Page 1 of 10 123 ... LastLast
Results 1 to 10 of 99
  1. #1
    Member whitenoiz's Avatar
    Join Date
    Jan 2008
    Location
    El Turro, Granada, Spain
    Posts
    160
    Points
    5

    Default Random problems, Occasional runaway mouse, occasional crashes.

    Acer Aspire M1600 running Vista Home Premium (Spanish version). Processor Pentium D925, 1GB Ram DDRII, 250Gb SATA harddrive, GeForce 220 video card, Logitech optical mouse.

    Random Problems, a mouse with a mind of its own occasionally which opens multiple windows undemanded, Occasional crashes of F/F, Adobe Flash player and tonight on photobucket nearly all of my photographs have disappeared... it is this last item that has me concerned since I have not taken any action to delete any of my pictures...

    Hi, been a long time, hope you are all well. Had hoped that I wouldn't have to contact you but I am at a loss to understand just what is going on here. I routinely run a 'quick' scan on this computer using Avast Free, Superantispyware and Malwarebytes. All are normally clear of infections apart from the usual host of tracking cookies. On the last scan however one of the scans produced 3 possible Open Candy PUPs which I quarantined. I am currently half way through a complete system scan using Avast and will report any findings.

    In the meantime can you think of anything that would cause the aforementioned problems?

    Thanks
    John.

  2. #2
    Member whitenoiz's Avatar
    Join Date
    Jan 2008
    Location
    El Turro, Granada, Spain
    Posts
    160
    Points
    5

    Default

    Full system scan carried out using Avast Free... no threats found. Will carry out scan using superantispyware next.

    John.

  3. #3
    Member whitenoiz's Avatar
    Join Date
    Jan 2008
    Location
    El Turro, Granada, Spain
    Posts
    160
    Points
    5

    Default

    I have run full scans using Superantispyware and Malwarebytes. Superantispyware produced a number of tracking cookies which I have removed but no threats; malwarebytes produced no threats. I have the logfiles for each of these scans in text form. Have downloaded hijack this and run it; i have the logfile for this also. Should I post these here?

    John

  4. #4
    Member Spyware Fighter DonnaB's Avatar
    Join Date
    Apr 2009
    Location
    Illiana, Ill. USA
    Posts
    3,065
    Points
    492

    Default

    Hi, been a long time, hope you are all well.
    Hi John,

    It certainly has been a long time! Yes! Doing pretty good here (speaking for myself), well, except for the cold and snow (brrrrr! Bring on the sunshine! . I hope all is well you with you, too!

    Please go ahead and post the malwarebytes and superantispyware logs. I have a couple more scans that I would like for you to run as well. OTL is similar to HiJackThis, though scans a bit deeper into the registry. AdwCleaner will target any PUP's, Adware, toolbars, etc.....

    Please run the scans in the order provided:

    Step 1:

    Please download AdwCleaner by Xplode and save to your Desktop.
    • Double-click AdwCleaner.exe to run the tool.
      Note: Windows Vista, Windows 7/8 users right-click and select Run As Administrator.
    • Click the Scan button.
    • AdwCleaner will begin. Be patient as the scan may take some time to complete.
    • The contents of the scan results may be confusing. If you see a program name that you know should not be removed, uncheck the results and please let me know about it.
    • Click the Clean button.
    • Press OK when asked to close all programs and follow the onscreen prompts.
    • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
    • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of that logfile will also be saved in the C:\AdwCleaner folder.


    Step 2:

    Please download OTL to your Desktop
    • Double click on the to run the program. On Vista/Win7 or 8 right click select Run As Administrator to start the program. If prompted by UAC, please allow it.
    • Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox
      and
    • Check the option for All under the Extra Registry section
    • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
      • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
      • Please copy (Edit->Select All, Edit->Copy) the contents of these files and post them in your topic

    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.

    Please post the contents of both OTL.txt and Extras.txt files in your next reply.

    I'll have a look this evening after work.

    Thank you!
    Donna
    If you think you might be infected with malware or have recently cleansed your computer of malware without the help of an expert, please read and follow the instructions in How to Start Removing Viruses and Spyware from your Computer. This can alleviate time consumed in trouble shooting your current computer problems.

    If your problem is solved, here's how to say thanks!

    Very proud parent of a U.S. Navy "CB"



    "People may forget what you say,
    People may forget what you did,
    but People will never forget how you made them feel!"

  5. #5
    Member whitenoiz's Avatar
    Join Date
    Jan 2008
    Location
    El Turro, Granada, Spain
    Posts
    160
    Points
    5

    Default

    Ok here goes... but first let me say that earlier this morning I did a system restore, back to the 6th December just before the last batch of Windows Updates was automatically installed. For what its worth the wayward mouse seems to have responded to the system restore and the installation of the latest software Having said that i still cannot make any sense of what has happened to my pics on photobucket it was OK late last week but now, of the 392 pics in my library only a handful remain as library thumbnails and clicking on them produces a greyed out box... All the rest carry the error message 'Sorry This person has deleted or moved this picture..'
    Well...I'm sorry too because this person most certainly did not delete or move the picture...
    For 392 pics to suddenly become unavailable smacks of either photobucket being hacked or my account being hacked...

    Anyway enough of that...

    Scans...I downloaded the Adw Cleaner as you suggested and ran the scan, but as you pointed out I may be confused about the result...
    That has to be the understatement of the year..!
    Frankly I just don't know what should be there and what shouldn't. I really do not know which boxes to leaved ticked, so rather than go through a possibly disastrous cleaning I have made a copy of the text file that appeared at the end of the scan. Only one thing on there stands out like a sore thumb and that's "C/Program Files/Babylon" which is gather is a highjacking PUP... I will have to leave it to your judgment regarding the remainder. I have no need of anything to do with ICQ...

    1) Heres the Adw logfile uncleaned...

    # AdwCleaner v3.015 - Reporte Creado 18/12/2013 en 15:28:32
    # Actualizado 10/12/2013 por Xplode
    # Sistema Operativo : Windows Vista (TM) Home Premium (32 bits)
    # Nombre de usuario : c - C1
    # Ejecutado desde : C:\Users\c\Desktop\AdwCleaner.exe
    # Opción : Escanear

    ***** [ Servicios ] *****


    ***** [ Archivos / Carpetas ] *****

    Archivo Encontrado : c:\Users\c\AppData\Roaming\Mozilla\Firefox\Profiles\w4hkhep1.default\bProtector_extensions.rdf
    Archivo Encontrado : c:\Users\c\AppData\Roaming\Mozilla\Firefox\Profiles\w4hkhep1.default\user.js
    Carpeta Encontrado : C:\Program Files\Mozilla Firefox\Extensions\{800B5000-A755-47E1-992B-48A1C1357F07}
    Carpeta Encontrado C:\Program Files\ICQ6Toolbar
    Carpeta Encontrado C:\ProgramData\Babylon
    Carpeta Encontrado C:\ProgramData\ICQ\ICQToolbar
    Carpeta Encontrado c:\Users\c\AppData\LocalLow\boost_interprocess
    Carpeta Encontrado c:\Users\c\AppData\LocalLow\Delta
    Carpeta Encontrado c:\Users\c\AppData\Roaming\DSite
    Carpeta Encontrado c:\Users\c\AppData\Roaming\Mozilla\Firefox\Profiles\w4hkhep1.default\ICQToolbarData
    Carpeta Encontrado c:\Users\c\AppData\Roaming\thinstall
    Carpeta Encontrado c:\Users\c\AppData\Roaming\vghd

    ***** [ Accesos directos ] *****


    ***** [ Registro ] *****

    Clave Encontrado : HKCU\Software\AppDataLow\Software\Conduit
    Clave Encontrado : HKCU\Software\BabSolution
    Clave Encontrado : HKCU\Software\Conduit
    Clave Encontrado : HKCU\Software\Delta
    Clave Encontrado : HKCU\Software\dsiteproducts
    Clave Encontrado : HKCU\Software\ICQ\ICQToolbar
    Clave Encontrado : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
    Clave Encontrado : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    Clave Encontrado : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
    Clave Encontrado : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
    Clave Encontrado : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{D08D9F98-1C78-4704-87E6-368B0023D831}
    Clave Encontrado : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
    Clave Encontrado : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta
    Clave Encontrado : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Wajam
    Clave Encontrado : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
    Clave Encontrado : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
    Clave Encontrado : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Clave Encontrado : HKCU\Software\YahooPartnerToolbar
    Clave Encontrado : HKLM\SOFTWARE\5c6de88b16fb846
    Clave Encontrado : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
    Clave Encontrado : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
    Clave Encontrado : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Clave Encontrado : HKLM\SOFTWARE\Classes\Conduit.Engine
    Clave Encontrado : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
    Clave Encontrado : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
    Clave Encontrado : HKLM\SOFTWARE\Classes\Prod.cap
    Clave Encontrado : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
    Clave Encontrado : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
    Clave Encontrado : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
    Clave Encontrado : HKLM\Software\Conduit
    Clave Encontrado : HKLM\Software\DataMngr
    Clave Encontrado : HKLM\Software\Delta
    Clave Encontrado : HKLM\Software\Freeze.com
    Clave Encontrado : HKLM\Software\ICQ\ICQToolbar
    Clave Encontrado : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3E657145-ED0F-431E-AFF6-CA43D900E35D}
    Clave Encontrado : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4846714B-4BDC-4C79-BB5F-6BC3CAA328FF}
    Clave Encontrado : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Clave Encontrado : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
    Clave Encontrado : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
    Valor Encontrado : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
    Valor Encontrado : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
    Valor Encontrado : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}]

    ***** [ Navegadores ] *****

    -\\ Internet Explorer v7.0.6000.17037

    Ajustes Encontrado : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search] - hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd

    -\\ Mozilla Firefox v26.0 (en-US)

    [ Archivo : c:\Users\c\AppData\Roaming\Mozilla\Firefox\Profiles\w4hkhep1.default\prefs.js ]

    Linea encontrada : user_pref("CT2504091.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
    Linea encontrada : user_pref("CT2504091.CTID", "CT2504091");
    Linea encontrada : user_pref("CT2504091.CurrentServerDate", "29-10-2010");
    Linea encontrada : user_pref("CT2504091.DialogsAlignMode", "LTR");
    Linea encontrada : user_pref("CT2504091.DownloadReferralCookieData", "");
    Linea encontrada : user_pref("CT2504091.EMailNotifierPollDate", "Fri Oct 29 2010 15:31:52 GMT+0200 (Hora de verano romance)");
    Linea encontrada : user_pref("CT2504091.FeedLastCount129079840422964131", 0);
    Linea encontrada : user_pref("CT2504091.FeedPollDate128891351169457140", "Fri Oct 29 2010 15:22:59 GMT+0200 (Hora de verano romance)");
    Linea encontrada : user_pref("CT2504091.FeedPollDate129079840422964131", "Fri Oct 29 2010 15:22:59 GMT+0200 (Hora de verano romance)");
    Linea encontrada : user_pref("CT2504091.FeedTTL128891351169457140", 40);
    Linea encontrada : user_pref("CT2504091.FirstServerDate", "29-10-2010");
    Linea encontrada : user_pref("CT2504091.FirstTime", true);
    Linea encontrada : user_pref("CT2504091.FirstTimeFF3", true);
    Linea encontrada : user_pref("CT2504091.FirstTimeSettingsDone", true);
    Linea encontrada : user_pref("CT2504091.FixPageNotFoundErrors", true);
    Linea encontrada : user_pref("CT2504091.GroupingServerCheckInterval", 1440);
    Linea encontrada : user_pref("CT2504091.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
    Linea encontrada : user_pref("CT2504091.Initialize", true);
    Linea encontrada : user_pref("CT2504091.InitializeCommonPrefs", true);
    Linea encontrada : user_pref("CT2504091.InstallationAndCookieDataSentCount", 1);
    Linea encontrada : user_pref("CT2504091.InstallationType", "UnknownIntegration");
    Linea encontrada : user_pref("CT2504091.InstalledDate", "Fri Oct 29 2010 15:22:59 GMT+0200 (Hora de verano romance)");
    Linea encontrada : user_pref("CT2504091.IsGrouping", false);
    Linea encontrada : user_pref("CT2504091.IsMulticommunity", false);
    Linea encontrada : user_pref("CT2504091.IsOpenThankYouPage", false);
    Linea encontrada : user_pref("CT2504091.IsOpenUninstallPage", false);
    Linea encontrada : user_pref("CT2504091.LanguagePackLastCheckTime", "Fri Oct 29 2010 15:23:01 GMT+0200 (Hora de verano romance)");
    Linea encontrada : user_pref("CT2504091.LanguagePackReloadIntervalMM", 1440);
    Linea encontrada : user_pref("CT2504091.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
    Linea encontrada : user_pref("CT2504091.LastLogin_2.7.2.0", "Fri Oct 29 2010 15:23:00 GMT+0200 (Hora de verano romance)");
    Linea encontrada : user_pref("CT2504091.LatestVersion", "2.6.0.14");
    Linea encontrada : user_pref("CT2504091.Locale", "en-us");
    Linea encontrada : user_pref("CT2504091.LoginCache", 4);
    Linea encontrada : user_pref("CT2504091.MCDetectTooltipHeight", "83");
    Linea encontrada : user_pref("CT2504091.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
    Linea encontrada : user_pref("CT2504091.MCDetectTooltipWidth", "295");
    Linea encontrada : user_pref("CT2504091.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2504091&octid=EB_ORIGINAL_CTID&SearchSource=1");
    Linea encontrada : user_pref("CT2504091.SearchFromAddressBarIsInit", true);
    Linea encontrada : user_pref("CT2504091.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&q=");
    Linea encontrada : user_pref("CT2504091.SearchInNewTabEnabled", true);
    Linea encontrada : user_pref("CT2504091.SearchInNewTabIntervalMM", 1440);
    Linea encontrada : user_pref("CT2504091.SearchInNewTabLastCheckTime", "Fri Oct 29 2010 15:23:00 GMT+0200 (Hora de verano romance)");
    Linea encontrada : user_pref("CT2504091.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
    Linea encontrada : user_pref("CT2504091.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
    Linea encontrada : user_pref("CT2504091.SettingsCheckIntervalMin", 120);
    Linea encontrada : user_pref("CT2504091.SettingsLastCheckTime", "Fri Oct 29 2010 15:22:58 GMT+0200 (Hora de verano romance)");
    Linea encontrada : user_pref("CT2504091.SettingsLastUpdate", "1286395440");
    Linea encontrada : user_pref("CT2504091.ThirdPartyComponentsInterval", 504);
    Linea encontrada : user_pref("CT2504091.ThirdPartyComponentsLastCheck", "Fri Oct 29 2010 15:22:58 GMT+0200 (Hora de verano romance)");
    Linea encontrada : user_pref("CT2504091.ThirdPartyComponentsLastUpdate", "1246790578");
    Linea encontrada : user_pref("CT2504091.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=101&sealid=112");
    Linea encontrada : user_pref("CT2504091.UserID", "UN41392475592401035");
    Linea encontrada : user_pref("CT2504091.alertChannelId", "897164");
    Linea encontrada : user_pref("CT2504091.clientLogIsEnabled", false);
    Linea encontrada : user_pref("CT2504091.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
    Linea encontrada : user_pref("CT2504091.myStuffEnabled", true);
    Linea encontrada : user_pref("CT2504091.myStuffPublihserMinWidth", 400);
    Linea encontrada : user_pref("CT2504091.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
    Linea encontrada : user_pref("CT2504091.myStuffServiceIntervalMM", 1440);
    Linea encontrada : user_pref("CT2504091.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
    Linea encontrada : user_pref("CT2504091.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
    Linea encontrada : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties");
    Linea encontrada : user_pref("CommunityToolbar.ToolbarsList", "CT2504091");
    Linea encontrada : user_pref("CommunityToolbar.ToolbarsList2", "CT2504091");
    Linea encontrada : user_pref("extensions.delta.admin", false);
    Linea encontrada : user_pref("extensions.delta.aflt", "babsst");
    Linea encontrada : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
    Linea encontrada : user_pref("extensions.delta.autoRvrt", "false");
    Linea encontrada : user_pref("extensions.delta.dfltLng", "es");
    Linea encontrada : user_pref("extensions.delta.excTlbr", false);
    Linea encontrada : user_pref("extensions.delta.ffxUnstlRst", true);
    Linea encontrada : user_pref("extensions.delta.id", "700a5cd7000000000000001c2501c16a");
    Linea encontrada : user_pref("extensions.delta.instlDay", "15950");
    Linea encontrada : user_pref("extensions.delta.instlRef", "sst");
    Linea encontrada : user_pref("extensions.delta.newTab", false);
    Linea encontrada : user_pref("extensions.delta.prdct", "delta");
    Linea encontrada : user_pref("extensions.delta.prtnrId", "delta");
    Linea encontrada : user_pref("extensions.delta.rvrt", "false");
    Linea encontrada : user_pref("extensions.delta.smplGrp", "none");
    Linea encontrada : user_pref("extensions.delta.tlbrId", "base");
    Linea encontrada : user_pref("extensions.delta.tlbrSrchUrl", "");
    Linea encontrada : user_pref("extensions.delta.vrsn", "1.8.24.6");
    Linea encontrada : user_pref("extensions.delta.vrsnTs", "1.8.24.61:14:26");
    Linea encontrada : user_pref("extensions.delta.vrsni", "1.8.24.6");
    Linea encontrada : user_pref("extensions.delta_i.babExt", "");
    Linea encontrada : user_pref("extensions.delta_i.babTrack", "affID=119357&tsp=4993");
    Linea encontrada : user_pref("extensions.delta_i.srcExt", "ss");
    Linea encontrada : user_pref("extensions.veohsearchrecs.SupportedSites", "<?xml version=\"1.0\" ?>\r\n<results revision=\"1.5.2\">\r\n <sites>\r\n <searchsite MatchesDomain=\"google.\" MatchesPath=\"/search\" [...]
    Linea encontrada : user_pref("extensions.veohsearchrecs.VeohVersion", "1.5.2");
    Linea encontrada : user_pref("extensions.veohsearchrecs.id", "0475c8b79-62b7-0ada-9da5-8515c866dd2");
    Linea encontrada : user_pref("extensions.veohsearchrecs.lastsitedate", "1");
    Linea encontrada : user_pref("extensions.veohsearchrecs.veohenabled", "false");
    Linea encontrada : user_pref("extensions.xnotifier.accounts.[gmail#jv7700@gmail.com].inboxOnly", true);
    Linea encontrada : user_pref("extensions.xnotifier.accounts.[hotmail#losabandonados@hotmail.co.uk].inboxOnly", true);
    Linea encontrada : user_pref("extensions.xnotifier.accounts.[hotmail#racing.snake@hotmail.com].inboxOnly", true);

    -\\ Google Chrome v

    [ Archivo : C:\Users\c\AppData\Local\Google\Chrome\User Data\Default\preferences ]


    *************************

    AdwCleaner[R0].txt - [13985 octets] - [18/12/2013 15:28:32]

    ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [14046 octets] ##########

    Moving on...OTL Scan...

