Solved Trojan Horse hider! netbt.sys file discovered by AVG

OTL.txt (Part 1)

OTL logfile created on: 04/03/2012 22:34:00 - Run 1
OTL by OldTimer - Version 3.2.35.1 Folder = C:\Users\Alex\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C0A | Country: España | Language: ESN | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,10 Gb Available Physical Memory | 54,95% Memory free
4,23 Gb Paging File | 3,28 Gb Available in Paging File | 77,62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139,27 Gb Total Space | 24,21 Gb Free Space | 17,38% Space Free | Partition Type: NTFS
Drive H: | 321,66 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: ALEX1 | User Name: Alex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/03/04 22:25:58 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
PRC - [2011/12/21 00:41:44 | 006,676,808 | ---- | M] (COMODO) -- C:\Program Files\Comodo\COMODO Internet Security\cfp.exe
PRC - [2011/12/19 18:59:00 | 001,960,584 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2011/11/23 11:27:04 | 001,052,472 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
PRC - [2011/11/23 11:27:04 | 000,992,056 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO GeekBuddy\CLPS.exe
PRC - [2011/11/17 19:29:26 | 000,901,800 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
PRC - [2011/10/27 22:00:19 | 000,273,528 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\realplayer\Update\realsched.exe
PRC - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/04/20 09:50:48 | 002,848,144 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
PRC - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/02/18 10:47:12 | 000,079,192 | ---- | M] (Research In Motion Limited) -- C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
PRC - [2009/11/28 08:39:24 | 002,396,464 | ---- | M] () -- C:\Program Files\Hide My IP 2009\HideMyIpSrv.exe
PRC - [2009/07/08 02:53:36 | 000,472,112 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Pure Networks\Network Magic\nmapp.exe
PRC - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/06 12:59:12 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) -- C:\Windows\System32\atashost.exe
PRC - [2009/03/05 17:59:50 | 000,313,264 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
PRC - [2009/03/05 17:59:50 | 000,192,512 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2009/03/05 17:41:58 | 005,189,992 | ---- | M] (Sony Corporation) -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/10/14 21:38:56 | 000,623,992 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
PRC - [2007/10/04 17:59:54 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2007/09/13 14:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) -- C:\Windows\System32\stacsv.exe
PRC - [2007/06/15 11:45:20 | 000,469,112 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher.exe
PRC - [2007/05/16 18:07:16 | 000,411,768 | ---- | M] (Sony Corporation) -- C:\Program Files\sony\VAIO Camera Utility\VCUServe.exe
PRC - [2007/02/13 14:19:48 | 000,182,392 | ---- | M] (Sony Corporation) -- C:\Program Files\sony\VAIO Event Service\VESMgr.exe
PRC - [2007/02/02 20:38:14 | 002,756,608 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
PRC - [2007/02/02 19:28:06 | 000,278,528 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
PRC - [2007/02/02 13:56:52 | 000,118,784 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2007/01/30 16:47:48 | 000,307,200 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
PRC - [2007/01/26 10:59:02 | 002,170,880 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe
PRC - [2007/01/22 19:39:32 | 000,321,656 | ---- | M] (Sony Corporation) -- C:\Program Files\sony\ISB Utility\ISBMgr.exe
PRC - [2007/01/12 21:41:40 | 000,278,528 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
PRC - [2007/01/12 06:52:25 | 000,118,784 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apoint.exe
PRC - [2007/01/12 06:52:24 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\Apntex.exe
PRC - [2007/01/12 06:52:23 | 000,042,544 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint\ApMsgFwd.exe
PRC - [2007/01/04 18:48:52 | 000,112,152 | R--- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
PRC - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\eEBAPI\eEBSVC.exe
PRC - [2006/11/02 13:35:35 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wpcumi.exe
PRC - [2006/11/02 10:45:59 | 000,215,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdSync.exe
PRC - [2006/10/27 19:13:48 | 000,270,336 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
PRC - [2006/01/23 22:14:10 | 000,069,632 | ---- | M] (TOSHIBA CORPORATION.) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe


========== Modules (No Company Name) ==========

MOD - [2011/07/29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2007/09/20 18:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\rarext.dll
MOD - [2007/05/16 18:07:16 | 000,040,960 | ---- | M] () -- C:\Program Files\sony\VAIO Camera Utility\VCULib.dll
MOD - [2005/07/22 20:30:20 | 000,065,536 | ---- | M] () -- C:\Windows\System32\TosCommAPI.dll
MOD - [2004/10/14 09:18:24 | 000,040,960 | ---- | M] () -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtAfh.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (winvnc)
SRV - File not found [Auto | Stopped] -- -- (V0080Dev)
SRV - File not found [Auto | Stopped] -- -- (twotrack)
SRV - File not found [Auto | Stopped] -- -- (TuneUp.ProgramStatisticsSvc)
SRV - File not found [Auto | Stopped] -- -- (tga)
SRV - File not found [Auto | Stopped] -- -- (symantecantibotfilter)
SRV - File not found [Auto | Stopped] -- -- (symantecantibotdriver)
SRV - File not found [Auto | Stopped] -- -- (sr_watchdog)
SRV - File not found [Auto | Stopped] -- -- (sony_ssm.sys)
SRV - File not found [Auto | Stopped] -- -- (sisnic)
SRV - File not found [Auto | Stopped] -- -- (sigfilt)
SRV - File not found [Auto | Stopped] -- -- (SerTVOutCtlr)
SRV - File not found [Auto | Stopped] -- -- (se59obex)
SRV - File not found [Auto | Stopped] -- -- (se58mdm)
SRV - File not found [Auto | Stopped] -- -- (SE2Cobex)
SRV - File not found [Auto | Stopped] -- -- (SE27mdfl)
SRV - File not found [Auto | Stopped] -- -- (s24trans)
SRV - File not found [Auto | Stopped] -- -- (rxmssync)
SRV - File not found [Auto | Stopped] -- -- (RTL8169)
SRV - File not found [Auto | Stopped] -- -- (qmofiltr)
SRV - File not found [Auto | Stopped] -- -- (Programador de LiveUpdate automático)
SRV - File not found [Auto | Stopped] -- -- (pavatscheduler)
SRV - File not found [Auto | Stopped] -- -- (pav_security)
SRV - File not found [Auto | Stopped] -- -- (pae_1394)
SRV - File not found [Auto | Stopped] -- -- (oracle_load_balancer_60_server-forms6ip14)
SRV - File not found [Auto | Stopped] -- -- (ood2000)
SRV - File not found [Auto | Stopped] -- -- (odysseyIM4)
SRV - File not found [Auto | Stopped] -- -- (nwrdr)
SRV - File not found [Auto | Stopped] -- -- (nvstor64)
SRV - File not found [Auto | Stopped] -- -- (nsausvc)
SRV - File not found [Auto | Stopped] -- -- (nisvcloc)
SRV - File not found [Auto | Stopped] -- -- (MTsensor)
SRV - File not found [Auto | Stopped] -- -- (mohfilt)
SRV - File not found [Auto | Stopped] -- -- (mhn)
SRV - File not found [Auto | Stopped] -- -- (mcproxy)
SRV - File not found [Auto | Stopped] -- -- (lxcf_device)
SRV - File not found [Auto | Stopped] -- -- (lvckap)
SRV - File not found [Auto | Stopped] -- -- (klblmain)
SRV - File not found [Auto | Stopped] -- -- (hnmsvc)
SRV - File not found [Auto | Stopped] -- -- (gotomypc)
SRV - File not found [Auto | Stopped] -- -- (EIO_XP)
SRV - File not found [Auto | Stopped] -- -- (e1express)
SRV - File not found [Auto | Stopped] -- -- (DivisCTP)
SRV - File not found [Auto | Stopped] -- -- (cpucoolserver)
SRV - File not found [Auto | Stopped] -- -- (cpqrcmc)
SRV - File not found [Auto | Stopped] -- -- (cdrbsdrv)
SRV - File not found [Auto | Stopped] -- -- (Cam5603C)
SRV - File not found [Auto | Stopped] -- -- (axinstsv)
SRV - File not found [Auto | Stopped] -- -- (ati2mpaa)
SRV - File not found [On_Demand | Stopped] -- -- (AresChatServer)
SRV - File not found [Auto | Stopped] -- -- (AppnBase)
SRV - File not found [Auto | Stopped] -- -- (alcan5wn)
SRV - File not found [Auto | Stopped] -- -- (aiclient)
SRV - [2011/12/19 18:59:00 | 001,960,584 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2011/11/23 11:27:04 | 001,052,472 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe -- (CLPSLS)
SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2009/11/28 08:39:24 | 002,396,464 | ---- | M] () [On_Demand | Running] -- C:\Program Files\Hide My IP 2009\HideMyIpSrv.exe -- (HideMyIpSRV)
SRV - [2009/07/07 14:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2009/03/06 12:59:12 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) [Auto | Running] -- C:\Windows\System32\atashost.exe -- (atashost)
SRV - [2009/03/05 17:59:50 | 000,313,264 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2009/03/05 17:59:50 | 000,192,512 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2009/03/05 17:59:50 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2009/03/05 17:41:58 | 005,189,992 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/01/19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2007/10/04 17:59:54 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/09/13 14:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/05/31 09:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 09:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/02/13 14:19:48 | 000,182,392 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2007/02/02 13:56:52 | 000,118,784 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2007/01/24 15:56:24 | 000,075,320 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AvLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2007/01/24 15:56:20 | 000,112,184 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AvLib\SsBeSvc.exe -- (SonicStage Back-End Service)
SRV - [2007/01/16 13:05:00 | 002,523,136 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2007/01/16 13:05:00 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-UCLS-UPnP) VAIO Media Content Collection (UPnP)
SRV - [2007/01/16 13:05:00 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP)
SRV - [2007/01/10 15:51:06 | 000,745,472 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\sony\VAIO Media Integrated Server\UCLS.exe -- (VAIOMediaPlatform-UCLS-AppServer)
SRV - [2007/01/08 16:06:40 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-UCLS-HTTP) VAIO Media Content Collection (HTTP)
SRV - [2007/01/08 16:06:40 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP)
SRV - [2007/01/08 16:01:34 | 000,491,520 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2007/01/04 18:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/12/19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\eEBAPI\eEBSVC.exe -- (EpsonBidirectionalService)
SRV - [2006/12/14 01:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AvLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 01:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AvLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 00:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AvLib\PACSPTISVR.exe -- (PACSPTISVR)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (catchme)
DRV - [2012/01/17 21:00:32 | 000,491,816 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2011/12/19 18:59:06 | 000,082,400 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\inspect.sys -- (inspect)
DRV - [2011/12/19 18:59:06 | 000,038,616 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2011/05/10 07:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2010/09/08 11:19:51 | 000,031,848 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rrnetcap.sys -- (RRNetCapMP)
DRV - [2010/09/08 11:19:51 | 000,031,848 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rrnetcap.sys -- (RRNetCap)
DRV - [2010/07/02 12:41:30 | 000,057,800 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2009/07/07 14:48:44 | 000,027,696 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\purendis.sys -- (purendis)
DRV - [2009/07/07 14:48:44 | 000,026,672 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\pnarp.sys -- (pnarp)
DRV - [2009/05/26 10:35:50 | 008,235,648 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/04/11 05:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2008/06/19 09:51:54 | 000,101,632 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008/03/10 09:09:16 | 000,028,224 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PCAMp50.sys -- (PCAMp50)
DRV - [2008/03/10 09:09:16 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2008/01/19 07:14:59 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2008/01/19 07:14:12 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)
DRV - [2007/09/13 14:46:06 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/06/21 03:51:28 | 002,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Controlador del adaptador Intel(R)
DRV - [2007/04/23 12:29:00 | 000,812,544 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2007/04/17 19:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2007/04/05 02:03:44 | 000,031,104 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SonyImgF.sys -- (SonyImgF)
DRV - [2007/03/15 20:19:32 | 000,074,240 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FLx86.sys -- (R5U870FLx86)
DRV - [2007/03/15 20:19:32 | 000,043,904 | ---- | M] (Ricoh) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\R5U870FUx86.sys -- (R5U870FUx86)
DRV - [2007/02/06 06:54:39 | 000,027,520 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SonyNC.sys -- (SNC)
DRV - [2007/01/24 13:57:38 | 000,073,728 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2007/01/22 09:43:26 | 000,053,376 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2007/01/12 20:41:32 | 000,113,792 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2007/01/12 20:16:54 | 000,040,576 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfusb.sys -- (tosrfusb)
DRV - [2007/01/12 06:52:24 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/01/10 12:09:12 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/11/20 16:55:16 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2006/11/08 08:02:38 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
DRV - [2006/11/02 08:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Controlador de adaptador Intel(R)
DRV - [2006/10/18 10:56:30 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2006/10/10 18:33:00 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte)
DRV - [2005/08/01 15:45:00 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005/01/06 12:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com
IE - HKLM\..\SearchScopes,DefaultScope = {83C89821-F781-45C7-9AE0-D60E9D25BAC2}
IE - HKLM\..\SearchScopes\{83C89821-F781-45C7-9AE0-D60E9D25BAC2}: "URL" = http://www.google.es/search?hl=es&q={searchTerms}&meta=


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3790430613-2635612168-4138667699-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-21-3790430613-2635612168-4138667699-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3790430613-2635612168-4138667699-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-3790430613-2635612168-4138667699-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3790430613-2635612168-4138667699-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3790430613-2635612168-4138667699-1003\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-3790430613-2635612168-4138667699-1003\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-3790430613-2635612168-4138667699-1003\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=100476&babsrc=SP_ss&mntrId=ce070d62000000000000001bfb199c1c
IE - HKU\S-1-5-21-3790430613-2635612168-4138667699-1003\..\SearchScopes\{3F040CC5-6409-419C-A0E6-3B7BC3D698A7}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=SPC2&o=15000&src=kw&q={searchTerms}&locale=es_ES&apn_ptnrs=PV&apn_dtid=YYYYYYYYES&apn_uid=2de66ec4-efc9-44ec-948f-537ffdd02f3d&apn_sauid=D915F3F0-03C6-479F-A3F7-384768212BA1&
IE - HKU\S-1-5-21-3790430613-2635612168-4138667699-1003\..\SearchScopes\{83C89821-F781-45C7-9AE0-D60E9D25BAC2}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SNYK_es
IE - HKU\S-1-5-21-3790430613-2635612168-4138667699-1003\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={5128D9CC-E9D3-4571-8B68-CFBE13FA6979}&mid=03057f60834647d197620f14772b30d6-b2e4715dece078f03028f46c6085068e2f763c30&lang=en&ds=AVG&pr=fr&d=2011-10-16 11:24:32&v=10.0.0.7&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-3790430613-2635612168-4138667699-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3790430613-2635612168-4138667699-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/10/27 22:01:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/01/08 11:40:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/25 12:44:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/26 00:51:22 | 000,000,000 | ---D | M]

[2012/01/05 06:57:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2008/04/03 08:25:32 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/08/06 09:56:57 | 000,000,000 | ---D | M] (Hide My IP) -- C:\Program Files\mozilla firefox\extensions\staff@hide-my-ip.com
[2012/02/25 12:44:44 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/10/03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/12 11:45:06 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/01/19 20:49:20 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2011/11/29 21:18:30 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012/02/12 11:45:06 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/12 11:45:06 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/02/12 11:45:06 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/02/12 11:45:06 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

========== Chrome ==========

CHR - default_search_provider: AVG Secure Search (Enabled)
CHR - default_search_provider: search_url = http://isearch.avg.com/search?cid={5128D9CC-E9D3-4571-8B68-CFBE13FA6979}&mid=03057f60834647d197620f14772b30d6-b2e4715dece078f03028f46c6085068e2f763c30&lang=en&ds=AVG&pr=fr&d=2011-10-16 11:24:32&v=10.0.0.7&sap=dsp&q={searchTerms}
CHR - default_search_provider: suggest_url = http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\17.0.963.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: registryAccess (Enabled) = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaodiijipkjcmlclfmdmcoakmloobh\7.13.2.19441_0\background/registryAccess.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: ClickPotatoLite Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npclntax_ClickPotatoLiteSA.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: DivX\u00AE Content Upload Plugin (Enabled) = C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2006/09/18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files\AutocompletePro\AutocompletePro.dll (SimplyGen)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\PROGRA~1\GOOGLE~1\BAE.dll (Your Company Name)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-3790430613-2635612168-4138667699-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-3790430613-2635612168-4138667699-1003\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe (COMODO)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe (COMODO)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VAIOCameraUtility] C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe (Sony Corporation)
O4 - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe ()
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3790430613-2635612168-4138667699-1003..\Run: [Epson Stylus SX420W(Red)] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIGCE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-3790430613-2635612168-4138667699-1003..\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe ()
O7 - HKU\S-1-5-21-3790430613-2635612168-4138667699-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3790430613-2635612168-4138667699-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-3790430613-2635612168-4138667699-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found
O9 - Extra Button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll ()
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe ()
O9 - Extra 'Tools' menuitem : PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\HMIPCore.dll (My Privacy Tools, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\HMIPCore.dll (My Privacy Tools, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\HMIPCore.dll (My Privacy Tools, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\HMIPCore.dll (My Privacy Tools, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\HMIPCore.dll (My Privacy Tools, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
 
OTL.txt (Part 2)

