Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Spyware slows connections? [Solved]


  • This topic is locked This topic is locked

#1
Abraxas_segundo

Abraxas_segundo

    Member

  • Member
  • PipPip
  • 25 posts
For an unknowing reason to me, call it destiny or however you like, as i try to revive one computer another one sort of slowly breaks....(loose term) This incident shortly occur after I had install some drivers for an audio interface (fast track ultra 8r).
The computer register that it is transferring data at 100mb/s but when one tries to download a file no bigger than 15 megabytes it takes close to 20 minutes. Youtube videos (~3 min) a whooping 20 min wait. Interestingly when not connected to the internet, say a flash drive or the MY book live device (which is a network connection outside of the internet) it takes close to a day to transfer any information bigger than 1gb. Any help would be greatly appreciated!

Ps. I should mention that the computer has a Dual booting (windows 7 eternity and Ubuntu 11.10) and on both systems the same problem persists.



OTL logfile created on: 4/5/2013 10:11:29 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = E:\
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 1.69 Gb Available Physical Memory | 44.96% Memory free
7.49 Gb Paging File | 5.04 Gb Available in Paging File | 67.23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 139.83 Gb Total Space | 17.34 Gb Free Space | 12.40% Space Free | Partition Type: NTFS
Drive D: | 22.54 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 29.47 Gb Total Space | 29.37 Gb Free Space | 99.67% Space Free | Partition Type: NTFS

Computer Name: REXMOVIL | User Name: Abraxas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - E:\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe (Systweak)
PRC - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Windows\PLFSetI.exe ()
PRC - C:\Program Files (x86)\RocketDock\RocketDock.exe ()


========== Modules (No Company Name) ==========

MOD - C:\Users\Abraxas\AppData\Local\Google\Chrome\Application\26.0.1410.43\ppgooglenaclpluginchrome.dll ()
MOD - C:\Users\Abraxas\AppData\Local\Google\Chrome\Application\26.0.1410.43\PepperFlash\pepflashplayer.dll ()
MOD - C:\Users\Abraxas\AppData\Local\Google\Chrome\Application\26.0.1410.43\pdf.dll ()
MOD - C:\Users\Abraxas\AppData\Local\Google\Chrome\Application\26.0.1410.43\libglesv2.dll ()
MOD - C:\Users\Abraxas\AppData\Local\Google\Chrome\Application\26.0.1410.43\libegl.dll ()
MOD - C:\Users\Abraxas\AppData\Local\Google\Chrome\Application\26.0.1410.43\ffmpegsumo.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\bfceac53dda4bf7ba2f5020573f80163\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\9e64c6dea847aec2685eec4da29ea9b0\System.Web.Services.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a00aab40bdf5aed84b4d4294965cf20d\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\05682429807d34d6ff05a77ea153935f\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\4c8c952cbbe927ed4f7889489037b6cd\System.Deployment.ni.dll ()
MOD - C:\Program Files (x86)\Advanced System Protector\aspsys.dll ()
MOD - c:\Program Files (x86)\BrowseToSave\sprotector.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\ee4683cbfd60ee35d95e2e6d32fc3981\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\24ab5f14e55ae0dec23141f6e59a577c\CustomMarshalers.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\7d3a95d2123d5a7982a451f1319fab8d\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\2b54822a40e9b08479a79cce0e196af1\System.EnterpriseServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\00038bb019bb7e4470d3962b58b1926f\System.Transactions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\d0dd051976a66e08325379754531421c\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e2ee5d77ebe0bd025e7a7a317a43d677\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\10aba2c167cc1119b80159fd9ac71ca8\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\8b5eb81362a896af2c70f97502f42013\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c54750e64ba10d0fb7b6a636fb3695ca\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b0b8554c05f194f546a8ed531320760b\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Advanced System Protector\System.Data.SQLite.dll ()
MOD - C:\Program Files (x86)\Advanced System Protector\unrar.dll ()
MOD - C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll ()
MOD - C:\Windows\PLFSetI.exe ()
MOD - C:\Program Files (x86)\RocketDock\RocketDock.exe ()
MOD - C:\Program Files (x86)\RocketDock\RocketDock.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe (Symantec Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (ccSet_NIS) -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\ccsetx64.sys (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symefa64.sys (Symantec Corporation)
DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symnets.sys (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\ironx64.sys (Symantec Corporation)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symds64.sys (Symantec Corporation)
DRV:64bit: - (MADFUFTU8R) -- C:\Windows\SysNative\drivers\MAudioFastTrackUltra8R_DFU.sys (M-Audio)
DRV:64bit: - (MAUSBFASTTRACKULTRA8R) -- C:\Windows\SysNative\drivers\MAudioFastTrackUltra8R.sys (Avid Technology, Inc.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (BthAvrcp) -- C:\Windows\SysNative\drivers\BthAvrcp.sys (CSR, plc)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20120308.033\ex64.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\VirusDefs\20120308.033\eng64.sys (Symantec Corporation)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\BASHDefs\20120302.001\BHDrvx64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\Definitions\IPSDefs\20120308.001\IDSviA64.sys (Symantec Corporation)
DRV - (RSUSBSTOR) -- C:\Windows\SysWOW64\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC






IE - HKU\S-1-5-21-3305577433-1694978229-1536385376-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://prodigy.msn.c...opt=0&ocid=iehp
IE - HKU\S-1-5-21-3305577433-1694978229-1536385376-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-3305577433-1694978229-1536385376-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 67 07 85 33 BE F4 CD 01 [binary data]
IE - HKU\S-1-5-21-3305577433-1694978229-1536385376-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3305577433-1694978229-1536385376-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-3305577433-1694978229-1536385376-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Abraxas\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Abraxas\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012/11/19 22:16:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/01/16 12:44:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\IPSFFPlgn\ [2012/02/14 12:17:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.0.0.128\coFFPlgn\ [2013/04/05 17:07:32 | 000,000,000 | ---D | M]

[2013/01/12 13:29:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Abraxas\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions
[2013/01/12 13:29:12 | 000,216,743 | ---- | M] () (No name found) -- C:\Users\Abraxas\AppData\Roaming\Mozilla\Firefox\Profiles\0\extensions\[email protected]