    2) OTL.txt

    OTL logfile created on: 18/12/2013 15:55:06 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\c\Desktop
    Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6000.17037)
    Locale: 00000809 | Country: Reino Unido | Language: ENG | Date Format: dd/MM/yyyy

    1022.94 Mb Total Physical Memory | 547.07 Mb Available Physical Memory | 53.48% Memory free
    2.23 Gb Paging File | 0.90 Gb Available in Paging File | 40.24% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 111.70 Gb Total Space | 23.17 Gb Free Space | 20.74% Space Free | Partition Type: NTFS
    Drive D: | 111.43 Gb Total Space | 111.06 Gb Free Space | 99.67% Space Free | Partition Type: NTFS

    Computer Name: C1 | User Name: c | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/12/18 15:53:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\c\Desktop\OTL.exe
    PRC - [2013/12/01 01:00:48 | 003,568,312 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    PRC - [2013/12/01 01:00:46 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    PRC - [2013/11/07 10:27:49 | 005,717,272 | ---- | M] (SUPERAntiSpyware) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    PRC - [2013/07/31 21:30:36 | 002,296,600 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
    PRC - [2013/07/31 21:30:24 | 000,363,288 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\LogiAppBroker.exe
    PRC - [2013/06/13 20:31:38 | 000,148,248 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
    PRC - [2013/05/10 08:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2013/01/18 15:21:02 | 000,873,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    PRC - [2013/01/18 15:21:00 | 001,821,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    PRC - [2013/01/18 07:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2012/10/02 11:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    PRC - [2012/09/08 08:54:37 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    PRC - [2012/05/16 14:44:58 | 001,084,840 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe
    PRC - [2012/04/22 12:51:04 | 000,720,936 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    PRC - [2012/04/22 12:50:44 | 000,174,120 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
    PRC - [2012/04/22 12:50:28 | 000,142,376 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
    PRC - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    PRC - [2010/10/20 17:41:22 | 000,067,904 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\NLSSRV32.EXE
    PRC - [2008/10/29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2008/09/10 13:01:28 | 000,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    PRC - [2007/02/15 10:07:16 | 004,390,912 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
    PRC - [2007/02/09 05:35:54 | 000,397,312 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    PRC - [2007/02/07 00:04:26 | 000,457,512 | ---- | M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
    PRC - [2007/01/31 17:18:42 | 000,053,248 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    PRC - [2006/12/29 17:51:56 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    PRC - [2006/11/02 19:40:12 | 000,174,656 | ---- | M] () -- C:\Windows\System32\PSIService.exe
    PRC - [2006/11/02 10:44:59 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
    PRC - [2006/11/02 10:44:50 | 000,088,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
    PRC - [2005/07/15 22:48:33 | 000,479,232 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Gmail Notifier\gnotify.exe


    ========== Modules (No Company Name) ==========

    MOD - [2013/12/18 10:45:42 | 002,152,448 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\13121800\algo.dll
    MOD - [2013/12/01 01:00:56 | 019,336,120 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\libcef.dll
    MOD - [2012/05/16 14:45:56 | 000,276,392 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\phonon4.dll
    MOD - [2012/05/16 14:45:40 | 002,652,584 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtXmlPatterns4.dll
    MOD - [2012/05/16 14:45:40 | 000,363,944 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtXml4.dll
    MOD - [2012/05/16 14:45:38 | 011,166,120 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtWebKit4.dll
    MOD - [2012/05/16 14:45:36 | 001,346,472 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtScript4.dll
    MOD - [2012/05/16 14:45:36 | 000,205,736 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtSql4.dll
    MOD - [2012/05/16 14:45:34 | 001,013,672 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtNetwork4.dll
    MOD - [2012/05/16 14:45:34 | 000,720,296 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtOpenGL4.dll
    MOD - [2012/05/16 14:45:32 | 008,506,280 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtGui4.dll
    MOD - [2012/05/16 14:45:32 | 000,520,104 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtMultimediaKit1.dll
    MOD - [2012/05/16 14:45:30 | 002,480,552 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtDeclarative4.dll
    MOD - [2012/05/16 14:45:30 | 002,353,576 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtCore4.dll
    MOD - [2012/05/16 14:45:28 | 000,445,864 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll
    MOD - [2012/05/16 14:45:22 | 000,206,760 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\Imageformats\qjpeg4.dll
    MOD - [2012/05/16 14:45:22 | 000,035,240 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\Imageformats\qico4.dll
    MOD - [2012/05/16 14:45:20 | 000,032,680 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\Imageformats\qgif4.dll
    MOD - [2012/05/16 14:44:54 | 000,437,672 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\NService.dll
    MOD - [2012/05/16 14:44:16 | 000,604,072 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\CommonUpdateChecker.dll
    MOD - [2012/05/16 12:46:28 | 000,391,056 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\ssoengine.dll
    MOD - [2012/05/16 12:46:28 | 000,059,280 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\securestorage.dll
    MOD - [2012/05/16 12:45:30 | 000,110,080 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\mediaservice\dsengine.dll
    MOD - [2011/07/29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
    MOD - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    MOD - [2009/11/06 21:35:25 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\22e348e7fee20fcb2013d3dfe016ae8e\System.Management.ni.dll
    MOD - [2009/11/06 18:28:51 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\ae77b2b91367f11d340cf3bf2428af59\System.ServiceProcess.ni.dll
    MOD - [2009/11/06 18:28:46 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\23281812ddf7a1fab881b5322e577ac4\System.Runtime.Remoting.ni.dll
    MOD - [2009/11/06 18:28:07 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e6001d416f7c468334934a2c6a41c631\System.Configuration.ni.dll
    MOD - [2009/11/06 18:26:47 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\7208ffa39630e9b923331f9df0947a12\System.Xml.ni.dll
    MOD - [2009/10/16 10:18:31 | 007,868,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\52e1ea3c7491e05cda766d7b3ce3d559\System.ni.dll
    MOD - [2009/10/16 10:17:31 | 011,486,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\17f572b09facdc5fda9431558eb7a26e\mscorlib.ni.dll
    MOD - [2008/12/02 19:25:24 | 000,094,720 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
    MOD - [2008/07/27 18:52:32 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_es_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll
    MOD - [2007/09/20 17:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
    MOD - [2007/01/31 17:18:16 | 000,016,384 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll
    MOD - [2007/01/31 17:18:16 | 000,016,384 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\IERYETF.dll
    MOD - [2006/12/29 17:51:56 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    MOD - [2006/12/29 17:51:20 | 000,040,960 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\ePerformance.Library.dll
    MOD - [2006/12/29 17:51:18 | 000,016,384 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\MemCheck.Interface.dll
    MOD - [2006/12/14 15:00:04 | 000,081,920 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\INT15.dll
    MOD - [2006/11/02 19:40:12 | 000,174,656 | ---- | M] () -- C:\Windows\System32\PSIService.exe
    MOD - [2006/05/14 15:44:00 | 000,070,144 | ---- | M] () -- C:\Program Files\PSPad editor\PSPadShell.dll


    ========== Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
    SRV - File not found [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (CLTNetCnService)
    SRV - [2013/12/11 17:48:11 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2013/12/10 13:11:40 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013/12/01 01:00:46 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2013/09/05 10:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2013/06/13 20:31:00 | 000,293,144 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
    SRV - [2013/05/10 08:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2013/02/25 23:22:34 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
    SRV - [2013/01/18 07:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2012/10/02 11:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
    SRV - [2012/09/08 08:54:37 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
    SRV - [2012/04/22 12:51:04 | 000,720,936 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
    SRV - [2010/10/20 17:41:22 | 000,067,904 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\NLSSRV32.EXE -- (nlsX86cc)
    SRV - [2008/09/10 13:01:28 | 000,611,664 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
    SRV - [2007/02/07 00:04:26 | 000,457,512 | ---- | M] (HiTRSUT) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service)
    SRV - [2007/01/31 17:18:42 | 000,053,248 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
    SRV - [2007/01/17 04:02:28 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2006/12/29 17:51:56 | 000,028,672 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService)
    SRV - [2006/11/02 19:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbmodem.sys -- (USBModem)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbdiag.sys -- (UsbDiag)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbbus.sys -- (usbbus)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\pfc.sys -- (pfc)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgvmodem.sys -- (LGVMODEM)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgbtbus.sys -- (lgbusenum)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgbtport.sys -- (LgBttPort)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
    DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
    DRV - [2013/12/01 01:01:00 | 000,774,392 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
    DRV - [2013/12/01 01:01:00 | 000,403,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2013/12/01 01:01:00 | 000,178,304 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
    DRV - [2013/12/01 01:01:00 | 000,070,384 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV - [2013/12/01 01:01:00 | 000,057,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2013/12/01 01:01:00 | 000,054,832 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2013/12/01 01:01:00 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
    DRV - [2013/12/01 01:01:00 | 000,035,656 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2013/05/23 07:12:36 | 000,079,256 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouKE.Sys -- (LMouKE)
    DRV - [2013/05/23 07:12:24 | 000,063,000 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L8042mou.Sys -- (L8042mou)
    DRV - [2013/05/23 07:12:24 | 000,019,992 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L8042Kbd.sys -- (L8042Kbd)
    DRV - [2013/02/25 23:22:06 | 008,939,296 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2012/04/22 12:51:38 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
    DRV - [2012/01/09 16:28:20 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
    DRV - [2012/01/09 16:28:20 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
    DRV - [2012/01/09 16:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
    DRV - [2012/01/09 16:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
    DRV - [2011/08/05 12:54:05 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2011/08/05 12:54:05 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
    DRV - [2009/11/12 05:14:28 | 000,066,664 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
    DRV - [2009/03/27 01:16:28 | 000,012,672 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz132_x32.sys -- (cpuz132)
    DRV - [2007/05/17 15:01:46 | 002,608,640 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
    DRV - [2007/02/16 06:13:06 | 000,432,504 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SISGRKMD.sys -- (SiS6350)
    DRV - [2007/01/24 10:08:06 | 000,056,184 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SISAGPX.SYS -- (SISAGP)
    DRV - [2007/01/22 09:09:08 | 000,046,592 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SiSGB6.sys -- (SiSGbeLH)
    DRV - [2006/12/07 17:12:02 | 000,076,584 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-1239104429-2824428468-656559341-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Acer | explore beyond limits [binary data]
    IE - HKU\S-1-5-21-1239104429-2824428468-656559341-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Acer | explore beyond limits
    IE - HKU\S-1-5-21-1239104429-2824428468-656559341-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-1239104429-2824428468-656559341-1000\..\URLSearchHook: - No CLSID value found
    IE - HKU\S-1-5-21-1239104429-2824428468-656559341-1000\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
    IE - HKU\S-1-5-21-1239104429-2824428468-656559341-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKU\S-1-5-21-1239104429-2824428468-656559341-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE - HKU\S-1-5-21-1239104429-2824428468-656559341-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=700A001C2501C16A&affID=119357&tsp=4993
    IE - HKU\S-1-5-21-1239104429-2824428468-656559341-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
    IE - HKU\S-1-5-21-1239104429-2824428468-656559341-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GCNV_es
    IE - HKU\S-1-5-21-1239104429-2824428468-656559341-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "https://www.google.es/?gws_rd=cr&ei=mzglUuD3JcKq0QXajID4Dw"
    FF - prefs.js..extensions.enabledAddons: %7BB17C1C5A-04B1-11DB-9804-B622A1EF5492%7D:1.2.1
    FF - prefs.js..extensions.enabledAddons: %7B37fa1426-b82d-11db-8314-0800200c9a66%7D:3.3.10
    FF - prefs.js..extensions.enabledAddons: %7B5384767E-00D9-40E9-B72F-9CC39D655D6F%7D:1.4.2.4
    FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.21
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
    FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.6
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
    FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2013/12/18 03:31:33 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/10/30 03:30:30 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/12/11 17:47:33 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/12/11 17:47:47 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/12/11 17:47:33 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/12/11 17:47:47 | 000,000,000 | ---D | M]

    [2008/11/14 18:16:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\c\AppData\Roaming\mozilla\Extensions
    [2013/12/12 22:10:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\c\AppData\Roaming\mozilla\Firefox\Profiles\w4hkhep1.default\extensions
    [2013/12/18 08:46:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\c\AppData\Roaming\mozilla\Firefox\Profiles\w4hkhep1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2013/12/18 08:46:08 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\c\AppData\Roaming\mozilla\Firefox\Profiles\w4hkhep1.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
    [2013/12/18 08:46:09 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\c\AppData\Roaming\mozilla\Firefox\Profiles\w4hkhep1.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    [2013/12/12 22:10:20 | 000,217,699 | ---- | M] () (No name found) -- C:\Users\c\AppData\Roaming\mozilla\firefox\profiles\w4hkhep1.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi
    [2013/04/13 09:54:33 | 000,089,442 | ---- | M] () (No name found) -- C:\Users\c\AppData\Roaming\mozilla\firefox\profiles\w4hkhep1.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi
    [2013/05/06 12:40:20 | 001,360,435 | ---- | M] () (No name found) -- C:\Users\c\AppData\Roaming\mozilla\firefox\profiles\w4hkhep1.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
    [2013/12/11 17:47:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2013/12/11 17:47:35 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
    [2013/12/11 17:47:36 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2013/12/11 17:47:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
    [2013/12/11 17:48:13 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{googlemniboxStartMarginParameter}ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
    CHR - homepage: Google
    CHR - Extension: Google Docs = C:\Users\c\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
    CHR - Extension: Google Drive = C:\Users\c\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
    CHR - Extension: Google Drive = C:\Users\c\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
    CHR - Extension: YouTube = C:\Users\c\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
    CHR - Extension: B\u00FAsqueda de Google = C:\Users\c\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: B\u00FAsqueda de Google = C:\Users\c\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
    CHR - Extension: Skype Click to Call = C:\Users\c\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\
    CHR - Extension: Google Wallet = C:\Users\c\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
    CHR - Extension: \u003Cvideo\u003E de HTML5 de DivX Plus Web Player = C:\Users\c\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
    CHR - Extension: Gmail = C:\Users\c\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
    CHR - Extension: Gmail = C:\Users\c\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