O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{15448C3D-5D86-4B6C-830E-B4CE2A799D7E}: DhcpNameServer = 212.166.132.110 212.73.32.67
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ADC11338-86D6-4FA2-AEE2-7F464DC59742}: NameServer = 80.58.61.250,80.58.61.254
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Windows\System32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper: C:\Users\Alex\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\Alex\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/09/08 19:49:20 | 000,000,075 | R--- | M] () - H:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{155a87f1-cc16-11dd-bdf9-0013a9c3ea85}\Shell\AutoRun\command - "" = F:\AutoPlay.exe -c
O33 - MountPoints2\{3c1fcb7d-7455-11dd-8a6c-0013a9c3ea85}\Shell - "" = AutoRun
O33 - MountPoints2\{3c1fcb7d-7455-11dd-8a6c-0013a9c3ea85}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{480ecf4e-7686-11dc-8dfa-001bfb199c1c}\Shell - "" = AutoRun
O33 - MountPoints2\{480ecf4e-7686-11dc-8dfa-001bfb199c1c}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{480ecf76-7686-11dc-8dfa-001bfb199c1c}\Shell - "" = AutoRun
O33 - MountPoints2\{480ecf76-7686-11dc-8dfa-001bfb199c1c}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{480ecf78-7686-11dc-8dfa-001bfb199c1c}\Shell - "" = AutoRun
O33 - MountPoints2\{480ecf78-7686-11dc-8dfa-001bfb199c1c}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{82e1f752-7a69-11dc-9867-001bfb199c1c}\Shell - "" = AutoRun
O33 - MountPoints2\{82e1f752-7a69-11dc-9867-001bfb199c1c}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{82e1f754-7a69-11dc-9867-001bfb199c1c}\Shell - "" = AutoRun
O33 - MountPoints2\{82e1f754-7a69-11dc-9867-001bfb199c1c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{af170651-70fb-11dc-a364-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{af170651-70fb-11dc-a364-806e6f6e6963}\Shell\AutoRun\command - "" = H:\setup\setup.exe -- [2009/09/08 19:49:18 | 001,498,168 | R--- | M] (Cisco Systems, Inc.)
O33 - MountPoints2\{c9623c6b-768c-11dc-b171-0013a9c3ea85}\Shell - "" = AutoRun
O33 - MountPoints2\{c9623c6b-768c-11dc-b171-0013a9c3ea85}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{ddee3c90-d388-11de-818f-0013a9c3ea85}\Shell - "" = AutoRun
O33 - MountPoints2\{ddee3c90-d388-11de-818f-0013a9c3ea85}\Shell\AutoRun\command - "" = I:\AutoRunCardDetector.exe
O33 - MountPoints2\{f23bfbe2-4b7a-11de-85fc-0013a9c3ea85}\Shell - "" = AutoRun
O33 - MountPoints2\{f23bfbe2-4b7a-11de-85fc-0013a9c3ea85}\Shell\AutoRun\command - "" = I:\AutoRunCardDetector.exe
O33 - MountPoints2\{f23bfc16-4b7a-11de-85fc-0013a9c3ea85}\Shell - "" = AutoRun
O33 - MountPoints2\{f23bfc16-4b7a-11de-85fc-0013a9c3ea85}\Shell\AutoRun\command - "" = F:\AutoRunCardDetector.exe
O33 - MountPoints2\{fdd9e0e7-abdc-11dd-b1f3-0013a9c3ea85}\Shell - "" = AutoRun
O33 - MountPoints2\{fdd9e0e7-abdc-11dd-b1f3-0013a9c3ea85}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: nsausvc - File not found
NetSvcs: se58mdm - File not found
NetSvcs: aiclient - File not found
NetSvcs: DivisCTP - File not found
NetSvcs: gotomypc - File not found
NetSvcs: sigfilt - File not found
NetSvcs: EIO_XP - File not found
NetSvcs: mhn - File not found
NetSvcs: cdrbsdrv - File not found
NetSvcs: cpqrcmc - File not found
NetSvcs: RTL8169 - File not found
NetSvcs: pavatscheduler - File not found
NetSvcs: s24trans - File not found
NetSvcs: ati2mpaa - File not found
NetSvcs: SerTVOutCtlr - File not found
NetSvcs: e1express - File not found
NetSvcs: mcproxy - File not found
NetSvcs: pav_security - File not found
NetSvcs: SE27mdfl - File not found
NetSvcs: nvstor64 - File not found
NetSvcs: lxcf_device - File not found
NetSvcs: twotrack - File not found
NetSvcs: cpucoolserver - File not found
NetSvcs: V0080Dev - File not found
NetSvcs: alcan5wn - File not found
NetSvcs: ood2000 - File not found
NetSvcs: TuneUp.ProgramStatisticsSvc - File not found
NetSvcs: AppnBase - File not found
NetSvcs: clipsrv - File not found
NetSvcs: symantecantibotfilter - File not found
NetSvcs: SE2Cobex - File not found
NetSvcs: oracle_load_balancer_60_server-forms6ip14 - File not found
NetSvcs: tga - File not found
NetSvcs: sr_watchdog - File not found
NetSvcs: lvckap - File not found
NetSvcs: nisvcloc - File not found
NetSvcs: klblmain - File not found
NetSvcs: MTsensor - File not found
NetSvcs: Cam5603C - File not found
NetSvcs: hnmsvc - File not found
NetSvcs: se59obex - File not found
NetSvcs: rxmssync - File not found
NetSvcs: nwrdr - File not found
NetSvcs: symantecantibotdriver - File not found
NetSvcs: sisnic - File not found
NetSvcs: sony_ssm.sys - File not found
NetSvcs: winvnc - File not found
NetSvcs: axinstsv - File not found
NetSvcs: mohfilt - File not found
NetSvcs: odysseyIM4 - File not found
NetSvcs: pae_1394 - File not found
NetSvcs: qmofiltr - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm ()
Drivers32: msacm.l3acm - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.dvsd - C:\Program Files\Common Files\Sony Shared\VideoLib\sonydv.dll (Sony Corporation)
Drivers32: vidc.tscc - C:\Windows\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/03/04 22:25:45 | 000,584,704 | ---- | C] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
[2012/03/04 22:22:12 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{3D239792-0F71-43FA-8809-62816A5E7122}
[2012/03/04 02:04:30 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/03/04 02:04:30 | 000,000,000 | --SD | C] -- \ComboFix
[2012/03/03 21:52:57 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/03/03 21:52:57 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/03/03 21:52:57 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/03/03 04:24:38 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{31DF9AB9-D44C-4ED3-870B-C5104ABE273C}
[2012/03/03 03:48:16 | 000,083,968 | ---- | C] (Esage Lab) -- C:\Users\Alex\Desktop\boot_cleaner.exe
[2012/03/03 02:13:21 | 004,730,880 | ---- | C] (AVAST Software) -- C:\Users\Alex\Desktop\aswMBR.exe
[2012/03/02 21:10:37 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{60558CDE-BCC0-437D-B65C-0780B60BC7F4}
[2012/03/02 21:10:21 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{03DF3C14-8A86-4D50-831D-4AF9496068FB}
[2012/03/01 23:33:08 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Alex\Desktop\dds.scr
[2012/03/01 22:42:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/01 22:42:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/03/01 22:42:45 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/03/01 22:42:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/03/01 05:34:22 | 000,000,000 | ---D | C] -- C:\Program Files\Pure Networks
[2012/02/29 23:22:24 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\ElevatedDiagnostics
[2012/02/29 23:18:26 | 000,000,000 | ---D | C] -- C:\MATS
[2012/02/29 23:18:26 | 000,000,000 | ---D | C] -- \MATS
[2012/02/29 22:47:00 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{F593320D-EEF6-43E0-AB98-49F8C2331379}
[2012/02/29 07:16:41 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{2ED913C6-D08D-4340-A84D-696886EFB76D}
[2012/02/29 07:16:39 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{5E093480-2754-40D4-8F6B-7C38230A89D7}
[2012/02/29 02:31:18 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/02/29 02:02:35 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{C8C65D31-2596-4BA9-B210-893FE5B9A2E5}
[2012/02/29 01:53:51 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/29 01:53:51 | 000,000,000 | ---D | C] -- \Qoobox
[2012/02/29 01:42:07 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{23AD7B5E-E160-4F30-972E-633037E6DAA9}
[2012/02/29 01:41:59 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{9E118399-76D7-4B01-A6E9-1AF55306457A}
[2012/02/29 01:41:01 | 000,000,000 | ---D | C] -- C:\ProgramData\CPA_VA
[2012/02/29 01:40:08 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\COMODO
[2012/02/29 01:32:15 | 004,426,040 | R--- | C] (Swearware) -- C:\Users\Alex\Desktop\ComboFix.exe
[2012/02/29 00:30:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2012/02/29 00:29:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
[2012/02/29 00:29:34 | 000,000,000 | ---D | C] -- C:\Program Files\Comodo
[2012/02/28 22:45:50 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{2DE96566-4A5C-45C3-A84B-9E65F6BECD59}
[2012/02/28 20:39:24 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012/02/28 20:39:24 | 000,000,000 | -H-D | C] -- \$AVG
[2012/02/28 13:58:33 | 000,000,000 | -HSD | C] -- C:\Users\Alex\AppData\Local\784db967
[2012/02/28 08:48:21 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{A954444E-9975-48CE-927C-68EC66877FDE}
[2012/02/28 08:48:01 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{FB506D39-0D68-4370-A4EE-0C103E9C6341}
[2012/02/27 07:50:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011
[2012/02/26 20:25:18 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{4FAFA812-F776-45FC-8672-D50D09663773}
[2012/02/26 20:24:58 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{59FFEBCF-7949-432D-8033-1987AB8A0177}
[2012/02/26 07:54:04 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Alex\Desktop\esetsmartinstaller_enu.exe
[2012/02/26 01:51:13 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/02/26 01:40:49 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{8141EBDD-C803-4730-ACF9-C39697BD4167}
[2012/02/26 01:01:52 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{88F79FF9-D064-4DF5-B911-1BFA9E3F5438}
[2012/02/26 01:01:42 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{D80E769F-FC79-4C6B-80F2-F9AFA48F8682}
[2012/02/26 00:32:08 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{6ADBBDF9-C208-4B8C-B778-23E8A8135C62}
[2012/02/26 00:31:37 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{C73A60B8-45A1-495A-90D7-E007758A540C}
[2012/02/25 23:42:45 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{66CC1A27-3490-41DC-B43F-95EC64E97836}
[2012/02/25 23:20:55 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{88D2767A-6FE7-45D8-8450-562039C2A909}
[2012/02/25 23:20:33 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{32AB2642-DB5E-4A62-8768-CB806D177981}
[2012/02/25 22:24:21 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{A0ED7053-E390-45E5-9009-495AA8C85C81}
[2012/02/25 22:24:02 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{C2E1EA9E-C816-4495-A2FF-80F06D6F9A6B}
[2012/02/25 18:45:03 | 000,173,456 | ---- | C] (Symantec Corporation) -- C:\Users\Alex\Desktop\FixVundo.exe
[2012/02/25 17:10:05 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{15AA8A03-7E69-4502-8346-BBBBE59E0B79}
[2012/02/25 17:09:30 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{6A9263FF-D1CE-47CF-930F-EAF61C9DBA44}
[2012/02/25 12:24:48 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{7D9B443E-E5F2-43D4-8324-0D9F45A71DA1}
[2012/02/25 12:16:25 | 000,000,000 | ---D | C] -- C:\Program Files\Linksys
[2012/02/25 12:06:33 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{6FEE4590-E53C-48BC-8A53-0B8D4EF97126}
[2012/02/25 11:36:20 | 000,076,184 | ---- | C] (WebEx Communications, Inc.) -- C:\Windows\System32\atsckernel.exe
[2012/02/25 11:36:11 | 000,020,376 | ---- | C] (WebEx Communications, Inc.) -- C:\Windows\System32\atashost.exe
[2012/02/25 11:35:42 | 000,000,000 | ---D | C] -- C:\ProgramData\webex
[2012/02/25 11:29:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Pure Networks Shared
[2012/02/25 11:28:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Pure Networks
[2012/02/25 11:25:53 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{D8AB69F3-A6D9-4595-A98B-64A33605A736}
[2012/02/23 07:13:49 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{B56E4FCC-84F8-4A5A-947D-5324C0688AF9}
[2012/02/23 07:13:38 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{5625D403-FE33-4996-826C-A2E4D0ED6F2A}
[2012/02/15 07:05:42 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{516E1273-AFCD-4AB3-BEE9-F8BF06457136}
[2012/02/15 06:42:14 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{FFAF98B4-ADD5-4BAF-B23B-6C4BFD6C4023}
[2012/02/13 22:21:54 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{B97D186F-F691-4998-AFA1-FD6F50D6AB94}
[2012/02/13 22:21:02 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{88FACDBD-5293-4E49-A585-E08F367125D8}
[2012/02/08 20:59:51 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{C57E4485-B618-47A2-9C86-3F6443FE0073}
[2012/02/07 18:09:06 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{BEA32A92-C12F-400E-B317-596FC82F0D1B}
[2012/02/07 18:08:21 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{77FED599-A32F-4B8E-B1D9-CB6800F79875}
[2012/02/07 13:37:20 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{D766FBE8-130F-4E31-9024-7001C8381781}

========== Files - Modified Within 30 Days ==========

[2012/03/04 22:25:58 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
[2012/03/04 22:23:50 | 000,000,000 | ---- | M] () -- C:\Windows\tosOBEX.INI
[2012/03/04 22:20:10 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/04 22:20:03 | 000,001,084 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/04 22:15:51 | 000,004,080 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/04 22:15:51 | 000,004,080 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/04 22:15:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/04 01:55:48 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/03/03 21:49:14 | 004,426,040 | R--- | M] (Swearware) -- C:\Users\Alex\Desktop\ComboFix.exe
[2012/03/03 03:44:48 | 000,000,512 | ---- | M] () -- C:\Users\Alex\Desktop\MBR.dat
[2012/03/03 02:13:28 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Users\Alex\Desktop\aswMBR.exe
[2012/03/02 07:02:05 | 000,354,280 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/03/01 23:33:10 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Alex\Desktop\dds.scr
[2012/03/01 22:50:09 | 000,302,592 | ---- | M] () -- C:\Users\Alex\Desktop\iqegc7xy.exe
[2012/03/01 22:42:49 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/01 05:35:07 | 000,001,940 | ---- | M] () -- C:\Users\Public\Desktop\Network Magic.lnk
[2012/03/01 05:33:24 | 008,892,928 | ---- | M] () -- C:\ProgramData\atscie.msi
[2012/02/29 00:30:46 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk
[2012/02/29 00:30:01 | 000,001,033 | ---- | M] () -- C:\Users\Public\Desktop\COMODO GeekBuddy.lnk
[2012/02/29 00:29:37 | 000,000,903 | ---- | M] () -- C:\Users\Public\Desktop\Comodo Dragon.lnk
[2012/02/28 21:26:06 | 000,000,000 | -HS- | M] () -- C:\Windows\System32\dds_log_trash.cmd
[2012/02/27 22:56:52 | 000,007,592 | ---- | M] () -- C:\Users\Alex\AppData\Local\d3d9caps.dat
[2012/02/26 07:54:18 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Alex\Desktop\esetsmartinstaller_enu.exe
[2012/02/26 03:00:02 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\RegInOut Scheduled Scan - Alex.job
[2012/02/25 22:55:25 | 000,731,210 | ---- | M] () -- C:\Windows\System32\perfh00A.dat
[2012/02/25 22:55:25 | 000,657,006 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/25 22:55:25 | 000,155,906 | ---- | M] () -- C:\Windows\System32\perfc00A.dat
[2012/02/25 22:55:25 | 000,131,020 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/25 18:45:11 | 000,173,456 | ---- | M] (Symantec Corporation) -- C:\Users\Alex\Desktop\FixVundo.exe
[2012/02/25 16:33:39 | 000,009,472 | ---- | M] () -- C:\Users\Alex\Desktop\Wireless Security Settings.html

========== Files Created - No Company Name ==========

[2012/03/04 22:23:50 | 000,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI
[2012/03/03 21:52:57 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/03/03 21:52:57 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/03/03 21:52:57 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/03/03 21:52:57 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/03/03 21:52:57 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/03/03 02:18:44 | 000,000,512 | ---- | C] () -- C:\Users\Alex\Desktop\MBR.dat
[2012/03/01 22:49:59 | 000,302,592 | ---- | C] () -- C:\Users\Alex\Desktop\iqegc7xy.exe
[2012/03/01 22:42:49 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/01 05:35:07 | 000,001,940 | ---- | C] () -- C:\Users\Public\Desktop\Network Magic.lnk
[2012/03/01 05:35:06 | 000,001,938 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Network Magic.lnk
[2012/03/01 05:20:25 | 000,007,637 | ---- | C] () -- C:\Users\Alex\Desktop\WiLstPrd.vbs
[2012/03/01 05:20:25 | 000,003,413 | ---- | C] () -- C:\Users\Alex\Desktop\Clean.cmd
[2012/02/29 00:30:46 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk
[2012/02/29 00:30:01 | 000,001,033 | ---- | C] () -- C:\Users\Public\Desktop\COMODO GeekBuddy.lnk
[2012/02/29 00:29:37 | 000,000,903 | ---- | C] () -- C:\Users\Public\Desktop\Comodo Dragon.lnk
[2012/02/28 20:34:57 | 000,000,000 | -HS- | C] () -- C:\Windows\System32\dds_log_trash.cmd
[2012/02/25 16:33:39 | 000,009,472 | ---- | C] () -- C:\Users\Alex\Desktop\Wireless Security Settings.html
[2012/02/25 11:33:59 | 008,892,928 | ---- | C] () -- C:\ProgramData\atscie.msi
[2011/11/29 21:18:56 | 000,000,059 | ---- | C] () -- \user.js
[2011/08/07 20:36:39 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/08/07 20:36:39 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/05/26 14:54:23 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011/02/03 10:53:02 | 000,000,092 | ---- | C] () -- C:\Users\Alex\AppData\Local\fusioncache.dat
[2011/01/17 22:17:50 | 000,000,095 | ---- | C] () -- C:\Windows\ParrotFlashWiz.INI
[2010/10/30 10:49:32 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/04/02 06:28:28 | 000,000,282 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/04/01 11:26:49 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2010/04/01 10:50:49 | 000,000,256 | ---- | C] () -- C:\Windows\System32\pool.bin