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - Extension: No name found = C:\Users\Abraxas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: No name found = C:\Users\Abraxas\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnpbcigiogckkplipghdgmjjfpaalaki\1\
CHR - Extension: No name found = C:\Users\Abraxas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Abraxas\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.11.8_0\
CHR - Extension: No name found = C:\Users\Abraxas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: No name found = C:\Users\Abraxas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2009/06/10 15:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (BrouwsEe2save) - {530C8C7D-CB76-6B8C-19D4-C548B7CC8A6E} - C:\ProgramData\BrouwsEe2save\515f511c3805b.dll ()
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-3305577433-1694978229-1536385376-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\SysNative\M-AudioTaskBarIcon.exe (Avid Technology, Inc.)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\.DEFAULT..\Run: [Welcome Center] C:\Windows\SysWow64\OobeFldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [Welcome Center] C:\Windows\SysWow64\OobeFldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKU\S-1-5-21-3305577433-1694978229-1536385376-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5880C79A-B9D9-40D1-8B88-BE2639341C0F}: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (c:\progra~2\browse~1\sprote~1.dll) - c:\Program Files (x86)\BrowseToSave\sprotector.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/03/24 16:47:17 | 000,000,000 | ---D | M] - D:\AutoPlay -- [ CDFS ]
O32 - AutoRun File - [2011/03/24 16:39:33 | 000,000,057 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{1f875e26-f9a5-11e0-bb4a-00262d83cdeb}\Shell - "" = AutoRun
O33 - MountPoints2\{1f875e26-f9a5-11e0-bb4a-00262d83cdeb}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{b57a975a-fa2f-11e0-8d47-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{b57a975a-fa2f-11e0-8d47-806e6f6e6963}\Shell\AutoRun\command - "" = D:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/04/05 18:21:36 | 000,000,000 | ---D | C] -- C:\Users\Abraxas\Documents\A-rex
[2013/04/05 18:17:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector
[2013/04/05 18:17:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Systweak
[2013/04/05 18:17:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Advanced System Protector
[2013/04/05 18:11:46 | 000,000,000 | ---D | C] -- C:\Users\Abraxas\AppData\Roaming\Systweak
[2013/04/05 18:11:45 | 000,020,488 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\SysNative\roboot64.exe
[2013/04/05 18:11:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
[2013/04/05 18:11:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RegClean Pro
[2013/04/05 18:02:43 | 000,000,000 | ---D | C] -- C:\ProgramData\SoftSafe
[2013/04/05 18:02:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BrowseToSave
[2013/04/05 17:59:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BrouwsEe2save
[2013/04/05 17:59:06 | 000,000,000 | ---D | C] -- C:\ProgramData\BrouwsEe2save
[2013/04/05 17:56:19 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2013/04/05 17:22:06 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2013/04/05 16:47:22 | 000,000,000 | ---D | C] -- C:\Users\Abraxas\AppData\Local\{0084BA41-E125-4342-89CE-AE8D9E6B2268}
[2013/04/04 23:03:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\M-Audio
[2013/04/04 23:01:25 | 000,000,000 | ---D | C] -- C:\Program Files\M-Audio
[2013/04/04 22:59:30 | 000,000,000 | ---D | C] -- C:\ProgramData\AVID
[2013/04/04 13:06:04 | 000,000,000 | ---D | C] -- C:\Users\Abraxas\AppData\Local\{E4971260-54AD-4E80-B160-EF846DFE3C07}
[2013/03/20 16:24:33 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2013/03/18 16:37:04 | 000,000,000 | ---D | C] -- C:\Users\Abraxas\AppData\Local\{0379E575-8F88-4D9F-807C-D9773DA563CA}
[2013/03/13 23:06:13 | 000,000,000 | ---D | C] -- C:\Users\Abraxas\AppData\Local\{13D24C4B-F982-4088-A0D3-515EB65EF25A}
[2013/03/13 03:04:41 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/03/13 03:04:41 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/03/13 03:04:40 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/03/13 03:04:39 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/03/13 03:04:39 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/03/13 03:04:39 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/03/13 03:04:39 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/03/13 03:04:39 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/03/13 03:04:38 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/03/13 03:04:38 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/03/13 03:04:37 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/03/13 03:04:37 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/03/13 03:04:35 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/03/13 03:04:35 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/03/13 03:04:35 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/03/13 03:04:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013/03/13 03:02:34 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013/03/13 03:02:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013/03/11 23:42:21 | 000,000,000 | ---D | C] -- C:\Users\Abraxas\AppData\Local\{4DC826F4-5B2E-4EA6-9F37-4FCF0D9AC3D6}
[2013/03/10 15:42:26 | 000,000,000 | ---D | C] -- C:\Users\Abraxas\AppData\Local\{3B7DA331-A68D-48DC-B01A-A9C9156E8E30}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/04/05 22:04:00 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3305577433-1694978229-1536385376-1000UA.job
[2013/04/05 22:04:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3305577433-1694978229-1536385376-1000Core.job
[2013/04/05 18:17:29 | 000,001,205 | ---- | M] () -- C:\Users\Public\Desktop\Advanced System Protector.lnk
[2013/04/05 18:11:55 | 000,000,280 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_DEFAULT.job
[2013/04/05 18:11:51 | 000,000,288 | ---- | M] () -- C:\Windows\tasks\RegClean Pro_UPDATES.job
[2013/04/05 18:11:44 | 000,001,054 | ---- | M] () -- C:\Users\Public\Desktop\RegClean Pro.lnk
[2013/04/05 17:12:02 | 000,017,360 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/05 17:12:02 | 000,017,360 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/05 17:04:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/05 17:04:39 | 3018,608,640 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/05 16:50:51 | 000,730,448 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/04/05 16:50:51 | 000,627,316 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/04/05 16:50:51 | 000,107,600 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/04/04 22:25:04 | 000,002,380 | ---- | M] () -- C:\Users\Abraxas\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/04/04 22:25:04 | 000,002,378 | ---- | M] () -- C:\Users\Abraxas\Desktop\Google Chrome.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/04/05 18:17:29 | 000,001,205 | ---- | C] () -- C:\Users\Public\Desktop\Advanced System Protector.lnk
[2013/04/05 18:17:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysNative\sasnative64.exe
[2013/04/05 18:11:55 | 000,000,280 | ---- | C] () -- C:\Windows\tasks\RegClean Pro_DEFAULT.job
[2013/04/05 18:11:51 | 000,000,288 | ---- | C] () -- C:\Windows\tasks\RegClean Pro_UPDATES.job
[2013/04/05 18:11:44 | 000,001,054 | ---- | C] () -- C:\Users\Public\Desktop\RegClean Pro.lnk
[2013/04/04 22:25:04 | 000,002,380 | ---- | C] () -- C:\Users\Abraxas\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/02/24 17:11:55 | 000,743,534 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/01/03 00:22:51 | 000,000,336 | ---- | C] () -- C:\Windows\game.ini
[2011/10/19 08:53:20 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2011/10/19 03:06:55 | 000,206,208 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2011/10/19 03:06:55 | 000,000,302 | ---- | C] () -- C:\Windows\PidList_C.ini
[2011/10/19 02:52:56 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/10/19 02:48:58 | 000,000,481 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat

========== ZeroAccess Check ==========

[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 19:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
  • 0

Advertisements


#2
crooleeck

crooleeck

    Member

  • Member
  • PipPipPip
  • 882 posts
Hi Abraxas_segundo and welcome at GeekstoGo!

I'm crooleeck and I'll try to help you. But first please notice that I'm not limitless, I'm not familiar with all software, I don't know everything. However, it has taken me years to learn what I know. I would be glad to help you.

Fight against malware is NOT instantaneous, most infections require several courses of action to completely eradicate. It's also time-consuming, so be patient! We all like to know final result, so if you have since resolved the issues you were originally experiencing, or have received help elsewhere, please post.

Note:
  • Please watch this topic.
  • Do exactly - step by step - what I wish for. Don't be afraid! If there's anything you don't understand, stop and ask!
  • Please don't run unsupervised tools or fix on your own without my direction - it can be dangerous.
  • You must reply within 3 days or your topic will be closed

Please be patient with me as I am currently in training, and all of my responses to you have to be reviewed by my instructor before I post them. Just keep in mind that you get the advantage as you have 2 people examining your issue.

I see at least two infection here. But malware is active only in Windows. If you have troubles in Ubuntu too, it's definitely not malware related.

Step 1:
  • Download GMER to your desktop.
  • Run randomly named exe file
    Posted Image
  • Wait to finish pre-scan. If any rootkit activity has been detected:
    Posted Image
  • Click No
  • Then press Copy button, open notepad, paste and save as pregmer.txt on your desktop. Don't try to fix it. They may be false positives! Do full scan.
  • Unselect Quick scan.
  • Select C:\
    Posted Image
  • Note: If your system partition is not C, select right partition.
  • Press Scan button.
  • This scan may take long, be patient and wait for finish:
    Posted Image
  • Then press Copy button, open notepad, paste and save as gmer.txt on your desktop.
  • Post all gmer logs.

Step 2:
Please open in notepad E:\Extras.txt file. Copy (Edit->Select All, Edit->Copy) the content and paste into your reply.

Posted Image

Step 3:
Manually navigate and delete folowing files:
E:\OTL.exe
E:\OTL.txt
E:\Extras.txt

Then download OTL to your Desktop.

In your next post I want to see:
  • Log from Extras.txt
  • All GMER logs.

  • 0

#3
Abraxas_segundo

Abraxas_segundo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
PREGMER.TXT

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-04-06 09:53:00
Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\00000060 Hitachi_ rev.PB4O 465.76GB
Running: qx6e20if.exe; Driver: C:\Users\Abraxas\AppData\Local\Temp\uxlirpoc.sys


---- Disk sectors - GMER 2.1 ----

Disk \Device\Harddisk0\DR0 unknown MBR code

---- Threads - GMER 2.1 ----

Thread C:\Windows\system32\svchost.exe [1184:1676] 000007fef991f978
Thread C:\Windows\system32\svchost.exe [1184:2252] 000007fef9765124
Thread C:\Windows\system32\svchost.exe [1184:4324] 000007fefabd3260
Thread C:\Windows\system32\svchost.exe [1184:1248] 000007fefabd3aac
Thread C:\Windows\system32\svchost.exe [1184:1500] 000007fefabd3864
Thread C:\Windows\system32\svchost.exe [1184:1276] 000007fefabd46d0
Thread C:\Windows\system32\svchost.exe [1184:5984] 000007fefabd3980
Thread C:\Windows\System32\spoolsv.exe [1372:2448] 000007fef79310c8
Thread C:\Windows\System32\spoolsv.exe [1372:2492] 000007fef7866144
Thread C:\Windows\System32\spoolsv.exe [1372:2500] 000007fef7575fd0
Thread C:\Windows\System32\spoolsv.exe [1372:2504] 000007fef7243438
Thread C:\Windows\System32\spoolsv.exe [1372:2508] 000007fef75763ec
Thread C:\Windows\system32\taskhost.exe [2340:2600] 000007fefb171010
Thread C:\Program Files\Windows Sidebar\sidebar.exe [2752:3056] 000000006fe721f0
Thread C:\Program Files\Windows Sidebar\sidebar.exe [2752:2068] 000007fefb2f1ebc
Thread C:\Program Files\Windows Sidebar\sidebar.exe [2752:2268] 0000000073304d7c
Thread C:\Program Files\Windows Sidebar\sidebar.exe [2752:2280] 0000000073304d7c
Thread C:\Program Files\Windows Sidebar\sidebar.exe [2752:2284] 0000000073304d7c
Thread C:\Program Files\Windows Sidebar\sidebar.exe [2752:2288] 0000000073304d7c
Thread C:\Program Files\Windows Sidebar\sidebar.exe [2752:2960] 000007fef2512264
Thread C:\Program Files\Windows Sidebar\sidebar.exe [2752:2220] 000007fef250d73c
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [1232:3392] 000007fefb9b2a88
---- Processes - GMER 2.1 ----