    O1 HOSTS File: ([2009/03/28 01:20:52 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
    O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
    O3 - HKU\S-1-5-21-1239104429-2824428468-656559341-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
    O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.)
    O4 - HKLM..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.)
    O4 - HKLM..\Run: [Apanel] C:\AcerSW\Config\SetApanel.cmd ()
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe (LG Electronics)
    O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
    O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
    O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.)
    O4 - HKU\S-1-5-21-1239104429-2824428468-656559341-1000..\Run: [] File not found
    O4 - HKU\S-1-5-21-1239104429-2824428468-656559341-1000..\Run: [Acer Tour Reminder] File not found
    O4 - HKU\S-1-5-21-1239104429-2824428468-656559341-1000..\Run: [EPSON Stylus Photo R220 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE (SEIKO EPSON CORPORATION)
    O4 - HKU\S-1-5-21-1239104429-2824428468-656559341-1000..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
    O4 - HKU\S-1-5-21-1239104429-2824428468-656559341-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware)
    O4 - Startup: C:\Users\c\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Jacquie Lawson Advent Calendar.lnk = File not found
    O4 - Startup: C:\Users\c\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JL Alpine Advent Calendar.lnk = File not found
    O4 - Startup: C:\Users\c\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JL Edwardian Advent Calendar.lnk = File not found
    O4 - Startup: C:\Users\c\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = C:\Program Files\Common Files\Logishrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)
    O4 - Startup: C:\Users\zania\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = File not found
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1239104429-2824428468-656559341-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O13 - gopher Prefix: missing
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 10.45.2)
    O16 - DPF: {CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 1.7.0_13)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 10.45.2)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.58.61.250 80.58.61.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0A1BAFEA-BA3F-4F3D-9ECE-0F19CE450651}: DhcpNameServer = 80.58.61.250 80.58.61.254
    O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL File not found
    O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL File not found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
    O24 - Desktop WallPaper: C:\Users\c\AppData\Roaming\Microsoft\Windows Photo Gallery\Papel tapiz de Galería fotográfica de Windows.jpg
    O24 - Desktop BackupWallPaper: C:\Users\c\AppData\Roaming\Microsoft\Windows Photo Gallery\Papel tapiz de Galería fotográfica de Windows.jpg
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (lsdelete)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/12/18 15:52:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\c\Desktop\OTL.exe
    [2013/12/18 15:28:13 | 000,000,000 | ---D | C] -- C:\AdwCleaner
    [2013/12/18 10:20:53 | 000,000,000 | ---D | C] -- C:\Users\c\AppData\Roaming\Leadertech
    [2013/12/18 10:20:37 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\LogiShrd
    [2013/12/18 10:20:36 | 000,000,000 | ---D | C] -- C:\Users\c\AppData\Local\Logishrd
    [2013/12/18 10:19:57 | 000,000,000 | ---D | C] -- C:\Windows\LastGood
    [2013/12/18 10:18:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
    [2013/12/18 10:18:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Logishrd
    [2013/12/18 10:18:25 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
    [2013/12/18 10:17:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logishrd
    [2013/12/18 09:41:46 | 000,000,000 | ---D | C] -- C:\Users\c\AppData\Roaming\Logishrd
    [2013/12/18 01:09:07 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\c\Desktop\HijackThis.exe
    [2013/12/15 21:53:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
    [2013/12/11 17:47:32 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2013/12/01 01:08:51 | 000,000,000 | ---D | C] -- C:\Users\c\AppData\Roaming\AVAST Software
    [2013/12/01 01:01:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
    [2013/12/01 00:56:23 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
    [2013/11/25 11:24:32 | 000,000,000 | ---D | C] -- C:\Users\c\AppData\Roaming\JLAdventCalendarEdwardian2013
    [2013/11/25 11:08:24 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Download Assistant
    [2008/06/20 12:24:08 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\c\AppData\Roaming\pcouffin.sys
    [5 C:\Users\c\Documents\*.tmp files -> C:\Users\c\Documents\*.tmp -> ]
    [4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
    [4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/12/18 15:53:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\c\Desktop\OTL.exe
    [2013/12/18 15:45:12 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/12/18 15:45:12 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/12/18 15:35:00 | 000,000,838 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013/12/18 15:27:17 | 001,226,750 | ---- | M] () -- C:\Users\c\Desktop\AdwCleaner.exe
    [2013/12/18 15:18:00 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/12/18 10:52:46 | 000,052,650 | ---- | M] () -- C:\Users\c\Desktop\most-people-wont-go-into-an-animal-shelter_small.jpg
    [2013/12/18 10:31:00 | 000,000,998 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
    [2013/12/18 10:22:11 | 000,001,115 | ---- | M] () -- C:\Users\c\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
    [2013/12/18 10:18:00 | 000,001,084 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/12/18 09:45:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/12/18 03:33:17 | 000,001,848 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2013/12/18 01:09:18 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\c\Desktop\HijackThis.exe
    [2013/12/15 21:53:48 | 000,002,037 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
    [2013/12/13 20:56:51 | 165,145,055 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2013/12/10 22:32:21 | 000,000,104 | ---- | M] () -- C:\Users\c\Desktop\Papelera de reciclaje - Acceso directo.lnk
    [2013/12/10 13:11:40 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
    [2013/12/10 13:11:40 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
    [2013/12/01 01:01:00 | 000,774,392 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
    [2013/12/01 01:01:00 | 000,403,440 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
    [2013/12/01 01:01:00 | 000,178,304 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
    [2013/12/01 01:01:00 | 000,070,384 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
    [2013/12/01 01:01:00 | 000,057,672 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
    [2013/12/01 01:01:00 | 000,054,832 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
    [2013/12/01 01:01:00 | 000,049,944 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys
    [2013/12/01 01:01:00 | 000,035,656 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
    [2013/12/01 01:00:57 | 000,269,216 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
    [2013/12/01 01:00:57 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
    [2013/12/01 00:55:32 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
    [2013/11/25 15:20:38 | 000,000,952 | ---- | M] () -- C:\Users\c\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JL Edwardian Advent Calendar.lnk
    [2013/11/19 03:33:38 | 000,230,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
    [5 C:\Users\c\Documents\*.tmp files -> C:\Users\c\Documents\*.tmp -> ]
    [4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
    [4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/12/18 15:26:59 | 001,226,750 | ---- | C] () -- C:\Users\c\Desktop\AdwCleaner.exe
    [2013/12/18 10:52:45 | 000,052,650 | ---- | C] () -- C:\Users\c\Desktop\most-people-wont-go-into-an-animal-shelter_small.jpg
    [2013/12/18 10:22:11 | 000,001,115 | ---- | C] () -- C:\Users\c\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
    [2013/12/18 03:33:17 | 000,001,848 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2013/12/15 21:53:48 | 000,002,037 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
    [2013/12/10 22:32:21 | 000,000,104 | ---- | C] () -- C:\Users\c\Desktop\Papelera de reciclaje - Acceso directo.lnk
    [2013/11/25 11:24:41 | 000,000,952 | ---- | C] () -- C:\Users\c\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JL Edwardian Advent Calendar.lnk
    [2013/03/17 22:48:31 | 000,178,304 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
    [2013/03/17 22:48:28 | 000,049,944 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
    [2012/09/13 17:04:37 | 000,087,608 | ---- | C] () -- C:\Users\c\AppData\Roaming\inst.exe
    [2012/05/23 05:22:44 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll
    [2012/05/23 05:22:44 | 000,002,413 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini
    [2011/05/03 00:48:19 | 001,205,863 | ---- | C] () -- C:\Users\c\EHIC.jpg
    [2010/12/02 10:16:37 | 007,948,320 | ---- | C] () -- C:\Users\c\DoT_Hidden001.pdf
    [2010/12/01 03:53:39 | 018,973,849 | ---- | C] () -- C:\Users\c\mediamarkt catalogue nov dec 2010.pdf
    [2010/03/13 01:57:41 | 002,870,276 | ---- | C] () -- C:\Users\c\Havant Reservoir Newsletter004.pdf
    [2009/09/24 19:41:25 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2008/08/29 13:04:40 | 000,000,282 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2008/06/20 12:26:01 | 000,000,668 | ---- | C] () -- C:\Users\c\AppData\Roaming\vso_ts_preview.xml
    [2008/06/20 12:24:08 | 000,007,887 | ---- | C] () -- C:\Users\c\AppData\Roaming\pcouffin.cat
    [2008/06/20 12:24:08 | 000,001,144 | ---- | C] () -- C:\Users\c\AppData\Roaming\pcouffin.inf
    [2008/06/09 00:34:06 | 000,001,356 | ---- | C] () -- C:\Users\c\AppData\Local\d3d9caps.dat
    [2008/04/30 18:07:16 | 000,000,310 | ---- | C] () -- C:\Users\c\AppData\Roaming\APUSet.xml
    [2008/04/30 18:07:14 | 000,006,393 | ---- | C] () -- C:\Users\c\AppData\Roaming\PrimoPDFSet.xml
    [2008/03/15 22:19:22 | 002,401,349 | ---- | C] () -- C:\Users\c\VERSION_INGLES.pdf
    [2008/03/04 23:01:24 | 000,024,206 | ---- | C] () -- C:\Users\c\AppData\Roaming\UserTile.png
    [2008/02/22 16:49:07 | 000,000,024 | ---- | C] () -- C:\Users\c\AppData\Local\37562-11537-09847-00QV1-78241
    [2008/02/14 23:47:39 | 000,031,872 | ---- | C] () -- C:\Users\c\AppData\Roaming\wklnhst.dat
    [2007/12/20 19:37:51 | 000,175,104 | ---- | C] () -- C:\Users\c\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    ========== ZeroAccess Check ==========

    [2006/11/02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2008/11/06 13:57:06 | 011,315,712 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/03/03 05:16:12 | 000,614,912 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2006/11/02 10:46:13 | 000,348,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:4BF2F6B5
    @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:5C321E34
    @Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:0CE7F3C9
    @Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:24051EFF

    < End of report >

    3) OTL Extras.txt

    OTL Extras logfile created on: 18/12/2013 15:55:06 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\c\Desktop
    Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6000.17037)
    Locale: 00000809 | Country: Reino Unido | Language: ENG | Date Format: dd/MM/yyyy

    1022.94 Mb Total Physical Memory | 547.07 Mb Available Physical Memory | 53.48% Memory free
    2.23 Gb Paging File | 0.90 Gb Available in Paging File | 40.24% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 111.70 Gb Total Space | 23.17 Gb Free Space | 20.74% Space Free | Partition Type: NTFS
    Drive D: | 111.43 Gb Total Space | 111.06 Gb Free Space | 99.67% Space Free | Partition Type: NTFS

    Computer Name: C1 | User Name: c | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (All) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .bat [@ = batfile] -- "%1" %*
    .chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
    .cmd [@ = cmdfile] -- "%1" %*
    .com [@ = ComFile] -- "%1" %*
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .exe [@ = exefile] -- "%1" %*
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
    .html [@ = OperaStable] -- Reg Error: Key error. File not found
    .inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
    .ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
    .js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
    .jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
    .pif [@ = piffile] -- "%1" %*
    .reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
    .scr [@ = scrfile] -- "%1" /S
    .txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
    .vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
    .vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
    .wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
    .wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-1239104429-2824428468-656559341-1000\SOFTWARE\Classes\<extension>]
    .html [@ = htmlfile] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    batfile [open] -- "%1" %*
    batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
    cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    cmdfile [open] -- "%1" %*
    cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htafile [open] -- C:\Windows\system32\mshta.exe "%1" %* (Microsoft Corporation)
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    http [open] -- "C:\Program Files\Opera\launcher.exe" -noautoupdate "%1"
    https [open] -- "C:\Program Files\Opera\launcher.exe" -noautoupdate "%1"
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
    jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
    jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
    jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
    regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
    regfile [merge] -- Reg Error: Key error.
    regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
    vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "UacDisableNotify" = 0
    "InternetSettingsDisableNotify" = 0
    "AutoUpdateDisableNotify" = 0
    "FirewallDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{1598F385-EE6A-45E5-A0C6-361B56BF9F14}" = rport=5358 | protocol=6 | dir=out | app=system |
    "{2FDFF9E7-02B8-418D-AE92-20242C0F634E}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe |
    "{59F006DF-8844-49A1-B23E-6B85FFD1F7FC}" = lport=5358 | protocol=6 | dir=in | app=system |
    "{5C974A8A-5271-4515-A3DD-F822E298574A}" = lport=5357 | protocol=6 | dir=in | app=system |
    "{89A6E024-36BA-4010-B2CE-7E057ED7B82D}" = rport=5357 | protocol=6 | dir=out | app=system |
    "{CE205710-92E4-4AAF-900B-AB6FCE327D12}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe |
    "{D3D64935-0AA2-4E7A-B13E-0C766CC90EDA}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{D5A3B62B-2D74-427E-9B7C-1AAD30A707C7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{004B37B9-B372-4062-9113-211D6F15071B}" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
    "{0E9C6EFD-0E7A-42ED-9522-B05848FEE0C3}" = protocol=6 | dir=in | app=%systemroot%\system32\netproj.exe |
    "{102AEBD3-FEFF-4671-93DC-001FC203829C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{21BD3678-0D0B-4F67-A3EB-F5903AB8B0AC}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
    "{23DF4253-4658-469A-8278-5080F7BDF2AC}" = dir=in | app=c:\program files\acer zone\acer picture slide dvd\component\clsldvd.exe |
    "{2CFC8C1C-6B0B-4C21-9008-B5C69D97CA8C}" = protocol=6 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe |
    "{3762C585-A60A-4DAB-91AA-031B2EE73F1D}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
    "{520697E5-CC49-4B85-84B3-C30BA54AD367}" = protocol=6 | dir=in | app=c:\users\zania\appdata\roaming\dropbox\bin\dropbox.exe |
    "{57070FBF-FFA7-4DDB-AAC1-BDE9930BA6EB}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
    "{60FB6CAE-1E0D-492F-ADD7-7F30CE42DAC2}" = protocol=17 | dir=in | app=c:\users\zania\appdata\roaming\dropbox\bin\dropbox.exe |
    "{636F7A41-D7FA-4D48-960B-3E8B59BA272A}" = protocol=6 | dir=out | app=%systemroot%\system32\netproj.exe |
    "{6FC64A1E-8F83-4949-A927-1F5D199DD855}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{70ED60EF-3B61-43EE-BC1A-5090DD22B4FA}" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
    "{73FFAB86-405F-4A9D-94CC-EA8D6F29030F}" = protocol=6 | dir=in | app=c:\users\c\appdata\local\temp\~os3a61.tmp\rlvknlg.exe |
    "{78F8544F-E4B8-4310-A5F1-DF04C0A47A32}" = protocol=6 | dir=in | app=c:\windows\temp\~os7cbe.tmp\ossproxy.exe |
    "{839A4386-E6B3-4A56-95CC-2FD2532564CE}" = protocol=17 | dir=in | app=c:\users\c\appdata\roaming\dropbox\bin\dropbox.exe |
    "{88ADDE12-F634-48A9-AB1C-DA9C08068203}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
    "{8DB546CF-968E-437A-B33F-50682B06B60D}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
    "{94BCC4C7-54D6-4700-B771-79445C6A9DDD}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
    "{97A4E777-208E-4BDB-ADAC-2CE23A43DA14}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
    "{A6DD3428-A824-4C0C-867C-F7AA832E3E61}" = protocol=6 | dir=in | app=c:\windows\temp\~osc3ce.tmp\ossproxy.exe |
    "{BD851358-8A63-4AA1-BE97-CD71BE2559EF}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
    "{C35956EC-B177-4EA8-96F7-6EC7A772111C}" = protocol=6 | dir=in | app=c:\users\c\appdata\roaming\dropbox\bin\dropbox.exe |
    "{C59EDBAF-EF56-49DF-B813-1FF286A50F0A}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
    "{D3D065D0-2331-4744-9502-8B9E290CA13E}" = protocol=17 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe |
    "{DD326432-CA65-473C-B34B-5B3EB0B8E6F1}" = dir=in | app=c:\program files\acer zone\acer plug and record\component\dvax2process.exe |
    "{E112C7DE-56C6-401E-8B8A-68500A4A767B}" = dir=in | app=c:\program files\acer zone\acer plug and record\component\arawp.exe |
    "{E8F706E6-1DC7-405E-B64D-3571728D030D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{EBB3DC10-F418-40A0-AF68-1DD9F782567B}" = dir=in | app=c:\program files\acer zone\acer zone main page\mce deluxe suite.exe |
    "{EEBAACBD-317F-40C6-8CDE-20F349C05E79}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
    "TCP Query User{4020B1F6-8FBF-42A0-8287-81A44B408B25}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
    "TCP Query User{4FA32F91-A031-4DA3-ACA2-0CF692948DCC}C:\program files\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
    "TCP Query User{6548745C-2DEF-4ED7-805A-5DA3337C57AF}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
    "TCP Query User{830D0E26-C75F-4966-A68A-B31BC610A4A8}C:\users\c\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\c\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
    "TCP Query User{87ED4710-AEF0-413E-89C4-DBD9E8561F9D}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
    "TCP Query User{A64A0AD1-6DFD-4BF7-81C9-6A9BF5BE7755}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
    "TCP Query User{AD71C02D-DAC5-432A-9809-C37666C7968C}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
    "TCP Query User{B3142E72-6740-4A8C-AE2B-17AA91890925}C:\program files\zattoo\zattoo.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattoo.exe |
    "TCP Query User{BD81A748-37C1-4C8F-A2D8-38FDD323AEFD}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe |
    "TCP Query User{C147BEBC-2A53-40E8-9BAA-DF37D98151F0}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
    "TCP Query User{D016A75F-8AB6-453D-B212-5881FDD7381C}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
    "TCP Query User{D3A0E4C6-B121-4D36-B5D3-4335B7E99E1E}C:\users\c\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\c\program files\dna\btdna.exe |
    "TCP Query User{EEC270AF-3A9B-4F41-AF62-1B349AE0A070}C:\users\c\desktop\acarsds\acarsds.exe" = protocol=6 | dir=in | app=c:\users\c\desktop\acarsds\acarsds.exe |
    "TCP Query User{EFED8A0B-F31D-4C9F-AADD-ADFD74BDCF40}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
    "TCP Query User{F6E8BA07-5373-4728-9184-01C7455E6ABF}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
    "TCP Query User{FB5C6462-859E-46FC-81CB-9229BC0ECBE4}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
    "TCP Query User{FD481069-2DD4-4D51-B80C-553D239BE17F}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
    "UDP Query User{0B0A7ECD-C463-4B2F-99BA-7050F57F92D2}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
    "UDP Query User{19C66414-335D-4ACE-A85C-F6F8AFB558A3}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
    "UDP Query User{3140BDF4-2568-4CDE-857B-0B45909612E2}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
    "UDP Query User{34990EDC-24EB-4F58-9C2F-E656B479714D}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
    "UDP Query User{384688D2-2284-4BEF-89E9-ABC4E2DFC292}C:\users\c\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\c\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
    "UDP Query User{3917C690-C9EB-425F-AEB2-8CD6FAA5313E}C:\users\c\desktop\acarsds\acarsds.exe" = protocol=17 | dir=in | app=c:\users\c\desktop\acarsds\acarsds.exe |
    "UDP Query User{45CAB5FE-4DBC-4209-8AB9-9881B739A8A3}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
    "UDP Query User{4664FBDF-3011-4C56-8AB9-921C886E3A0B}C:\users\c\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\c\program files\dna\btdna.exe |
    "UDP Query User{5D6E4442-670D-40FE-BC47-675DB41AC76B}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
    "UDP Query User{5E9F550E-7055-4AC5-AA62-E3BA2375C079}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
    "UDP Query User{72BE8258-D80D-473E-A404-E80878635592}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
    "UDP Query User{8791646A-51A8-4F67-B503-F559B2FDAB4A}C:\program files\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
    "UDP Query User{8DD95487-8C02-4C6F-94EE-0BFF60A07113}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
    "UDP Query User{A9C493FD-3FCA-4326-A7E9-F56773D84AB2}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
    "UDP Query User{B9C7C547-09FF-4A37-8067-256EFD74884E}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe |
    "UDP Query User{C0DE31D6-79F9-4A3C-816A-55EE7E255435}C:\program files\zattoo\zattoo.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattoo.exe |
    "UDP Query User{D24A00E2-744E-4801-97E6-8B862663147D}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier
    "{095A5DB5-0917-4A63-B68D-9D0B6070B31B}" = Windows Live Asistente para el inicio de sesión
    "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
    "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
    "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
    "{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
    "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
    "{1A3E23D7-7A1E-43EC-B35D-EB2A31BED943}" = Video DVD Maker v3.8.0.18
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{230CCBE9-14B0-4008-97AF-30C10F99E42C}" = ArcSoft PhotoStudio 5.5
    "{26A24AE4-039D-4CA4-87B4-2F83217040FF}" = Java 7 Update 45
    "{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
    "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
    "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
    "{342126E1-173C-4585-BFBE-3EBDD20E3E9E}" = Mobipocket Reader 6.2
    "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
    "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
    "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
    "{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer Picture Slide DVD
    "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
    "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
    "{52E225FC-FCB4-41F7-837B-6E37FB05BD7B}" = Adobe AIR
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
    "{675F65BF-F58A-44DD-9555-6F439759C4E4}" = SOAP3 and XML4
    "{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
    "{72199E33-4F2A-4B7F-8E25-95DDDD50A678}" = Acer System Information
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7964AE02-9127-42C0-A917-2CE4CD4EFE3B}" = Nokia Suite
    "{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}" = OmniPage SE 2.0
    "{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
    "{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
    "{7B63B2922B174135AFC0E1377DD81EC2}" =
    "{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8
    "{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
    "{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
    "{913D0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Standard for Students and Teachers
    "{92E4A65F-7007-3357-A69A-167F71A337BD}" = Microsoft .NET Framework 3.5 Language Pack SP1 - esn
    "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
    "{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
    "{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time Lib Setup
    "{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.8)
    "{AEEAE013-92F1-4515-B278-139F1A692A36}" = Acer eDataSecurity Management
    "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
    "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA Controlador de 3D Vision 311.06
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panel de control de NVIDIA 311.06
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Controlador de gráficos 311.06
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Actualización de NVIDIA 1.11.3
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
    "{B76D4A7F-FF11-4420-947C-C3AD624B9DBA}" = Jasc Paint Shop Photo Album
    "{B9C54C44-BB5A-4B03-8907-C01A9790195A}" = Manual CanoScan 3200,3200F
    "{CB54ABA8-D67F-47AD-A76C-2631BADA9FE5}" = Microsoft Works Suite Add-in for Microsoft Word
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D462BF9E-0C35-4705-BF9B-3DF9F3816643}" = Acer ePerformance Management
    "{DA5B2BDC-F654-4A88-A669-4D34BC7846A1}" = PC Connectivity Solution
    "{DE1AF137-C455-494A-A817-EFE44BCCFDEE}" = Works Upgrade
    "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
    "{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}" = NVIDIA PhysX
    "{E15BC10F-04AA-0AFD-A6C9-476730195F8B}" = Adobe Download Assistant
    "{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
    "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
    "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
    "{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
    "{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Zone Main Page
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer Plug and Record
    "{F868C16D-75F8-4EE8-BCBF-422D0833415D}_is1" = Open PLS in Windows Media Player 2.3.0
    "{FD39EF4B-0B5C-4B33-8D57-2EE865A80EB1}_is1" = Boilsoft Video Joiner 6.57
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "504244733D18C8F63FF584AEB290E3904E791693" = Paquete de controladores de Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
    "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.9
    "avast" = avast! Free Antivirus
    "com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
    "CPUID HWMonitor_is1" = CPUID HWMonitor 1.15
    "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
    "DivX Setup" = DivX Setup
    "EPSON Printer and Utilities" = EPSON Printer Software
    "ESPR220 User's Guide" = ESPR220 User's Guide
    "FileZilla Client" = FileZilla Client 3.1.6
    "FLV Player" = FLV Player 2.0 (build 25)
    "Google Updater" = Google Updater
    "GTK 2.0" = GTK+ Runtime 2.12.12 rev a (remove only)
    "InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
    "IrfanView" = IrfanView (remove only)
    "KLiteCodecPack_is1" = K-Lite Codec Pack 6.1.0 (Full)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
    "Microsoft .NET Framework 3.5 Language Pack SP1 - esn" = Paquete de idioma de Microsoft .NET Framework 3.5 SP1 - esn
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft Press Interactive Training" = Microsoft Interactive Training
    "Money2005b" = Microsoft Money
    "Mozilla Firefox 26.0 (x86 en-US)" = Mozilla Firefox 26.0 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "Nokia Suite" = Nokia Suite
    "NVIDIA Display Control Panel" = NVIDIA Display Control Panel
    "NVIDIA Drivers" = NVIDIA Drivers
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "PSPad editor_is1" = PSPad editor
    "Shockwave" = Shockwave
    "sp6" = Logitech SetPoint 6.61
    "VLC media player" = VideoLAN VLC media player 0.8.6f
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WinRAR archiver" = WinRAR archiver
    "Works2005Setup" = Microsoft Works 2005 Setup Launcher