========== LOP Check ==========

[2011/08/07 20:35:08 | 000,000,000 | ---D | M] -- C:\Users\Alex\.bitrock
[2007/05/10 09:42:20 | 000,000,000 | -H-D | M] -- C:\Users\Alex\AppData
[2007/10/02 17:42:23 | 000,000,000 | -HSD | M] -- C:\Users\Alex\Configuración local
[2007/05/10 09:42:11 | 000,000,000 | R--D | M] -- C:\Users\Alex\Contacts
[2007/10/02 17:42:23 | 000,000,000 | -HSD | M] -- C:\Users\Alex\Cookies
[2007/10/02 17:42:23 | 000,000,000 | -HSD | M] -- C:\Users\Alex\Datos de programa
[2012/03/04 22:26:20 | 000,000,000 | R--D | M] -- C:\Users\Alex\Desktop
[2012/03/03 03:58:27 | 000,000,000 | R--D | M] -- C:\Users\Alex\Documents
[2012/03/04 22:26:20 | 000,000,000 | R--D | M] -- C:\Users\Alex\Downloads
[2007/10/02 17:42:23 | 000,000,000 | -HSD | M] -- C:\Users\Alex\Entorno de red
[2009/02/08 12:09:41 | 000,000,000 | R--D | M] -- C:\Users\Alex\Favorites
[2007/10/02 17:42:23 | 000,000,000 | -HSD | M] -- C:\Users\Alex\Impresoras
[2011/05/31 13:13:26 | 000,000,000 | ---D | M] -- C:\Users\Alex\JA3_1_0
[2007/10/03 13:51:19 | 000,000,000 | R--D | M] -- C:\Users\Alex\Links
[2007/10/02 17:42:23 | 000,000,000 | -HSD | M] -- C:\Users\Alex\Menú Inicio
[2007/10/02 17:42:23 | 000,000,000 | -HSD | M] -- C:\Users\Alex\Mis documentos
[2011/10/08 19:48:17 | 000,000,000 | R--D | M] -- C:\Users\Alex\Music
[2011/09/21 18:24:08 | 000,000,000 | ---D | M] -- C:\Users\Alex\MusicUntitled - 21-09-11
[2012/02/25 20:44:16 | 000,000,000 | R--D | M] -- C:\Users\Alex\Pictures
[2007/10/02 17:42:23 | 000,000,000 | -HSD | M] -- C:\Users\Alex\Plantillas
[2007/10/02 17:42:23 | 000,000,000 | -HSD | M] -- C:\Users\Alex\Reciente
[2007/05/10 09:42:21 | 000,000,000 | R--D | M] -- C:\Users\Alex\Saved Games
[2007/10/03 13:51:19 | 000,000,000 | R--D | M] -- C:\Users\Alex\Searches
[2007/10/02 17:42:23 | 000,000,000 | -HSD | M] -- C:\Users\Alex\SendTo
[2012/03/04 22:21:55 | 000,000,000 | ---D | M] -- C:\Users\Alex\Tracing
[2010/10/17 18:23:07 | 000,000,000 | R--D | M] -- C:\Users\Alex\Videos
[2007/05/10 09:42:20 | 000,000,000 | -H-D | M] -- C:\Users\Default\AppData
[2006/11/02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Application Data
[2007/05/10 09:40:00 | 000,000,000 | -HSD | M] -- C:\Users\Default\Configuración local
[2007/05/10 09:42:11 | 000,000,000 | R--D | M] -- C:\Users\Default\Contacts
[2006/11/02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Cookies
[2007/05/10 09:40:00 | 000,000,000 | -HSD | M] -- C:\Users\Default\Datos de programa
[2007/05/10 09:53:09 | 000,000,000 | R--D | M] -- C:\Users\Default\Desktop
[2007/05/19 20:08:00 | 000,000,000 | R--D | M] -- C:\Users\Default\Documents
[2007/05/10 09:42:20 | 000,000,000 | R--D | M] -- C:\Users\Default\Downloads
[2007/05/10 09:40:00 | 000,000,000 | -HSD | M] -- C:\Users\Default\Entorno de red
[2007/05/10 09:42:22 | 000,000,000 | R--D | M] -- C:\Users\Default\Favorites
[2007/05/10 09:40:00 | 000,000,000 | -HSD | M] -- C:\Users\Default\Impresoras
[2007/05/10 09:42:21 | 000,000,000 | R--D | M] -- C:\Users\Default\Links
[2006/11/02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Local Settings
[2007/05/10 09:40:00 | 000,000,000 | -HSD | M] -- C:\Users\Default\Menú Inicio
[2007/05/10 09:40:00 | 000,000,000 | -HSD | M] -- C:\Users\Default\Mis documentos
[2007/05/10 09:42:20 | 000,000,000 | R--D | M] -- C:\Users\Default\Music
[2006/11/02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\My Documents
[2006/11/02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\NetHood
[2007/05/10 12:50:50 | 000,000,000 | R--D | M] -- C:\Users\Default\Pictures
[2007/05/10 09:40:00 | 000,000,000 | -HSD | M] -- C:\Users\Default\Plantillas
[2006/11/02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\PrintHood
[2006/11/02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Recent
[2007/05/10 09:40:00 | 000,000,000 | -HSD | M] -- C:\Users\Default\Reciente
[2007/05/10 09:42:21 | 000,000,000 | R--D | M] -- C:\Users\Default\Saved Games
[2007/05/10 09:42:21 | 000,000,000 | R--D | M] -- C:\Users\Default\Searches
[2006/11/02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\SendTo
[2006/11/02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Start Menu
[2006/11/02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Users\Default\Templates
[2007/05/10 09:42:20 | 000,000,000 | R--D | M] -- C:\Users\Default\Videos
[2007/05/10 09:42:20 | 000,000,000 | -H-D | M] -- C:\Users\Girls\AppData
[2008/05/31 14:42:52 | 000,000,000 | -HSD | M] -- C:\Users\Girls\Configuración local
[2007/05/10 09:42:11 | 000,000,000 | R--D | M] -- C:\Users\Girls\Contacts
[2008/05/31 14:42:52 | 000,000,000 | -HSD | M] -- C:\Users\Girls\Cookies
[2008/05/31 14:42:52 | 000,000,000 | -HSD | M] -- C:\Users\Girls\Datos de programa
[2012/01/05 07:20:08 | 000,000,000 | R--D | M] -- C:\Users\Girls\Desktop
[2008/05/31 14:42:52 | 000,000,000 | R--D | M] -- C:\Users\Girls\Documents
[2007/05/10 09:42:20 | 000,000,000 | R--D | M] -- C:\Users\Girls\Downloads
[2008/05/31 14:42:52 | 000,000,000 | -HSD | M] -- C:\Users\Girls\Entorno de red
[2008/06/17 18:50:55 | 000,000,000 | R--D | M] -- C:\Users\Girls\Favorites
[2008/05/31 14:42:52 | 000,000,000 | -HSD | M] -- C:\Users\Girls\Impresoras
[2008/05/31 14:43:23 | 000,000,000 | R--D | M] -- C:\Users\Girls\Links
[2008/05/31 14:42:52 | 000,000,000 | -HSD | M] -- C:\Users\Girls\Menú Inicio
[2008/05/31 14:42:52 | 000,000,000 | -HSD | M] -- C:\Users\Girls\Mis documentos
[2007/05/10 09:42:20 | 000,000,000 | R--D | M] -- C:\Users\Girls\Music
[2007/05/10 12:50:50 | 000,000,000 | R--D | M] -- C:\Users\Girls\Pictures
[2008/05/31 14:42:52 | 000,000,000 | -HSD | M] -- C:\Users\Girls\Plantillas
[2008/05/31 14:42:52 | 000,000,000 | -HSD | M] -- C:\Users\Girls\Reciente
[2007/05/10 09:42:21 | 000,000,000 | R--D | M] -- C:\Users\Girls\Saved Games
[2008/05/31 14:43:23 | 000,000,000 | R--D | M] -- C:\Users\Girls\Searches
[2008/05/31 14:42:52 | 000,000,000 | -HSD | M] -- C:\Users\Girls\SendTo
[2007/05/10 09:42:20 | 000,000,000 | R--D | M] -- C:\Users\Girls\Videos
[2012/03/03 04:12:02 | 000,000,000 | RH-D | M] -- C:\Users\Public\Desktop
[2012/02/29 01:40:08 | 000,000,000 | R--D | M] -- C:\Users\Public\Documents
[2010/03/05 11:40:21 | 000,000,000 | R--D | M] -- C:\Users\Public\Downloads
[2007/05/19 19:52:23 | 000,000,000 | ---D | M] -- C:\Users\Public\DSD Direct
[2006/11/02 11:23:35 | 000,000,000 | RH-D | M] -- C:\Users\Public\Favorites
[2008/01/24 12:06:45 | 000,000,000 | ---D | M] -- C:\Users\Public\Invoice templates
[2006/11/02 13:50:50 | 000,000,000 | R--D | M] -- C:\Users\Public\Music
[2006/11/02 13:50:50 | 000,000,000 | R--D | M] -- C:\Users\Public\Pictures
[2011/08/07 20:15:15 | 000,000,000 | R--D | M] -- C:\Users\Public\Recorded TV
[2008/01/31 09:45:48 | 000,000,000 | R--D | M] -- C:\Users\Public\Videos
[2012/02/26 03:00:02 | 000,000,330 | ---- | M] () -- C:\Windows\Tasks\RegInOut Scheduled Scan - Alex.job
[2012/03/04 01:55:49 | 000,032,548 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/12/15 03:30:00 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{8EA7B817-37CB-4FEB-8F53-5D1E274A1B58}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2006/09/18 22:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 07:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2007/05/10 19:32:16 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006/09/18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2008/10/28 16:05:53 | 000,000,000 | ---- | M] () -- C:\dbglev.ini
[2008/10/28 18:05:37 | 000,001,230 | ---- | M] () -- C:\DeskLog-.txt
[2008/10/28 18:07:24 | 000,000,846 | ---- | M] () -- C:\DeskLog.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 07:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 07:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 07:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 07:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2007/11/07 07:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2007/11/07 07:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 07:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 07:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 07:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 07:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 07:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 07:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 07:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 07:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 07:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2007/05/10 13:09:54 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2007/05/10 13:09:54 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2002/01/05 03:40:20 | 000,487,424 | ---- | M] (Microsoft Corporation) -- C:\msvcp70.dll
[2002/01/05 03:37:28 | 000,344,064 | ---- | M] (Microsoft Corporation) -- C:\msvcr70.dll
[2012/02/26 12:56:15 | 000,262,144 | ---- | M] () -- C:\ntuser.dat
[2012/02/26 12:56:15 | 000,005,120 | -H-- | M] () -- C:\ntuser.dat.LOG1
[2012/02/25 22:49:48 | 000,000,000 | -H-- | M] () -- C:\ntuser.dat.LOG2
[2012/02/25 22:49:49 | 000,065,536 | -HS- | M] () -- C:\ntuser.dat{f1f49046-5ff5-11e1-8bf3-aaca0ed4bf36}.TM.blf
[2012/02/25 22:49:49 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{f1f49046-5ff5-11e1-8bf3-aaca0ed4bf36}.TMContainer00000000000000000001.regtrans-ms
[2012/02/25 22:49:49 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{f1f49046-5ff5-11e1-8bf3-aaca0ed4bf36}.TMContainer00000000000000000002.regtrans-ms
[2012/02/26 12:56:15 | 000,065,536 | -HS- | M] () -- C:\ntuser.dat{f204f3a6-6011-11e1-ad6b-a2261d65536a}.TM.blf
[2012/02/26 12:56:15 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{f204f3a6-6011-11e1-ad6b-a2261d65536a}.TMContainer00000000000000000001.regtrans-ms
[2012/02/26 12:56:13 | 000,524,288 | -HS- | M] () -- C:\ntuser.dat{f204f3a6-6011-11e1-ad6b-a2261d65536a}.TMContainer00000000000000000002.regtrans-ms
[2012/03/04 22:15:26 | 2459,639,808 | -HS- | M] () -- C:\pagefile.sys
[2011/11/29 21:18:56 | 000,000,059 | ---- | M] () -- C:\user.js
[2007/11/07 07:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/05/19 19:45:56 | 000,390,520 | ---- | M] () -- C:\vcredist_x86.log
[2007/11/07 07:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 07:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

< %systemroot%\Fonts\*.com >
[2006/11/02 13:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 13:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 13:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/09/28 16:25:51 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 22:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/01/19 08:34:28 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\1_HPZPPLHN.DLL
[2008/01/19 08:34:28 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\HPZPPLHN.DLL
[2006/11/02 13:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
[2007/04/09 12:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\mdippr.dll
[2006/10/26 18:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2010/11/10 01:28:46 | 000,301,936 | ---- | M] () -- C:\Windows\WLXPGSS.SCR

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/09/09 18:38:58 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2007/05/10 19:32:02 | 006,664,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2007/05/10 19:32:01 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2007/05/10 19:32:02 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2007/05/10 19:32:11 | 015,720,448 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2007/05/10 19:32:13 | 006,012,928 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >
[2011/09/07 19:53:24 | 000,003,072 | ---- | M] () -- C:\Windows\system32\Cache.db

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/05/04 07:32:45 | 000,000,442 | -HS- | M] () -- C:\Users\Alex\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2012/03/03 02:13:28 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Users\Alex\Desktop\aswMBR.exe
[2011/09/20 03:02:40 | 000,083,968 | ---- | M] (Esage Lab) -- C:\Users\Alex\Desktop\boot_cleaner.exe
[2012/03/03 21:49:14 | 004,426,040 | R--- | M] (Swearware) -- C:\Users\Alex\Desktop\ComboFix.exe
[2012/02/26 07:54:18 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Alex\Desktop\esetsmartinstaller_enu.exe
[2012/02/25 18:45:11 | 000,173,456 | ---- | M] (Symantec Corporation) -- C:\Users\Alex\Desktop\FixVundo.exe
[2012/03/01 22:50:09 | 000,302,592 | ---- | M] () -- C:\Users\Alex\Desktop\iqegc7xy.exe
[2012/03/04 22:25:58 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
[2008/10/28 12:37:10 | 000,176,526 | ---- | M] (UltraVnc) -- C:\Users\Alex\Desktop\remote.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\tasks\*.* >
[2012/03/04 22:20:03 | 000,001,084 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/04 23:20:05 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/26 03:00:02 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\RegInOut Scheduled Scan - Alex.job
[2012/03/04 22:15:51 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2012/03/04 01:55:49 | 000,032,548 | ---- | M] () -- C:\Windows\tasks\SCHEDLGU.TXT
[2010/12/15 03:30:00 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{8EA7B817-37CB-4FEB-8F53-5D1E274A1B58}.job

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2009/11/08 20:29:08 | 000,000,402 | -HS- | M] () -- C:\Users\Alex\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2012/03/01 05:33:24 | 008,892,928 | ---- | M] () -- C:\ProgramData\atscie.msi
[2010/04/02 06:28:28 | 000,000,282 | RHS- | M] () -- C:\ProgramData\ntuser.pol

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2012/03/04 23:10:41 | 000,081,920 | -HS- | M] () -- C:\Users\Alex\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< MD5 for: NETBT.SYS >
[2008/01/19 06:55:35 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=7C5FEE5B1C5728507CD96FB4A13E7A02 -- C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6001.18000_none_6064c861f7442765\netbt.sys
[2009/04/11 05:45:37 | 000,185,856 | ---- | M] () MD5=AD73370E7343704D93A8420B41F5C4EE -- C:\Windows\System32\drivers\netbt.sys
[2006/11/02 09:57:20 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=E3A168912E7EEFC3BD3B814720D68B41 -- C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6000.16386_none_5e2e0665fa591691\netbt.sys

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\Windows\$NtUninstallKB16085$] -> -> Unknown point type

========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >
 
Extras.Txt (Part 1)

OTL Extras logfile created on: 04/03/2012 22:34:00 - Run 1
OTL by OldTimer - Version 3.2.35.1 Folder = C:\Users\Alex\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C0A | Country: España | Language: ESN | Date Format: dd/MM/yyyy