Library E:\OTL.exe (*** suspicious ***) @ E:\OTL.exe [940] 0000000000400000

---- EOF - GMER 2.1 ----
  • 0

#4
Abraxas_segundo

Abraxas_segundo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-04-06 10:49:40
Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\00000061 Hitachi_ rev.PB4O 465.76GB
Running: qx6e20if.exe; Driver: C:\Users\Abraxas\AppData\Local\Temp\uxlirpoc.sys


---- User code sections - GMER 2.1 ----

.text C:\Windows\PLFSetI.exe[2700] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000749c1465 2 bytes [9C, 74]
.text C:\Windows\PLFSetI.exe[2700] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000749c14bb 2 bytes [9C, 74]
.text ... * 2
.text C:\Program Files (x86)\RocketDock\RocketDock.exe[2760] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000749c1465 2 bytes [9C, 74]
.text C:\Program Files (x86)\RocketDock\RocketDock.exe[2760] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000749c14bb 2 bytes [9C, 74]
.text ... * 2
.text C:\Program Files (x86)\Launch Manager\LManager.exe[3056] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000749c1465 2 bytes [9C, 74]
.text C:\Program Files (x86)\Launch Manager\LManager.exe[3056] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000749c14bb 2 bytes [9C, 74]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[980] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000749c1465 2 bytes [9C, 74]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[980] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000749c14bb 2 bytes [9C, 74]
.text ... * 2
.text C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[3140] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000749c1465 2 bytes [9C, 74]
.text C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe[3140] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000749c14bb 2 bytes [9C, 74]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3148] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000749c1465 2 bytes [9C, 74]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3148] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000749c14bb 2 bytes [9C, 74]
.text ... * 2
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3156] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000749c1465 2 bytes [9C, 74]
.text C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe[3156] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000749c14bb 2 bytes [9C, 74]
.text ... * 2
.text C:\Users\Abraxas\Desktop\qx6e20if.exe[3224] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000749c1465 2 bytes [9C, 74]
.text C:\Users\Abraxas\Desktop\qx6e20if.exe[3224] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000749c14bb 2 bytes [9C, 74]
.text ... * 2

---- User IAT/EAT - GMER 2.1 ----

IAT C:\Windows\system32\svchost.exe[952] @ C:\Windows\system32\qmgrprxy.dll[msvcrt.dll!memset] [0]
IAT C:\Windows\system32\svchost.exe[952] @ C:\Windows\system32\qmgrprxy.dll[msvcrt.dll!__CxxFrameHandler3] [0]
IAT C:\Windows\system32\svchost.exe[952] @ C:\Windows\system32\qmgrprxy.dll[msvcrt.dll![email protected]@[email protected]] [0]
IAT C:\Windows\system32\svchost.exe[952] @ C:\Windows\system32\qmgrprxy.dll[msvcrt.dll!free] [0]
IAT C:\Windows\system32\svchost.exe[952] @ C:\Windows\system32\qmgrprxy.dll[msvcrt.dll!_initterm] [0]
IAT C:\Windows\system32\svchost.exe[952] @ C:\Windows\system32\qmgrprxy.dll[msvcrt.dll!malloc] [4a5bc17400000000]
IAT C:\Windows\system32\svchost.exe[952] @ C:\Windows\system32\qmgrprxy.dll[msvcrt.dll!_XcptFilter] [200000000]
IAT C:\Windows\system32\svchost.exe[952] @ C:\Windows\system32\qmgrprxy.dll[msvcrt.dll!_CxxThrowException] [1c2400000025]
IAT C:\Windows\system32\svchost.exe[952] @ C:\Windows\system32\qmgrprxy.dll[ntdll.dll!RtlLookupFunctionEntry] [0]
IAT C:\Windows\system32\svchost.exe[952] @ C:\Windows\system32\qmgrprxy.dll[RPCRT4.dll!CStdStubBuffer_IsIIDSupported] [0]

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00025b00abf7
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\[email protected] 0xA2 0x80 0xC2 0xDA ...
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{5880C79A-B9D9-40D1-8B88-BE2639341C0F}@LeaseObtainedTime 1365265020
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{5880C79A-B9D9-40D1-8B88-BE2639341C0F}@T1 1365265080
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{5880C79A-B9D9-40D1-8B88-BE2639341C0F}@T2 1365340620
Reg HKLM\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Interfaces\{5880C79A-B9D9-40D1-8B88-BE2639341C0F}@LeaseTerminatesTime 1365351420
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00025b00abf7 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\[email protected] 0xA2 0x80 0xC2 0xDA ...

---- Disk sectors - GMER 2.1 ----

Disk \Device\Harddisk0\DR0 unknown MBR code

---- EOF - GMER 2.1 ----
  • 0

#5
Abraxas_segundo

Abraxas_segundo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
Otl was on a flash drive so the extras should be there on not on my computer. Also, all of the sudden all my usb ports stop working, so what should i do? Reset the computer in the hopes of the ports to function? download otl anyways?
  • 0

#6
Abraxas_segundo

Abraxas_segundo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
So i was able to use another computer to retrieve the files from the usb.

EXTRAS

OTL Extras logfile created on: 4/5/2013 10:11:29 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = E:\
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.75 Gb Total Physical Memory | 1.69 Gb Available Physical Memory | 44.96% Memory free
7.49 Gb Paging File | 5.04 Gb Available in Paging File | 67.23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 139.83 Gb Total Space | 17.34 Gb Free Space | 12.40% Space Free | Partition Type: NTFS
Drive D: | 22.54 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 29.47 Gb Total Space | 29.37 Gb Free Space | 99.67% Space Free | Partition Type: NTFS