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1239104429-2824428468-656559341-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Amazon Kindle" = Amazon Kindle
    "Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

    ========== Last 20 Event Log Errors ==========

    [ Antivirus Events ]
    Error - 05/01/2010 19:01:57 | Computer Name = c1 | Source = avast! | ID = 33554522
    Description =

    Error - 06/05/2010 06:52:02 | Computer Name = c1 | Source = avast! | ID = 33554522
    Description =

    [ Application Events ]
    Error - 17/12/2013 05:00:57 | Computer Name = c1 | Source = Application Error | ID = 1000
    Description = Aplicación con errores eDSloader.exe, versión 2.5.3028.168, marca
    de hora 0x45c8a4a4, módulo con errores ADMIN_CLASS_LIB.dll, versión 6.0.6000.16386,
    marca de tiempo 0x4549bdc9, código de excepción 0xc0000135, desplazamiento con
    errores 0x00008fc7, Id. de proceso 0xbc0, hora de inicio de la aplicación 0x01cefb0663a0923c.

    Error - 17/12/2013 06:56:46 | Computer Name = c1 | Source = Application Error | ID = 1000
    Description = Aplicación con errores eDSloader.exe, versión 2.5.3028.168, marca
    de hora 0x45c8a4a4, módulo con errores ADMIN_CLASS_LIB.dll, versión 6.0.6000.16386,
    marca de tiempo 0x4549bdc9, código de excepción 0xc0000135, desplazamiento con
    errores 0x00008fc7, Id. de proceso 0xf38, hora de inicio de la aplicación 0x01cefb16952d95a0.

    Error - 17/12/2013 08:04:32 | Computer Name = c1 | Source = Application Error | ID = 1000
    Description = Aplicación con errores eDSloader.exe, versión 2.5.3028.168, marca
    de hora 0x45c8a4a4, módulo con errores ADMIN_CLASS_LIB.dll, versión 6.0.6000.16386,
    marca de tiempo 0x4549bdc9, código de excepción 0xc0000135, desplazamiento con
    errores 0x00008fc7, Id. de proceso 0xd10, hora de inicio de la aplicación 0x01cefb1ffc21a28d.

    Error - 17/12/2013 18:21:54 | Computer Name = c1 | Source = Application Error | ID = 1000
    Description = Aplicación con errores eDSloader.exe, versión 2.5.3028.168, marca
    de hora 0x45c8a4a4, módulo con errores ADMIN_CLASS_LIB.dll, versión 6.0.6000.16386,
    marca de tiempo 0x4549bdc9, código de excepción 0xc0000135, desplazamiento con
    errores 0x00008fc7, Id. de proceso 0xc88, hora de inicio de la aplicación 0x01cefb765f8df27b.

    Error - 17/12/2013 22:29:38 | Computer Name = c1 | Source = VSS | ID = 8194
    Description =

    Error - 18/12/2013 02:56:57 | Computer Name = c1 | Source = Application Error | ID = 1000
    Description = Aplicación con errores eDSloader.exe, versión 2.5.3028.168, marca
    de hora 0x45c8a4a4, módulo con errores ADMIN_CLASS_LIB.dll, versión 6.0.6000.16386,
    marca de tiempo 0x4549bdc9, código de excepción 0xc0000135, desplazamiento con
    errores 0x00008fc7, Id. de proceso 0xccc, hora de inicio de la aplicación 0x01cefbbe4ab122ea.

    Error - 18/12/2013 03:48:58 | Computer Name = c1 | Source = System Restore | ID = 8209
    Description =

    Error - 18/12/2013 03:56:21 | Computer Name = c1 | Source = Application Error | ID = 1000
    Description = Aplicación con errores eDSloader.exe, versión 2.5.3028.168, marca
    de hora 0x45c8a4a4, módulo con errores ADMIN_CLASS_LIB.dll, versión 6.0.6000.16386,
    marca de tiempo 0x4549bdc9, código de excepción 0xc0000135, desplazamiento con
    errores 0x00008fc7, Id. de proceso 0x524, hora de inicio de la aplicación 0x01cefbc582c0a6df.

    Error - 18/12/2013 04:02:42 | Computer Name = c1 | Source = Application Error | ID = 1000
    Description = Aplicación con errores eDSloader.exe, versión 2.5.3028.168, marca
    de hora 0x45c8a4a4, módulo con errores ADMIN_CLASS_LIB.dll, versión 6.0.6000.16386,
    marca de tiempo 0x4549bdc9, código de excepción 0xc0000135, desplazamiento con
    errores 0x00008fc7, Id. de proceso 0xc74, hora de inicio de la aplicación 0x01cefbc77bb87858.

    Error - 18/12/2013 04:45:59 | Computer Name = c1 | Source = Application Error | ID = 1000
    Description = Aplicación con errores eDSloader.exe, versión 2.5.3028.168, marca
    de hora 0x45c8a4a4, módulo con errores ADMIN_CLASS_LIB.dll, versión 6.0.6000.16386,
    marca de tiempo 0x4549bdc9, código de excepción 0xc0000135, desplazamiento con
    errores 0x00008fc7, Id. de proceso 0xa68, hora de inicio de la aplicación 0x01cefbcd84406754.

    [ Media Center Events ]
    Error - 16/04/2008 14:08:26 | Computer Name = c1 | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: error al descargar el paquete
    MCESpotlight.

    Error - 18/04/2008 19:46:19 | Computer Name = c1 | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: error al descargar el paquete
    MCESpotlight.

    [ System Events ]
    Error - 18/12/2013 03:47:06 | Computer Name = c1 | Source = ACPI | ID = 327686
    Description = IRQARB: la BIOS ACPI no contiene una IRQ para el dispositivo en la
    ranura PCI 6, función 0. Póngase en contacto con su proveedor de sistema para
    recibir asistencia técnica.

    Error - 18/12/2013 03:51:41 | Computer Name = c1 | Source = Service Control Manager | ID = 7038
    Description =

    Error - 18/12/2013 03:51:41 | Computer Name = c1 | Source = Service Control Manager | ID = 7000
    Description =

    Error - 18/12/2013 04:01:52 | Computer Name = c1 | Source = EventLog | ID = 6008
    Description = El cierre anterior del sistema a las 9:00:16 del 18/12/2013 resultó
    inesperado.

    Error - 18/12/2013 04:05:37 | Computer Name = c1 | Source = Service Control Manager | ID = 7038
    Description =

    Error - 18/12/2013 04:05:37 | Computer Name = c1 | Source = Service Control Manager | ID = 7000
    Description =

    Error - 18/12/2013 04:44:46 | Computer Name = c1 | Source = ACPI | ID = 327686
    Description = IRQARB: la BIOS ACPI no contiene una IRQ para el dispositivo en la
    ranura PCI 1, función 0. Póngase en contacto con su proveedor de sistema para
    recibir asistencia técnica.

    Error - 18/12/2013 04:44:46 | Computer Name = c1 | Source = ACPI | ID = 327686
    Description = IRQARB: la BIOS ACPI no contiene una IRQ para el dispositivo en la
    ranura PCI 6, función 0. Póngase en contacto con su proveedor de sistema para
    recibir asistencia técnica.

    Error - 18/12/2013 04:49:11 | Computer Name = c1 | Source = Service Control Manager | ID = 7038
    Description =

    Error - 18/12/2013 04:49:11 | Computer Name = c1 | Source = Service Control Manager | ID = 7000
    Description =


    < End of report >

    4) Superantispyware log (I removed the tracking cookies removed at the end of the scan..)

    SUPERAntiSpyware Scan Log
    SUPERAntiSpyware | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

    Generated 12/18/2013 at 04:47 AM

    Application Version : 5.6.1042

    Core Rules Database Version : 10833
    Trace Rules Database Version: 8645

    Scan type : Complete Scan
    Total Scan Time : 01:32:50

    Operating System Information
    Windows Vista Home Premium 32-bit (Build 6.00.6000)
    UAC On - Limited User (Administrator User)

    Memory items scanned : 809
    Memory threats detected : 0
    Registry items scanned : 45519
    Registry threats detected : 0
    File items scanned : 42746
    File threats detected : 545

    All 545 File threats were tracking cookies that I removed at the end of the scan...

    and finally

    5) Malwarebytes scan results...

    Malwarebytes Anti-Malware 1.75.0.1300
    Malwarebytes : Free anti-malware download

    Database version: v2013.12.18.01

    Windows Vista x86 NTFS
    Internet Explorer 7.0.6000.17037
    c :: C1 [administrator]

    18/12/2013 04:57:41
    mbam-log-2013-12-18 (04-57-41).txt

    Scan type: Full scan (C:\|D:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 450817
    Time elapsed: 1 hour(s), 55 minute(s), 29 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    Donna... thanks for your help so far... old age and senility are creeping up on me and as I said about the Adw scan I just wouldn't know where to begin... and with my luck of late if I hit the Clean button I'd probably kill off my computer and anything within 50 miles of it...

  6. #6
    Member whitenoiz's Avatar
    Join Date
    Jan 2008
    Location
    El Turro, Granada, Spain
    Posts
    160
    Points
    5

    Default

    Ok here goes... but first let me say that earlier this morning I did a system restore, back to the 6th December just before the last batch of Windows Updates was automatically installed. For what its worth the wayward mouse seems to have responded to the system restore and the installation of the latest software Having said that i still cannot make any sense of what has happened to my pics on photobucket it was OK late last week but now, of the 392 pics in my library only a handful remain as library thumbnails and clicking on them produces a greyed out box... All the rest carry the error message 'Sorry This person has deleted or moved this picture..'
    Well...I'm sorry too because this person most certainly did not delete or move the picture...
    For 392 pics to suddenly become unavailable smacks of either photobucket being hacked or my account being hacked...

    Anyway enough of that...

    Scans...I downloaded the Adw Cleaner as you suggested and ran the scan, but as you pointed out I may be confused about the result...
    That has to be the understatement of the year..!
    Frankly I just don't know what should be there and what shouldn't. I really do not know which boxes to leaved ticked, so rather than go through a possibly disastrous cleaning I have made a copy of the text file that appeared at the end of the scan. Only one thing on there stands out like a sore thumb and that's "C/Program Files/Babylon" which is gather is a highjacking PUP... I will have to leave it to your judgment regarding the remainder. I have no need of anything to do with ICQ...

    1) Heres the Adw logfile uncleaned...