2,00 Gb Total Physical Memory | 1,10 Gb Available Physical Memory | 54,95% Memory free
4,23 Gb Paging File | 3,28 Gb Available in Paging File | 77,62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139,27 Gb Total Space | 24,21 Gb Free Space | 17,38% Space Free | Partition Type: NTFS
Drive H: | 321,66 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: ALEX1 | User Name: Alex | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-3790430613-2635612168-4138667699-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00E04FB3-4CBE-4889-B811-24B497F4CB70}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{03F16D56-85CA-4B9D-8299-559CED8C96FA}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{0A07DB08-FB96-4D18-B0CF-C978A217FEDE}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{0A54E7FA-C9FC-4FAB-BDCC-9CE2E5E2469A}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{0A96DEB6-474C-4B09-887E-75FAC1763A72}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{0FB66342-0BC4-4A91-929B-40EC2C2A98C7}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{118A4038-05DD-4098-A522-3F9FCAC0F5C0}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{138E893B-9FF7-40BC-9A6D-6F1973DAEBFD}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1567A786-9063-4278-ACCA-5706F9500B3A}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{17AE4567-6648-4E17-BD14-850D59057120}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1F305D2B-5A52-45B0-92B5-FA87CB25C638}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{20ECD7D7-A610-45B0-A196-D34911B7029A}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{229A1D4D-9968-4B86-935A-926DE71BFCAE}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{23529AC6-F089-4BC2-9C54-382ABB5909F2}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{278A3CC7-AF9D-4FDB-8BF5-32062E658BC2}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{2D12EE5F-1E50-4708-9E7A-C3222359DDD5}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2F057BEE-6435-4099-8BE9-3996F4C2C725}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{3451F797-96D2-4C46-973F-2930B31B5019}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{34D4C91B-BBC8-4509-958A-45CB29719BF0}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{3534CD4B-87FC-4F19-8257-52E369CC6CA3}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{37268689-AD85-43BC-9EA1-C7BC07E10DCB}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{392A61CA-9BE7-4ED2-8B5C-FD28BDDB0DDA}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{3931FA1E-AD6B-4C6F-90D0-7B9B1B605E34}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{3A1DDD57-84DE-41CD-A902-0A94658F52B7}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{3ABBB21D-C154-4F45-A54C-6AD79F9F8AFA}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{3E976F5E-7775-4545-84FF-F079D9DAA206}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{4E509B23-DFC6-445F-8E28-6A11D3F959B0}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{4E73DD2C-DEEB-4487-BA45-DD27095156C1}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{4E7F4644-B1BA-499B-B717-55A75FACE3C5}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{50B5D5E3-EFA9-4397-BF40-063FACA5C67A}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{6198C498-C455-42FA-A169-8C1CDE34250A}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{61FDE503-0786-451B-A89D-A3A26FF75897}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{65DD7AF3-6CE4-4C5C-8631-E60B79352F6E}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{67F6B313-C5D2-41F9-913B-6001D058B0A9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{6A7D8B03-C098-48E5-92FF-0F4A7FF322D7}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{6ED08034-A848-4195-B6E0-96683F255A12}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{6FCBDB2A-107F-451F-978D-6FAE22B2CBFC}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{769C8D40-C709-42B0-822C-399AC8A69EC4}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{80ABE5AE-CF03-4A1C-B70E-0818B78B5A6F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{8126FA06-D33A-4D35-B9C8-A378014B5247}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{863B49E2-C90A-41E3-9C6A-C7C810AFD61E}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{8AD1AE03-C11F-4818-82DD-D25E82354983}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{903FD574-1C84-49E3-8A01-99607FF322B7}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{94DFD992-FD23-4792-A143-74074DC10834}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{94FED9E6-B993-496D-BE7E-0979D7F606DC}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{965A6BFA-8644-49CF-A63A-401AFACB39EA}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{A44FC4A2-A0C5-4DE9-A1FA-055B7692FBAF}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{ADDB2FC8-9DA1-4631-B4BA-920096D1B84A}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{AE491CA5-5204-4102-804F-DF417308C792}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{B3DBF023-8186-476A-B5E7-092EC70B1B09}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{B48CED56-1B54-46F2-B0A9-FEF7459BF06C}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{B949508F-F5E2-485C-9232-4181110E480A}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{BC71DAAD-A94A-4804-AD50-A7AEAFDAE21A}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{C1078F5D-AAEC-4EA3-B1FD-9567BFBF0C64}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C14FE976-261E-47A3-AD79-DDE06846FA17}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C40F991E-4D5D-4F80-9D6B-9B0D8C491C4C}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{CA39E35B-3EF8-42CA-9732-D6A209F7EBE0}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{CA666070-C8FE-47DD-AB06-0D5CD3C16930}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{CD64DC92-4056-4A9A-A29E-99F3C526D105}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{CE977A72-C746-4884-8934-9DCC9E6821AD}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{CF7E1D02-AAFC-4E4C-8F9F-6AAE4B4C2BA9}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{DB5C451A-D231-4343-B4E3-09555FF3321A}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{DD4E646B-CA1A-4A73-BC63-15DB27161BF3}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{DF8938ED-4CD3-4580-A5D7-FDFEEA889DCC}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{DFD7C6E1-8725-466E-A41E-B90C871EB0F7}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E2C82209-0648-4DAF-92DD-AEFF1BC834A7}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{EBC825D7-C7B8-4EE7-ABEF-A3522705F792}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{F0540EC2-46C8-4BBF-B799-FEBFE14BB46C}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00DE9D9C-3FDB-4BFF-A603-DF95EB9CE7B7}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{011DC70E-72A4-46FE-90E4-3111EA66EB96}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{02E469BF-3185-47F8-B4B4-A5BEFC15D899}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{02FCC3A8-10AD-4DE6-B27E-B414E7382D4E}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{03A52307-4239-435A-AED2-BB7EE2C77587}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{04D02FF2-1F02-496A-8676-ACB2527DCDD9}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{04D24B55-9ABC-4382-8EAD-DD118803962C}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{099DAF9E-E81E-436B-BA68-4DD1560E789E}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{0B2D47C1-9C5D-4A77-B54D-E9725CBBD029}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{0DD377DA-E7AB-4E71-85E8-CC2E15C3CC18}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{0E180CA9-D306-4E62-9A14-99BDEFD64CE8}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{0EA37F3E-76F4-4CFB-960F-CD617FEA5D3C}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgdiagex.exe |
"{0FE09DC5-90D3-44A0-B164-544E3F99D109}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{11265E9A-53C7-435C-8FA1-793637D5275E}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{1140FB62-8F42-4ACC-B035-E2215E1A99CB}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{12EEBA8D-0ACF-49F3-A0FC-B09A5596E84D}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{1396527C-40C7-45DB-B912-45457BD9F8B1}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1745A1C7-7B85-4F9D-82D1-96E6A1E9D71C}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{177D6325-00CC-4DF3-8B86-5403F2696BF6}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{18B203AA-7B86-486E-8ABE-D93AEB905006}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{1912693C-90BB-41FB-BE80-4F40B1BDC6BE}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{19E4BFE0-F30E-4370-A684-DC0862E2D8B3}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{1BE2B77F-DE9D-4C2B-A7F5-36E4D35D1BD4}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{23409541-85D1-47E0-8E9F-5DFFE1F05206}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{24FDB8F8-4CD1-4349-9EBC-D7E7FE978DC3}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{293BD91C-8EA1-48F0-9F74-93043EC0B355}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{2E98B4D7-8394-4A7D-854B-356875603A00}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{2EA94F15-7B69-47FB-8F2C-925F12B6FF2B}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{2EE47FA5-9F6E-4528-B0AA-CB5212D6E569}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{310AEF49-470E-4851-B23A-C68D0ECEDA40}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{33F7A1BA-A35A-4226-A1F4-B48C115E4D08}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{380F7440-451B-4120-A126-92226F321841}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{3AE2E27B-C101-4915-8F81-FF4D4B472A23}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{3CF01A60-F1F4-4038-B8AA-E25F9058BFE4}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{3DBB8F5D-1EBA-4FC4-866E-0675B479A8EB}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{40BBBE26-7455-4B34-BF7B-C692A8A85936}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{41575846-182A-4E26-80C0-84E3CDAB467D}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{442FA7AB-9F62-4D48-8322-F8ECFCE336F6}" = protocol=6 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
"{448E414D-39AE-4BFF-91CA-CC681DE25096}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{46C10B49-20B1-4FC6-B169-BEC01DDC7960}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{46C1AB9D-DD98-402E-B1A7-517C8ED9C940}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{474B7DA3-4CE3-45F9-B65F-ACAFA57FC632}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{47ED6279-E11F-4EAF-AC83-91C2656CB2F1}" = protocol=17 | dir=in | app=c:\users\alex\downloads\downloadmanagersetup.exe |
"{4CC94E25-E622-49E0-9624-79A8F62161C6}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{4CDCC529-6CF1-4693-983F-FED7C7B165EA}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{52FAC99C-62EE-4BA8-A317-B13C2071DD38}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{535685B8-33C8-415A-A47D-B9A88575F612}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{54B1B791-5AFA-44C4-9F98-56B5081D3E31}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{56C973C1-361C-4D1F-987F-EF87CCCB8467}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{572D7997-AAE9-4F64-BC7B-66A9A9D19491}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{578642CF-8138-48D1-B080-8E6B2B7F6D14}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{59E5873A-1C6D-434C-B092-6986E6470E6D}" = protocol=6 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe |
"{59E71604-462B-44A6-8AB3-FD134D3A8F11}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{5C51E173-AD6F-4E78-921A-4F584088EA2F}" = protocol=17 | dir=in | app=c:\program files\common files\pure networks shared\platform\nmsrvc.exe |
"{5F285D88-E3DC-403E-ABFA-7DECFA3435B3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{5F8E0EFF-9664-4717-B285-E892C59DB561}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{61543176-CC1E-4B9B-92A4-17F9BB07503E}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{619B8A60-576D-42EA-BADE-4EBEB3BF4F2D}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgnsx.exe |
"{641A54F2-DEFC-4231-9A2A-BA24EEA49CAA}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{68120994-15C9-4986-BEE2-79FB2C66C857}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{69488D6F-CC5C-400F-B0C5-C34A1E9A7F08}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{6C63F717-A6EB-4DC7-8A6E-5C54C4202AEA}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{6DA86D1B-92E8-411D-B6DF-12EEF9908FF6}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{6E519B3A-ED6A-46F5-8B45-06204D21E382}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{6EBAEC48-F3F9-46D8-9CB8-761B70A8757A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{70FBA89E-FC83-4919-A915-46E36657399E}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{71D218C4-4122-421E-925D-8A327F3D4197}" = protocol=6 | dir=in | app=c:\users\alex\downloads\downloadmanagersetup.exe |
"{742A0BE2-EDAC-4D01-82A4-5567E4431473}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{7705C832-0170-4D50-801F-8B5BA72470C9}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{7E7EC69A-9743-48FD-B19D-3EABB52E3FAE}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{7FB41E9C-1246-473E-B686-866358F3D975}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{81E20F56-362A-4B37-BDA1-46B6AE730743}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{85A3674A-FB73-4AEE-8F08-B5A89C1833A6}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{85DA62BA-D185-4E71-889B-C65783DD2797}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{883F0689-F37F-42AB-BFC9-CDF1BE80359D}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{8988FFFC-293B-43CC-822D-330AB8C8F34A}" = protocol=17 | dir=in | app=c:\program files\epsonnet\epsonnet setup\tool10\eneasyapp.exe |
"{8A4802F3-AFD2-4841-9D1F-30D39A765EB6}" = protocol=17 | dir=in | app=c:\program files\google\google talk\googletalk.exe |
"{8B369BE0-7485-438D-AF0D-47C4B5F4FD8C}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{8C9B59F0-C15B-4AAC-9C65-D760846AD399}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{8E68B3FF-D864-4CC1-905C-549288B4A243}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{8E9F95D9-72AF-4E83-BC80-42DC44D29BEA}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{8F62E8F1-B759-42A9-8D72-81890EC6A4E2}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{941E5304-E899-4FC8-B3F5-BBA97C32BCBC}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{959858F3-3348-4F42-B4F6-4F820BB04975}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{974CA385-8B8F-4B04-9E8C-F2323AAD9951}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{99F53262-635A-46B0-AEFE-26442270AACF}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{9AE9DBA9-DBAA-41FC-8D74-9CAC7DA90537}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{9B2378FF-8AAE-4C6E-BC9E-C1A622D615F9}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{9CCA7631-B5C0-49B8-BDF7-F6D76DF5D108}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A3095BC0-4B43-46F0-9F8D-CC3C17165E2F}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A650F864-2B31-4C08-B55B-9A9D8F06D411}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A7933E39-1D58-4461-8974-2420AF0A3BF7}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A95E6D05-0936-41CA-9B62-F06EBE720B9A}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{AEE5FF06-9594-466D-B44B-F6227D4304B0}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{B5381125-B426-4853-850E-A90DD0494E97}" = protocol=6 | dir=in | app=c:\program files\epsonnet\epsonnet setup\tool10\eneasyapp.exe |
"{B721955C-F350-4691-A604-61CA17ADEB42}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B83C8D3E-CD12-45AB-BB87-132C79D04C7F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B8696F1A-1F82-4E4E-AF9E-670C40C33FF4}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{BAF4B50A-83DE-4894-9985-845295BBB0E5}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{BB4AE9CF-D078-4041-BCEF-955D1CF62CBB}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{BC61F345-1C78-4EDC-8D46-AB36859C622F}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C005C0B6-C14D-4609-98DB-B48E35AA0800}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C0688FF0-B36C-4EE2-B54F-352EAF205FF6}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{C0AE5CE8-0291-42D4-9B2F-B37AF5EE6913}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C32FE56A-8049-41EF-B112-2037D4E8AB25}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C74566CC-48A0-4866-B817-B72DE9C162AC}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C89A6A7B-3FBF-4FAC-91DC-7BBE60319689}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C91959A0-4665-4B9C-BCCB-15839A6F0533}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{CAB3E121-3F31-45CF-9A76-9599540C6124}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{CBB206D5-2F5B-494D-B4FC-FA8C87B62EBC}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{CDB46E0A-58A9-46F5-8744-BC023FA70D09}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{D1ADC8F0-BE56-436F-96AE-C4061A7276F5}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D29F4D32-AC85-4568-881B-F90B63D43B29}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{D3972F9A-B58F-448C-B690-E533571BD977}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgemcx.exe |
"{D731FE32-1DB3-4852-BFFF-91F05345AB1B}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E26A471E-5B64-43A6-A5E4-60CA4CB2F6E0}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E32A1BDB-B1B7-4B7C-A836-60C4A6E5DB01}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E8FCEFF2-2D7A-42DE-BD71-BFCF3085C6A9}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{EB3DAEAB-8B2D-4F3E-80CB-B5396E9C3401}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{EDF30B77-8BCD-4302-B562-14655C864CF8}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{EEC2ED22-823E-45F9-BEC5-426713D54361}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{EECAC89F-C3D9-43B1-BC55-E0C5B734FC4C}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{EF0F82BB-314A-4D81-B474-E78DF4FC4323}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{EF73ACB6-6C5B-4B6F-B3E2-821D5155F930}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{F0FB64A0-A6D6-4E09-879D-145066A7BBEE}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{F261815E-A7C4-43B3-A880-B6608B3BD4DD}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F3341973-CD3D-4CE7-95E1-7F4D04BC4B0F}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{F52D8224-E8DE-45C2-B690-8D97CA2F25E4}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{F6A1A3CA-F5FD-4E5E-ACB6-C5178A9CDEED}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{F6F27783-2A44-4219-AFBD-2953EF46FCD5}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F758B081-07E7-4282-B126-4837AC5EFABC}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{F8B622C6-C984-4807-98F3-066AFAB6387F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{FAF8E6F3-930E-45D8-946B-A55D0EFA05E6}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"TCP Query User{235EE798-FB0F-4CD4-9034-8C0F6840E7DA}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{2EC24AFA-5349-43EE-B3EB-0080FB6005D1}H:\epsonnet easyinstall\easyinstall.exe" = protocol=6 | dir=in | app=h:\epsonnet easyinstall\easyinstall.exe |
"TCP Query User{31FAEC05-46E2-4147-A209-1FAFCA978F4A}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{3D68A5A0-63EA-4B1E-8CF9-C8B5E77DE149}C:\program files\sony\vaio media registration tool\vmpclient.exe" = protocol=6 | dir=in | app=c:\program files\sony\vaio media registration tool\vmpclient.exe |
"TCP Query User{431F554C-28D9-4318-B965-64F6B60F543B}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{5C93DF6F-55A8-4B4C-BD0C-DD697CA1CA3E}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"TCP Query User{72D7F03C-CCF7-4DF0-96AF-495BC1D283F2}C:\program files\ares vista\aresvista.exe" = protocol=6 | dir=in | app=c:\program files\ares vista\aresvista.exe |
"TCP Query User{7574E0C2-137F-4A0C-8C56-0ADBFB0FAAB1}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{7721B20C-5818-48A9-B85B-6E48D9058F9E}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{7C747146-3B3B-4968-A8AF-68B5E3643CFC}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{8AAA6670-578D-40BC-B647-A255D555D61A}C:\users\alex\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\alex\appdata\roaming\spotify\spotify.exe |
"TCP Query User{97F94692-85B0-4CAA-88D9-F7429205B3CE}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"TCP Query User{98AF17EC-5504-46F7-9CFC-B4D312B18437}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"TCP Query User{9E72CBDC-9F53-4430-92D2-9667AC1D087C}C:\program files\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe |
"TCP Query User{A3600267-E6B2-4B3A-8104-376610AFAD91}C:\program files\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files\ares\ares.exe |
"TCP Query User{A78F91F6-3D08-406E-844B-23B57C0323DB}C:\program files\ares vista\aresvista.exe" = protocol=6 | dir=in | app=c:\program files\ares vista\aresvista.exe |
"TCP Query User{C14957F7-C700-4220-8828-109E21905208}C:\users\alex\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\alex\appdata\roaming\spotify\spotify.exe |
"TCP Query User{C37F9BFA-D83A-40F5-8F90-3B73E7389200}C:\program files\ares\ares.exe" = protocol=6 | dir=in | app=c:\program files\ares\ares.exe |
"TCP Query User{C452ADA9-C099-4A4C-8D4E-A54F667CDA2A}C:\program files\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\program files\spotify\spotify.exe |
"TCP Query User{DDAA45FA-3498-43CE-A533-2CB33A9A82C4}C:\program files\skype\phone\skype.exe" = protocol=6 | dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{E718B3D7-013F-45A2-BE09-412CB2750A26}C:\program files\mytorrentclient\halite.exe" = protocol=6 | dir=in | app=c:\program files\mytorrentclient\halite.exe |
"UDP Query User{0FE6C5AB-FE9C-42F5-B97C-6EC970995DE2}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{1DC7955A-39C9-4A8A-8DD3-B4B03A1E511B}C:\program files\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe |
"UDP Query User{2A8B0818-2299-444F-8508-9279AADC38B8}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{338ED6E6-A014-461F-8742-0BC62FB29562}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"UDP Query User{3DD60DCC-124C-46E8-A07B-4AF07253F6C5}C:\users\alex\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\alex\appdata\roaming\spotify\spotify.exe |
"UDP Query User{402D2E57-96A4-4E9D-8F30-EADB6FB79FAA}C:\program files\ares vista\aresvista.exe" = protocol=17 | dir=in | app=c:\program files\ares vista\aresvista.exe |
"UDP Query User{43354989-242F-4B63-A9EF-2E093547C9F1}C:\program files\sony\vaio media registration tool\vmpclient.exe" = protocol=17 | dir=in | app=c:\program files\sony\vaio media registration tool\vmpclient.exe |
"UDP Query User{4F3044F1-8155-418C-91BD-E8270A489470}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
"UDP Query User{66F9BBD7-C5FE-4B1E-94A1-D621BDC633AB}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{7AC4F92F-1DFC-44FE-B370-BB66262F1ED4}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |
"UDP Query User{998BE7CD-8AA8-4DC8-8749-F284DCAB0BBF}C:\program files\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files\ares\ares.exe |
"UDP Query User{AAB1249D-526D-4766-BD95-78D05D00521A}C:\program files\ares vista\aresvista.exe" = protocol=17 | dir=in | app=c:\program files\ares vista\aresvista.exe |
"UDP Query User{B51F6783-9C88-4D69-8549-FD33E147A70F}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{B75F4A58-028E-4761-8EC6-1836ADB6BA5B}C:\program files\mytorrentclient\halite.exe" = protocol=17 | dir=in | app=c:\program files\mytorrentclient\halite.exe |
"UDP Query User{C500CF45-DCE9-4735-A8D6-551A6931996F}H:\epsonnet easyinstall\easyinstall.exe" = protocol=17 | dir=in | app=h:\epsonnet easyinstall\easyinstall.exe |
"UDP Query User{D3A2CE50-2029-48C4-8814-A98DF72C4DA3}C:\program files\ares\ares.exe" = protocol=17 | dir=in | app=c:\program files\ares\ares.exe |
"UDP Query User{EB1CB6C8-56AA-4B8B-87D4-0D43696FCCBE}C:\users\alex\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\alex\appdata\roaming\spotify\spotify.exe |
"UDP Query User{F0837955-8D2E-467A-947E-3AA5021E4245}C:\program files\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\program files\spotify\spotify.exe |
"UDP Query User{F3850946-24DC-4BB8-B903-21140F16D01C}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"UDP Query User{F41A4FCA-7644-484B-9DBC-C482ECB53359}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{F76B1929-E26F-40F6-AFBA-935FA72C427A}C:\program files\skype\phone\skype.exe" = protocol=17 | dir=in | app=c:\program files\skype\phone\skype.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
Extras.Txt (Part 2)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{009E7FB7-1775-4D89-8956-F5C9A1C019FC}" = DSD Playback Plug-in
"{01FDC9FC-4D4F-4DB0-ACD1-D3E8E1D52902}" = Sony Video Shared Library
"{021AD585-5EEE-4B58-83BC-0AC86008EBC8}" = VAIO Media Registration Tool
"{07D8511D-C9FE-4A93-933F-EAA5C8F20095}" = IDT Audio
"{0AAE6279-45D3-4E87-A8C5-0E6F29BC2C32}" = VAIO Content Importer VAIO Content Exporter
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0E4BC542-9CFD-4E97-B586-9F1E5516E7B9}" = Microsoft IntelliPoint 6.1
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1417F599-1DBD-4499-9375-B2813E9F890C}" = VAIO Camera Utility
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{194BFA8B-8ABF-43F4-A4B5-A38F6B21C3C2}" = Google AdWords Editor
"{1BEF9285-5530-426B-A5F1-5836B95C7EB1}" = VAIO Original Screen Saver
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"{2063C2E8-3812-4BBD-9998-6610F80C1DD4}" = VAIO Media AC3 Decoder 1.0
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"{22B09F6E-AC8B-4524-83CD-B6FA4D16AE71}" = Windows Live Family Safety
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2487D9E4-3508-4A99-AF59-6F50734101DA}" = Cisco Network Magic
"{249E8BE4-1F13-4642-93BD-FFEBD6AC498C}" = componente
"{26A24AE4-039D-4CA4-87B4-2F83216025FF}" = Java(TM) 6 Update 29
"{28AD24E2-BC9F-49B8-A20C-31C6C2D78428}" = VAIO Database Converter 1.0
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility
"{2A2FF7F5-6F0E-4A5D-A881-39365E718BD6}" = VAIO Cozy Orange Wallpaper
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (VAIO_VEDB)
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{3360D505-B0AA-4284-92DF-F872AF90A448}" = BlackBerry Device Software Updater
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{39177B0B-800F-4129-8C87-8B8B8AD8B4F8}_is1" = Ares Vista 3.0.9.9002
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{428A6DA3-FD56-44AE-B602-15DCCD6A7515}" = VAIO AV Mode Launcher
"{471D9952-6A24-40BA-9DA0-C73C13B0D001}" = Tunebite
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A275FD1-2F24-4274-8C01-813F5AD1A92D}" = Windows Live Messenger
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{500162A0-4DD5-460A-BAFD-895AAE48C532}" = VAIO Media Content Collection 6.0
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup
"{53192FD8-AAE9-494F-B0E2-A48B287B4234}" = testo easyheat
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{5482896E-6795-4E4E-9761-024E6EB7C912}" = MyTorrentClient
"{55B781F0-060E-11D4-99D7-00C04FCCB775}" =
"{560F6B2E-F0DF-44E5-8190-A4A161F0E205}" = VAIO Media 6.0
"{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}" = VAIO Data Restore Tool
"{5855C127-1F20-404D-B7FB-1FD84D7EAB5E}" = VAIO Media Redistribution 6.0
"{59452470-A902-477F-9338-9B88101681BD}" = Setting Utility Series
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5BEE8F1F-BD32-4553-8107-500439E43BD7}" = VAIO Update
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5E343EF6-D27C-4CFC-9FAE-9AAFB541BCEE}" = VAIO Photo 2007
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{6332AFF1-9D9A-429C-AA03-F82749FA4F49}" = SonicStage Mastering Studio
"{63A6E9A9-A190-46D4-9430-2DB28654AFD8}" = Norton 360
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A69CFF-130D-4CDE-AB0E-7374ECB144C8}" = VAIO Content Importer / VAIO Content Exporter
"{69333A04-5134-40A5-A055-9166A7AA1EC8}" =
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{6D2576EC-A0E9-418A-A09A-409933A3B6F4}" = VAIO Camera Capture Utility
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75157F34-02C6-4831-BD66-3BC49E7A8394}" = BlackBerry Desktop Software 6.1
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{785EB1D4-ECEC-4195-99B4-73C47E187721}" = VAIO Media Integrated Server 6.0
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7FCC4EDC-6EE2-4309-ABD7-85F2667A7B90}" = WebEx Support Manager for Internet Explorer
"{80DDC39C-8CB5-49de-9748-36C990922110}" = Microsoft Works
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{821E1E03-ED3F-4256-B89D-A26C8B8A2CE2}" = testo USB Driver 2.4
"{82D5BACA-3619-4D34-99DB-3A65CFB4DA33}" = DSD Direct
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Sopcast Ask Toolbar
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo Layers Runtime 1.10.01
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0016-0C0A-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Spanish) 2007
"{90120000-0016-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0C0A-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Spanish) 2007
"{90120000-0018-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0C0A-0000-0000000FF1CE}" = Microsoft Office Word MUI (Spanish) 2007
"{90120000-001B-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0403-0000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2007
"{90120000-001F-0403-0000-0000000FF1CE}_HOMESTUDENTR_{BEADB115-DB47-4BD0-A9EC-AE585AFAB2D8}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007
"{90120000-001F-0416-0000-0000000FF1CE}_HOMESTUDENTR_{8A524694-0CA4-476A-9301-B1E9D70FC952}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-042D-0000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2007
"{90120000-001F-042D-0000-0000000FF1CE}_HOMESTUDENTR_{017A6981-5E03-4A97-830A-35FE0927BB7F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0456-0000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2007
"{90120000-001F-0456-0000-0000000FF1CE}_HOMESTUDENTR_{A3A03B41-14EA-4E50-97D8-FCF429AE0CCB}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing (Spanish) 2007
"{90120000-006E-0C0A-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Spanish) 2007
"{90120000-006E-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{430AE3E6-E982-4958-90FC-1C062BC74E22}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0C0A-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Spanish) 2007
"{90120000-00A1-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{D79E9128-A250-4155-BE90-2BE81DE0406A}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Centro de dispositivos de Windows Mobile
"{90510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92E4A65F-7007-3357-A69A-167F71A337BD}" = Microsoft .NET Framework 3.5 Language Pack SP1 - esn
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{934A3213-1CB6-4264-84A2-EE080C017BCA}" = VAIO Tender Green Wallpaper
"{94FB0978-D094-40C7-91D7-834D39220D4A}" = Crystal Reports XI Release 2
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0C0A-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95B012AD-3A4A-31D7-9167-5D07D2A71F47}" = Microsoft .NET Framework 4 Client Profile ESN Language Pack
"{96296507-058A-4BFA-A042-998487514AC9}" = VAIO Entertainment Platform
"{97BCD719-6ECB-458F-97D6-F38D2E07375E}" = VAIO Aqua Breeze Wallpaper
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C1C8A04-F8CA-4472-A92D-4288CE32DE86}" = Complementos de SonicStage Mastering Studio
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E319E96-ED8E-4B01-9775-C521A1869A25}" = VAIO Power Management
"{9E407618-D9CD-4F39-9490-9ED45294073D}" = Click to DVD 2.0.05 Menu Data
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Pointing-device for VAIO
"{A0EB195B-5876-48E6-879D-33D4B2102610}" = SonicStage 4.3
"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}" = PixiePack Codec Pack
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A947C2B3-7445-42C4-9063-EE704CACCB22}" = VAIO Hardware Diagnostics
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW version 2009-05-12
"{AC76BA86-1033-F400-BA7E-000000000003}" = Adobe Acrobat 8 Standard - English, Français, Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{AF9A04EB-7D8E-41DE-9EDE-4AB9BB2B71B6}" = VAIO Media Registration Tool 6.0
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B66AD8F4-0951-407E-807F-C300F6970B5A}" = VAIO Media
"{BCB52F35-4C56-49F2-A3D6-FDED54B01847}" = pdfforge Toolbar v4.4
"{C183A21C-395A-490F-99D4-CCAB35E32859}" =
"{C89AF1D9-A501-4AA5-9E44-9753D0F92347}" = Kidizoom® Pro & Plus
"{C9D8A041-2963-4B31-8FFC-1500F3DB9293}" = EpsonNet Setup 3.2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6AB1F5B-FED6-49A9-9747-327BD28FB3C7}" = COMODO Internet Security
"{DDBC8703-AA18-491F-97BE-98D4543A901B}" = FileMover
"{DF7DB916-90E5-40F2-9010-B8125EB5FD6F}" = SonicStage Mastering Studio Audio Filter
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E7044E25-3038-4A76-9064-344AC038043E}" = Actualización del controlador del Centro de dispositivos de Windows Mobile
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E809063C-51A3-4269-8984-D1EB742F2151}" = Click to DVD 2.6.00
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EC37A846-53AC-4DA7-98FA-76A4E74AA900}" = SonicStage Mastering Studio Audio Filter Custom Preset
"{ED86C4AB-D1E5-42CF-BFA3-56BAAE617D4E}" = Windows Live UX Platform Language Pack
"{EF3D45BB-2260-4008-88EA-492E7744A9DF}" = Sony Utilities DLL
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service
"{F18DB86D-BC16-4E01-BCCE-63F62B931D82}" = InterVideo Register Manager
"{F4061D4A-63D3-4399-9F6F-460D0178651A}" = OpenEdge 10.0B Shared Network Installation
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F53D678E-238F-4A71-9742-08BB6774E9DC}" = Windows Live Family Safety
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{FC37C108-821D-4EDE-8F40-D5B497586805}" = VAIO Control Center
"{FC467B61-F890-4E29-8585-365DAB66F13E}" = Pure Networks Platform
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"AC3Filter_is1" = AC3Filter 1.63b
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Acrobat 8 Standard - English, Français, Deutsch" = Adobe Acrobat 8.1.3 Standard
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.9
"AudioConverter Studio_is1" = AudioConverter Studio 6.2
"AutocompletePro3_is1" = AutocompletePro
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.1
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_104D0200" = HDAUDIO SoftV92 Data Fax Modem with SmartCP
"Comodo Dragon" = Comodo Dragon
"COMODO GeekBuddy" = COMODO GeekBuddy
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup" = Instalación de DivX
"EPSON SX420W Series" = EPSON SX420W Series Printer Uninstall
"EPSON SX420W Series Manual" = EPSON SX420W Series Manual
"EPSON SX420W Series Network Guide" = EPSON SX420W Series Network Guide
"Free WAV to MP3 Converter" = Free WAV to MP3 Converter
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"Google Chrome" = Google Chrome
"HMIP2009_is1" = Hide My IP 2009
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - esn" = Paquete de idioma de Microsoft .NET Framework 3.5 SP1 - esn
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile ESN Language Pack" = Paquete de idioma de Microsoft .NET Framework 4 Client Profile ESN
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Mozilla Firefox 10.0.2 (x86 en-GB)" = Mozilla Firefox 10.0.2 (x86 en-GB)
"Muti ID3 Tag Editor" = Alex Buturuga - Muti ID3 Tag Editor 1.3b1
"Network MagicUninstall" = Network Magic
"NVIDIA Drivers" = NVIDIA Drivers
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-13-24-01
"Parrot Flash Update Wizard" = Parrot Software Update Tool
"Picasa 3" = Picasa 3
"PPLive" = PPLive 1.9
"RealPlayer 12.0" = RealPlayer
"SopCast" = SopCast 3.4.7
"Spotify" = Spotify
"TVUPlayer" = TVUPlayer 2.4.0.1
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.11
"Windows Mobile Device Handbook" = Manual del dispositivo Windows Mobile®
"Windows Password Cracker_is1" = Windows Password Cracker 3.05 Demo
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Xvid Video Codec 1.3.1" = Xvid Video Codec