Computer Name: REXMOVIL | User Name: Abraxas | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3305577433-1694978229-1536385376-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files (x86)\Advanced System Protector\filetypehelper.exe -scanunknown "%1" (Systweak)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [openNew] -- explorer %1 (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files (x86)\Advanced System Protector\filetypehelper.exe -scanunknown "%1" (Systweak)
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [openNew] -- explorer %1 (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04C35B06-C9DF-485C-87C3-02B2557DA9CE}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{12C6A392-0417-44D7-91DD-507BC9E203BC}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{24A87A3E-6C68-47E7-8AA1-DFF5ADA9341F}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2C665E0D-37E0-4305-975B-739DE3A6BB9C}" = lport=138 | protocol=17 | dir=in | app=system |
"{2D166AFB-FAB6-470C-97D6-63E7084E47B3}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{3132F7C6-62D1-4155-A207-F96E4A109D3E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3690912D-EF17-483E-9B4B-CD6D19E97E4E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5837818D-C64D-4359-9D05-8BE4BEC32446}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{599FA630-1DCA-4A24-829D-DDECC2AD8ADD}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5AE040C9-BDFA-40EC-BEC1-1C0C903F2742}" = rport=445 | protocol=6 | dir=out | app=system |
"{655B3BC6-6709-4AA1-BC73-D12CA87FB151}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{662DE781-E54C-4D05-AFAD-E8D0425BBC30}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6F674074-BE62-4A17-8AD8-388424CBB1C5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{79760047-8870-4860-B2FA-7974C1893A36}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | [email protected],-28539 |
"{7AE048C6-D53D-4EFA-98FE-AC04A0C19260}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{7DB6BBF0-4451-4730-A37F-903FC0DB6D3F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{937541D8-7B5F-4563-A938-3B17465D8E26}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9ADF430B-FA3E-41AD-9552-B960D0784841}" = rport=137 | protocol=17 | dir=out | app=system |
"{A0EA7A95-0A3B-4814-8673-A30C4848AA7B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A1C2CC5D-C2DA-4764-8A48-BC768AE2CB64}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{ACB3AA1C-F7C1-4986-9101-99DB24640FEC}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{B55759EC-4E8E-43DF-AF38-3E0FAE1CA419}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B7AE8475-447A-43F2-85E6-68F799E2FD0F}" = rport=139 | protocol=6 | dir=out | app=system |
"{BF4A3522-0AAB-4A82-9714-F4344957B081}" = lport=445 | protocol=6 | dir=in | app=system |
"{C647CD81-C923-4E44-BEC5-C84C0ACDEF55}" = rport=10243 | protocol=6 | dir=out | app=system |
"{D43B4145-2241-46F3-913A-41D0C79A461F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DFE4E4C4-C038-4CF3-A0DD-8AB13CBB321A}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{E08C2F25-5F3F-45B0-9C3C-48E49154BA45}" = rport=138 | protocol=17 | dir=out | app=system |
"{E8EAB4D7-7303-4F68-825D-AD6EA9D56E9C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E8F87FE1-30D7-44BA-A3CC-142E90A4D382}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EB67A746-2565-4CF7-A8A6-C3B300425851}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EC266293-08AD-410D-ACEA-1B3579CDA0A4}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F95BCF4D-C037-4424-8FDB-015D5BEF4F12}" = lport=139 | protocol=6 | dir=in | app=system |
"{FA80DBAE-F67F-4C35-9E5A-FB3412F99F58}" = lport=137 | protocol=17 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{055EEC44-3A3C-4063-A605-486B023AD996}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{130088CF-8007-4FB1-BF4B-952A598B101E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2FE0E1D8-5722-4308-ADB1-D40B230E1E8F}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3C956388-3EA0-4241-8162-736BCEF41A7C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{3F2A3A60-F6FF-4362-A5A4-BDAAADB00490}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{416308A2-EA99-4403-B9D6-BE384DEFB9B9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4D7C6F4C-B40D-488B-85A1-EE8F34BEE544}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{514AFDCB-34E1-41D6-B6F7-17688C30F51D}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{72AFA1E4-8534-41FC-BFF7-8C47DD3281CC}" = protocol=1 | dir=in | [email protected],-28543 |
"{74755D1B-1188-42B8-B89A-CAFC20B214E0}" = protocol=58 | dir=in | [email protected],-28545 |
"{75975393-BD08-40ED-9FF4-D07CA187F194}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{79EB2980-C528-4139-864D-F832604C5CA6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7A1BAB7A-CE70-4846-855D-9C9A8DAF8AD0}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{7EC0BC21-E943-4CC8-A3AE-D5F43CA9CD8E}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{8129A05C-4274-405A-A0A3-A82DFF0C1091}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8B85D92B-BF2C-4BFE-B107-988F4662748A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8D6DE884-E994-47C1-ACCF-A9242F34F549}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8FC80A33-4941-4CBE-AC32-8A93E01B6F13}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8FD0FA8A-605A-47DF-BD61-82D8F857533A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{9C805A5C-C590-4966-8545-6AA4FEFA7E30}" = protocol=6 | dir=in | app=c:\users\abraxas\appdata\local\google\chrome\application\chrome.exe |
"{AB4EC3EB-8F4B-4DB2-8941-94004EA9F254}" = protocol=17 | dir=in | app=c:\users\abraxas\appdata\local\google\chrome\application\chrome.exe |
"{ACBB1C32-05E5-48CD-9BDD-7944C5EA4907}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AF4AF432-ED93-4FA6-BCA5-57EF9FCFFEB2}" = protocol=58 | dir=out | [email protected],-28546 |
"{B04D646A-F79B-4C7A-B71F-DD36291E63E2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B67FE67F-9588-4809-A780-F93FB4F9F1D9}" = protocol=6 | dir=out | app=system |
"{B933F957-A4AB-4FBD-99E8-6F94CC62BBCE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D0A37FD9-42B7-4CB6-A200-66A5C77E9ABA}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{DF0B1B1F-0695-4F6C-BF35-4A3C6D432AA1}" = protocol=1 | dir=out | [email protected],-28544 |
"{E4F1B868-4A1D-4777-B60E-0DE2BF338065}" = protocol=17 | dir=in | app=c:\users\abraxas\appdata\local\temp\pyld8db.tmp\pyrun.exe |
"{E798C90A-9CA1-40F4-9A35-33896DC659D0}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
"{EFB36648-10B1-42CC-8BC4-7A33CE613C31}" = protocol=6 | dir=in | app=c:\users\abraxas\appdata\local\temp\pyld8db.tmp\pyrun.exe |
"TCP Query User{2AE07A45-97EB-4199-BFCF-9641961EBCC9}C:\users\abraxas\appdata\local\temp\pyld8db.tmp\pyrun.exe" = protocol=6 | dir=in | app=c:\users\abraxas\appdata\local\temp\pyld8db.tmp\pyrun.exe |
"UDP Query User{467D3126-B48D-44AB-99AB-1A8493A0BD67}C:\users\abraxas\appdata\local\temp\pyld8db.tmp\pyrun.exe" = protocol=17 | dir=in | app=c:\users\abraxas\appdata\local\temp\pyld8db.tmp\pyrun.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0015-0409-1000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-1000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-001A-0409-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-1000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010
"{90140000-002C-0409-1000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0043-0409-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (English) 2010
"{90140000-0044-0409-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-1000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-1000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-1000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
"{90140000-0117-0409-1000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A8DDE3ED-9B6A-F806-32AF-EC53A836A04F}" = ATI Catalyst Install Manager
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B01468EE-3226-4812-89FB-C86C99E4DB93}" = M-Audio FastTrackUltra8R Driver 6.0.9 (x64)
"{B7CF178A-2F3D-0125-0D78-98EB53D92A52}" = ccc-utility64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FFD8F206-5C17-418E-A365-1435243BD0F0}" = BrowseToSave
"3BA80AB4C7E9F8497C115C844953A3D4BEB84D21" = Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
"6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1" = Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"CNXT_AUDIO_HDA" = Conexant HD Audio
"DFEA59689C004DFD0378309F3A583EA32D78A1B3" = Windows Driver Package - Broadcom Bluetooth (01/06/2010 6.2.0.9416)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"WinRAR archiver" = WinRAR 4.01 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01F53092-79C7-B871-6C0A-F8F588DC7658}" = Prezi Desktop
"{0695DD0E-0E07-061B-5317-1FCCEA3CA51F}" = CCC Help Czech
"{06A02948-CE93-82A0-7BD4-5FB9562136F7}" = CCC Help Japanese
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B7169C2-4FC9-0454-6E6F-CDBA27D9C3CF}" = CCC Help Spanish
"{12A1B519-5934-4508-ADBD-335347B0DC87}" = Video Web Camera
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FFA2D28-F77A-E27C-0659-F497926805AA}" = CCC Help Polish
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java™ 6 Update 30
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{37DA7059-EC42-8F87-2593-AB273A13CDE4}" = CCC Help Hungarian
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{50816F92-1652-4A7C-B9BC-48F682742C4B}" = Messenger Companion
"{554B7217-1988-2E1E-8CAC-30CB8498DA8E}" = CCC Help Portuguese
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5920C2D5-2969-9BAE-E5A7-947721CFF1F1}" = CCC Help English
"{5C8C6C22-5B84-E88C-C38C-9E66DB569600}" = CCC Help Thai
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{6122170D-F78E-182F-1D70-9187108F0AB7}" = Catalyst Control Center Graphics Light
"{6734CA10-8FB8-4C7F-B8C7-75317C617DC5}" = Call of Duty® 4 - Modern Warfare™ Demo
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{79BF8F0E-A3A6-D677-F4AE-157BE4AB9E46}" = CCC Help Danish
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E9E6DC1-BE81-F3C8-2D61-F9AFADC7B2F8}" = CCC Help Chinese Standard
"{7EFE7605-8879-F08C-9EBD-F0B0EBEDE2AA}" = CCC Help French
"{81CA0ED5-7522-01D4-2E20-018033B50087}" = CCC Help Korean
"{82809116-D1EE-443C-AE31-F19E709DDF7A}" = AMD USB Filter Driver
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86B3F2D6-AC2B-0015-8AE1-F2F77F781B0C}" = EndNote X5
"{8B999A44-8314-493B-877E-A1DA5B54D9B8}" = Catalyst Control Center - Branding
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{841C7C00-3FAE-4862-989D-4D564DC6D504}" =
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUS_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUS_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUS_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91903291-1546-5B74-AC17-FDBBFD57D3F9}" = CCC Help Russian
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{939C80FA-96C9-44A6-B318-8E7D8BD8481B}" = Messenger Companion
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{974A6749-A030-9EC2-D200-7BD29CA886AC}" = ccc-core-static
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D77E042-7D73-0DDA-DAEF-95AD3247C63F}" = Catalyst Control Center Localization All
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA404934-A326-AC94-154A-73F65B2DBEFE}" = CCC Help Finnish
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{B04FC2D5-AE5C-1526-69B8-7121BD8CE3B1}" = CCC Help Swedish
"{B1C45394-E332-23F3-35EE-4086C5167C29}" = Catalyst Control Center Core Implementation
"{B6C21804-0E6C-D4E6-0CF1-4E7F96AAE930}" = CCC Help Turkish
"{BF59CB97-0475-8CDC-1DEB-F6565D3868FA}" = CCC Help Greek
"{C3A68A9A-2541-6171-3092-09C8AFAC4924}" = CCC Help Italian
"{C3F3165C-74D3-6FDB-3274-14FDA8698CFA}" =
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4C3DAFC-2F7A-E7A9-89D1-70E53F44D231}" = Catalyst Control Center InstallProxy
"{DCF9791F-07F7-3FE8-E639-22EAE582C244}" = CCC Help Norwegian
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{EB7879B9-891A-2502-1CAC-4D328A7DA434}" = Catalyst Control Center Graphics Full Existing
"{EC3102A1-F7D5-F4D7-0BBE-E9A336852DD5}" = CCC Help Dutch
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{FA03EF4C-DE79-C463-6B50-AAC28A9A64FD}" = Catalyst Control Center Graphics Full New
"{FAAAA82D-E8FE-04C8-72D5-619A2632E1DF}" = CCC Help Chinese Traditional
"{FCB13E0B-09AD-7133-0B7E-52A157C6582E}" = CCC Help German
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"00212D92-C5D8-4ff4-AE50-B20F0F85C40A_Systweak_Ad~B9F029BF_is1" = Advanced System Protector
"Adobe AIR" = Adobe AIR
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"com.prezi.PreziDesktop" = Prezi Desktop
"DivX Setup" = Instalación de DivX
"InstallShield_{6734CA10-8FB8-4C7F-B8C7-75317C617DC5}" = Call of Duty® 4 - Modern Warfare™ Demo
"LManager" = Launch Manager
"NIS" = Norton Internet Security
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"RegClean Pro_is1" = RegClean Pro
"ResearchSoft Direct Export Helper" = ResearchSoft Direct Export Helper
"SP_f2a323db" =
"VLC media player" = VLC media player 2.0.0
"WinLiveSuite" = Windows Live Essentials

