is legit
    C:\Windows\system32\bfe.dll => MD5 is legit
    C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\system32\SDRSVC.dll => MD5 is legit
    C:\Windows\system32\vssvc.exe => MD5 is legit
    C:\Windows\system32\wscsvc.dll => MD5 is legit
    C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\system32\wuaueng.dll => MD5 is legit
    C:\Windows\system32\qmgr.dll => MD5 is legit
    C:\Windows\system32\es.dll => MD5 is legit
    C:\Windows\system32\cryptsvc.dll => MD5 is legit
    C:\Windows\system32\svchost.exe => MD5 is legit
    C:\Windows\system32\rpcss.dll => MD5 is legit


    **** End of log ****
     
  20. AlexR

    AlexR TS Rookie Topic Starter Posts: 58

    ESETScan.txt

    To an untrained eye it looks like you've done it!! :D

    C:\Users\Alex\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WYO2ZXG5\espana_com-winner_com[1].htm HTML/ScrInject.B.Gen virus deleted - quarantined
    C:\_OTL\MovedFiles\03082012_221110\C_Users\Alex\AppData\Local\784db967\U\00000001.@ a variant of Win32/Sirefef.CR trojan cleaned by deleting - quarantined
    C:\_OTL\MovedFiles\03082012_221110\C_Users\Alex\AppData\Local\784db967\U\000000c0.@ Win32/Redirector.A trojan cleaned by deleting - quarantined
    C:\_OTL\MovedFiles\03082012_221110\C_Users\Alex\AppData\Local\784db967\U\000000cb.@ Win32/Redirector.A trojan cleaned by deleting - quarantined
    C:\_OTL\MovedFiles\03082012_221110\C_Users\Alex\AppData\Local\784db967\U\000000cf.@ Win32/Redirector.A trojan cleaned by deleting - quarantined
    C:\_OTL\MovedFiles\03082012_221110\C_Users\Alex\AppData\Local\784db967\U\80000000.@ probably a variant of Win32/Sirefef.DV trojan cleaned by deleting - quarantined
    C:\_OTL\MovedFiles\03082012_221110\C_Users\Alex\AppData\Local\784db967\U\800000c0.@ Win32/Sirefef.EN trojan cleaned by deleting - quarantined
    C:\_OTL\MovedFiles\03082012_221110\C_Users\Alex\AppData\Local\784db967\U\800000cb.@ a variant of Win32/Agent.TEO trojan cleaned by deleting - quarantined
    C:\_OTL\MovedFiles\03082012_221110\C_Users\Alex\AppData\Local\784db967\U\800000cf.@ Win32/Sirefef.DV trojan cleaned by deleting - quarantined
     
  21. Broni

    Broni Malware Annihilator Posts: 47,076   +257

    It looks like we're almost there :)
    Hold on for next instructions....
     
  22. Broni

    Broni Malware Annihilator Posts: 47,076   +257

    Uninstall Java(TM) SE Runtime Environment 6 Update 1.

    I strongly suggest you also uninstall AVG PC Tuneup, which deals with registry - never good news.

    Then I can see two AV programs:
    COMODO Internet Security
    Norton 360

    You must uninstall one of them.
    If Norton use this tool: https://www-secure.symantec.com/nor...&version=1&pvid=f-home&entsrc=redirect_pubweb

    Next....
    We have couple of registry keys missing.

    Following steps involve registry editing. Please create new restore point before proceeding!!!
    How to:
    XP - http://support.microsoft.com/kb/948247
    Vista and Seven - http://www.howtogeek.com/howto/wind...tore-point-for-windows-vistas-system-restore/


    Please go to Start=>Run (alternatively use Windows key+R), type regedit and click OK.
    Navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root
    Right-Click Root and select Permissions...
    Click Advanced.
    Under Owner tab select the entry starting with you user name, example: Farbar(Farbar-PC\Farbar)
    Put a check mark next to Replace owner on subcontainers and objects and click Apply and OK.
    Under Security type while Everyone is selected put a check mark in the box under Allow next to Full Control.
    Click Apply and OK.

    Download Vista.zip file from here: http://www.smartestcomputing.us.com/files/download/9-registry-network-keys/
    Unzip downloaded file.
    You'll find several files inside.
    Double-click legacy_mpssvc.reg and confirm the prompt.
    Double-click legacy_bfe and confirm the prompt.
    Double-click bfe.reg and confirm the prompt.
    Double-click mpssvc.reg and confirm the prompt.

    Please go back to the the Root key again while Everyone is selected remove check mark in the box under Allow next to Full Control and close the registry.
    Restart computer.
    Post new FSS log.
     
  23. AlexR

    AlexR TS Rookie Topic Starter Posts: 58

    1st problem... "... don't have access to Windows Installer", which may be due to Windows Installer not being properly installed. Net result is I can't uninstall Java Runtime Environment 6 Update 1 without doing something....

    I'll try the others....
     
  24. Broni

    Broni Malware Annihilator Posts: 47,076   +257

    What is the exact error message you're getting regarding installer?
     
  25. AlexR

    AlexR TS Rookie Topic Starter Posts: 58

    It is a box that comes up after giving permission to Windows Installer to remove the program. The title bar says "Java(TM) SE Runtime Environment 6 Update 1" and the text, translated from Spanish, says: "Does not have access to the serviice Windows Installer. This can occur if Windows Installer is not correctly installed. Contact personnel of technical support for help,"

    AVG PC Tune-up & last remnants of Norton 360 are gone.

    Do I do the System Restore Point, or are we going to try to get rid of the Java element first?
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.