    # AdwCleaner v3.015 - Reporte Creado 18/12/2013 en 15:28:32
    # Actualizado 10/12/2013 por Xplode
    # Sistema Operativo : Windows Vista (TM) Home Premium (32 bits)
    # Nombre de usuario : c - C1
    # Ejecutado desde : C:\Users\c\Desktop\AdwCleaner.exe
    # Opción : Escanear

    ***** [ Servicios ] *****


    ***** [ Archivos / Carpetas ] *****

    Archivo Encontrado : c:\Users\c\AppData\Roaming\Mozilla\Firefox\Profiles\w4hkhep1.default\bProtector_extensions.rdf
    Archivo Encontrado : c:\Users\c\AppData\Roaming\Mozilla\Firefox\Profiles\w4hkhep1.default\user.js
    Carpeta Encontrado : C:\Program Files\Mozilla Firefox\Extensions\{800B5000-A755-47E1-992B-48A1C1357F07}
    Carpeta Encontrado C:\Program Files\ICQ6Toolbar
    Carpeta Encontrado C:\ProgramData\Babylon
    Carpeta Encontrado C:\ProgramData\ICQ\ICQToolbar
    Carpeta Encontrado c:\Users\c\AppData\LocalLow\boost_interprocess
    Carpeta Encontrado c:\Users\c\AppData\LocalLow\Delta
    Carpeta Encontrado c:\Users\c\AppData\Roaming\DSite
    Carpeta Encontrado c:\Users\c\AppData\Roaming\Mozilla\Firefox\Profiles\w4hkhep1.default\ICQToolbarData
    Carpeta Encontrado c:\Users\c\AppData\Roaming\thinstall
    Carpeta Encontrado c:\Users\c\AppData\Roaming\vghd

    ***** [ Accesos directos ] *****


    ***** [ Registro ] *****

    Clave Encontrado : HKCU\Software\AppDataLow\Software\Conduit
    Clave Encontrado : HKCU\Software\BabSolution
    Clave Encontrado : HKCU\Software\Conduit
    Clave Encontrado : HKCU\Software\Delta
    Clave Encontrado : HKCU\Software\dsiteproducts
    Clave Encontrado : HKCU\Software\ICQ\ICQToolbar
    Clave Encontrado : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
    Clave Encontrado : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    Clave Encontrado : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
    Clave Encontrado : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
    Clave Encontrado : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{D08D9F98-1C78-4704-87E6-368B0023D831}
    Clave Encontrado : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
    Clave Encontrado : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta
    Clave Encontrado : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Wajam
    Clave Encontrado : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
    Clave Encontrado : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
    Clave Encontrado : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Clave Encontrado : HKCU\Software\YahooPartnerToolbar
    Clave Encontrado : HKLM\SOFTWARE\5c6de88b16fb846
    Clave Encontrado : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
    Clave Encontrado : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
    Clave Encontrado : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Clave Encontrado : HKLM\SOFTWARE\Classes\Conduit.Engine
    Clave Encontrado : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
    Clave Encontrado : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
    Clave Encontrado : HKLM\SOFTWARE\Classes\Prod.cap
    Clave Encontrado : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
    Clave Encontrado : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
    Clave Encontrado : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
    Clave Encontrado : HKLM\Software\Conduit
    Clave Encontrado : HKLM\Software\DataMngr
    Clave Encontrado : HKLM\Software\Delta
    Clave Encontrado : HKLM\Software\Freeze.com
    Clave Encontrado : HKLM\Software\ICQ\ICQToolbar
    Clave Encontrado : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3E657145-ED0F-431E-AFF6-CA43D900E35D}
    Clave Encontrado : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4846714B-4BDC-4C79-BB5F-6BC3CAA328FF}
    Clave Encontrado : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
    Clave Encontrado : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
    Clave Encontrado : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
    Valor Encontrado : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
    Valor Encontrado : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
    Valor Encontrado : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}]

    ***** [ Navegadores ] *****

    -\\ Internet Explorer v7.0.6000.17037

    Ajustes Encontrado : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search] - hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd

    -\\ Mozilla Firefox v26.0 (en-US)

    [ Archivo : c:\Users\c\AppData\Roaming\Mozilla\Firefox\Profiles\w4hkhep1.default\prefs.js ]

    Linea encontrada : user_pref("CT2504091.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
    Linea encontrada : user_pref("CT2504091.CTID", "CT2504091");
    Linea encontrada : user_pref("CT2504091.CurrentServerDate", "29-10-2010");
    Linea encontrada : user_pref("CT2504091.DialogsAlignMode", "LTR");
    Linea encontrada : user_pref("CT2504091.DownloadReferralCookieData", "");
    Linea encontrada : user_pref("CT2504091.EMailNotifierPollDate", "Fri Oct 29 2010 15:31:52 GMT+0200 (Hora de verano romance)");
    Linea encontrada : user_pref("CT2504091.FeedLastCount129079840422964131", 0);
    Linea encontrada : user_pref("CT2504091.FeedPollDate128891351169457140", "Fri Oct 29 2010 15:22:59 GMT+0200 (Hora de verano romance)");
    Linea encontrada : user_pref("CT2504091.FeedPollDate129079840422964131", "Fri Oct 29 2010 15:22:59 GMT+0200 (Hora de verano romance)");
    Linea encontrada : user_pref("CT2504091.FeedTTL128891351169457140", 40);
    Linea encontrada : user_pref("CT2504091.FirstServerDate", "29-10-2010");
    Linea encontrada : user_pref("CT2504091.FirstTime", true);
    Linea encontrada : user_pref("CT2504091.FirstTimeFF3", true);
    Linea encontrada : user_pref("CT2504091.FirstTimeSettingsDone", true);
    Linea encontrada : user_pref("CT2504091.FixPageNotFoundErrors", true);
    Linea encontrada : user_pref("CT2504091.GroupingServerCheckInterval", 1440);
    Linea encontrada : user_pref("CT2504091.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
    Linea encontrada : user_pref("CT2504091.Initialize", true);
    Linea encontrada : user_pref("CT2504091.InitializeCommonPrefs", true);
    Linea encontrada : user_pref("CT2504091.InstallationAndCookieDataSentCount", 1);
    Linea encontrada : user_pref("CT2504091.InstallationType", "UnknownIntegration");
    Linea encontrada : user_pref("CT2504091.InstalledDate", "Fri Oct 29 2010 15:22:59 GMT+0200 (Hora de verano romance)");
    Linea encontrada : user_pref("CT2504091.IsGrouping", false);
    Linea encontrada : user_pref("CT2504091.IsMulticommunity", false);
    Linea encontrada : user_pref("CT2504091.IsOpenThankYouPage", false);
    Linea encontrada : user_pref("CT2504091.IsOpenUninstallPage", false);
    Linea encontrada : user_pref("CT2504091.LanguagePackLastCheckTime", "Fri Oct 29 2010 15:23:01 GMT+0200 (Hora de verano romance)");
    Linea encontrada : user_pref("CT2504091.LanguagePackReloadIntervalMM", 1440);
    Linea encontrada : user_pref("CT2504091.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
    Linea encontrada : user_pref("CT2504091.LastLogin_2.7.2.0", "Fri Oct 29 2010 15:23:00 GMT+0200 (Hora de verano romance)");
    Linea encontrada : user_pref("CT2504091.LatestVersion", "2.6.0.14");
    Linea encontrada : user_pref("CT2504091.Locale", "en-us");
    Linea encontrada : user_pref("CT2504091.LoginCache", 4);
    Linea encontrada : user_pref("CT2504091.MCDetectTooltipHeight", "83");
    Linea encontrada : user_pref("CT2504091.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
    Linea encontrada : user_pref("CT2504091.MCDetectTooltipWidth", "295");
    Linea encontrada : user_pref("CT2504091.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2504091&octid=EB_ORIGINAL_CTID&SearchSource=1");
    Linea encontrada : user_pref("CT2504091.SearchFromAddressBarIsInit", true);
    Linea encontrada : user_pref("CT2504091.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&q=");
    Linea encontrada : user_pref("CT2504091.SearchInNewTabEnabled", true);
    Linea encontrada : user_pref("CT2504091.SearchInNewTabIntervalMM", 1440);
    Linea encontrada : user_pref("CT2504091.SearchInNewTabLastCheckTime", "Fri Oct 29 2010 15:23:00 GMT+0200 (Hora de verano romance)");
    Linea encontrada : user_pref("CT2504091.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
    Linea encontrada : user_pref("CT2504091.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
    Linea encontrada : user_pref("CT2504091.SettingsCheckIntervalMin", 120);
    Linea encontrada : user_pref("CT2504091.SettingsLastCheckTime", "Fri Oct 29 2010 15:22:58 GMT+0200 (Hora de verano romance)");
    Linea encontrada : user_pref("CT2504091.SettingsLastUpdate", "1286395440");
    Linea encontrada : user_pref("CT2504091.ThirdPartyComponentsInterval", 504);
    Linea encontrada : user_pref("CT2504091.ThirdPartyComponentsLastCheck", "Fri Oct 29 2010 15:22:58 GMT+0200 (Hora de verano romance)");
    Linea encontrada : user_pref("CT2504091.ThirdPartyComponentsLastUpdate", "1246790578");
    Linea encontrada : user_pref("CT2504091.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=101&sealid=112");
    Linea encontrada : user_pref("CT2504091.UserID", "UN41392475592401035");
    Linea encontrada : user_pref("CT2504091.alertChannelId", "897164");
    Linea encontrada : user_pref("CT2504091.clientLogIsEnabled", false);
    Linea encontrada : user_pref("CT2504091.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
    Linea encontrada : user_pref("CT2504091.myStuffEnabled", true);
    Linea encontrada : user_pref("CT2504091.myStuffPublihserMinWidth", 400);
    Linea encontrada : user_pref("CT2504091.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
    Linea encontrada : user_pref("CT2504091.myStuffServiceIntervalMM", 1440);
    Linea encontrada : user_pref("CT2504091.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
    Linea encontrada : user_pref("CT2504091.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
    Linea encontrada : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties");
    Linea encontrada : user_pref("CommunityToolbar.ToolbarsList", "CT2504091");
    Linea encontrada : user_pref("CommunityToolbar.ToolbarsList2", "CT2504091");
    Linea encontrada : user_pref("extensions.delta.admin", false);
    Linea encontrada : user_pref("extensions.delta.aflt", "babsst");
    Linea encontrada : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
    Linea encontrada : user_pref("extensions.delta.autoRvrt", "false");
    Linea encontrada : user_pref("extensions.delta.dfltLng", "es");
    Linea encontrada : user_pref("extensions.delta.excTlbr", false);
    Linea encontrada : user_pref("extensions.delta.ffxUnstlRst", true);
    Linea encontrada : user_pref("extensions.delta.id", "700a5cd7000000000000001c2501c16a");
    Linea encontrada : user_pref("extensions.delta.instlDay", "15950");
    Linea encontrada : user_pref("extensions.delta.instlRef", "sst");
    Linea encontrada : user_pref("extensions.delta.newTab", false);
    Linea encontrada : user_pref("extensions.delta.prdct", "delta");
    Linea encontrada : user_pref("extensions.delta.prtnrId", "delta");
    Linea encontrada : user_pref("extensions.delta.rvrt", "false");
    Linea encontrada : user_pref("extensions.delta.smplGrp", "none");
    Linea encontrada : user_pref("extensions.delta.tlbrId", "base");
    Linea encontrada : user_pref("extensions.delta.tlbrSrchUrl", "");
    Linea encontrada : user_pref("extensions.delta.vrsn", "1.8.24.6");
    Linea encontrada : user_pref("extensions.delta.vrsnTs", "1.8.24.61:14:26");
    Linea encontrada : user_pref("extensions.delta.vrsni", "1.8.24.6");
    Linea encontrada : user_pref("extensions.delta_i.babExt", "");
    Linea encontrada : user_pref("extensions.delta_i.babTrack", "affID=119357&tsp=4993");
    Linea encontrada : user_pref("extensions.delta_i.srcExt", "ss");
    Linea encontrada : user_pref("extensions.veohsearchrecs.SupportedSites", "<?xml version=\"1.0\" ?>\r\n<results revision=\"1.5.2\">\r\n <sites>\r\n <searchsite MatchesDomain=\"google.\" MatchesPath=\"/search\" [...]
    Linea encontrada : user_pref("extensions.veohsearchrecs.VeohVersion", "1.5.2");
    Linea encontrada : user_pref("extensions.veohsearchrecs.id", "0475c8b79-62b7-0ada-9da5-8515c866dd2");
    Linea encontrada : user_pref("extensions.veohsearchrecs.lastsitedate", "1");
    Linea encontrada : user_pref("extensions.veohsearchrecs.veohenabled", "false");
    Linea encontrada : user_pref("extensions.xnotifier.accounts.[gmail#jv7700@gmail.com].inboxOnly", true);
    Linea encontrada : user_pref("extensions.xnotifier.accounts.[hotmail#losabandonados@hotmail.co.uk].inboxOnly", true);
    Linea encontrada : user_pref("extensions.xnotifier.accounts.[hotmail#racing.snake@hotmail.com].inboxOnly", true);

    -\\ Google Chrome v

    [ Archivo : C:\Users\c\AppData\Local\Google\Chrome\User Data\Default\preferences ]


    *************************

    AdwCleaner[R0].txt - [13985 octets] - [18/12/2013 15:28:32]

    ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [14046 octets] ##########

    Moving on...OTL Scan...

    2) OTL.txt

    OTL logfile created on: 18/12/2013 15:55:06 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\c\Desktop
    Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6000.17037)
    Locale: 00000809 | Country: Reino Unido | Language: ENG | Date Format: dd/MM/yyyy

    1022.94 Mb Total Physical Memory | 547.07 Mb Available Physical Memory | 53.48% Memory free
    2.23 Gb Paging File | 0.90 Gb Available in Paging File | 40.24% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 111.70 Gb Total Space | 23.17 Gb Free Space | 20.74% Space Free | Partition Type: NTFS
    Drive D: | 111.43 Gb Total Space | 111.06 Gb Free Space | 99.67% Space Free | Partition Type: NTFS

    Computer Name: C1 | User Name: c | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2013/12/18 15:53:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\c\Desktop\OTL.exe
    PRC - [2013/12/01 01:00:48 | 003,568,312 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    PRC - [2013/12/01 01:00:46 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    PRC - [2013/11/07 10:27:49 | 005,717,272 | ---- | M] (SUPERAntiSpyware) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    PRC - [2013/07/31 21:30:36 | 002,296,600 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\SetPoint.exe
    PRC - [2013/07/31 21:30:24 | 000,363,288 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPointP\LogiAppBroker.exe
    PRC - [2013/06/13 20:31:38 | 000,148,248 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
    PRC - [2013/05/10 08:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2013/01/18 15:21:02 | 000,873,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    PRC - [2013/01/18 15:21:00 | 001,821,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    PRC - [2013/01/18 07:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2012/10/02 11:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    PRC - [2012/09/08 08:54:37 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
    PRC - [2012/05/16 14:44:58 | 001,084,840 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe
    PRC - [2012/04/22 12:51:04 | 000,720,936 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    PRC - [2012/04/22 12:50:44 | 000,174,120 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
    PRC - [2012/04/22 12:50:28 | 000,142,376 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
    PRC - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    PRC - [2010/10/20 17:41:22 | 000,067,904 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\NLSSRV32.EXE
    PRC - [2008/10/29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2008/09/10 13:01:28 | 000,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    PRC - [2007/02/15 10:07:16 | 004,390,912 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
    PRC - [2007/02/09 05:35:54 | 000,397,312 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
    PRC - [2007/02/07 00:04:26 | 000,457,512 | ---- | M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
    PRC - [2007/01/31 17:18:42 | 000,053,248 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    PRC - [2006/12/29 17:51:56 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    PRC - [2006/11/02 19:40:12 | 000,174,656 | ---- | M] () -- C:\Windows\System32\PSIService.exe
    PRC - [2006/11/02 10:44:59 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
    PRC - [2006/11/02 10:44:50 | 000,088,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
    PRC - [2005/07/15 22:48:33 | 000,479,232 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Gmail Notifier\gnotify.exe


    ========== Modules (No Company Name) ==========

    MOD - [2013/12/18 10:45:42 | 002,152,448 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\defs\13121800\algo.dll
    MOD - [2013/12/01 01:00:56 | 019,336,120 | ---- | M] () -- C:\Program Files\Alwil Software\Avast5\libcef.dll
    MOD - [2012/05/16 14:45:56 | 000,276,392 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\phonon4.dll
    MOD - [2012/05/16 14:45:40 | 002,652,584 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtXmlPatterns4.dll
    MOD - [2012/05/16 14:45:40 | 000,363,944 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtXml4.dll
    MOD - [2012/05/16 14:45:38 | 011,166,120 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtWebKit4.dll
    MOD - [2012/05/16 14:45:36 | 001,346,472 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtScript4.dll
    MOD - [2012/05/16 14:45:36 | 000,205,736 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtSql4.dll
    MOD - [2012/05/16 14:45:34 | 001,013,672 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtNetwork4.dll
    MOD - [2012/05/16 14:45:34 | 000,720,296 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtOpenGL4.dll
    MOD - [2012/05/16 14:45:32 | 008,506,280 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtGui4.dll
    MOD - [2012/05/16 14:45:32 | 000,520,104 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtMultimediaKit1.dll
    MOD - [2012/05/16 14:45:30 | 002,480,552 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtDeclarative4.dll
    MOD - [2012/05/16 14:45:30 | 002,353,576 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtCore4.dll
    MOD - [2012/05/16 14:45:28 | 000,445,864 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll
    MOD - [2012/05/16 14:45:22 | 000,206,760 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\Imageformats\qjpeg4.dll
    MOD - [2012/05/16 14:45:22 | 000,035,240 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\Imageformats\qico4.dll
    MOD - [2012/05/16 14:45:20 | 000,032,680 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\Imageformats\qgif4.dll
    MOD - [2012/05/16 14:44:54 | 000,437,672 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\NService.dll
    MOD - [2012/05/16 14:44:16 | 000,604,072 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\CommonUpdateChecker.dll
    MOD - [2012/05/16 12:46:28 | 000,391,056 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\ssoengine.dll
    MOD - [2012/05/16 12:46:28 | 000,059,280 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\securestorage.dll
    MOD - [2012/05/16 12:45:30 | 000,110,080 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\mediaservice\dsengine.dll
    MOD - [2011/07/29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
    MOD - [2011/07/29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    MOD - [2009/11/06 21:35:25 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\22e348e7fee20fcb2013d3dfe016ae8e\System.Management.ni.dll
    MOD - [2009/11/06 18:28:51 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\ae77b2b91367f11d340cf3bf2428af59\System.ServiceProcess.ni.dll
    MOD - [2009/11/06 18:28:46 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\23281812ddf7a1fab881b5322e577ac4\System.Runtime.Remoting.ni.dll
    MOD - [2009/11/06 18:28:07 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e6001d416f7c468334934a2c6a41c631\System.Configuration.ni.dll
    MOD - [2009/11/06 18:26:47 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\7208ffa39630e9b923331f9df0947a12\System.Xml.ni.dll
    MOD - [2009/10/16 10:18:31 | 007,868,416 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\52e1ea3c7491e05cda766d7b3ce3d559\System.ni.dll
    MOD - [2009/10/16 10:17:31 | 011,486,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\17f572b09facdc5fda9431558eb7a26e\mscorlib.ni.dll
    MOD - [2008/12/02 19:25:24 | 000,094,720 | ---- | M] () -- C:\Program Files\FileZilla FTP Client\fzshellext.dll
    MOD - [2008/07/27 18:52:32 | 000,040,960 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.ServiceProcess.resources\2.0.0.0_es_b03f5f7f11d50a3a\System.ServiceProcess.resources.dll
    MOD - [2007/09/20 17:34:58 | 000,129,024 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
    MOD - [2007/01/31 17:18:16 | 000,016,384 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll
    MOD - [2007/01/31 17:18:16 | 000,016,384 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\IERYETF.dll
    MOD - [2006/12/29 17:51:56 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    MOD - [2006/12/29 17:51:20 | 000,040,960 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\ePerformance.Library.dll
    MOD - [2006/12/29 17:51:18 | 000,016,384 | ---- | M] () -- C:\Acer\Empowering Technology\ePerformance\MemCheck.Interface.dll
    MOD - [2006/12/14 15:00:04 | 000,081,920 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\INT15.dll
    MOD - [2006/11/02 19:40:12 | 000,174,656 | ---- | M] () -- C:\Windows\System32\PSIService.exe
    MOD - [2006/05/14 15:44:00 | 000,070,144 | ---- | M] () -- C:\Program Files\PSPad editor\PSPadShell.dll