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3305577433-1694978229-1536385376-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 2/13/2013 4:05:33 AM | Computer Name = Rexmovil | Source = Google Update | ID = 20
Description =

Error - 2/14/2013 2:54:24 PM | Computer Name = Rexmovil | Source = Google Update | ID = 20
Description =

Error - 2/22/2013 7:27:50 PM | Computer Name = Rexmovil | Source = Google Update | ID = 20
Description =

Error - 2/27/2013 1:16:06 AM | Computer Name = Rexmovil | Source = System Restore | ID = 8193
Description =

Error - 2/27/2013 1:16:07 AM | Computer Name = Rexmovil | Source = System Restore | ID = 8211
Description =

Error - 3/1/2013 3:57:39 PM | Computer Name = Rexmovil | Source = Google Update | ID = 20
Description =

Error - 3/13/2013 2:40:44 PM | Computer Name = Rexmovil | Source = Application Error | ID = 1000
Description = Faulting application name: wmpnetwk.exe, version: 12.0.7600.16385,
time stamp: 0x4a5bd03d Faulting module name: KERNELBASE.dll, version: 6.1.7600.17206,
time stamp: 0x50e669a2 Exception code: 0x0000046b Fault offset: 0x000000000000ac3d
Faulting
process id: 0x9bc Faulting application start time: 0x01ce1dd8110688c8 Faulting application
path: C:\Program Files\Windows Media Player\wmpnetwk.exe Faulting module path: C:\Windows\system32\KERNELBASE.dll
Report
Id: 8316539c-8c0d-11e2-b914-00262d83cdeb

Error - 3/22/2013 10:30:49 PM | Computer Name = Rexmovil | Source = System Restore | ID = 8193
Description =

Error - 4/5/2013 12:59:30 AM | Computer Name = Rexmovil | Source = LegacyUninstaller | ID = 0
Description =

Error - 4/5/2013 1:37:48 AM | Computer Name = Rexmovil | Source = Application Error | ID = 1000
Description = Faulting application name: M-AudioFastTrackUltra8RControlPanel.exe,
version: 1.0.0.7, time stamp: 0x4d8bc8e2 Faulting module name: M-AudioFastTrackUltra8RControlPanel.exe,
version: 1.0.0.7, time stamp: 0x4d8bc8e2 Exception code: 0xc000000d Fault offset:
0x0003a8ca Faulting process id: 0x1418 Faulting application start time: 0x01ce31bf8658647a
Faulting
application path: C:\Windows\SysWOW64\M-AudioFastTrackUltra8RControlPanel.exe Faulting
module path: C:\Windows\SysWOW64\M-AudioFastTrackUltra8RControlPanel.exe Report
Id: f26d67e9-9db2-11e2-a345-00262d83cdeb

[ System Events ]
Error - 4/5/2013 7:16:37 PM | Computer Name = Rexmovil | Source = amdsata | ID = 262155
Description = The driver detected a controller error on \Device\RaidPort0.

Error - 4/5/2013 7:17:45 PM | Computer Name = Rexmovil | Source = amdsata | ID = 262155
Description = The driver detected a controller error on \Device\RaidPort0.

Error - 4/5/2013 7:17:45 PM | Computer Name = Rexmovil | Source = amdsata | ID = 262155
Description = The driver detected a controller error on \Device\RaidPort0.

Error - 4/5/2013 7:17:47 PM | Computer Name = Rexmovil | Source = amdsata | ID = 262155
Description = The driver detected a controller error on \Device\RaidPort0.

Error - 4/5/2013 7:17:48 PM | Computer Name = Rexmovil | Source = amdsata | ID = 262155
Description = The driver detected a controller error on \Device\RaidPort0.

Error - 4/5/2013 7:17:58 PM | Computer Name = Rexmovil | Source = amdsata | ID = 262155
Description = The driver detected a controller error on \Device\RaidPort0.

Error - 4/5/2013 7:17:58 PM | Computer Name = Rexmovil | Source = amdsata | ID = 262155
Description = The driver detected a controller error on \Device\RaidPort0.

Error - 4/5/2013 7:18:00 PM | Computer Name = Rexmovil | Source = amdsata | ID = 262155
Description = The driver detected a controller error on \Device\RaidPort0.

Error - 4/5/2013 7:18:01 PM | Computer Name = Rexmovil | Source = amdsata | ID = 262155
Description = The driver detected a controller error on \Device\RaidPort0.

Error - 4/5/2013 7:29:50 PM | Computer Name = Rexmovil | Source = Disk | ID = 262155
Description = The driver detected a controller error on \Device\Harddisk2\DR2.


< End of report >
  • 0

#7
crooleeck

crooleeck

    Member

  • Member
  • PipPipPip
  • 882 posts
Abraxas_segund, thank you for logs. I hope USB is running fine now.

Step 1:
Uninstall harm software.
Please go to Start Menu -> Control Panel -> Programs and Features and remove BrowseToSave

I'm recommending to uninstall also RegClean Pro. This kind of software may causing problems with right system work.

Step 2:
OTL fix:
Please copy following script:

:commands
[createrestorepoint]

:otl
MOD - c:\Program Files (x86)\BrowseToSave\sprotector.dll ()
O2 - BHO: (BrouwsEe2save) - {530C8C7D-CB76-6B8C-19D4-C548B7CC8A6E} - C:\ProgramData\BrouwsEe2save\515f511c3805b.dll ()
O20 - AppInit_DLLs: (c:\progra~2\browse~1\sprote~1.dll) - c:\Program Files (x86)\BrowseToSave\sprotector.dll ()

:reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{EFB36648-10B1-42CC-8BC4-7A33CE613C31}"=-
"TCP Query User{2AE07A45-97EB-4199-BFCF-9641961EBCC9}C:\users\abraxas\appdata\local\temp\pyld8db.tmp\pyrun.exe"=-
"UDP Query User{467D3126-B48D-44AB-99AB-1A8493A0BD67}C:\users\abraxas\appdata\local\temp\pyld8db.tmp\pyrun.exe"=-

:files
c:\Program Files (x86)\BrowseToSave
C:\ProgramData\BrouwsEe2save
ipconfig /release /c
ipconfig /renew /c
Ipconfig /flushdns /c
netsh int ip reset resetlog.txt /c
netsh winsock reset catalog /c

:commands
[emptytemp]

Run OTL, under Custom Scan/Fixes paste it. Close all windows without OTL and hit Run Fix button. Please agreed for restart. After computer starts, OTL will display removing log, please post it.