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3790430613-2635612168-4138667699-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FoxTab Video Player" = FoxTab Video Player
"Spotify" = Spotify

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 04/03/2012 18:26:10 | Computer Name = Alex1 | Source = ESENT | ID = 490
Description = wuaueng.dll (1284) SUS20ClientDataStore: Al intentar abrir el archivo
"C:\Windows\SoftwareDistribution\DataStore\Logs\edb.chk" para acceso de lectura
y escritura se produjo el error de sistema 5 (0x00000005): "Acceso denegado. ".
La operación para abrir el archivo se cerrará con el error -1032 (0xfffffbf8).

Error - 04/03/2012 18:26:20 | Computer Name = Alex1 | Source = ESENT | ID = 489
Description = wuaueng.dll (1284) SUS20ClientDataStore: Al intentar abrir el archivo
"C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log" para acceso de sólo lectura
se produjo el error de sistema 5 (0x00000005): "Acceso denegado. ". La operación
para abrir el archivo se cerrará con el error -1032 (0xfffffbf8).

Error - 04/03/2012 18:26:20 | Computer Name = Alex1 | Source = ESENT | ID = 455
Description = wuaueng.dll (1284) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
al abrir un archivo de registro C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 04/03/2012 18:26:30 | Computer Name = Alex1 | Source = ESENT | ID = 489
Description = wuaueng.dll (1284) SUS20ClientDataStore: Al intentar abrir el archivo
"C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log" para acceso de sólo lectura
se produjo el error de sistema 5 (0x00000005): "Acceso denegado. ". La operación
para abrir el archivo se cerrará con el error -1032 (0xfffffbf8).

Error - 04/03/2012 18:26:30 | Computer Name = Alex1 | Source = ESENT | ID = 455
Description = wuaueng.dll (1284) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
al abrir un archivo de registro C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 04/03/2012 18:26:40 | Computer Name = Alex1 | Source = ESENT | ID = 490
Description = wuaueng.dll (1284) SUS20ClientDataStore: Al intentar abrir el archivo
"C:\Windows\SoftwareDistribution\DataStore\Logs\edb.chk" para acceso de lectura
y escritura se produjo el error de sistema 5 (0x00000005): "Acceso denegado. ".
La operación para abrir el archivo se cerrará con el error -1032 (0xfffffbf8).

Error - 04/03/2012 18:26:50 | Computer Name = Alex1 | Source = ESENT | ID = 489
Description = wuaueng.dll (1284) SUS20ClientDataStore: Al intentar abrir el archivo
"C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log" para acceso de sólo lectura
se produjo el error de sistema 5 (0x00000005): "Acceso denegado. ". La operación
para abrir el archivo se cerrará con el error -1032 (0xfffffbf8).

Error - 04/03/2012 18:26:50 | Computer Name = Alex1 | Source = ESENT | ID = 455
Description = wuaueng.dll (1284) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
al abrir un archivo de registro C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log.

Error - 04/03/2012 18:27:00 | Computer Name = Alex1 | Source = ESENT | ID = 489
Description = wuaueng.dll (1284) SUS20ClientDataStore: Al intentar abrir el archivo
"C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log" para acceso de sólo lectura
se produjo el error de sistema 5 (0x00000005): "Acceso denegado. ". La operación
para abrir el archivo se cerrará con el error -1032 (0xfffffbf8).

Error - 04/03/2012 18:27:00 | Computer Name = Alex1 | Source = ESENT | ID = 455
Description = wuaueng.dll (1284) SUS20ClientDataStore: Error -1032 (0xfffffbf8)
al abrir un archivo de registro C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log.

[ System Events ]
Error - 04/03/2012 17:16:02 | Computer Name = Alex1 | Source = Service Control Manager | ID = 7023
Description =

Error - 04/03/2012 17:16:02 | Computer Name = Alex1 | Source = Service Control Manager | ID = 7023
Description =

Error - 04/03/2012 17:16:02 | Computer Name = Alex1 | Source = Service Control Manager | ID = 7023
Description =

Error - 04/03/2012 17:16:02 | Computer Name = Alex1 | Source = Service Control Manager | ID = 7023
Description =

Error - 04/03/2012 17:16:02 | Computer Name = Alex1 | Source = Service Control Manager | ID = 7023
Description =

Error - 04/03/2012 17:16:02 | Computer Name = Alex1 | Source = Service Control Manager | ID = 7009
Description =

Error - 04/03/2012 17:16:02 | Computer Name = Alex1 | Source = Service Control Manager | ID = 7000
Description =

Error - 04/03/2012 17:21:07 | Computer Name = Alex1 | Source = Service Control Manager | ID = 7009
Description =

Error - 04/03/2012 17:21:07 | Computer Name = Alex1 | Source = Service Control Manager | ID = 7000
Description =

Error - 04/03/2012 17:21:32 | Computer Name = Alex1 | Source = Service Control Manager | ID = 7022
Description =


< End of report >
 
For x86 bit systems please download GrantPerms.zip and save it to your desktop.
For x64 bit systems please download GrantPerms64.zip and save it to your desktop.
Unzip the file and depending on the system run GrantPerms.exe or GrantPerms64.exe
Copy and paste the following in the edit box:

Code:
C:\Windows\$NtUninstallKB16085$

Click Unlock. When it is done click "OK".
Click List Permissions and post the result of Perms.txt file that pops up.
A copy of Perms.txt will be saved in the same directory the tool is run..

=======================================================================

Download BlitzBlank and save it to your desktop.
Double click on Blitzblank.exe

  • Click OK at the warning.
  • Click the Script tab and copy/paste the following text there:
Code:
CopyFile:
C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6001.18000_none_6064c861f7442765\netbt.sys C:\Windows\System32\drivers\netbt.sys
  • Click Execute Now. Your computer will need to reboot in order to replace the files.
  • When done, post the report created by Blitzblank.
    You can find it in the root of the drive, normally C:\
 
Hi Broni,

It seemed to be going OK, but on reboot it came up with a message of not being able to reboot and asked if I wanted to do the recommended repair to Windows. I said Yes, but now I'm being asked if I want to restore with System Restore???