    ========== Services (SafeList) ==========

    SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\supportsoft\bin\ssrc.exe -- (SupportSoft RemoteAssist)
    SRV - File not found [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (CLTNetCnService)
    SRV - [2013/12/11 17:48:11 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2013/12/10 13:11:40 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2013/12/01 01:00:46 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2013/09/05 10:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
    SRV - [2013/06/13 20:31:00 | 000,293,144 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
    SRV - [2013/05/10 08:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2013/02/25 23:22:34 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
    SRV - [2013/01/18 07:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2012/10/02 11:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
    SRV - [2012/09/08 08:54:37 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
    SRV - [2012/04/22 12:51:04 | 000,720,936 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
    SRV - [2010/10/20 17:41:22 | 000,067,904 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\NLSSRV32.EXE -- (nlsX86cc)
    SRV - [2008/09/10 13:01:28 | 000,611,664 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
    SRV - [2007/02/07 00:04:26 | 000,457,512 | ---- | M] (HiTRSUT) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service)
    SRV - [2007/01/31 17:18:42 | 000,053,248 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
    SRV - [2007/01/17 04:02:28 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2006/12/29 17:51:56 | 000,028,672 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService)
    SRV - [2006/11/02 19:40:12 | 000,174,656 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbmodem.sys -- (USBModem)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbdiag.sys -- (UsbDiag)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbbus.sys -- (usbbus)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\pfc.sys -- (pfc)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgvmodem.sys -- (LGVMODEM)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgbtbus.sys -- (lgbusenum)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgbtport.sys -- (LgBttPort)
    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
    DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
    DRV - [2013/12/01 01:01:00 | 000,774,392 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
    DRV - [2013/12/01 01:01:00 | 000,403,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2013/12/01 01:01:00 | 000,178,304 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
    DRV - [2013/12/01 01:01:00 | 000,070,384 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV - [2013/12/01 01:01:00 | 000,057,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2013/12/01 01:01:00 | 000,054,832 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2013/12/01 01:01:00 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
    DRV - [2013/12/01 01:01:00 | 000,035,656 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2013/05/23 07:12:36 | 000,079,256 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouKE.Sys -- (LMouKE)
    DRV - [2013/05/23 07:12:24 | 000,063,000 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L8042mou.Sys -- (L8042mou)
    DRV - [2013/05/23 07:12:24 | 000,019,992 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L8042Kbd.sys -- (L8042Kbd)
    DRV - [2013/02/25 23:22:06 | 008,939,296 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2012/04/22 12:51:38 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
    DRV - [2012/01/09 16:28:20 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
    DRV - [2012/01/09 16:28:20 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
    DRV - [2012/01/09 16:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
    DRV - [2012/01/09 16:28:20 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
    DRV - [2011/08/05 12:54:05 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
    DRV - [2011/08/05 12:54:05 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
    DRV - [2009/11/12 05:14:28 | 000,066,664 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
    DRV - [2009/03/27 01:16:28 | 000,012,672 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\cpuz132_x32.sys -- (cpuz132)
    DRV - [2007/05/17 15:01:46 | 002,608,640 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
    DRV - [2007/02/16 06:13:06 | 000,432,504 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SISGRKMD.sys -- (SiS6350)
    DRV - [2007/01/24 10:08:06 | 000,056,184 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SISAGPX.SYS -- (SISAGP)
    DRV - [2007/01/22 09:09:08 | 000,046,592 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SiSGB6.sys -- (SiSGbeLH)
    DRV - [2006/12/07 17:12:02 | 000,076,584 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-1239104429-2824428468-656559341-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Acer | explore beyond limits [binary data]
    IE - HKU\S-1-5-21-1239104429-2824428468-656559341-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Acer | explore beyond limits
    IE - HKU\S-1-5-21-1239104429-2824428468-656559341-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-1239104429-2824428468-656559341-1000\..\URLSearchHook: - No CLSID value found
    IE - HKU\S-1-5-21-1239104429-2824428468-656559341-1000\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
    IE - HKU\S-1-5-21-1239104429-2824428468-656559341-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
    IE - HKU\S-1-5-21-1239104429-2824428468-656559341-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    IE - HKU\S-1-5-21-1239104429-2824428468-656559341-1000\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=700A001C2501C16A&affID=119357&tsp=4993
    IE - HKU\S-1-5-21-1239104429-2824428468-656559341-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
    IE - HKU\S-1-5-21-1239104429-2824428468-656559341-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GCNV_es
    IE - HKU\S-1-5-21-1239104429-2824428468-656559341-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "https://www.google.es/?gws_rd=cr&ei=mzglUuD3JcKq0QXajID4Dw"
    FF - prefs.js..extensions.enabledAddons: %7BB17C1C5A-04B1-11DB-9804-B622A1EF5492%7D:1.2.1
    FF - prefs.js..extensions.enabledAddons: %7B37fa1426-b82d-11db-8314-0800200c9a66%7D:3.3.10
    FF - prefs.js..extensions.enabledAddons: %7B5384767E-00D9-40E9-B72F-9CC39D655D6F%7D:1.4.2.4
    FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.21
    FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
    FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.6
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
    FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
    FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\Alwil Software\Avast5\WebRep\FF [2013/12/18 03:31:33 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/10/30 03:30:30 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/12/11 17:47:33 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/12/11 17:47:47 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/12/11 17:47:33 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/12/11 17:47:47 | 000,000,000 | ---D | M]

    [2008/11/14 18:16:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\c\AppData\Roaming\mozilla\Extensions
    [2013/12/12 22:10:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\c\AppData\Roaming\mozilla\Firefox\Profiles\w4hkhep1.default\extensions
    [2013/12/18 08:46:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\c\AppData\Roaming\mozilla\Firefox\Profiles\w4hkhep1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2013/12/18 08:46:08 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\c\AppData\Roaming\mozilla\Firefox\Profiles\w4hkhep1.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
    [2013/12/18 08:46:09 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\c\AppData\Roaming\mozilla\Firefox\Profiles\w4hkhep1.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    [2013/12/12 22:10:20 | 000,217,699 | ---- | M] () (No name found) -- C:\Users\c\AppData\Roaming\mozilla\firefox\profiles\w4hkhep1.default\extensions\{37fa1426-b82d-11db-8314-0800200c9a66}.xpi
    [2013/04/13 09:54:33 | 000,089,442 | ---- | M] () (No name found) -- C:\Users\c\AppData\Roaming\mozilla\firefox\profiles\w4hkhep1.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi
    [2013/05/06 12:40:20 | 001,360,435 | ---- | M] () (No name found) -- C:\Users\c\AppData\Roaming\mozilla\firefox\profiles\w4hkhep1.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
    [2013/12/11 17:47:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2013/12/11 17:47:35 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
    [2013/12/11 17:47:36 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2013/12/11 17:47:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
    [2013/12/11 17:48:13 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{googleriginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{googlemniboxStartMarginParameter}ie={inputEncoding}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
    CHR - homepage: Google
    CHR - Extension: Google Docs = C:\Users\c\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
    CHR - Extension: Google Drive = C:\Users\c\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
    CHR - Extension: Google Drive = C:\Users\c\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
    CHR - Extension: YouTube = C:\Users\c\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
    CHR - Extension: B\u00FAsqueda de Google = C:\Users\c\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
    CHR - Extension: B\u00FAsqueda de Google = C:\Users\c\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
    CHR - Extension: Skype Click to Call = C:\Users\c\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\
    CHR - Extension: Google Wallet = C:\Users\c\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
    CHR - Extension: \u003Cvideo\u003E de HTML5 de DivX Plus Web Player = C:\Users\c\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
    CHR - Extension: Gmail = C:\Users\c\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
    CHR - Extension: Gmail = C:\Users\c\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

    O1 HOSTS File: ([2009/03/28 01:20:52 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
    O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll (AVAST Software)
    O3 - HKU\S-1-5-21-1239104429-2824428468-656559341-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
    O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe (Google Inc.)
    O4 - HKLM..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.)
    O4 - HKLM..\Run: [Apanel] C:\AcerSW\Config\SetApanel.cmd ()
    O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
    O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe (LG Electronics)
    O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
    O4 - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
    O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.)
    O4 - HKU\S-1-5-21-1239104429-2824428468-656559341-1000..\Run: [] File not found
    O4 - HKU\S-1-5-21-1239104429-2824428468-656559341-1000..\Run: [Acer Tour Reminder] File not found
    O4 - HKU\S-1-5-21-1239104429-2824428468-656559341-1000..\Run: [EPSON Stylus Photo R220 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIAIA.EXE (SEIKO EPSON CORPORATION)
    O4 - HKU\S-1-5-21-1239104429-2824428468-656559341-1000..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
    O4 - HKU\S-1-5-21-1239104429-2824428468-656559341-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware)
    O4 - Startup: C:\Users\c\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Jacquie Lawson Advent Calendar.lnk = File not found
    O4 - Startup: C:\Users\c\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JL Alpine Advent Calendar.lnk = File not found
    O4 - Startup: C:\Users\c\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JL Edwardian Advent Calendar.lnk = File not found
    O4 - Startup: C:\Users\c\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk = C:\Program Files\Common Files\Logishrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)
    O4 - Startup: C:\Users\zania\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = File not found
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1239104429-2824428468-656559341-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
    O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O13 - gopher Prefix: missing
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 10.45.2)
    O16 - DPF: {CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 1.7.0_13)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jin...ndows-i586.cab (Java Plug-in 10.45.2)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.58.61.250 80.58.61.254
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0A1BAFEA-BA3F-4F3D-9ECE-0F19CE450651}: DhcpNameServer = 80.58.61.250 80.58.61.254
    O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL File not found
    O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL File not found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
    O24 - Desktop WallPaper: C:\Users\c\AppData\Roaming\Microsoft\Windows Photo Gallery\Papel tapiz de Galería fotográfica de Windows.jpg
    O24 - Desktop BackupWallPaper: C:\Users\c\AppData\Roaming\Microsoft\Windows Photo Gallery\Papel tapiz de Galería fotográfica de Windows.jpg
    O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (lsdelete)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

    ========== Files/Folders - Created Within 30 Days ==========

    [2013/12/18 15:52:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\c\Desktop\OTL.exe
    [2013/12/18 15:28:13 | 000,000,000 | ---D | C] -- C:\AdwCleaner
    [2013/12/18 10:20:53 | 000,000,000 | ---D | C] -- C:\Users\c\AppData\Roaming\Leadertech
    [2013/12/18 10:20:37 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\LogiShrd
    [2013/12/18 10:20:36 | 000,000,000 | ---D | C] -- C:\Users\c\AppData\Local\Logishrd
    [2013/12/18 10:19:57 | 000,000,000 | ---D | C] -- C:\Windows\LastGood
    [2013/12/18 10:18:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
    [2013/12/18 10:18:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Logishrd
    [2013/12/18 10:18:25 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
    [2013/12/18 10:17:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Logishrd
    [2013/12/18 09:41:46 | 000,000,000 | ---D | C] -- C:\Users\c\AppData\Roaming\Logishrd
    [2013/12/18 01:09:07 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\c\Desktop\HijackThis.exe
    [2013/12/15 21:53:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
    [2013/12/11 17:47:32 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
    [2013/12/01 01:08:51 | 000,000,000 | ---D | C] -- C:\Users\c\AppData\Roaming\AVAST Software
    [2013/12/01 01:01:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
    [2013/12/01 00:56:23 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
    [2013/11/25 11:24:32 | 000,000,000 | ---D | C] -- C:\Users\c\AppData\Roaming\JLAdventCalendarEdwardian2013
    [2013/11/25 11:08:24 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Download Assistant
    [2008/06/20 12:24:08 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\c\AppData\Roaming\pcouffin.sys
    [5 C:\Users\c\Documents\*.tmp files -> C:\Users\c\Documents\*.tmp -> ]
    [4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
    [4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2013/12/18 15:53:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\c\Desktop\OTL.exe
    [2013/12/18 15:45:12 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2013/12/18 15:45:12 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2013/12/18 15:35:00 | 000,000,838 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
    [2013/12/18 15:27:17 | 001,226,750 | ---- | M] () -- C:\Users\c\Desktop\AdwCleaner.exe
    [2013/12/18 15:18:00 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2013/12/18 10:52:46 | 000,052,650 | ---- | M] () -- C:\Users\c\Desktop\most-people-wont-go-into-an-animal-shelter_small.jpg
    [2013/12/18 10:31:00 | 000,000,998 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
    [2013/12/18 10:22:11 | 000,001,115 | ---- | M] () -- C:\Users\c\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
    [2013/12/18 10:18:00 | 000,001,084 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2013/12/18 09:45:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2013/12/18 03:33:17 | 000,001,848 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2013/12/18 01:09:18 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\c\Desktop\HijackThis.exe
    [2013/12/15 21:53:48 | 000,002,037 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
    [2013/12/13 20:56:51 | 165,145,055 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2013/12/10 22:32:21 | 000,000,104 | ---- | M] () -- C:\Users\c\Desktop\Papelera de reciclaje - Acceso directo.lnk
    [2013/12/10 13:11:40 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
    [2013/12/10 13:11:40 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
    [2013/12/01 01:01:00 | 000,774,392 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
    [2013/12/01 01:01:00 | 000,403,440 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
    [2013/12/01 01:01:00 | 000,178,304 | ---- | M] () -- C:\Windows\System32\drivers\aswVmm.sys
    [2013/12/01 01:01:00 | 000,070,384 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
    [2013/12/01 01:01:00 | 000,057,672 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
    [2013/12/01 01:01:00 | 000,054,832 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
    [2013/12/01 01:01:00 | 000,049,944 | ---- | M] () -- C:\Windows\System32\drivers\aswRvrt.sys
    [2013/12/01 01:01:00 | 000,035,656 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
    [2013/12/01 01:00:57 | 000,269,216 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
    [2013/12/01 01:00:57 | 000,043,152 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
    [2013/12/01 00:55:32 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
    [2013/11/25 15:20:38 | 000,000,952 | ---- | M] () -- C:\Users\c\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JL Edwardian Advent Calendar.lnk
    [2013/11/19 03:33:38 | 000,230,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
    [5 C:\Users\c\Documents\*.tmp files -> C:\Users\c\Documents\*.tmp -> ]
    [4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
    [4 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2013/12/18 15:26:59 | 001,226,750 | ---- | C] () -- C:\Users\c\Desktop\AdwCleaner.exe
    [2013/12/18 10:52:45 | 000,052,650 | ---- | C] () -- C:\Users\c\Desktop\most-people-wont-go-into-an-animal-shelter_small.jpg
    [2013/12/18 10:22:11 | 000,001,115 | ---- | C] () -- C:\Users\c\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
    [2013/12/18 03:33:17 | 000,001,848 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2013/12/15 21:53:48 | 000,002,037 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
    [2013/12/10 22:32:21 | 000,000,104 | ---- | C] () -- C:\Users\c\Desktop\Papelera de reciclaje - Acceso directo.lnk
    [2013/11/25 11:24:41 | 000,000,952 | ---- | C] () -- C:\Users\c\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\JL Edwardian Advent Calendar.lnk
    [2013/03/17 22:48:31 | 000,178,304 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
    [2013/03/17 22:48:28 | 000,049,944 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
    [2012/09/13 17:04:37 | 000,087,608 | ---- | C] () -- C:\Users\c\AppData\Roaming\inst.exe
    [2012/05/23 05:22:44 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll
    [2012/05/23 05:22:44 | 000,002,413 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini
    [2011/05/03 00:48:19 | 001,205,863 | ---- | C] () -- C:\Users\c\EHIC.jpg
    [2010/12/02 10:16:37 | 007,948,320 | ---- | C] () -- C:\Users\c\DoT_Hidden001.pdf
    [2010/12/01 03:53:39 | 018,973,849 | ---- | C] () -- C:\Users\c\mediamarkt catalogue nov dec 2010.pdf
    [2010/03/13 01:57:41 | 002,870,276 | ---- | C] () -- C:\Users\c\Havant Reservoir Newsletter004.pdf
    [2009/09/24 19:41:25 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2008/08/29 13:04:40 | 000,000,282 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2008/06/20 12:26:01 | 000,000,668 | ---- | C] () -- C:\Users\c\AppData\Roaming\vso_ts_preview.xml
    [2008/06/20 12:24:08 | 000,007,887 | ---- | C] () -- C:\Users\c\AppData\Roaming\pcouffin.cat
    [2008/06/20 12:24:08 | 000,001,144 | ---- | C] () -- C:\Users\c\AppData\Roaming\pcouffin.inf
    [2008/06/09 00:34:06 | 000,001,356 | ---- | C] () -- C:\Users\c\AppData\Local\d3d9caps.dat
    [2008/04/30 18:07:16 | 000,000,310 | ---- | C] () -- C:\Users\c\AppData\Roaming\APUSet.xml
    [2008/04/30 18:07:14 | 000,006,393 | ---- | C] () -- C:\Users\c\AppData\Roaming\PrimoPDFSet.xml
    [2008/03/15 22:19:22 | 002,401,349 | ---- | C] () -- C:\Users\c\VERSION_INGLES.pdf
    [2008/03/04 23:01:24 | 000,024,206 | ---- | C] () -- C:\Users\c\AppData\Roaming\UserTile.png
    [2008/02/22 16:49:07 | 000,000,024 | ---- | C] () -- C:\Users\c\AppData\Local\37562-11537-09847-00QV1-78241
    [2008/02/14 23:47:39 | 000,031,872 | ---- | C] () -- C:\Users\c\AppData\Roaming\wklnhst.dat
    [2007/12/20 19:37:51 | 000,175,104 | ---- | C] () -- C:\Users\c\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