Step 3:
Download AdwCleaner to your desktop.
  • run AdwCleaner and select Delete
  • when it has finished it will ask to reboot - allow the reboot
  • on reboot a log will be showed, please copy content and post in next replay

Step 4:
Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.

In your next post I want to see:
  • OTL removal log
  • AdwCleaner removal log
  • MiniToolBox log

  • 0

#8
Abraxas_segundo

Abraxas_segundo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
MiniToolBox by Farbar Version:05-03-2013
Ran by Abraxas (administrator) on 06-04-2013 at 14:22:07
Running from "C:\Users\Abraxas\Desktop"
Windows Seven Black Edition (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



========================= IP Configuration: ================================

Atheros AR5B93 Wireless Network Adapter = Wireless Network Connection (Connected)
Broadcom NetLink ™ Gigabit Ethernet = Local Area Connection (Media disconnected)
Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Rexmovil
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : lan

Wireless LAN adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : 06-0B-6B-E7-26-C2
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : lan
Description . . . . . . . . . . . : Atheros AR5B93 Wireless Network Adapter
Physical Address. . . . . . . . . : 00-0B-6B-E7-26-C2
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::24b8:6f38:4657:1b6a%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.67(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, April 06, 2013 2:16:47 PM
Lease Expires . . . . . . . . . . : Sunday, April 07, 2013 2:21:51 PM
Default Gateway . . . . . . . . . : 192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.254
DHCPv6 IAID . . . . . . . . . . . : 301992811
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-28-5D-9E-00-26-2D-83-CD-EB
DNS Servers . . . . . . . . . . . : 192.168.1.254
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Broadcom NetLink ™ Gigabit Ethernet
Physical Address. . . . . . . . . : 00-26-2D-83-CD-EB
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.lan:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : lan
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:953c:14e3:cb4:4275:5260(Preferred)
Link-local IPv6 Address . . . . . : fe80::14e3:cb4:4275:5260%16(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter 6TO4 Adapter:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: dsldevice.lan
Address: 192.168.1.254

Name: google.com
Addresses: 2607:f8b0:4000:802::1005
74.125.225.230
74.125.225.231
74.125.225.229
74.125.225.224
74.125.225.233
74.125.225.232
74.125.225.225
74.125.225.238
74.125.225.227
74.125.225.228
74.125.225.226


Pinging google.com [74.125.225.224] with 32 bytes of data:
Reply from 74.125.225.224: bytes=32 time=104ms TTL=55
Reply from 74.125.225.224: bytes=32 time=105ms TTL=55

Ping statistics for 74.125.225.224:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 104ms, Maximum = 105ms, Average = 104ms
Server: dsldevice.lan
Address: 192.168.1.254

Name: yahoo.com
Addresses: 98.139.183.24
206.190.36.45
98.138.253.109


Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=986ms TTL=54
Reply from 206.190.36.45: bytes=32 time=1286ms TTL=54

Ping statistics for 206.190.36.45:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 986ms, Maximum = 1286ms, Average = 1136ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
17...06 0b 6b e7 26 c2 ......Microsoft Virtual WiFi Miniport Adapter
12...00 0b 6b e7 26 c2 ......Atheros AR5B93 Wireless Network Adapter
11...00 26 2d 83 cd eb ......Broadcom NetLink ™ Gigabit Ethernet
1...........................Software Loopback Interface 1
20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
16...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
13...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.67 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.67 281
192.168.1.67 255.255.255.255 On-link 192.168.1.67 281
192.168.1.255 255.255.255.255 On-link 192.168.1.67 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.67 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.67 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
16 58 ::/0 On-link
1 306 ::1/128 On-link
16 58 2001::/32 On-link
16 306 2001:0:9d38:953c:14e3:cb4:4275:5260/128
On-link
12 281 fe80::/64 On-link
16 306 fe80::/64 On-link
16 306 fe80::14e3:cb4:4275:5260/128
On-link
12 281 fe80::24b8:6f38:4657:1b6a/128
On-link
1 306 ff00::/8 On-link
16 306 ff00::/8 On-link
12 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [51712] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 08 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.)
Catalog5 09 C:\Windows\SysWOW64\wshbth.dll [35840] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70144] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 08 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.)
x64-Catalog5 09 C:\Windows\System32\wshbth.dll [46592] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (04/04/2013 11:37:48 PM) (Source: Application Error) (User: )
Description: Faulting application name: M-AudioFastTrackUltra8RControlPanel.exe, version: 1.0.0.7, time stamp: 0x4d8bc8e2
Faulting module name: M-AudioFastTrackUltra8RControlPanel.exe, version: 1.0.0.7, time stamp: 0x4d8bc8e2
Exception code: 0xc000000d
Fault offset: 0x0003a8ca
Faulting process id: 0x1418
Faulting application start time: 0xM-AudioFastTrackUltra8RControlPanel.exe0
Faulting application path: M-AudioFastTrackUltra8RControlPanel.exe1
Faulting module path: M-AudioFastTrackUltra8RControlPanel.exe2
Report Id: M-AudioFastTrackUltra8RControlPanel.exe3

Error: (04/04/2013 10:59:30 PM) (Source: LegacyUninstaller) (User: )
Description: Legacy uninstall did not succeed.

Error: (03/22/2013 08:30:49 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x81000101).

Error: (03/13/2013 00:40:44 PM) (Source: Application Error) (User: )
Description: Faulting application name: wmpnetwk.exe, version: 12.0.7600.16385, time stamp: 0x4a5bd03d
Faulting module name: KERNELBASE.dll, version: 6.1.7600.17206, time stamp: 0x50e669a2
Exception code: 0x0000046b
Fault offset: 0x000000000000ac3d
Faulting process id: 0x9bc
Faulting application start time: 0xwmpnetwk.exe0
Faulting application path: wmpnetwk.exe1
Faulting module path: wmpnetwk.exe2
Report Id: wmpnetwk.exe3

Error: (03/01/2013 01:57:39 PM) (Source: Google Update) (User: Rexmovil)
Description: Network Request Error.
Error: 0x8004212f. Http status code: 303.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x8004212f. Http status code 303.
trying WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x8004212f. Http status code 303.
trying WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x8004212f. Http status code 303.
trying WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x8004212f

Error: (02/26/2013 11:16:07 PM) (Source: System Restore) (User: )
Description: The scheduled restore point could not be created. Additional information: (0x81000101).

Error: (02/26/2013 11:16:06 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation; Description = Scheduled Checkpoint; Error = 0x81000101).

Error: (02/22/2013 05:27:50 PM) (Source: Google Update) (User: Rexmovil)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s

Error: (02/14/2013 00:54:24 PM) (Source: Google Update) (User: Rexmovil)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s

Error: (02/13/2013 02:05:33 AM) (Source: Google Update) (User: Rexmovil)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s


System errors:
=============
Error: (04/06/2013 02:16:38 PM) (Source: amdsata) (User: )
Description: The driver detected a controller error on \Device\RaidPort0.

Error: (04/06/2013 02:16:38 PM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (04/06/2013 02:16:38 PM) (Source: atikmdag) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (04/06/2013 02:16:38 PM) (Source: amdsata) (User: )
Description: The driver detected a controller error on \Device\RaidPort0.

Error: (04/06/2013 02:10:05 PM) (Source: amdsata) (User: )
Description: The driver detected a controller error on \Device\RaidPort0.

Error: (04/06/2013 02:10:04 PM) (Source: atikmdag) (User: )
Description: Display is not active

Error: (04/06/2013 02:10:04 PM) (Source: atikmdag) (User: )
Description: CPLIB :: General - Invalid Parameter

Error: (04/06/2013 02:10:02 PM) (Source: amdsata) (User: )
Description: The driver detected a controller error on \Device\RaidPort0.

Error: (04/06/2013 02:04:34 PM) (Source: Service Control Manager) (User: )
Description: The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).