Please advise what I should do...
 
I cancelled the Ststem Restore, but Windows is trying to repair itself - currently looking for errors on the hard drive.

Do I let it run its course, or should I force a restart & hit F8?
 
OK! It's restarted - but I think that was my fault :blush:

I hadn't realised that the x86 bit systems referred to me, so I didn't download the GrantPerms.zip. Sorry about that!

Should I try again?
 
Perms

GrantPerms by Farbar
Ran by Alex (administrator) at 2012-03-05 01:00:37

===============================================
\\?\C:\Windows\$NtUninstallKB16085$

Owner: BUILTIN\Administradores

DACL(P)(AI):
NT SERVICE\TrustedInstaller FULL ALLOW container_inherit
NT AUTHORITY\SYSTEM FULL ALLOW (CI)(OI)
BUILTIN\Administradores FULL ALLOW (CI)(OI)
CREATOR OWNER FULL ALLOW (CI)(OI)(IO)


Should I try BlitzBlank again?
 
Well I ran BlitzBlank & have since had a problem again to restart the computer. I've got it booted up in safe mode, but no internet. Is that normal?

Looking at the BlitzBlank log, it evidently failed, with status = c0000023

What's next? It would be great to feel that this process was moving forward...
 
Hi Broni,

Maybe it's not as bad as I feared!

I rebooted & was given the option of started normally or to repair (recommended). I opted for normal and it has rebooted, seems to be working OK and is connected to the internet.

I'm not sure what the situation is, but am optimistic again that we will get it running normally again.

Thanks for your help with this.
 
And here is the BlitzBlank log from yesterday....

BlitzBlank 1.0.0.32

File/Registry Modification Engine native application
CopyFileOnReboot: sourceFile = "\??\c:\windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6001.18000_none_6064c861f7442765\netbt.sys", destinationFile = "\??\c:\windows\system32\drivers\netbt.sys"GetDataFromFile: ZwOpenFile failed: status = c0000022
CopyFile: ZwCreateFile failed: status = c0000022


BlitzBlank 1.0.0.32

File/Registry Modification Engine native application
CopyFileOnReboot: sourceFile = "\??\c:\windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6001.18000_none_6064c861f7442765\netbt.sys", destinationFile = "\??\c:\windows\system32\drivers\netbt.sys"GetDataFromFile: ZwOpenFile failed: status = c0000022
CopyFile: ZwCreateFile failed: status = c0000022
 
We'll have to use different approach.

Let's see, if we can look at your computer booting from an external source.

Please download OTLPE (filesize 120,9 MB)

  • When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.
  • Reboot your system using the boot CD you just created.
    • Note : If you do not know how to set your computer to boot from CD follow the steps here
  • Your system should now display a REATOGO-X-PE desktop.
  • Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.
  • Double-click on the OTLPE icon.
  • When asked Do you wish to load the remote registry, select Yes
  • When asked Do you wish to load remote user profile(s) for scanning, select Yes
  • Ensure the box Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start.
  • Under the Custom Scan box paste this in:

    /md5start
    explorer.exe
    winlogon.exe
    userinit.exe
    svchost.exe
    netbt.sys
    /md5stop

  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system
  • Please post the contents of the OTL.txt file in your reply.
 
I've got to the Reatogo-X-pe desktop. I can't connect to internet by wireless or cable direct into the router. Apparently it can't assign a new IP address to the computer.

When I double click on OTLPE I'm asked to choose a Windows Directory. The options are:
- RAMDisk (B:)
- Local Disk (C:)
- Reatogo PE (X:)
- Shared Documents

My plan was to manually write in the instructions to scan & on completion reboot into Windows to look for the file & then paste it into my next reply. Will that work?

BTW, I haven't reinstalled AVG Free 2012. Should I? I'm thinking of moving to Avast when this all over anyway...

Thanks again!
 
When I double click on OTLPE I'm asked to choose a Windows Directory
Navigate to a folder where Windows is actually installed.
That would be C:\Windows.
 
OTL.txt (Part 1)

OTL logfile created on: 3/6/2012 9:07:27 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C0A | Country: España | Language: ESN | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 81.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 139.27 Gb Total Space | 24.37 Gb Free Space | 17.50% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- -- (winvnc)
SRV - File not found [Auto] -- -- (V0080Dev)
SRV - File not found [Auto] -- -- (twotrack)
SRV - File not found [Auto] -- -- (TuneUp.ProgramStatisticsSvc)
SRV - File not found [Auto] -- -- (tga)
SRV - File not found [Auto] -- -- (symantecantibotfilter)
SRV - File not found [Auto] -- -- (symantecantibotdriver)
SRV - File not found [Auto] -- -- (sr_watchdog)
SRV - File not found [Auto] -- -- (sony_ssm.sys)
SRV - File not found [Auto] -- -- (sisnic)
SRV - File not found [Auto] -- -- (sigfilt)
SRV - File not found [Auto] -- -- (SerTVOutCtlr)
SRV - File not found [Auto] -- -- (se59obex)
SRV - File not found [Auto] -- -- (se58mdm)
SRV - File not found [Auto] -- -- (SE2Cobex)
SRV - File not found [Auto] -- -- (SE27mdfl)
SRV - File not found [Auto] -- -- (s24trans)
SRV - File not found [Auto] -- -- (rxmssync)
SRV - File not found [Auto] -- -- (RTL8169)
SRV - File not found [Auto] -- -- (qmofiltr)
SRV - File not found [Auto] -- -- (Programador de LiveUpdate automático)
SRV - File not found [Auto] -- -- (pavatscheduler)
SRV - File not found [Auto] -- -- (pav_security)
SRV - File not found [Auto] -- -- (pae_1394)
SRV - File not found [Auto] -- -- (oracle_load_balancer_60_server-forms6ip14)
SRV - File not found [Auto] -- -- (ood2000)
SRV - File not found [Auto] -- -- (odysseyIM4)
SRV - File not found [Auto] -- -- (nwrdr)
SRV - File not found [Auto] -- -- (nvstor64)
SRV - File not found [Auto] -- -- (nsausvc)
SRV - File not found [Auto] -- -- (nisvcloc)
SRV - File not found [Auto] -- -- (MTsensor)
SRV - File not found [Auto] -- -- (mohfilt)
SRV - File not found [Auto] -- -- (mhn)
SRV - File not found [Auto] -- -- (mcproxy)
SRV - File not found [Auto] -- -- (lxcf_device)
SRV - File not found [Auto] -- -- (lvckap)
SRV - File not found [Auto] -- -- (klblmain)
SRV - File not found [Auto] -- -- (hnmsvc)
SRV - File not found [Auto] -- -- (gotomypc)
SRV - File not found [Auto] -- -- (EIO_XP)
SRV - File not found [Auto] -- -- (e1express)
SRV - File not found [Auto] -- -- (DivisCTP)
SRV - File not found [Auto] -- -- (cpucoolserver)
SRV - File not found [Auto] -- -- (cpqrcmc)
SRV - File not found [Auto] -- -- (cdrbsdrv)
SRV - File not found [Auto] -- -- (Cam5603C)
SRV - File not found [Auto] -- -- (axinstsv)
SRV - File not found [Auto] -- -- (ati2mpaa)
SRV - File not found [On_Demand] -- -- (AresChatServer)
SRV - File not found [Auto] -- -- (AppnBase)
SRV - File not found [Auto] -- -- (alcan5wn)
SRV - File not found [Auto] -- -- (aiclient)
SRV - [2011/12/19 12:59:00 | 001,960,584 | ---- | M] (COMODO) [Auto] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2011/11/23 05:27:04 | 001,052,472 | ---- | M] (COMODO) [Auto] -- C:\Program Files\Comodo\COMODO GeekBuddy\CLPSLS.exe -- (CLPSLS)
SRV - [2011/02/28 12:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 04:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2009/11/28 02:39:24 | 002,396,464 | ---- | M] () [On_Demand] -- C:\Program Files\Hide My IP 2009\HideMyIpSrv.exe -- (HideMyIpSRV)
SRV - [2009/07/07 08:48:44 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2009/03/06 06:59:12 | 000,020,376 | ---- | M] (WebEx Communications, Inc.) [Auto] -- C:\Windows\System32\atashost.exe -- (atashost)
SRV - [2009/03/05 11:59:50 | 000,313,264 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -- (Vcsw)
SRV - [2009/03/05 11:59:50 | 000,192,512 | ---- | M] (Sony Corporation) [Auto] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2009/03/05 11:59:50 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2009/03/05 11:41:58 | 005,189,992 | ---- | M] (Sony Corporation) [Auto] -- C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2009/01/26 09:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/01/19 02:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/10/04 11:59:54 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/09/13 08:45:38 | 000,102,400 | ---- | M] (IDT, Inc.) [Auto] -- C:\Windows\System32\stacsv.exe -- (STacSV)
SRV - [2007/05/31 03:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 03:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2007/02/13 08:19:48 | 000,182,392 | ---- | M] (Sony Corporation) [Auto] -- C:\Program Files\sony\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2007/02/02 07:56:52 | 000,118,784 | ---- | M] (TOSHIBA CORPORATION) [Auto] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2007/01/24 09:56:24 | 000,075,320 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\Common Files\Sony Shared\AvLib\SSScsiSV.exe -- (SSScsiSV)
SRV - [2007/01/24 09:56:20 | 000,112,184 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\Common Files\Sony Shared\AvLib\SsBeSvc.exe -- (SonicStage Back-End Service)
SRV - [2007/01/16 07:05:00 | 002,523,136 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\sony\VAIO Media Integrated Server\VMISrv.exe -- (VAIOMediaPlatform-IntegratedServer-AppServer)
SRV - [2007/01/16 07:05:00 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-UCLS-UPnP) VAIO Media Content Collection (UPnP)
SRV - [2007/01/16 07:05:00 | 001,089,536 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe -- (VAIOMediaPlatform-IntegratedServer-UPnP) VAIO Media Integrated Server (UPnP)
SRV - [2007/01/10 09:51:06 | 000,745,472 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\sony\VAIO Media Integrated Server\UCLS.exe -- (VAIOMediaPlatform-UCLS-AppServer)
SRV - [2007/01/08 10:06:40 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-UCLS-HTTP) VAIO Media Content Collection (HTTP)
SRV - [2007/01/08 10:06:40 | 000,397,312 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe -- (VAIOMediaPlatform-IntegratedServer-HTTP) VAIO Media Integrated Server (HTTP)
SRV - [2007/01/08 10:01:34 | 000,491,520 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\sony\VAIO Media Integrated Server\Platform\VmGateway.exe -- (VAIOMediaPlatform-Mobile-Gateway)
SRV - [2007/01/04 12:48:52 | 000,112,152 | R--- | M] (InterVideo) [Auto] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
SRV - [2006/12/19 12:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto] -- C:\Program Files\Common Files\EPSON\eEBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
SRV - [2006/12/13 19:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\Common Files\Sony Shared\AvLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/13 19:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand] -- C:\Program Files\Common Files\Sony Shared\AvLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/13 18:46:16 | 000,057,344 | ---- | M] () [On_Demand] -- C:\Program Files\Common Files\Sony Shared\AvLib\PACSPTISVR.exe -- (PACSPTISVR)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] -- -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] -- -- (IpInIp)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - [2012/01/17 15:00:32 | 000,491,816 | ---- | M] (COMODO) [File_System | System] -- C:\Windows\System32\drivers\cmdGuard.sys -- (cmdGuard)
DRV - [2011/12/19 12:59:06 | 000,082,400 | ---- | M] (COMODO) [Kernel | System] -- C:\Windows\System32\drivers\inspect.sys -- (inspect)
DRV - [2011/12/19 12:59:06 | 000,038,616 | ---- | M] (COMODO) [Kernel | System] -- C:\Windows\System32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2011/05/10 01:06:14 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\netaapl.sys -- (Netaapl)
DRV - [2010/09/08 05:19:51 | 000,031,848 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand] -- C:\Windows\System32\drivers\rrnetcap.sys -- (RRNetCapMP)
DRV - [2010/09/08 05:19:51 | 000,031,848 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand] -- C:\Windows\System32\drivers\rrnetcap.sys -- (RRNetCap)
DRV - [2010/07/02 06:41:30 | 000,057,800 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2009/07/07 08:48:44 | 000,027,696 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto] -- C:\Windows\System32\drivers\purendis.sys -- (purendis)
DRV - [2009/07/07 08:48:44 | 000,026,672 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto] -- C:\Windows\System32\drivers\pnarp.sys -- (pnarp)
DRV - [2009/05/26 04:35:50 | 008,235,648 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/04/10 23:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)
DRV - [2008/06/19 03:51:54 | 000,101,632 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008/03/10 03:09:16 | 000,028,224 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\Windows\System32\drivers\PCAMp50.sys -- (PCAMp50)
DRV - [2008/03/10 03:09:16 | 000,027,072 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\Windows\System32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2008/01/19 01:14:59 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2008/01/19 01:14:12 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)
DRV - [2007/09/13 08:46:06 | 000,330,240 | ---- | M] (IDT, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2007/06/20 21:51:28 | 002,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Controlador del adaptador Intel(R)
DRV - [2007/04/23 06:29:00 | 000,812,544 | ---- | M] (Texas Instruments) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ti21sony.sys -- (ti21sony)
DRV - [2007/04/17 13:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2007/04/04 20:03:44 | 000,031,104 | ---- | M] (Sony Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\SonyImgF.sys -- (SonyImgF)
DRV - [2007/03/15 14:19:32 | 000,074,240 | ---- | M] (Ricoh) [Kernel | On_Demand] -- C:\Windows\System32\drivers\R5U870FLx86.sys -- (R5U870FLx86)
DRV - [2007/03/15 14:19:32 | 000,043,904 | ---- | M] (Ricoh) [Kernel | On_Demand] -- C:\Windows\System32\drivers\R5U870FUx86.sys -- (R5U870FUx86)
DRV - [2007/02/06 00:54:39 | 000,027,520 | ---- | M] (Sony Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\SonyNC.sys -- (SNC)
DRV - [2007/01/24 07:57:38 | 000,073,728 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2007/01/22 03:43:26 | 000,053,376 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2007/01/12 14:41:32 | 000,113,792 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2007/01/12 14:16:54 | 000,040,576 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tosrfusb.sys -- (tosrfusb)
DRV - [2007/01/12 00:52:24 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/01/10 06:09:12 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/11/20 10:55:16 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2006/11/08 02:02:38 | 000,024,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\point32k.sys -- (Point32)
DRV - [2006/11/02 02:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Controlador de adaptador Intel(R)
DRV - [2006/10/18 04:56:30 | 000,010,216 | ---- | M] (Sony Corporation) [Kernel | System] -- C:\Windows\System32\drivers\DMICall.sys -- (DMICall)
DRV - [2006/10/10 12:33:00 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tosporte.sys -- (tosporte)
DRV - [2005/08/01 09:45:00 | 000,064,896 | ---- | M] (TOSHIBA Corporation) [Kernel | System] -- C:\Windows\System32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2005/01/06 06:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\tosrfnds.sys -- (tosrfnds)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.com


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Alex_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\Alex_ON_C\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\Alex_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\Alex_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Alex_ON_C\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\Alex_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Alex_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\Girls_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\Girls_ON_C\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\Girls_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-vaio.com
IE - HKU\Girls_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Girls_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Girls_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local




FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\System32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0:
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: C:\Program Files\Real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: C:\Program Files\Real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: C:\Program Files\Real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/10/27 16:01:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/01/08 05:40:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/25 06:44:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/25 18:51:22 | 000,000,000 | ---D | M]