    ========== ZeroAccess Check ==========

    [2006/11/02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

    [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

    [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
    "" = %SystemRoot%\system32\shell32.dll -- [2008/11/06 13:57:06 | 011,315,712 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Apartment

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
    "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/03/03 05:16:12 | 000,614,912 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Free

    [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
    "" = %systemroot%\system32\wbem\wbemess.dll -- [2006/11/02 10:46:13 | 000,348,672 | ---- | M] (Microsoft Corporation)
    "ThreadingModel" = Both

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:4BF2F6B5
    @Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:5C321E34
    @Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:0CE7F3C9
    @Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:24051EFF

    < End of report >

    3) OTL Extras.txt

    OTL Extras logfile created on: 18/12/2013 15:55:06 - Run 1
    OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\c\Desktop
    Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
    Internet Explorer (Version = 7.0.6000.17037)
    Locale: 00000809 | Country: Reino Unido | Language: ENG | Date Format: dd/MM/yyyy

    1022.94 Mb Total Physical Memory | 547.07 Mb Available Physical Memory | 53.48% Memory free
    2.23 Gb Paging File | 0.90 Gb Available in Paging File | 40.24% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 111.70 Gb Total Space | 23.17 Gb Free Space | 20.74% Space Free | Partition Type: NTFS
    Drive D: | 111.43 Gb Total Space | 111.06 Gb Free Space | 99.67% Space Free | Partition Type: NTFS

    Computer Name: C1 | User Name: c | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users
    Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (All) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .bat [@ = batfile] -- "%1" %*
    .chm [@ = chm.file] -- C:\Windows\hh.exe (Microsoft Corporation)
    .cmd [@ = cmdfile] -- "%1" %*
    .com [@ = ComFile] -- "%1" %*
    .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    .exe [@ = exefile] -- "%1" %*
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
    .hta [@ = htafile] -- C:\Windows\System32\mshta.exe (Microsoft Corporation)
    .html [@ = OperaStable] -- Reg Error: Key error. File not found
    .inf [@ = inffile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
    .ini [@ = inifile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
    .url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
    .js [@ = JSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
    .jse [@ = JSEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
    .pif [@ = piffile] -- "%1" %*
    .reg [@ = regfile] -- C:\Windows\regedit.exe (Microsoft Corporation)
    .scr [@ = scrfile] -- "%1" /S
    .txt [@ = txtfile] -- C:\Windows\System32\NOTEPAD.EXE (Microsoft Corporation)
    .vbe [@ = VBEFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
    .vbs [@ = VBSFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
    .wsf [@ = WSFFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)
    .wsh [@ = WSHFile] -- C:\Windows\System32\WScript.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-1239104429-2824428468-656559341-1000\SOFTWARE\Classes\<extension>]
    .html [@ = htmlfile] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    batfile [open] -- "%1" %*
    batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    chm.file [open] -- "%SystemRoot%\hh.exe" %1 (Microsoft Corporation)
    cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
    cmdfile [open] -- "%1" %*
    cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htafile [open] -- C:\Windows\system32\mshta.exe "%1" %* (Microsoft Corporation)
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
    htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
    htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    http [open] -- "C:\Program Files\Opera\launcher.exe" -noautoupdate "%1"
    https [open] -- "C:\Program Files\Opera\launcher.exe" -noautoupdate "%1"
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    inffile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inffile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    inifile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    inifile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
    InternetShortcut [print] -- rundll32.exe C:\Windows\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
    jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
    jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
    jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
    jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
    jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [edit] -- %SystemRoot%\system32\notepad.exe "%1" (Microsoft Corporation)
    regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
    regfile [merge] -- Reg Error: Key error.
    regfile [print] -- %SystemRoot%\system32\notepad.exe /p "%1" (Microsoft Corporation)
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
    txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
    txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
    vbefile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    vbefile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    vbefile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    vbsfile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    vbsfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    vbsfile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    wsffile [edit] -- "%SystemRoot%\System32\Notepad.exe" %1 (Microsoft Corporation)
    wsffile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    wsffile [print] -- "%SystemRoot%\System32\Notepad.exe" /p %1 (Microsoft Corporation)
    wshfile [open] -- "%SystemRoot%\System32\WScript.exe" "%1" %* (Microsoft Corporation)
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "UacDisableNotify" = 0
    "InternetSettingsDisableNotify" = 0
    "AutoUpdateDisableNotify" = 0
    "FirewallDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
    "DisableMonitoring" = 1

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== Vista Active Open Ports Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{1598F385-EE6A-45E5-A0C6-361B56BF9F14}" = rport=5358 | protocol=6 | dir=out | app=system |
    "{2FDFF9E7-02B8-418D-AE92-20242C0F634E}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe |
    "{59F006DF-8844-49A1-B23E-6B85FFD1F7FC}" = lport=5358 | protocol=6 | dir=in | app=system |
    "{5C974A8A-5271-4515-A3DD-F822E298574A}" = lport=5357 | protocol=6 | dir=in | app=system |
    "{89A6E024-36BA-4010-B2CE-7E057ED7B82D}" = rport=5357 | protocol=6 | dir=out | app=system |
    "{CE205710-92E4-4AAF-900B-AB6FCE327D12}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe |
    "{D3D64935-0AA2-4E7A-B13E-0C766CC90EDA}" = lport=2869 | protocol=6 | dir=in | app=system |
    "{D5A3B62B-2D74-427E-9B7C-1AAD30A707C7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

    ========== Vista Active Application Exception List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
    "{004B37B9-B372-4062-9113-211D6F15071B}" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
    "{0E9C6EFD-0E7A-42ED-9522-B05848FEE0C3}" = protocol=6 | dir=in | app=%systemroot%\system32\netproj.exe |
    "{102AEBD3-FEFF-4671-93DC-001FC203829C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
    "{21BD3678-0D0B-4F67-A3EB-F5903AB8B0AC}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
    "{23DF4253-4658-469A-8278-5080F7BDF2AC}" = dir=in | app=c:\program files\acer zone\acer picture slide dvd\component\clsldvd.exe |
    "{2CFC8C1C-6B0B-4C21-9008-B5C69D97CA8C}" = protocol=6 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe |
    "{3762C585-A60A-4DAB-91AA-031B2EE73F1D}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
    "{520697E5-CC49-4B85-84B3-C30BA54AD367}" = protocol=6 | dir=in | app=c:\users\zania\appdata\roaming\dropbox\bin\dropbox.exe |
    "{57070FBF-FFA7-4DDB-AAC1-BDE9930BA6EB}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
    "{60FB6CAE-1E0D-492F-ADD7-7F30CE42DAC2}" = protocol=17 | dir=in | app=c:\users\zania\appdata\roaming\dropbox\bin\dropbox.exe |
    "{636F7A41-D7FA-4D48-960B-3E8B59BA272A}" = protocol=6 | dir=out | app=%systemroot%\system32\netproj.exe |
    "{6FC64A1E-8F83-4949-A927-1F5D199DD855}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{70ED60EF-3B61-43EE-BC1A-5090DD22B4FA}" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
    "{73FFAB86-405F-4A9D-94CC-EA8D6F29030F}" = protocol=6 | dir=in | app=c:\users\c\appdata\local\temp\~os3a61.tmp\rlvknlg.exe |
    "{78F8544F-E4B8-4310-A5F1-DF04C0A47A32}" = protocol=6 | dir=in | app=c:\windows\temp\~os7cbe.tmp\ossproxy.exe |
    "{839A4386-E6B3-4A56-95CC-2FD2532564CE}" = protocol=17 | dir=in | app=c:\users\c\appdata\roaming\dropbox\bin\dropbox.exe |
    "{88ADDE12-F634-48A9-AB1C-DA9C08068203}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
    "{8DB546CF-968E-437A-B33F-50682B06B60D}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
    "{94BCC4C7-54D6-4700-B771-79445C6A9DDD}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
    "{97A4E777-208E-4BDB-ADAC-2CE23A43DA14}" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe |
    "{A6DD3428-A824-4C0C-867C-F7AA832E3E61}" = protocol=6 | dir=in | app=c:\windows\temp\~osc3ce.tmp\ossproxy.exe |
    "{BD851358-8A63-4AA1-BE97-CD71BE2559EF}" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe |
    "{C35956EC-B177-4EA8-96F7-6EC7A772111C}" = protocol=6 | dir=in | app=c:\users\c\appdata\roaming\dropbox\bin\dropbox.exe |
    "{C59EDBAF-EF56-49DF-B813-1FF286A50F0A}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
    "{D3D065D0-2331-4744-9502-8B9E290CA13E}" = protocol=17 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe |
    "{DD326432-CA65-473C-B34B-5B3EB0B8E6F1}" = dir=in | app=c:\program files\acer zone\acer plug and record\component\dvax2process.exe |
    "{E112C7DE-56C6-401E-8B8A-68500A4A767B}" = dir=in | app=c:\program files\acer zone\acer plug and record\component\arawp.exe |
    "{E8F706E6-1DC7-405E-B64D-3571728D030D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
    "{EBB3DC10-F418-40A0-AF68-1DD9F782567B}" = dir=in | app=c:\program files\acer zone\acer zone main page\mce deluxe suite.exe |
    "{EEBAACBD-317F-40C6-8CDE-20F349C05E79}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
    "TCP Query User{4020B1F6-8FBF-42A0-8287-81A44B408B25}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
    "TCP Query User{4FA32F91-A031-4DA3-ACA2-0CF692948DCC}C:\program files\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
    "TCP Query User{6548745C-2DEF-4ED7-805A-5DA3337C57AF}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
    "TCP Query User{830D0E26-C75F-4966-A68A-B31BC610A4A8}C:\users\c\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\c\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
    "TCP Query User{87ED4710-AEF0-413E-89C4-DBD9E8561F9D}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
    "TCP Query User{A64A0AD1-6DFD-4BF7-81C9-6A9BF5BE7755}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
    "TCP Query User{AD71C02D-DAC5-432A-9809-C37666C7968C}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
    "TCP Query User{B3142E72-6740-4A8C-AE2B-17AA91890925}C:\program files\zattoo\zattoo.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattoo.exe |
    "TCP Query User{BD81A748-37C1-4C8F-A2D8-38FDD323AEFD}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe |
    "TCP Query User{C147BEBC-2A53-40E8-9BAA-DF37D98151F0}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
    "TCP Query User{D016A75F-8AB6-453D-B212-5881FDD7381C}C:\program files\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
    "TCP Query User{D3A0E4C6-B121-4D36-B5D3-4335B7E99E1E}C:\users\c\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\c\program files\dna\btdna.exe |
    "TCP Query User{EEC270AF-3A9B-4F41-AF62-1B349AE0A070}C:\users\c\desktop\acarsds\acarsds.exe" = protocol=6 | dir=in | app=c:\users\c\desktop\acarsds\acarsds.exe |
    "TCP Query User{EFED8A0B-F31D-4C9F-AADD-ADFD74BDCF40}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
    "TCP Query User{F6E8BA07-5373-4728-9184-01C7455E6ABF}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
    "TCP Query User{FB5C6462-859E-46FC-81CB-9229BC0ECBE4}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
    "TCP Query User{FD481069-2DD4-4D51-B80C-553D239BE17F}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
    "UDP Query User{0B0A7ECD-C463-4B2F-99BA-7050F57F92D2}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
    "UDP Query User{19C66414-335D-4ACE-A85C-F6F8AFB558A3}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
    "UDP Query User{3140BDF4-2568-4CDE-857B-0B45909612E2}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
    "UDP Query User{34990EDC-24EB-4F58-9C2F-E656B479714D}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
    "UDP Query User{384688D2-2284-4BEF-89E9-ABC4E2DFC292}C:\users\c\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\c\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
    "UDP Query User{3917C690-C9EB-425F-AEB2-8CD6FAA5313E}C:\users\c\desktop\acarsds\acarsds.exe" = protocol=17 | dir=in | app=c:\users\c\desktop\acarsds\acarsds.exe |
    "UDP Query User{45CAB5FE-4DBC-4209-8AB9-9881B739A8A3}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |
    "UDP Query User{4664FBDF-3011-4C56-8AB9-921C886E3A0B}C:\users\c\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\c\program files\dna\btdna.exe |
    "UDP Query User{5D6E4442-670D-40FE-BC47-675DB41AC76B}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
    "UDP Query User{5E9F550E-7055-4AC5-AA62-E3BA2375C079}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
    "UDP Query User{72BE8258-D80D-473E-A404-E80878635592}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe |
    "UDP Query User{8791646A-51A8-4F67-B503-F559B2FDAB4A}C:\program files\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe |
    "UDP Query User{8DD95487-8C02-4C6F-94EE-0BFF60A07113}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
    "UDP Query User{A9C493FD-3FCA-4326-A7E9-F56773D84AB2}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
    "UDP Query User{B9C7C547-09FF-4A37-8067-256EFD74884E}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe |
    "UDP Query User{C0DE31D6-79F9-4A3C-816A-55EE7E255435}C:\program files\zattoo\zattoo.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattoo.exe |
    "UDP Query User{D24A00E2-744E-4801-97E6-8B862663147D}C:\program files\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\client\googleearth.exe |

    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier
    "{095A5DB5-0917-4A63-B68D-9D0B6070B31B}" = Windows Live Asistente para el inicio de sesión
    "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
    "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
    "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
    "{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
    "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
    "{1A3E23D7-7A1E-43EC-B35D-EB2A31BED943}" = Video DVD Maker v3.8.0.18
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{230CCBE9-14B0-4008-97AF-30C10F99E42C}" = ArcSoft PhotoStudio 5.5
    "{26A24AE4-039D-4CA4-87B4-2F83217040FF}" = Java 7 Update 45
    "{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
    "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
    "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
    "{342126E1-173C-4585-BFBE-3EBDD20E3E9E}" = Mobipocket Reader 6.2
    "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
    "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
    "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
    "{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer Picture Slide DVD
    "{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}" = Google Earth
    "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
    "{52E225FC-FCB4-41F7-837B-6E37FB05BD7B}" = Adobe AIR
    "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
    "{675F65BF-F58A-44DD-9555-6F439759C4E4}" = SOAP3 and XML4
    "{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
    "{72199E33-4F2A-4B7F-8E25-95DDDD50A678}" = Acer System Information
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7964AE02-9127-42C0-A917-2CE4CD4EFE3B}" = Nokia Suite
    "{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}" = OmniPage SE 2.0
    "{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
    "{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
    "{7B63B2922B174135AFC0E1377DD81EC2}" =
    "{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8
    "{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
    "{911B0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Word 2002
    "{913D0409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Standard for Students and Teachers
    "{92E4A65F-7007-3357-A69A-167F71A337BD}" = Microsoft .NET Framework 3.5 Language Pack SP1 - esn
    "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
    "{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A57025CC-5F2E-4D01-B387-06DB10500D43}" = Nokia Connectivity Cable Driver
    "{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe 1.4.136.1
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time Lib Setup
    "{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.8)
    "{AEEAE013-92F1-4515-B278-139F1A692A36}" = Acer eDataSecurity Management
    "{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
    "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
    "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA Controlador de 3D Vision 311.06
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = Panel de control de NVIDIA 311.06
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Controlador de gráficos 311.06
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = Actualización de NVIDIA 1.11.3
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
    "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
    "{B6F7DBE7-2FE2-458F-A738-B10832746036}" = Microsoft Reader
    "{B76D4A7F-FF11-4420-947C-C3AD624B9DBA}" = Jasc Paint Shop Photo Album
    "{B9C54C44-BB5A-4B03-8907-C01A9790195A}" = Manual CanoScan 3200,3200F
    "{CB54ABA8-D67F-47AD-A76C-2631BADA9FE5}" = Microsoft Works Suite Add-in for Microsoft Word
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
    "{D462BF9E-0C35-4705-BF9B-3DF9F3816643}" = Acer ePerformance Management
    "{DA5B2BDC-F654-4A88-A669-4D34BC7846A1}" = PC Connectivity Solution
    "{DE1AF137-C455-494A-A817-EFE44BCCFDEE}" = Works Upgrade
    "{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
    "{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}" = NVIDIA PhysX
    "{E15BC10F-04AA-0AFD-A6C9-476730195F8B}" = Adobe Download Assistant
    "{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
    "{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
    "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
    "{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
    "{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Zone Main Page
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer Plug and Record
    "{F868C16D-75F8-4EE8-BCBF-422D0833415D}_is1" = Open PLS in Windows Media Player 2.3.0
    "{FD39EF4B-0B5C-4B33-8D57-2EE865A80EB1}_is1" = Boilsoft Video Joiner 6.57
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "504244733D18C8F63FF584AEB290E3904E791693" = Paquete de controladores de Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)
    "Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
    "Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.9
    "avast" = avast! Free Antivirus
    "com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
    "CPUID HWMonitor_is1" = CPUID HWMonitor 1.15
    "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
    "DivX Setup" = DivX Setup
    "EPSON Printer and Utilities" = EPSON Printer Software
    "ESPR220 User's Guide" = ESPR220 User's Guide
    "FileZilla Client" = FileZilla Client 3.1.6
    "FLV Player" = FLV Player 2.0 (build 25)
    "Google Updater" = Google Updater
    "GTK 2.0" = GTK+ Runtime 2.12.12 rev a (remove only)
    "InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
    "IrfanView" = IrfanView (remove only)
    "KLiteCodecPack_is1" = K-Lite Codec Pack 6.1.0 (Full)
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
    "Microsoft .NET Framework 3.5 Language Pack SP1 - esn" = Paquete de idioma de Microsoft .NET Framework 3.5 SP1 - esn
    "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
    "Microsoft Press Interactive Training" = Microsoft Interactive Training
    "Money2005b" = Microsoft Money
    "Mozilla Firefox 26.0 (x86 en-US)" = Mozilla Firefox 26.0 (x86 en-US)
    "MozillaMaintenanceService" = Mozilla Maintenance Service
    "Nokia Suite" = Nokia Suite
    "NVIDIA Display Control Panel" = NVIDIA Display Control Panel
    "NVIDIA Drivers" = NVIDIA Drivers
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "PSPad editor_is1" = PSPad editor
    "Shockwave" = Shockwave
    "sp6" = Logitech SetPoint 6.61
    "VLC media player" = VideoLAN VLC media player 0.8.6f
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WinRAR archiver" = WinRAR archiver
    "Works2005Setup" = Microsoft Works 2005 Setup Launcher