Error: (04/06/2013 01:56:23 PM) (Source: Service Control Manager) (User: )
Description: The Norton Internet Security service failed to start due to the following error:
%%1053


Microsoft Office Sessions:
=========================
Error: (04/04/2013 11:37:48 PM) (Source: Application Error)(User: )
Description: M-AudioFastTrackUltra8RControlPanel.exe1.0.0.74d8bc8e2M-AudioFastTrackUltra8RControlPanel.exe1.0.0.74d8bc8e2c000000d0003a8ca141801ce31bf8658647aC:\Windows\SysWOW64\M-AudioFastTrackUltra8RControlPanel.exeC:\Windows\SysWOW64\M-AudioFastTrackUltra8RControlPanel.exef26d67e9-9db2-11e2-a345-00262d83cdeb

Error: (04/04/2013 10:59:30 PM) (Source: LegacyUninstaller)(User: )
Description: Legacy uninstall did not succeed.

Error: (03/22/2013 08:30:49 PM) (Source: System Restore)(User: )
Description: C:\Windows\system32\svchost.exe -k netsvcsWindows Update0x81000101

Error: (03/13/2013 00:40:44 PM) (Source: Application Error)(User: )
Description: wmpnetwk.exe12.0.7600.163854a5bd03dKERNELBASE.dll6.1.7600.1720650e669a20000046b000000000000ac3d9bc01ce1dd8110688c8C:\Program Files\Windows Media Player\wmpnetwk.exeC:\Windows\system32\KERNELBASE.dll8316539c-8c0d-11e2-b914-00262d83cdeb

Error: (03/01/2013 01:57:39 PM) (Source: Google Update)(User: Rexmovil)
Description: Network Request Error.
Error: 0x8004212f. Http status code: 303.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x8004212f. Http status code 303.
trying WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x8004212f. Http status code 303.
trying WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x8004212f. Http status code 303.
trying WinHTTP.
Send request returned 0x80072ee2. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x8004212f

Error: (02/26/2013 11:16:07 PM) (Source: System Restore)(User: )
Description: 0x81000101

Error: (02/26/2013 11:16:06 PM) (Source: System Restore)(User: )
Description: C:\Windows\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreationScheduled Checkpoint0x81000101

Error: (02/22/2013 05:27:50 PM) (Source: Google Update)(User: Rexmovil)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s

Error: (02/14/2013 00:54:24 PM) (Source: Google Update)(User: Rexmovil)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s

Error: (02/13/2013 02:05:33 AM) (Source: Google Update)(User: Rexmovil)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s


=========================== Installed Programs ============================

Adobe Acrobat X Pro - English, Français, Deutsch (Version: 10.1.4)
Adobe AIR (Version: 3.1.0.4880)
Adobe Flash Player 11 ActiveX 64-bit (Version: 11.0.1.152)
Advanced System Protector (Version: 2.1.1000.10568)
AMD USB Filter Driver (Version: 1.0.11.86)
Atheros Driver Installation Program (Version: 8.0.0.225)
ATI Catalyst Install Manager (Version: 3.0.732.0)
Audacity 1.3.13 (Unicode)
Call of Duty® 4 - Modern Warfare™ Demo (Version: 1.00.0000)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2009.0729.2227.38498)
Catalyst Control Center Graphics Full Existing (Version: 2009.0729.2227.38498)
Catalyst Control Center Graphics Full New (Version: 2009.0729.2227.38498)
Catalyst Control Center Graphics Light (Version: 2009.0729.2227.38498)
Catalyst Control Center InstallProxy (Version: 2009.0729.2227.38498)
Catalyst Control Center Localization All (Version: 2009.0729.2227.38498)
CCC Help Chinese Standard (Version: 2009.0729.2226.38498)
CCC Help Chinese Traditional (Version: 2009.0729.2226.38498)
CCC Help Czech (Version: 2009.0729.2226.38498)
CCC Help Danish (Version: 2009.0729.2226.38498)
CCC Help Dutch (Version: 2009.0729.2226.38498)
CCC Help English (Version: 2009.0729.2226.38498)
CCC Help Finnish (Version: 2009.0729.2226.38498)
CCC Help French (Version: 2009.0729.2226.38498)
CCC Help German (Version: 2009.0729.2226.38498)
CCC Help Greek (Version: 2009.0729.2226.38498)
CCC Help Hungarian (Version: 2009.0729.2226.38498)
CCC Help Italian (Version: 2009.0729.2226.38498)
CCC Help Japanese (Version: 2009.0729.2226.38498)
CCC Help Korean (Version: 2009.0729.2226.38498)
CCC Help Norwegian (Version: 2009.0729.2226.38498)
CCC Help Polish (Version: 2009.0729.2226.38498)
CCC Help Portuguese (Version: 2009.0729.2226.38498)
CCC Help Russian (Version: 2009.0729.2226.38498)
CCC Help Spanish (Version: 2009.0729.2226.38498)
CCC Help Swedish (Version: 2009.0729.2226.38498)
CCC Help Thai (Version: 2009.0729.2226.38498)
CCC Help Turkish (Version: 2009.0729.2226.38498)
ccc-core-static (Version: 2009.0729.2227.38498)
ccc-utility64 (Version: 2009.0729.2227.38498)
Conexant HD Audio (Version: 4.98.9.0)
D3DX10 (Version: 15.4.2368.0902)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
EndNote X5 (Version: 15.0.0.5478)
Galería fotográfica de Windows Live (Version: 15.4.3502.0922)
Google Chrome (Version: 26.0.1410.43)
Instalación de DivX (Version: 2.6.1.5)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 30 (Version: 6.0.300)
Launch Manager (Version: 3.0.04)
M-Audio FastTrackUltra8R Driver 6.0.9 (x64) (Version: 6.0.9)
Messenger Companion (Version: 15.4.3502.0922)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000)
Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 32-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft Software Update for Web Folders (English) 14 (Version: 14.0.6029.1000)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
MSVCRT (Version: 15.4.2862.0708)
Norton Internet Security (Version: 19.9.1.14)
Prezi Desktop (Version: 3.072)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30104)
ResearchSoft Direct Export Helper
Skype™ 6.1 (Version: 6.1.129)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
Video Web Camera (Version: 1.7.115.212)
VLC media player 2.0.0 (Version: 2.0.0)
Windows Driver Package - Broadcom Bluetooth (01/06/2010 6.2.0.9416) (Version: 01/06/2010 6.2.0.9416)
Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) (Version: 07/30/2009 6.2.0.9405)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (Version: 07/28/2009 6.2.0.9800)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3538.0513)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live Messenger Companion Core (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
WinRAR 4.01 (64-bit) (Version: 4.01.0)

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 36%
Total physical RAM: 3838.36 MB
Available physical RAM: 2448.31 MB
Total Pagefile: 7674.86 MB
Available Pagefile: 6226.82 MB
Total Virtual: 4095.88 MB
Available Virtual: 3971.14 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:139.83 GB) (Free:44.54 GB) NTFS
2 Drive d: (FTU8R_1.0.5) (CDROM) (Total:0.02 GB) (Free:0 GB) CDFS
3 Drive f: (REX-MOBILE) (Removable) (Total:7.38 GB) (Free:7.38 GB) FAT32

========================= Users: ========================================

User accounts for \\REXMOVIL

Abraxas Administrator Guest

========================= Minidump Files ==================================

No minidump file found


**** End of log ****
  • 0

#9
Abraxas_segundo

Abraxas_segundo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
# AdwCleaner v2.200 - Logfile created 04/06/2013 at 14:15:12
# Updated 02/04/2013 by Xplode
# Operating system : Windows 7 Ultimate (64 bits)
# User : Abraxas - REXMOVIL
# Boot Mode : Normal
# Running from : C:\Users\Abraxas\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Program Files (x86)\Advanced System Protector
Folder Deleted : C:\Program Files (x86)\SearchAmong Toolbar
Folder Deleted : C:\Program Files (x86)\Yontoo
Folder Deleted : C:\ProgramData\APN
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced System Protector
Folder Deleted : C:\ProgramData\SoftSafe
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\Abraxas\AppData\LocalLow\boost_interprocess

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\SProtector
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16470

[OK] Registry is clean.

-\\ Google Chrome v26.0.1410.43

File : C:\Users\Abraxas\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.2674] : urls_to_restore_on_startup = [ "hxxp://www.searchamong.com/?source=64020400f00960c0ef04052547[...]