[2012/03/05 15:48:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/04/03 02:25:32 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2012/03/05 15:48:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2011/08/06 03:56:57 | 000,000,000 | ---D | M] (Hide My IP) -- C:\Program Files\Mozilla Firefox\extensions\staff@hide-my-ip.com
[2012/02/25 06:44:44 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/03/05 15:48:09 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/02/12 05:45:06 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/01/19 14:49:20 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2011/11/29 15:18:30 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012/02/12 05:45:06 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/12 05:45:06 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/02/12 05:45:06 | 000,001,180 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/02/12 05:45:06 | 000,001,135 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2006/09/18 16:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AC-Pro) - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files\AutocompletePro\AutocompletePro.dll (SimplyGen)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Google BAE\BAE.dll (Your Company Name)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\Alex_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\Alex_ON_C\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\Girls_ON_C\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\Girls_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [COMODO] C:\Program Files\Comodo\COMODO GeekBuddy\CLPSLA.exe (COMODO)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [CPA] C:\Program Files\Comodo\COMODO GeekBuddy\VALA.exe (COMODO)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [nmapp] C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [TkBellExe] C:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [VAIOCameraUtility] C:\Program Files\Sony\VAIO Camera Utility\VCUServe.exe (Sony Corporation)
O4 - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe ()
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKU\Alex_ON_C..\Run: [Epson Stylus SX420W(Red)] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIGCE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\Alex_ON_C..\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe ()
O4 - HKU\Girls_ON_C..\Run: [EPSON Stylus SX600FW(Network)] File not found
O4 - HKU\Girls_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O7 - HKU\Alex_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Alex_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\Alex_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\Girls_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Girls_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\Girls_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll ()
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll ()
O9 - Extra Button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe ()
O9 - Extra 'Tools' menuitem : PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\HMIPCore.dll (My Privacy Tools, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\HMIPCore.dll (My Privacy Tools, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\HMIPCore.dll (My Privacy Tools, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\HMIPCore.dll (My Privacy Tools, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\HMIPCore.dll (My Privacy Tools, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\Windows\System32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\Windows\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{155a87f1-cc16-11dd-bdf9-0013a9c3ea85}\Shell\AutoRun\command - "" = F:\AutoPlay.exe -c
O33 - MountPoints2\{3c1fcb7d-7455-11dd-8a6c-0013a9c3ea85}\Shell - "" = AutoRun
O33 - MountPoints2\{3c1fcb7d-7455-11dd-8a6c-0013a9c3ea85}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{480ecf4e-7686-11dc-8dfa-001bfb199c1c}\Shell - "" = AutoRun
O33 - MountPoints2\{480ecf4e-7686-11dc-8dfa-001bfb199c1c}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{480ecf76-7686-11dc-8dfa-001bfb199c1c}\Shell - "" = AutoRun
O33 - MountPoints2\{480ecf76-7686-11dc-8dfa-001bfb199c1c}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{480ecf78-7686-11dc-8dfa-001bfb199c1c}\Shell - "" = AutoRun
O33 - MountPoints2\{480ecf78-7686-11dc-8dfa-001bfb199c1c}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{82e1f752-7a69-11dc-9867-001bfb199c1c}\Shell - "" = AutoRun
O33 - MountPoints2\{82e1f752-7a69-11dc-9867-001bfb199c1c}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{82e1f754-7a69-11dc-9867-001bfb199c1c}\Shell - "" = AutoRun
O33 - MountPoints2\{82e1f754-7a69-11dc-9867-001bfb199c1c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{c9623c6b-768c-11dc-b171-0013a9c3ea85}\Shell - "" = AutoRun
O33 - MountPoints2\{c9623c6b-768c-11dc-b171-0013a9c3ea85}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{ddee3c90-d388-11de-818f-0013a9c3ea85}\Shell - "" = AutoRun
O33 - MountPoints2\{ddee3c90-d388-11de-818f-0013a9c3ea85}\Shell\AutoRun\command - "" = I:\AutoRunCardDetector.exe
O33 - MountPoints2\{f23bfbe2-4b7a-11de-85fc-0013a9c3ea85}\Shell - "" = AutoRun
O33 - MountPoints2\{f23bfbe2-4b7a-11de-85fc-0013a9c3ea85}\Shell\AutoRun\command - "" = I:\AutoRunCardDetector.exe
O33 - MountPoints2\{f23bfc16-4b7a-11de-85fc-0013a9c3ea85}\Shell - "" = AutoRun
O33 - MountPoints2\{f23bfc16-4b7a-11de-85fc-0013a9c3ea85}\Shell\AutoRun\command - "" = F:\AutoRunCardDetector.exe
O33 - MountPoints2\{fdd9e0e7-abdc-11dd-b1f3-0013a9c3ea85}\Shell - "" = AutoRun
O33 - MountPoints2\{fdd9e0e7-abdc-11dd-b1f3-0013a9c3ea85}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/05 15:49:10 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/03/05 15:48:42 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012/03/05 15:48:42 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012/03/05 15:48:42 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012/03/04 18:59:05 | 000,000,000 | ---D | C] -- C:\Users\Alex\Desktop\GrantPerms
[2012/03/04 17:54:05 | 001,153,912 | ---- | C] (Emsi Software GmbH) -- C:\Users\Alex\Desktop\BlitzBlank.exe
[2012/03/04 16:25:45 | 000,584,704 | ---- | C] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
[2012/03/04 16:22:12 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{3D239792-0F71-43FA-8809-62816A5E7122}
[2012/03/03 20:04:30 | 000,000,000 | --SD | C] -- C:\ComboFix
[2012/03/03 15:52:57 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/03/03 15:52:57 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/03/03 15:52:57 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/03/02 22:24:38 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{31DF9AB9-D44C-4ED3-870B-C5104ABE273C}
[2012/03/02 21:48:16 | 000,083,968 | ---- | C] (Esage Lab) -- C:\Users\Alex\Desktop\boot_cleaner.exe
[2012/03/02 20:13:21 | 004,730,880 | ---- | C] (AVAST Software) -- C:\Users\Alex\Desktop\aswMBR.exe
[2012/03/02 15:10:37 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{60558CDE-BCC0-437D-B65C-0780B60BC7F4}
[2012/03/02 15:10:21 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{03DF3C14-8A86-4D50-831D-4AF9496068FB}
[2012/03/01 17:33:08 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Alex\Desktop\dds.scr
[2012/03/01 16:42:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/03/01 16:42:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/03/01 16:42:45 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/03/01 16:42:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/02/29 23:34:22 | 000,000,000 | ---D | C] -- C:\Program Files\Pure Networks
[2012/02/29 23:30:02 | 000,026,672 | ---- | C] (Cisco Systems, Inc.) -- C:\Windows\System32\drivers\pnarp.sys
[2012/02/29 23:26:47 | 000,027,696 | ---- | C] (Cisco Systems, Inc.) -- C:\Windows\System32\drivers\purendis.sys
[2012/02/29 23:20:25 | 000,679,904 | ---- | C] (Microsoft Corporation) -- C:\Users\Alex\Desktop\DPInst64.ex2
[2012/02/29 23:20:25 | 000,544,736 | ---- | C] (Microsoft Corporation) -- C:\Users\Alex\Desktop\dpinst.ex2
[2012/02/29 23:20:25 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Users\Alex\Desktop\msizap.ex2
[2012/02/29 17:22:24 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\ElevatedDiagnostics
[2012/02/29 17:18:26 | 000,000,000 | ---D | C] -- C:\MATS
[2012/02/29 16:47:00 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{F593320D-EEF6-43E0-AB98-49F8C2331379}
[2012/02/29 01:16:41 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{2ED913C6-D08D-4340-A84D-696886EFB76D}
[2012/02/29 01:16:39 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{5E093480-2754-40D4-8F6B-7C38230A89D7}
[2012/02/28 20:31:18 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/02/28 20:02:35 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{C8C65D31-2596-4BA9-B210-893FE5B9A2E5}
[2012/02/28 19:53:51 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/28 19:42:07 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{23AD7B5E-E160-4F30-972E-633037E6DAA9}
[2012/02/28 19:41:59 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{9E118399-76D7-4B01-A6E9-1AF55306457A}
[2012/02/28 19:41:01 | 000,000,000 | ---D | C] -- C:\ProgramData\CPA_VA
[2012/02/28 19:40:08 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\COMODO
[2012/02/28 19:32:15 | 004,426,040 | R--- | C] (Swearware) -- C:\Users\Alex\Desktop\ComboFix.exe
[2012/02/28 18:30:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo
[2012/02/28 18:29:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
[2012/02/28 18:29:34 | 000,000,000 | ---D | C] -- C:\Program Files\Comodo
[2012/02/28 18:29:25 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\gdiplus.dll
[2012/02/28 16:45:50 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{2DE96566-4A5C-45C3-A84B-9E65F6BECD59}
[2012/02/28 14:39:24 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012/02/28 07:58:33 | 000,000,000 | -HSD | C] -- C:\Users\Alex\AppData\Local\784db967
[2012/02/28 02:48:21 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{A954444E-9975-48CE-927C-68EC66877FDE}
[2012/02/28 02:48:01 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{FB506D39-0D68-4370-A4EE-0C103E9C6341}
[2012/02/27 01:50:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011
[2012/02/26 14:25:18 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{4FAFA812-F776-45FC-8672-D50D09663773}
[2012/02/26 14:24:58 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{59FFEBCF-7949-432D-8033-1987AB8A0177}
[2012/02/26 01:54:04 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Alex\Desktop\esetsmartinstaller_enu.exe
[2012/02/25 19:51:13 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
[2012/02/25 19:40:49 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{8141EBDD-C803-4730-ACF9-C39697BD4167}
[2012/02/25 19:01:52 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{88F79FF9-D064-4DF5-B911-1BFA9E3F5438}
[2012/02/25 19:01:42 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{D80E769F-FC79-4C6B-80F2-F9AFA48F8682}
[2012/02/25 18:32:08 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{6ADBBDF9-C208-4B8C-B778-23E8A8135C62}
[2012/02/25 18:31:37 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{C73A60B8-45A1-495A-90D7-E007758A540C}
[2012/02/25 17:42:45 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{66CC1A27-3490-41DC-B43F-95EC64E97836}
[2012/02/25 17:20:55 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{88D2767A-6FE7-45D8-8450-562039C2A909}
[2012/02/25 17:20:33 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{32AB2642-DB5E-4A62-8768-CB806D177981}
[2012/02/25 16:24:21 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{A0ED7053-E390-45E5-9009-495AA8C85C81}
[2012/02/25 16:24:02 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{C2E1EA9E-C816-4495-A2FF-80F06D6F9A6B}
[2012/02/25 12:45:03 | 000,173,456 | ---- | C] (Symantec Corporation) -- C:\Users\Alex\Desktop\FixVundo.exe
[2012/02/25 11:10:05 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{15AA8A03-7E69-4502-8346-BBBBE59E0B79}
[2012/02/25 11:09:30 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{6A9263FF-D1CE-47CF-930F-EAF61C9DBA44}
[2012/02/25 06:24:48 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{7D9B443E-E5F2-43D4-8324-0D9F45A71DA1}
[2012/02/25 06:16:25 | 000,000,000 | ---D | C] -- C:\Program Files\Linksys
[2012/02/25 06:06:33 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{6FEE4590-E53C-48BC-8A53-0B8D4EF97126}
[2012/02/25 05:36:20 | 000,076,184 | ---- | C] (WebEx Communications, Inc.) -- C:\Windows\System32\atsckernel.exe
[2012/02/25 05:36:11 | 000,020,376 | ---- | C] (WebEx Communications, Inc.) -- C:\Windows\System32\atashost.exe
[2012/02/25 05:35:42 | 000,000,000 | ---D | C] -- C:\ProgramData\webex
[2012/02/25 05:29:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Pure Networks Shared
[2012/02/25 05:28:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Pure Networks
[2012/02/25 05:25:53 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{D8AB69F3-A6D9-4595-A98B-64A33605A736}
[2012/02/23 01:13:49 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{B56E4FCC-84F8-4A5A-947D-5324C0688AF9}
[2012/02/23 01:13:38 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{5625D403-FE33-4996-826C-A2E4D0ED6F2A}
[2012/02/16 01:30:44 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/02/16 01:30:42 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2012/02/16 01:30:41 | 001,798,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/02/16 01:30:40 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/02/16 01:30:39 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/02/16 01:30:39 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/02/16 01:30:33 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/02/15 01:05:42 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{516E1273-AFCD-4AB3-BEE9-F8BF06457136}
[2012/02/15 00:42:14 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{FFAF98B4-ADD5-4BAF-B23B-6C4BFD6C4023}
[2012/02/14 16:22:01 | 002,044,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/02/13 16:21:54 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{B97D186F-F691-4998-AFA1-FD6F50D6AB94}
[2012/02/13 16:21:02 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{88FACDBD-5293-4E49-A585-E08F367125D8}
[2012/02/08 14:59:51 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{C57E4485-B618-47A2-9C86-3F6443FE0073}
[2012/02/07 12:09:06 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{BEA32A92-C12F-400E-B317-596FC82F0D1B}
[2012/02/07 12:08:21 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{77FED599-A32F-4B8E-B1D9-CB6800F79875}
[2012/02/07 07:37:20 | 000,000,000 | ---D | C] -- C:\Users\Alex\AppData\Local\{D766FBE8-130F-4E31-9024-7001C8381781}
[1997/12/28 16:17:02 | 000,017,920 | ---- | C] ( ) -- C:\Windows\System32\shelllnk.dll

========== Files - Modified Within 30 Days ==========
 
OTL.txt (Part 2 of 2)

[2012/03/06 12:56:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/06 12:56:50 | 000,004,080 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/06 12:56:50 | 000,004,080 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/06 12:56:41 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/03/06 12:36:00 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/05 16:20:05 | 000,001,084 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/05 15:48:09 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2012/03/05 15:48:09 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012/03/05 15:48:09 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012/03/05 15:48:09 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012/03/05 13:20:32 | 000,008,268 | ---- | M] () -- C:\Users\Alex\AppData\Local\d3d9caps.dat
[2012/03/04 18:56:36 | 000,450,985 | ---- | M] () -- C:\Users\Alex\Desktop\GrantPerms.zip
[2012/03/04 17:54:08 | 001,153,912 | ---- | M] (Emsi Software GmbH) -- C:\Users\Alex\Desktop\BlitzBlank.exe
[2012/03/04 16:25:58 | 000,584,704 | ---- | M] (OldTimer Tools) -- C:\Users\Alex\Desktop\OTL.exe
[2012/03/04 16:23:50 | 000,000,000 | ---- | M] () -- C:\Windows\tosOBEX.INI
[2012/03/03 15:49:14 | 004,426,040 | R--- | M] (Swearware) -- C:\Users\Alex\Desktop\ComboFix.exe
[2012/03/02 21:44:48 | 000,000,512 | ---- | M] () -- C:\Users\Alex\Desktop\MBR.dat
[2012/03/02 20:13:28 | 004,730,880 | ---- | M] (AVAST Software) -- C:\Users\Alex\Desktop\aswMBR.exe
[2012/03/02 01:02:05 | 000,354,280 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/03/01 17:33:10 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Alex\Desktop\dds.scr
[2012/03/01 16:50:09 | 000,302,592 | ---- | M] () -- C:\Users\Alex\Desktop\iqegc7xy.exe
[2012/03/01 16:42:49 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/03/01 16:42:49 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/29 23:35:07 | 000,001,940 | ---- | M] () -- C:\Users\Public\Desktop\Network Magic.lnk
[2012/02/29 23:35:06 | 000,001,938 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Network Magic.lnk
[2012/02/29 23:33:24 | 008,892,928 | ---- | M] () -- C:\ProgramData\atscie.msi
[2012/02/28 18:30:46 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk
[2012/02/28 18:30:45 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
[2012/02/28 18:30:01 | 000,001,033 | ---- | M] () -- C:\Users\Public\Desktop\COMODO GeekBuddy.lnk
[2012/02/28 18:29:37 | 000,000,903 | ---- | M] () -- C:\Users\Public\Desktop\Comodo Dragon.lnk
[2012/02/28 18:29:25 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\gdiplus.dll
[2012/02/28 15:26:06 | 000,000,000 | -HS- | M] () -- C:\Windows\System32\dds_log_trash.cmd
[2012/02/28 14:37:44 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/02/27 01:50:11 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC Tuneup 2011
[2012/02/26 01:54:18 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Alex\Desktop\esetsmartinstaller_enu.exe
[2012/02/25 21:00:02 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\RegInOut Scheduled Scan - Alex.job
[2012/02/25 18:54:29 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
[2012/02/25 17:44:46 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuoteWerks 4.0
[2012/02/25 16:55:25 | 000,731,210 | ---- | M] () -- C:\Windows\System32\perfh00A.dat
[2012/02/25 16:55:25 | 000,657,006 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/25 16:55:25 | 000,155,906 | ---- | M] () -- C:\Windows\System32\perfc00A.dat
[2012/02/25 16:55:25 | 000,131,020 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/25 16:32:19 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Escosol SD1
[2012/02/25 12:45:11 | 000,173,456 | ---- | M] (Symantec Corporation) -- C:\Users\Alex\Desktop\FixVundo.exe
[2012/02/25 10:33:39 | 000,009,472 | ---- | M] () -- C:\Users\Alex\Desktop\Wireless Security Settings.html
[2012/02/14 21:17:29 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

========== Files Created - No Company Name ==========

[2012/03/04 18:56:35 | 000,450,985 | ---- | C] () -- C:\Users\Alex\Desktop\GrantPerms.zip
[2012/03/04 16:23:50 | 000,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI
[2012/03/03 15:52:57 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/03/03 15:52:57 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/03/03 15:52:57 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/03/03 15:52:57 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/03/03 15:52:57 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/03/02 20:18:44 | 000,000,512 | ---- | C] () -- C:\Users\Alex\Desktop\MBR.dat
[2012/03/01 16:49:59 | 000,302,592 | ---- | C] () -- C:\Users\Alex\Desktop\iqegc7xy.exe
[2012/03/01 16:42:49 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/29 23:35:07 | 000,001,940 | ---- | C] () -- C:\Users\Public\Desktop\Network Magic.lnk
[2012/02/29 23:35:06 | 000,001,938 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Network Magic.lnk
[2012/02/29 23:20:25 | 000,007,637 | ---- | C] () -- C:\Users\Alex\Desktop\WiLstPrd.vbs
[2012/02/29 23:20:25 | 000,003,413 | ---- | C] () -- C:\Users\Alex\Desktop\Clean.cmd
[2012/02/28 18:30:46 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk
[2012/02/28 18:30:01 | 000,001,033 | ---- | C] () -- C:\Users\Public\Desktop\COMODO GeekBuddy.lnk
[2012/02/28 18:29:37 | 000,000,903 | ---- | C] () -- C:\Users\Public\Desktop\Comodo Dragon.lnk
[2012/02/28 14:34:57 | 000,000,000 | -HS- | C] () -- C:\Windows\System32\dds_log_trash.cmd
[2012/02/25 10:33:39 | 000,009,472 | ---- | C] () -- C:\Users\Alex\Desktop\Wireless Security Settings.html
[2012/02/25 05:33:59 | 008,892,928 | ---- | C] () -- C:\ProgramData\atscie.msi
[2011/08/07 14:36:39 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/08/07 14:36:39 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/05/26 08:54:23 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011/02/03 04:53:02 | 000,000,092 | ---- | C] () -- C:\Users\Alex\AppData\Local\fusioncache.dat
[2011/01/17 16:17:50 | 000,000,095 | ---- | C] () -- C:\Windows\ParrotFlashWiz.INI
[2010/10/30 04:49:32 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/04/02 00:28:28 | 000,000,282 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/04/01 05:26:49 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2010/04/01 04:50:49 | 000,000,256 | ---- | C] () -- C:\Windows\System32\pool.bin
[2009/11/25 06:40:50 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009/09/28 09:51:50 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/28 09:49:08 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 08:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 08:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2008/12/30 06:40:01 | 000,001,120 | ---- | C] () -- C:\Windows\System32\E_ADDNET.DAT
[2008/12/18 10:30:50 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2008/12/18 10:30:50 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2008/12/18 10:30:50 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2008/12/18 10:30:50 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2008/12/18 10:30:49 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2008/12/18 10:30:49 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2008/12/18 10:30:49 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2008/12/18 10:30:49 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2008/12/18 10:30:49 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2008/12/18 10:30:49 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2008/12/18 10:30:49 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2008/12/18 10:30:49 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2008/12/18 10:30:49 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2008/12/18 10:30:49 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2008/12/18 10:30:49 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2008/12/18 10:30:49 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2008/12/18 10:30:49 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2008/12/18 10:30:49 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2008/12/18 10:30:49 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2008/09/19 16:57:34 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/09/10 07:21:18 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/06/04 15:40:38 | 000,000,000 | ---- | C] () -- C:\Windows\PROTOCOL.INI
[2008/05/31 08:42:51 | 000,000,680 | ---- | C] () -- C:\Users\Girls\AppData\Local\d3d9caps.dat
[2008/05/31 08:42:36 | 000,038,093 | ---- | C] () -- C:\Users\Girls\AppData\Roaming\nvModes.001
[2008/05/31 08:42:35 | 000,035,935 | ---- | C] () -- C:\Users\Girls\AppData\Roaming\nvModes.dat
[2008/04/03 02:28:59 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/03/04 11:52:34 | 000,286,720 | ---- | C] () -- C:\Windows\System32\libcurl.dll
[2008/02/09 08:11:51 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008/01/27 04:46:47 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2007/10/31 02:39:54 | 000,059,904 | ---- | C] () -- C:\Windows\System32\zlib1.dll
[2007/10/15 03:22:34 | 000,065,536 | ---- | C] () -- C:\Windows\System32\ITeCCollectionModule.dll
[2007/10/15 03:22:31 | 000,061,440 | ---- | C] () -- C:\Windows\System32\imhost8.dll
[2007/10/15 03:22:29 | 000,028,672 | ---- | C] () -- C:\Windows\System32\Himajen.dll
[2007/10/08 10:15:11 | 000,137,728 | ---- | C] () -- C:\Users\Alex\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/10/03 07:21:13 | 000,000,520 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/10/02 11:42:23 | 000,008,268 | ---- | C] () -- C:\Users\Alex\AppData\Local\d3d9caps.dat
[2007/05/19 13:53:15 | 000,019,968 | ---- | C] () -- C:\Windows\System32\Cpuinf32.dll
[2007/05/19 13:51:25 | 000,532,480 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Sony.dll
[2007/05/17 06:58:10 | 000,143,360 | ---- | C] () -- C:\Windows\System32\libexpatw.dll
[2007/05/10 06:44:02 | 000,000,000 | ---- | C] () -- C:\Windows\VAIOUpdt.INI
[2006/12/05 06:05:06 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006/11/02 10:46:21 | 000,731,210 | ---- | C] () -- C:\Windows\System32\perfh00A.dat
[2006/11/02 10:46:21 | 000,336,930 | ---- | C] () -- C:\Windows\System32\perfi00A.dat
[2006/11/02 10:46:21 | 000,155,906 | ---- | C] () -- C:\Windows\System32\perfc00A.dat
[2006/11/02 10:46:21 | 000,040,258 | ---- | C] () -- C:\Windows\System32\perfd00A.dat
[2006/11/02 07:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:47:37 | 000,354,280 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 05:33:01 | 000,657,006 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,131,020 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005/07/22 14:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
[2003/12/09 19:29:02 | 000,180,224 | ---- | C] () -- C:\Windows\System32\CRAnalyzer.dll
[2003/01/07 08:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[2002/02/27 02:41:28 | 000,024,576 | ---- | C] () -- C:\Windows\System32\nsldappr32v50.dll
[2002/02/27 02:41:26 | 000,139,264 | ---- | C] () -- C:\Windows\System32\nsldap32v50.dll
[2002/02/27 02:41:26 | 000,040,960 | ---- | C] () -- C:\Windows\System32\nsldapssl32v50.dll

========== LOP Check ==========

[2008/05/31 08:43:41 | 000,000,000 | ---D | M] -- C:\Users\Girls\AppData\Roaming\Bytemobile
[2008/09/04 09:40:08 | 000,000,000 | ---D | M] -- C:\Users\Girls\AppData\Roaming\Vodafone
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2012/03/02 22:17:07 | 000,000,000 | ---D | M] -- C:\ProgramData\AVG2012
[2011/11/29 15:18:22 | 000,000,000 | ---D | M] -- C:\ProgramData\Babylon
[2011/06/02 12:14:53 | 000,000,000 | -H-D | M] -- C:\ProgramData\Common Files
[2012/02/28 20:55:16 | 000,000,000 | ---D | M] -- C:\ProgramData\CPA_VA
[2007/05/10 03:40:00 | 000,000,000 | -HSD | M] -- C:\ProgramData\Datos de programa
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2007/05/10 03:40:00 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documentos
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2007/10/09 03:32:41 | 000,000,000 | ---D | M] -- C:\ProgramData\EBP
[2008/10/21 11:18:52 | 000,000,000 | ---D | M] -- C:\ProgramData\eMule
[2012/02/25 18:55:01 | 000,000,000 | ---D | M] -- C:\ProgramData\EPSON
[2007/05/10 03:40:00 | 000,000,000 | -HSD | M] -- C:\ProgramData\Escritorio
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2007/05/10 03:40:00 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoritos
[2007/11/15 08:13:05 | 000,000,000 | ---D | M] -- C:\ProgramData\GoldMine
[2007/10/05 11:47:59 | 000,000,000 | ---D | M] -- C:\ProgramData\GoldMine2
[2007/05/10 03:40:00 | 000,000,000 | -HSD | M] -- C:\ProgramData\Menú Inicio
[2012/03/02 22:13:35 | 000,000,000 | ---D | M] -- C:\ProgramData\MFAData
[2010/03/05 05:48:04 | 000,000,000 | ---D | M] -- C:\ProgramData\PCSettings
[2007/05/10 03:40:00 | 000,000,000 | -HSD | M] -- C:\ProgramData\Plantillas
[2010/10/17 12:20:43 | 000,000,000 | ---D | M] -- C:\ProgramData\RapidSolution
[2011/07/10 17:37:44 | 000,000,000 | ---D | M] -- C:\ProgramData\RegInOut
[2011/06/21 12:01:09 | 000,000,000 | ---D | M] -- C:\ProgramData\Research In Motion
[2007/05/10 03:53:08 | 000,000,000 | ---D | M] -- C:\ProgramData\Sony
[2006/11/02 08:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2011/11/29 15:18:54 | 000,000,000 | ---D | M] -- C:\ProgramData\Tarma Installer
[2012/03/03 19:55:10 | 000,000,000 | ---D | M] -- C:\ProgramData\TEMP
[2006/11/02 08:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2011/02/03 04:48:13 | 000,000,000 | ---D | M] -- C:\ProgramData\Testo
[2011/03/10 11:28:16 | 000,000,000 | ---D | M] -- C:\ProgramData\UDL
[2009/05/28 06:23:25 | 000,000,000 | ---D | M] -- C:\ProgramData\Vodafone
[2012/02/25 05:35:55 | 000,000,000 | ---D | M] -- C:\ProgramData\webex
[2010/03/05 09:28:38 | 000,000,000 | ---D | M] -- C:\ProgramData\WindowsSearch
[2009/03/26 11:38:10 | 000,000,000 | ---D | M] -- C:\ProgramData\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/04/03 01:17:00 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2007/05/10 07:00:41 | 000,000,000 | ---D | M] -- C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}
[2009/09/12 05:44:11 | 000,000,000 | ---D | M] -- C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/25 05:49:09 | 000,000,000 | ---D | M] -- C:\ProgramData\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2012/02/25 21:00:02 | 000,000,330 | ---- | M] () -- C:\Windows\Tasks\RegInOut Scheduled Scan - Alex.job
[2012/03/06 12:56:43 | 000,032,548 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/12/14 21:30:00 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{8EA7B817-37CB-4FEB-8F53-5D1E274A1B58}.job

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: EXPLORER.EXE >
[2008/10/29 01:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 01:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 22:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2007/11/14 03:58:48 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2007/11/14 03:58:47 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 21:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 04:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 02:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: NETBT.SYS >
[2008/01/19 00:55:35 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=7C5FEE5B1C5728507CD96FB4A13E7A02 -- C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6001.18000_none_6064c861f7442765\netbt.sys
[2006/11/02 03:57:20 | 000,184,320 | ---- | M] (Microsoft Corporation) MD5=E3A168912E7EEFC3BD3B814720D68B41 -- C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6000.16386_none_5e2e0665fa591691\netbt.sys
[2012/03/04 18:17:49 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=ECD64230A59CBD93C85F1CD1CAB9F3F6 -- C:\Windows\System32\drivers\netbt.sys
[2012/03/04 18:17:49 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=ECD64230A59CBD93C85F1CD1CAB9F3F6 -- C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6002.18005_none_6250416df465f2b1\netbt.sys

< MD5 for: SVCHOST.EXE >
[2006/11/02 04:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008/01/19 02:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/19 02:33:32 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2012/01/13 08:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/19 02:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/19 02:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 04:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/01/13 08:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 01:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 04:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 02:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1
< End of report >
 
Do this on the computer you are posting from:
Copy the text in the codebox below:


Code:
:OTL
SRV - File not found [Auto] -- -- (symantecantibotfilter)
SRV - File not found [Auto] -- -- (symantecantibotdriver)
SRV - File not found [Auto] -- -- (Programador de LiveUpdate automático)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\Alex_ON_C\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\Girls_ON_C\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O33 - MountPoints2\{155a87f1-cc16-11dd-bdf9-0013a9c3ea85}\Shell\AutoRun\command - "" = F:\AutoPlay.exe -c
O33 - MountPoints2\{3c1fcb7d-7455-11dd-8a6c-0013a9c3ea85}\Shell - "" = AutoRun
O33 - MountPoints2\{3c1fcb7d-7455-11dd-8a6c-0013a9c3ea85}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{480ecf4e-7686-11dc-8dfa-001bfb199c1c}\Shell - "" = AutoRun
O33 - MountPoints2\{480ecf4e-7686-11dc-8dfa-001bfb199c1c}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{480ecf76-7686-11dc-8dfa-001bfb199c1c}\Shell - "" = AutoRun
O33 - MountPoints2\{480ecf76-7686-11dc-8dfa-001bfb199c1c}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{480ecf78-7686-11dc-8dfa-001bfb199c1c}\Shell - "" = AutoRun
O33 - MountPoints2\{480ecf78-7686-11dc-8dfa-001bfb199c1c}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{82e1f752-7a69-11dc-9867-001bfb199c1c}\Shell - "" = AutoRun
O33 - MountPoints2\{82e1f752-7a69-11dc-9867-001bfb199c1c}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{82e1f754-7a69-11dc-9867-001bfb199c1c}\Shell - "" = AutoRun
O33 - MountPoints2\{82e1f754-7a69-11dc-9867-001bfb199c1c}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{c9623c6b-768c-11dc-b171-0013a9c3ea85}\Shell - "" = AutoRun
O33 - MountPoints2\{c9623c6b-768c-11dc-b171-0013a9c3ea85}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{ddee3c90-d388-11de-818f-0013a9c3ea85}\Shell - "" = AutoRun
O33 - MountPoints2\{ddee3c90-d388-11de-818f-0013a9c3ea85}\Shell\AutoRun\command - "" = I:\AutoRunCardDetector.exe
O33 - MountPoints2\{f23bfbe2-4b7a-11de-85fc-0013a9c3ea85}\Shell - "" = AutoRun
O33 - MountPoints2\{f23bfbe2-4b7a-11de-85fc-0013a9c3ea85}\Shell\AutoRun\command - "" = I:\AutoRunCardDetector.exe
O33 - MountPoints2\{f23bfc16-4b7a-11de-85fc-0013a9c3ea85}\Shell - "" = AutoRun
O33 - MountPoints2\{f23bfc16-4b7a-11de-85fc-0013a9c3ea85}\Shell\AutoRun\command - "" = F:\AutoRunCardDetector.exe
O33 - MountPoints2\{fdd9e0e7-abdc-11dd-b1f3-0013a9c3ea85}\Shell - "" = AutoRun
O33 - MountPoints2\{fdd9e0e7-abdc-11dd-b1f3-0013a9c3ea85}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\Autorun.exe
[2012/02/28 14:34:57 | 000,000,000 | -HS- | C] () -- C:\Windows\System32\dds_log_trash.cmd
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:0B4227B4
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1

:Services

:Reg

:Files
C:\Program Files\Ask.com
C:\Windows\System32\drivers\netbt.sys|C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6001.18000_none_6064c861f7442765\netbt.sys /replace

:Commands
[purity]

Open Notepad and paste it.
Save the document as Fix.txt on to a USB flash drive


On the infected computer the following...

Run OTLPE

  • Insert USB stick and find the file Fix.txt. Drag the file Fix.txt and drop it under the Custom Scans/Fixes box at the bottom.
    • (The content of Fix.txt should appear in the box)
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the log produced (you'll need to transfer it with USB stick)
  • Remove the CD and shut down computer manually.
  • Attempt to reboot normally into Windows.

If it boots fine, delete your Combofix file, download fresh one and try to run it again.
 
03072012?072245.log

I actually have internet connection on the infected computer.

I had to power off to reboot and then ran Fix again.... The result is>


========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\symantecantibotfilter deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\symantecantibotdriver deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Programador de LiveUpdate automático deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_USERS\Alex_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_USERS\Girls_ON_C\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully.
File C:\Program Files\Ask.com\Updater\Updater.exe not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_USERS\Alex_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_USERS\Girls_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_USERS\LocalService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_USERS\NetworkService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_USERS\systemprofile_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
C:\ProgramData\webex\ieatgpc.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
Registry key HKEY_USERS\Alex_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
Registry key HKEY_USERS\Girls_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
Registry key HKEY_USERS\LocalService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
Registry key HKEY_USERS\NetworkService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
Registry key HKEY_USERS\systemprofile_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E06E2E99-0AA1-11D4-ABA6-0060082AA75C}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{155a87f1-cc16-11dd-bdf9-0013a9c3ea85}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{155a87f1-cc16-11dd-bdf9-0013a9c3ea85}\ not found.
File F:\AutoPlay.exe -c not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3c1fcb7d-7455-11dd-8a6c-0013a9c3ea85}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3c1fcb7d-7455-11dd-8a6c-0013a9c3ea85}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3c1fcb7d-7455-11dd-8a6c-0013a9c3ea85}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3c1fcb7d-7455-11dd-8a6c-0013a9c3ea85}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{480ecf4e-7686-11dc-8dfa-001bfb199c1c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{480ecf4e-7686-11dc-8dfa-001bfb199c1c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{480ecf4e-7686-11dc-8dfa-001bfb199c1c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{480ecf4e-7686-11dc-8dfa-001bfb199c1c}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{480ecf76-7686-11dc-8dfa-001bfb199c1c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{480ecf76-7686-11dc-8dfa-001bfb199c1c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{480ecf76-7686-11dc-8dfa-001bfb199c1c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{480ecf76-7686-11dc-8dfa-001bfb199c1c}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{480ecf78-7686-11dc-8dfa-001bfb199c1c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{480ecf78-7686-11dc-8dfa-001bfb199c1c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{480ecf78-7686-11dc-8dfa-001bfb199c1c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{480ecf78-7686-11dc-8dfa-001bfb199c1c}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{82e1f752-7a69-11dc-9867-001bfb199c1c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82e1f752-7a69-11dc-9867-001bfb199c1c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{82e1f752-7a69-11dc-9867-001bfb199c1c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82e1f752-7a69-11dc-9867-001bfb199c1c}\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{82e1f754-7a69-11dc-9867-001bfb199c1c}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82e1f754-7a69-11dc-9867-001bfb199c1c}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{82e1f754-7a69-11dc-9867-001bfb199c1c}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{82e1f754-7a69-11dc-9867-001bfb199c1c}\ not found.
File H:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c9623c6b-768c-11dc-b171-0013a9c3ea85}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c9623c6b-768c-11dc-b171-0013a9c3ea85}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c9623c6b-768c-11dc-b171-0013a9c3ea85}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c9623c6b-768c-11dc-b171-0013a9c3ea85}\ not found.
File H:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ddee3c90-d388-11de-818f-0013a9c3ea85}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ddee3c90-d388-11de-818f-0013a9c3ea85}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ddee3c90-d388-11de-818f-0013a9c3ea85}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ddee3c90-d388-11de-818f-0013a9c3ea85}\ not found.
File I:\AutoRunCardDetector.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f23bfbe2-4b7a-11de-85fc-0013a9c3ea85}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f23bfbe2-4b7a-11de-85fc-0013a9c3ea85}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f23bfbe2-4b7a-11de-85fc-0013a9c3ea85}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f23bfbe2-4b7a-11de-85fc-0013a9c3ea85}\ not found.
File I:\AutoRunCardDetector.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f23bfc16-4b7a-11de-85fc-0013a9c3ea85}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f23bfc16-4b7a-11de-85fc-0013a9c3ea85}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f23bfc16-4b7a-11de-85fc-0013a9c3ea85}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f23bfc16-4b7a-11de-85fc-0013a9c3ea85}\ not found.
File F:\AutoRunCardDetector.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fdd9e0e7-abdc-11dd-b1f3-0013a9c3ea85}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fdd9e0e7-abdc-11dd-b1f3-0013a9c3ea85}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{fdd9e0e7-abdc-11dd-b1f3-0013a9c3ea85}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fdd9e0e7-abdc-11dd-b1f3-0013a9c3ea85}\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\G\ not found.
File G:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ deleted successfully.
File H:\Autorun.exe not found.
File C:\Windows\System32\dds_log_trash.cmd not found.
Unable to delete ADS C:\ProgramData\TEMP:0B4227B4 .
Unable to delete ADS C:\ProgramData\TEMP:D1B5B4F1 .
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File\Folder C:\Program Files\Ask.com not found.
File C:\Windows\System32\drivers\netbt.sys successfully replaced with C:\Windows\winsxs\x86_microsoft-windows-netbt_31bf3856ad364e35_6.0.6001.18000_none_6064c861f7442765\netbt.sys
========== COMMANDS ==========

OTLPE by OldTimer - Version 3.1.48.0 log created on 03072012_072245
 
Hi Broni,

After removing the CD I had trouble first in shutting down - it just hung, so I powered off - then on rebooting it said it couldn't restart & did I want to start normally or repair (recommended). I went for the repair, which failed until I was given the option to close and finish. On restart I opted for normal & it's started up.

I'll uninstall, reinstall and run ComboFix, as you requested, and see if it makes any difference, but it seems to be the same as before.... Fingers crossed!
 
Well one hour on I'm back at the AutoScan screen telling me that it typically takes 10 mins, etc. previous experience doesn't make me very optimistic - we did a couple of overnight ComboFix scans a few days ago.

Do I let it run again?
 
Back