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-1239104429-2824428468-656559341-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Amazon Kindle" = Amazon Kindle
    "Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

    ========== Last 20 Event Log Errors ==========

    [ Antivirus Events ]
    Error - 05/01/2010 19:01:57 | Computer Name = c1 | Source = avast! | ID = 33554522
    Description =

    Error - 06/05/2010 06:52:02 | Computer Name = c1 | Source = avast! | ID = 33554522
    Description =

    [ Application Events ]
    Error - 17/12/2013 05:00:57 | Computer Name = c1 | Source = Application Error | ID = 1000
    Description = Aplicación con errores eDSloader.exe, versión 2.5.3028.168, marca
    de hora 0x45c8a4a4, módulo con errores ADMIN_CLASS_LIB.dll, versión 6.0.6000.16386,
    marca de tiempo 0x4549bdc9, código de excepción 0xc0000135, desplazamiento con
    errores 0x00008fc7, Id. de proceso 0xbc0, hora de inicio de la aplicación 0x01cefb0663a0923c.

    Error - 17/12/2013 06:56:46 | Computer Name = c1 | Source = Application Error | ID = 1000
    Description = Aplicación con errores eDSloader.exe, versión 2.5.3028.168, marca
    de hora 0x45c8a4a4, módulo con errores ADMIN_CLASS_LIB.dll, versión 6.0.6000.16386,
    marca de tiempo 0x4549bdc9, código de excepción 0xc0000135, desplazamiento con
    errores 0x00008fc7, Id. de proceso 0xf38, hora de inicio de la aplicación 0x01cefb16952d95a0.

    Error - 17/12/2013 08:04:32 | Computer Name = c1 | Source = Application Error | ID = 1000
    Description = Aplicación con errores eDSloader.exe, versión 2.5.3028.168, marca
    de hora 0x45c8a4a4, módulo con errores ADMIN_CLASS_LIB.dll, versión 6.0.6000.16386,
    marca de tiempo 0x4549bdc9, código de excepción 0xc0000135, desplazamiento con
    errores 0x00008fc7, Id. de proceso 0xd10, hora de inicio de la aplicación 0x01cefb1ffc21a28d.

    Error - 17/12/2013 18:21:54 | Computer Name = c1 | Source = Application Error | ID = 1000
    Description = Aplicación con errores eDSloader.exe, versión 2.5.3028.168, marca
    de hora 0x45c8a4a4, módulo con errores ADMIN_CLASS_LIB.dll, versión 6.0.6000.16386,
    marca de tiempo 0x4549bdc9, código de excepción 0xc0000135, desplazamiento con
    errores 0x00008fc7, Id. de proceso 0xc88, hora de inicio de la aplicación 0x01cefb765f8df27b.

    Error - 17/12/2013 22:29:38 | Computer Name = c1 | Source = VSS | ID = 8194
    Description =

    Error - 18/12/2013 02:56:57 | Computer Name = c1 | Source = Application Error | ID = 1000
    Description = Aplicación con errores eDSloader.exe, versión 2.5.3028.168, marca
    de hora 0x45c8a4a4, módulo con errores ADMIN_CLASS_LIB.dll, versión 6.0.6000.16386,
    marca de tiempo 0x4549bdc9, código de excepción 0xc0000135, desplazamiento con
    errores 0x00008fc7, Id. de proceso 0xccc, hora de inicio de la aplicación 0x01cefbbe4ab122ea.

    Error - 18/12/2013 03:48:58 | Computer Name = c1 | Source = System Restore | ID = 8209
    Description =

    Error - 18/12/2013 03:56:21 | Computer Name = c1 | Source = Application Error | ID = 1000
    Description = Aplicación con errores eDSloader.exe, versión 2.5.3028.168, marca
    de hora 0x45c8a4a4, módulo con errores ADMIN_CLASS_LIB.dll, versión 6.0.6000.16386,
    marca de tiempo 0x4549bdc9, código de excepción 0xc0000135, desplazamiento con
    errores 0x00008fc7, Id. de proceso 0x524, hora de inicio de la aplicación 0x01cefbc582c0a6df.

    Error - 18/12/2013 04:02:42 | Computer Name = c1 | Source = Application Error | ID = 1000
    Description = Aplicación con errores eDSloader.exe, versión 2.5.3028.168, marca
    de hora 0x45c8a4a4, módulo con errores ADMIN_CLASS_LIB.dll, versión 6.0.6000.16386,
    marca de tiempo 0x4549bdc9, código de excepción 0xc0000135, desplazamiento con
    errores 0x00008fc7, Id. de proceso 0xc74, hora de inicio de la aplicación 0x01cefbc77bb87858.

    Error - 18/12/2013 04:45:59 | Computer Name = c1 | Source = Application Error | ID = 1000
    Description = Aplicación con errores eDSloader.exe, versión 2.5.3028.168, marca
    de hora 0x45c8a4a4, módulo con errores ADMIN_CLASS_LIB.dll, versión 6.0.6000.16386,
    marca de tiempo 0x4549bdc9, código de excepción 0xc0000135, desplazamiento con
    errores 0x00008fc7, Id. de proceso 0xa68, hora de inicio de la aplicación 0x01cefbcd84406754.

    [ Media Center Events ]
    Error - 16/04/2008 14:08:26 | Computer Name = c1 | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: error al descargar el paquete
    MCESpotlight.

    Error - 18/04/2008 19:46:19 | Computer Name = c1 | Source = MCUpdate | ID = 0
    Description = DownloadPackgeTask.SubTasksComplete: error al descargar el paquete
    MCESpotlight.

    [ System Events ]
    Error - 18/12/2013 03:47:06 | Computer Name = c1 | Source = ACPI | ID = 327686
    Description = IRQARB: la BIOS ACPI no contiene una IRQ para el dispositivo en la
    ranura PCI 6, función 0. Póngase en contacto con su proveedor de sistema para
    recibir asistencia técnica.

    Error - 18/12/2013 03:51:41 | Computer Name = c1 | Source = Service Control Manager | ID = 7038
    Description =

    Error - 18/12/2013 03:51:41 | Computer Name = c1 | Source = Service Control Manager | ID = 7000
    Description =

    Error - 18/12/2013 04:01:52 | Computer Name = c1 | Source = EventLog | ID = 6008
    Description = El cierre anterior del sistema a las 9:00:16 del 18/12/2013 resultó
    inesperado.

    Error - 18/12/2013 04:05:37 | Computer Name = c1 | Source = Service Control Manager | ID = 7038
    Description =

    Error - 18/12/2013 04:05:37 | Computer Name = c1 | Source = Service Control Manager | ID = 7000
    Description =

    Error - 18/12/2013 04:44:46 | Computer Name = c1 | Source = ACPI | ID = 327686
    Description = IRQARB: la BIOS ACPI no contiene una IRQ para el dispositivo en la
    ranura PCI 1, función 0. Póngase en contacto con su proveedor de sistema para
    recibir asistencia técnica.

    Error - 18/12/2013 04:44:46 | Computer Name = c1 | Source = ACPI | ID = 327686
    Description = IRQARB: la BIOS ACPI no contiene una IRQ para el dispositivo en la
    ranura PCI 6, función 0. Póngase en contacto con su proveedor de sistema para
    recibir asistencia técnica.

    Error - 18/12/2013 04:49:11 | Computer Name = c1 | Source = Service Control Manager | ID = 7038
    Description =

    Error - 18/12/2013 04:49:11 | Computer Name = c1 | Source = Service Control Manager | ID = 7000
    Description =


    < End of report >

    4) Superantispyware log (I removed the tracking cookies removed at the end of the scan..)

    SUPERAntiSpyware Scan Log
    SUPERAntiSpyware | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

    Generated 12/18/2013 at 04:47 AM

    Application Version : 5.6.1042

    Core Rules Database Version : 10833
    Trace Rules Database Version: 8645

    Scan type : Complete Scan
    Total Scan Time : 01:32:50

    Operating System Information
    Windows Vista Home Premium 32-bit (Build 6.00.6000)
    UAC On - Limited User (Administrator User)

    Memory items scanned : 809
    Memory threats detected : 0
    Registry items scanned : 45519
    Registry threats detected : 0
    File items scanned : 42746
    File threats detected : 545

    All 545 File threats were tracking cookies that I removed at the end of the scan...

    and finally

    5) Malwarebytes scan results...

    Malwarebytes Anti-Malware 1.75.0.1300
    Malwarebytes : Free anti-malware download

    Database version: v2013.12.18.01

    Windows Vista x86 NTFS
    Internet Explorer 7.0.6000.17037
    c :: C1 [administrator]

    18/12/2013 04:57:41
    mbam-log-2013-12-18 (04-57-41).txt

    Scan type: Full scan (C:\|D:\|)
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 450817
    Time elapsed: 1 hour(s), 55 minute(s), 29 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    Donna... thanks for your help so far... old age and senility are creeping up on me and as I said about the Adw scan I just wouldn't know where to begin... and with my luck of late if I hit the Clean button I'd probably kill off my computer and anything within 50 miles of it...

  7. #7
    Member whitenoiz's Avatar
    Join Date
    Jan 2008
    Location
    El Turro, Granada, Spain
    Posts
    160
    Points
    5

    Default

    Donna Hi again... About that Photobucket problem...!'
    With no way to meet the photobucket problem head to head with their geeks, I left a message on their Facebook page...

    A little after 6pm this evening I got these replies...

    "There is a known issue that we are aware of and working to address. If I hear an update I will pass it along to you. In the meantime, I have applied three free months of Plus 20 to your account".

    and again ten minutes later this...

    "I believe this issue has been fixed!"

    And it has... all the pics are properly restored... not my fault after all!

    The combination of the loss of the bucket and the runaway mouse has led to a very trying day of multiple full scans with anti virus and anti-malware solutions.

    As a last resort (and perhaps it should have been my first resort given that in the event the snags were not related,) was to do a system restore back to the 6th Dec before the last lot of M'soft Updates were applied. I also deleted the original mouse driver software and re-installed the latest version from Logitech. The runaway mouse seems satisfied with my actions and is now on its best behaviour. So hopefully alls well that ends well...

    The computer seems to be back to its normal reasonably well behaved self; however if you have the time (and the inclination!) after a day at work to cast your eyes over the various scan results, please do so, and bearing in mind what I said about being scared to 'clean' things for fear of messing up what may be a perfectly good system, please feel free to either abandon the query or to make further suggestions to get rid of anything suspect that you may pick up on.
    I'm a firm believer in the old adage of "If it ain't broke, don't fix it!"
    It's 11.15pm here in not so sunny Spain with an outside temp of around 34F / 2C. In just a few moments I'll be bundling myself up into multiple layers of clothing to take the housepack of six rescued dogs, 'Los Abandonados', for their last walk of the day, then I'm off to bed to try to catch up with the sleep I didn't get last night, thanks to the joint efforts of Senor Mouse and Senor Photobucket...
    Thanks John.

  8. #8
    Member Spyware Fighter DonnaB's Avatar
    Join Date
    Apr 2009
    Location
    Illiana, Ill. USA
    Posts
    3,065
    Points
    492

    Default

    Hi John,

    My apologies for the delay in responding.

    I'm very concerned that your system is so outdated. There are no Service Packs (SP's) installed and IE should be at IE9 by now. In this day and and age, a system that is this outdated is like playing Russian Roulette.

    I did see some things that need to be tended to in your logs, but first, let's check to see how outdated the software is and update what we can.

    Please do the following:


    Download Security Check by screen317 from here or here.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document in your next reply.



    Next follow the instructions below:

    Please download WVCheck
    • Double click WVCheck.exe. (If you downloaded the zipped version you will need to extract it.)
    • As indicated by the prompt, This program can take a while depending on your hard drive space.
    • Once the program is done, copy the contents of the notepad file and paste in your reply.


    Thank you,
    Donna
    If you think you might be infected with malware or have recently cleansed your computer of malware without the help of an expert, please read and follow the instructions in How to Start Removing Viruses and Spyware from your Computer. This can alleviate time consumed in trouble shooting your current computer problems.

    If your problem is solved, here's how to say thanks!

    Very proud parent of a U.S. Navy "CB"



    "People may forget what you say,
    People may forget what you did,
    but People will never forget how you made them feel!"

  9. #9
    Member whitenoiz's Avatar
    Join Date
    Jan 2008
    Location
    El Turro, Granada, Spain
    Posts
    160
    Points
    5

    Default

    Donna Hi, my turn to apologise for the delayed response!
    Below please find the two text files...

    Results of screen317's Security Check version 0.99.77
    Windows Vista x86 (UAC is enabled)
    Out of date service pack!!
    Internet Explorer 7 Out of date!
    ``````````````Antivirus/Firewall Check:``````````````
    WMI entry may not exist for antivirus; attempting automatic update.
    `````````Anti-malware/Other Utilities Check:`````````
    Ad-Aware
    SUPERAntiSpyware
    Malwarebytes Anti-Malware version 1.75.0.1300
    JavaFX 2.1.1
    Java 7 Update 45
    Adobe Flash Player 11.9.900.170
    Adobe Reader 10.1.8 Adobe Reader out of Date!
    Mozilla Firefox (26.0)
    ````````Process Check: objlist.exe by Laurent````````
    Ad-Aware AAWService.exe
    Ad-Aware AAWTray.exe is disabled!
    Alwil Software Avast5 AvastSvc.exe
    Alwil Software Avast5 AvastUI.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: %
    ````````````````````End of Log``````````````````````

    Windows Validation Check
    Version: 1.9.12.5
    Log Created On: 1245_20-12-2013
    -----------------------

    Windows Information
    -----------------------
    Windows Version: Windows Vista
    Windows Mode: Normal
    Systemroot Path: C:\Windows

    WVCheck's Auto Update Check
    -----------------------
    Auto-Update Option: Download updates and install them automatically.
    -----------------------
    Last Success Time for Update Detection: 2013-12-20 09:51:09
    Last Success Time for Update Download: 2013-12-20 09:52:39
    Last Success Time for Update Installation: 2013-12-20 09:55:20


    WVCheck's Registry Check Check
    -----------------------
    Antiwpa: Not Found
    -----------------------
    Chew7Hale: Not Found
    -----------------------


    WVCheck's File Dump
    -----------------------
    WVCheck found no known bad files.


    WVCheck's Dir Dump
    -----------------------
    WVCheck found no known bad directories.


    WVCheck's Missing File Check
    -----------------------
    WVCheck found no missing Windows files.


    WVCheck's MBAM Quarantine Check
    -----------------------
    There were no bad files quarantined by MBAM.


    WVCheck's HOSTS File Check
    -----------------------
    WVCheck found no bad lines in the hosts file.


    WVCheck's MD5 Check
    EXPERIMENTAL!!
    -----------------------
    user32.dll - 63b4f59d7c89b1bf5277f1ffefd491cd


    -------- End of File, program close at 1245_20-12-2013 --------

    Back to you!
    John

  10. #10
    Member Spyware Fighter DonnaB's Avatar
    Join Date
    Apr 2009
    Location
    Illiana, Ill. USA
    Posts
    3,065
    Points
    492

    Default

    Hi John,

    Thank you for the logs. Please download and install the following:

    Windows Vista Service Pack 1 Five Language Standalone (KB936330)

    Once complete, continue to download and install the following as well:

    Windows Server 2008 Service Pack 2 and Windows Vista Service Pack 2 - Five Language Standalone (KB948465)

    If any errors are encountered along the way, please jot them down and report in your next reply.

    Thank you,
    Donna
    If you think you might be infected with malware or have recently cleansed your computer of malware without the help of an expert, please read and follow the instructions in How to Start Removing Viruses and Spyware from your Computer. This can alleviate time consumed in trouble shooting your current computer problems.

    If your problem is solved, here's how to say thanks!

    Very proud parent of a U.S. Navy "CB"



    "People may forget what you say,
    People may forget what you did,
    but People will never forget how you made them feel!"

Page 1 of 10 123 ... LastLast