*************************

AdwCleaner[S1].txt - [1571 octets] - [06/04/2013 14:15:12]

########## EOF - C:\AdwCleaner[S1].txt - [1631 octets] ##########
  • 0

#10
Abraxas_segundo

Abraxas_segundo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{530C8C7D-CB76-6B8C-19D4-C548B7CC8A6E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{530C8C7D-CB76-6B8C-19D4-C548B7CC8A6E}\ not found.
C:\ProgramData\BrouwsEe2save\515f511c3805b.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\progra~2\browse~1\sprote~1.dll deleted successfully.
File c:\Program Files (x86)\BrowseToSave\sprotector.dll not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EFB36648-10B1-42CC-8BC4-7A33CE613C31} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EFB36648-10B1-42CC-8BC4-7A33CE613C31}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{2AE07A45-97EB-4199-BFCF-9641961EBCC9}C:\users\abraxas\appdata\local\temp\pyld8db.tmp\pyrun.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{467D3126-B48D-44AB-99AB-1A8493A0BD67}C:\users\abraxas\appdata\local\temp\pyld8db.tmp\pyrun.exe deleted successfully.
========== FILES ==========
c:\Program Files (x86)\BrowseToSave folder moved successfully.
C:\ProgramData\BrouwsEe2save\data folder moved successfully.
C:\ProgramData\BrouwsEe2save folder moved successfully.
< ipconfig /release /c >
Windows IP Configuration
No operation can be performed on Wireless Network Connection 2 while it has its media disconnected.
No operation can be performed on Local Area Connection while it has its media disconnected.
Wireless LAN adapter Wireless Network Connection 2:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Wireless LAN adapter Wireless Network Connection:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::24b8:6f38:4657:1b6a%12
Default Gateway . . . . . . . . . :
Ethernet adapter Local Area Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter isatap.lan:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Connection-specific DNS Suffix . :
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:20e6:ed4:4275:5260
Link-local IPv6 Address . . . . . : fe80::20e6:ed4:4275:5260%16
Default Gateway . . . . . . . . . : ::
Tunnel adapter 6TO4 Adapter:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter isatap.{2AA00641-D0F1-43EB-B0AF-B63A2B2934BE}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter isatap.{9214923C-AE3C-4AC4-9982-F993C9EC79AD}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
C:\Users\Abraxas\Desktop\cmd.bat deleted successfully.
C:\Users\Abraxas\Desktop\cmd.txt deleted successfully.
< ipconfig /renew /c >
Windows IP Configuration
No operation can be performed on Wireless Network Connection 2 while it has its media disconnected.
No operation can be performed on Local Area Connection while it has its media disconnected.
Wireless LAN adapter Wireless Network Connection 2:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Wireless LAN adapter Wireless Network Connection:
Connection-specific DNS Suffix . : lan
Link-local IPv6 Address . . . . . : fe80::24b8:6f38:4657:1b6a%12
IPv4 Address. . . . . . . . . . . : 192.168.1.67
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.254
Ethernet adapter Local Area Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter isatap.lan:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Connection-specific DNS Suffix . :
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:20e6:ed4:4275:5260
Link-local IPv6 Address . . . . . : fe80::20e6:ed4:4275:5260%16
Default Gateway . . . . . . . . . : ::
Tunnel adapter 6TO4 Adapter:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter isatap.{2AA00641-D0F1-43EB-B0AF-B63A2B2934BE}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Tunnel adapter isatap.{9214923C-AE3C-4AC4-9982-F993C9EC79AD}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
C:\Users\Abraxas\Desktop\cmd.bat deleted successfully.
C:\Users\Abraxas\Desktop\cmd.txt deleted successfully.
< Ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Abraxas\Desktop\cmd.bat deleted successfully.
C:\Users\Abraxas\Desktop\cmd.txt deleted successfully.
< netsh int ip reset resetlog.txt /c >
Reseting Global, OK!
Reseting Interface, OK!
Restart the computer to complete this action.
C:\Users\Abraxas\Desktop\cmd.bat deleted successfully.
C:\Users\Abraxas\Desktop\cmd.txt deleted successfully.
< netsh winsock reset catalog /c >
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
C:\Users\Abraxas\Desktop\cmd.bat deleted successfully.
C:\Users\Abraxas\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Abraxas
->Temp folder emptied: 3331874484 bytes
->Temporary Internet Files folder emptied: 81647609 bytes
->Java cache emptied: 11610 bytes
->Google Chrome cache emptied: 6080600 bytes
->Flash cache emptied: 15264611 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56475 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 608835 bytes
->Temporary Internet Files folder emptied: 252262961 bytes
->Java cache emptied: 198014 bytes
->Flash cache emptied: 139286 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 337885298 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 26949860667 bytes

Total Files Cleaned = 29,541.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 04062013_140434

Files\Folders moved on Reboot...
C:\Users\Abraxas\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

Advertisements


#11
crooleeck

crooleeck

    Member

  • Member
  • PipPipPip
  • 882 posts
How computer is running now? Do you can watch youtube without the problems?
  • 0

#12
Abraxas_segundo

Abraxas_segundo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
well it continues to lag, not nearly as slow as before, but it still takes a long time. Yet it seems like it comes and goes, very inconsistent as to some videos will run quickly while others might take a long time. As i was testing it I had two computers transfer the same file to a wireless network connected hard disk while simultaneously run a youtube video. The one we are working on has not finished either task while the other one is half way through the 21gb and done with the video long ago.

Ps. thank you for your invaluable time and effort, much appreciated!!

Ps.Ps. the only resolution to which it seems to fully work is 144p

Edited by Abraxas_segundo, 06 April 2013 - 02:14 PM.

  • 0

#13
crooleeck

crooleeck

    Member

  • Member
  • PipPipPip
  • 882 posts
Step 1:
For security reason I'm recomending to turn off Windows Sidebar. You can do it easly using Microsoft Fix it 50906. More info in Microsoft Security Advisory (2719662): Vulnerabilities in Gadgets Could Allow Remote Code Execution.

Step 2:
Eset Online Scanner
Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Vista / 7 / 8 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

Please go here then click on: Posted Image

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the following instructions work with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow Add-On/Active X to install.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology

    Posted Image
  • Now click on: Posted Image
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files (x86)\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Step 3:
Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application. Before you finished, on Completing the Malwarebytes Anti-Malware Setup Wizard tab untick Enable free trial of Malwarebytes Anti-Malware PRO

Posted Image

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Step 4:
Run under Vista and then under Ubuntu http://www.speedtest.net/ and post results.

In your next post I want to see:
  • ESET log
  • MBAM log
  • Speedtest results

  • 0

#14
Abraxas_segundo

Abraxas_segundo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
WOW!!! That scan took FOOOOOOOORREEEEEEEEEEEEEEEEEEEVEEEEEEEEEEEEERRR!!! I think that online scan was attempted like 7 times before it actually completed the whole thing.
Here is the result from it (which is a log given by the program, since the file was not anywhere to be found) I hope is the right one:

C:\Users\Abraxas\Documents\A-rex\Spybot.Search.and.Destroy.v2.0.8.Beta.6.rar.exe Win32/InstalleRex.I.Gen application cleaned by deleting - quarantined
C:\Users\Abraxas\Downloads\Norton\BOX_NTR2011_3.0.0\1BOX_NTR2011.exe Win32/RiskWare.HackAV.HF application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\04062013_140434\c_Program Files (x86)\BrowseToSave\sprote~1.dll.ftf a variant of Win32/SProtector.A application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\04062013_140434\C_ProgramData\BrouwsEe2save\515f511c3805b.dll a variant of Win32/Adware.MultiPlug.I application cleaned by deleting - quarantined
  • 0

#15
Abraxas_segundo

Abraxas_segundo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 25 posts
For an unknown reason the file I downloaded was given to me in spanish and without the option of enabling the free trial. Fortunately I am fluent in spanish and was done without any problem.


Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Versión de la Base de Datos: v2013.04.07.07

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Abraxas :: REXMOVIL [administrador]

4/7/2013 4:45:58 PM
mbam-log-2013-04-07 (16-45-58).txt

Tipos de Análisis: Análisis Rápido
Opciones de análisis activado: Memoria | Inicio | Registro | Sistema de archivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opciones de análisis desactivados: P2P
Objetos examinados: 231154
Tiempo transcurrido: 3 minuto(s), 17 segundo(s)

Procesos en Memoria Detectados: 0
(No se han detectado elementos maliciosos)

Módulos de Memoria Detectados: 0
(No se han detectado elementos maliciosos)

Claves del Registro Detectados: 0
(No se han detectado elementos maliciosos)

Valores del Registro Detectados: 0
(No se han detectado elementos maliciosos)

Elementos de Datos del Registro Detectados: 0
(No se han detectado elementos maliciosos)

Carpetas Detectadas: 0
(No se han detectado elementos maliciosos)

Archivos Detectados: 0
(No se han detectado elementos maliciosos)

fin)

Edited by Abraxas_segundo, 07 April 2013 - 02:11 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP