Internet Explorer/Mozilla Firefox not connecting to internet

Started by lemartines, Jul 11 2009 08:37 PM

This topic is locked

23 replies to this topic

#1 OFFLINE lemartines

Advanced Member

Members
50 posts

Gender:Male
Location:Los Angeles, CA

Posted 11 July 2009 - 08:37 PM

Hi,

I'm a Vista user. My IE 8.0 stopped working after I did some "questionable" P2P downloads. Also, Firefox emits an error message before it fails to open.

I know my connection is fine because I can update softwares and connect to IM. Also, IE and Firefox do connect to the internet when I start the computer in the safe mode. In regular mode IE will not open any websites and Firefox won't even start. I spoke with AT&T high speed internet tech support and they said I have a virus or malaware problem.

Whether Windows Firewall is on or off, the problem continues. My anti virus is AVG8.5, and I have run scans of Malawarebites Anti-Malaware, Search & Destroy, SuperAntiSpyware and SpywareBlaster. I did some HiJackThis work myself too. Some crap was eliminated, but the problem remains: browsers cannot access the internet.

Please help.

Thank you

#2 OFFLINE lemartines

Advanced Member

Members
50 posts

Gender:Male
Location:Los Angeles, CA

Posted 11 July 2009 - 10:26 PM

LOGS PART 1

Malwarebytes' Anti-Malware 1.32
Database version: 1649
Windows 6.0.6001 Service Pack 1

7/11/2009 2:56:09 PM
mbam-log-2009-07-11 (14-56-09).txt

Scan type: Quick Scan
Objects scanned: 56382
Time elapsed: 4 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

===============================

Rooter.exe (v1.0.2) by Eric_71
.
The token does not have the SeDebugPrivilege privilege ! (error:1300)
Can not acquire SeDebugPrivilege !
Please run the tool as administrator ..
.
Windows Vista Home Edition (6.0.6001) Service Pack 1
[32_bits] - x86 Family 6 Model 23 Stepping 6, GenuineIntel
.
Error OpenService (wscsvc) : 6
Error OpenSCManager : 5
Error OpenService (MpsSvc) : 6
Windows Defender -> Enabled
User Account Control (UAC) -> Enabled
.
Internet Explorer 8.0.6001.18783
Mozilla Firefox 3.0.1 (en-US)
.
C:\ [Fixed-NTFS] .. ( Total:285 Go - Free:160 Go )
D:\ [Fixed-NTFS] .. ( Total:9 Go - Free:5 Go )
E:\ [CD_Rom]
F:\ [Removable]
G:\ [Removable]
.
Scan : 14:58.06
Path : C:\Users\Luis\Desktop\Rooter.exe
User : Luis ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
Locked System (4)
Locked smss.exe (484)
Locked csrss.exe (656)
Locked wininit.exe (708)
Locked csrss.exe (724)
Locked services.exe (768)
Locked lsass.exe (780)
Locked lsm.exe (788)
Locked winlogon.exe (956)
Locked svchost.exe (1052)
Locked nvvsvc.exe (1100)
Locked svchost.exe (1132)
Locked svchost.exe (1180)
Locked svchost.exe (1276)
Locked svchost.exe (1308)
Locked svchost.exe (1348)
Locked audiodg.exe (1432)
Locked svchost.exe (1488)
Locked SLsvc.exe (1512)
Locked svchost.exe (1536)
Locked rundll32.exe (1624)
Locked DockLogin.exe (1680)
Locked upeksvr.exe (1752)
Locked svchost.exe (1812)
Locked WLTRYSVC.EXE (492)
Locked BCMWLTRY.EXE (628)
Locked wlanext.exe (660)
Locked spoolsv.exe (1728)
Locked svchost.exe (1844)
______ C:\Windows\system32\taskeng.exe (2140)
Locked taskeng.exe (2212)
______ C:\Windows\system32\Dwm.exe (2312)
Locked StxMenuMgr.exe (2344)
______ C:\Windows\Explorer.EXE (2384)
Locked taskeng.exe (2548)
______ C:\Program Files\Winamp\winampa.exe (2624)
Locked HP1006MC.EXE (2856)
______ C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (2904)
Locked AEstSrv.exe (2988)
Locked AppleMobileDeviceService.exe (3028)
Locked avgwdsvc.exe (3052)
______ C:\Program Files\Dell\MediaDirect\PCMService.exe (3072)
______ C:\Windows\System32\rundll32.exe (3080)
______ C:\Windows\System32\rundll32.exe (3092)
______ C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe (3108)
______ C:\Program Files\iTunes\iTunesHelper.exe (3116)
______ C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (3124)
______ C:\Program Files\HP\HP UT\bin\hppusg.exe (3132)
______ C:\Program Files\AVG\AVG8\avgtray.exe (3168)
______ C:\Program Files\DellTPad\Apoint.exe (3176)
Locked mDNSResponder.exe (3232)
Locked IAANTmon.exe (3320)
Locked McciCMService.exe (3420)
Locked avgrsx.exe (3560)
Locked avgnsx.exe (3576)
Locked svchost.exe (3632)
______ C:\Program Files\Fingerprint Reader Suite\psqltray.exe (2560)
Locked stacsv.exe (1448)
Locked svchost.exe (1128)
Locked ViewpointService.exe (2092)
Locked svchost.exe (1464)
Locked SearchIndexer.exe (1452)
______ C:\Windows\ehome\ehtray.exe (764)
______ C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (3256)
______ C:\Program Files\Dell\Dell WUSB\WQ_Tray2.exe (3364)
Locked wmpnetwk.exe (4024)
Locked WUDFHost.exe (852)
Locked iPodService.exe (3672)
______ C:\Windows\ehome\ehmsas.exe (4608)
Locked svchost.exe (4864)
Locked ApMsgFwd.exe (5068)
______ C:\Program Files\DellTPad\HidFind.exe (5112)
______ C:\Program Files\DellTPad\Apntex.exe (5148)
______ C:\Program Files\Internet Explorer\iexplore.exe (4036)
______ C:\Program Files\Internet Explorer\iexplore.exe (6104)
______ C:\Users\Luis\Desktop\Rooter.exe (2488)
Locked taskeng.exe (5564)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 (Start_Offset:32256 | Length:98671104)
\Device\Harddisk0\Partition2 (Start_Offset:99614720 | Length:10737418240)
\Device\Harddisk0\Partition3 --[ MBR ]-- (Start_Offset:10837032960 | Length:306550140928)
\Device\Harddisk0\Partition0 (Start_Offset:317387177984 | Length:2684354560)
\Device\Harddisk0\Partition4 (Start_Offset:317388226560 | Length:2683305984)
.
----------------------\\ Scheduled Tasks
.
C:\Windows\Tasks\HP WEP.job
C:\Windows\Tasks\SA.DAT
C:\Windows\Tasks\SCHEDLGU.TXT
C:\Windows\Tasks\User_Feed_Synchronization-{D1CAD405-44FD-4870-A5EA-E558523335D5}.job
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 14:58.22
.
C:\Rooter$\Rooter_1.txt - (11/07/2009 | 14:58.22)

#3 OFFLINE lemartines

Advanced Member

Members
50 posts

Gender:Male
Location:Los Angeles, CA

Posted 11 July 2009 - 10:28 PM

LOGS PART 2

OTL logfile created on: 7/11/2009 2:59:28 PM - Run 1
OTL by OldTimer - Version 3.0.7.1 Folder = C:\Users\Luis\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18783)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.88 Gb Available Physical Memory | 93.83% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285.50 Gb Total Space | 160.83 Gb Free Space | 56.33% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.31 Gb Free Space | 53.13% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 247.20 Mb Total Space | 246.52 Mb Free Space | 99.73% Space Free | Partition Type: FAT
Drive G: | 7.46 Gb Total Space | 2.66 Gb Free Space | 35.63% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LUISPC
Current User Name: Luis
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files\Fingerprint Reader Suite\upeksvr.exe (UPEK Inc.)
PRC - C:\Windows\System32\WLTRYSVC.EXE ()
PRC - C:\Windows\System32\bcmwltry.exe (Dell Inc.)
PRC - C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe (Seagate LLC)
PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Winamp\winampa.exe ()
PRC - C:\Windows\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE (Software 2000 Limited)
PRC - C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH)
PRC - C:\Windows\System32\aestsrv.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
PRC - C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe ()
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\HP\HP UT\bin\hppusg.exe ( )
PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe (Intel Corporation)
PRC - C:\Program Files\Common Files\Motive\McciCMService.exe (Motive Communications, Inc.)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Fingerprint Reader Suite\psqltray.exe (UPEK Inc.)
PRC - C:\Windows\System32\STacSV.exe (IDT, Inc.)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Dell\Dell WUSB\WQ_Tray2.exe (WiQuest Communications, Inc.)
PRC - C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\WUDFHost.exe (Microsoft Corporation)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Windows\ehome\ehmsas.exe (Microsoft Corporation)
PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\HidFind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\Apntex.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Windows\System32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Users\Luis\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (AESTFilters [Auto | Running]) -- C:\Windows\System32\aestsrv.exe (Andrea Electronics Corporation)
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (avg8wd [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (DockLoginService [Auto | Running]) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV - (ehRecvr [On_Demand | Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [On_Demand | Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (ehstart [Auto | Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (Eventlog [Auto | Running]) -- C:\Windows\System32\wevtsvc.dll (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (GoogleDesktopManager-092308-165331 [On_Demand | Stopped]) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (GoToAssist [On_Demand | Stopped]) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (IAANTMON [Auto | Running]) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe (Intel Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Macromedia Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe ()
SRV - (McciCMService [Auto | Running]) -- C:\Program Files\Common Files\Motive\McciCMService.exe (Motive Communications, Inc.)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (nvsvc [Auto | Running]) -- C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (PCLEPCI [Auto | Stopped]) -- C:\Windows\System32\drivers\pclepci.sys (Pinnacle Systems GmbH)
SRV - (RapiMgr [Auto | Running]) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (RoxLiveShare10 [Auto | Stopped]) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe (Sonic Solutions)
SRV - (RoxMediaDB10 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions)
SRV - (RoxWatch10 [Auto | Stopped]) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe (Sonic Solutions)
SRV - (SessionLauncher [Auto | Stopped]) -- File not found
SRV - (STacSV [Auto | Running]) -- C:\Windows\System32\STacSV.exe (IDT, Inc.)
SRV - (stllssvr [On_Demand | Stopped]) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (MicroVision Development, Inc.)
SRV - (usnjsvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (Viewpoint Manager Service [Auto | Running]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (WcesComm [Auto | Running]) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (wltrysvc [Auto | Running]) -- C:\Windows\System32\WLTRYSVC.EXE ()
SRV - (WMPNetworkSvc [Auto | Running]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (adp94xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (adpahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (adpu160m [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (adpu320 [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (AFS [Boot | Running]) -- C:\Windows\System32\drivers\AFS.SYS (Oak Technology Inc.)
DRV - (aic78xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (aliide [Disabled | Stopped]) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (ApfiltrService [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (arc [Disabled | Stopped]) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (arcsas [Disabled | Stopped]) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (AvgLdx86 [System | Running]) -- C:\Windows\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgMfx86 [System | Running]) -- C:\Windows\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AvgTdiX [System | Running]) -- C:\Windows\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (BCM43XX [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\bcmwl6.sys (Broadcom Corp.)
DRV - (BrFiltLo [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (Brserid [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrSerWdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (cmdide [Disabled | Stopped]) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (e1express [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\e1e6032.sys (Intel Corporation)
DRV - (E1G60 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\E1G60I32.sys (Intel Corporation)
DRV - (elxstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (GEARAspiWDM [On_Demand | Stopped]) -- C:\Windows\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HpCISSs [Disabled | Stopped]) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (iaNvStor [Disabled | Stopped]) -- C:\Windows\system32\drivers\ianvstor.sys (Intel Corporation)
DRV - (iaStor [Boot | Running]) -- C:\Windows\system32\drivers\iastor.sys (Intel Corporation)
DRV - (iaStorV [Boot | Running]) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (iirsp [Disabled | Stopped]) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (iteatapi [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (iteraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (LSI_FC [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (LSI_SAS [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (LSI_SCSI [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (MarvinBus [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\MarvinBus.sys (Pinnacle Systems GmbH)
DRV - (megasas [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (MegaSR [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (Mraid35x [Disabled | Stopped]) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (MREMP50 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (nfrd960 [Disabled | Stopped]) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (ntrigdigi [Disabled | Stopped]) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (nvlddmkm [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\nvlddmkm.sys (NVIDIA Corporation)
DRV - (nvraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (OEM02Dev [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\OEM02Dev.sys (Creative Technology Ltd.)
DRV - (OEM02Vfx [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\OEM02Vfx.sys (EyePower Games Pte. Ltd.)
DRV - (pcouffin [On_Demand | Running]) -- C:\Windows\System32\Drivers\pcouffin.sys (VSO Software)
DRV - (PinnacleMarvinUsb [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\MarvinUsb.sys (Pinnacle Systems)
DRV - (PxHelp20 [Boot | Running]) -- C:\Windows\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql2300 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (ql40xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (R300 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\atikmdag.sys (ATI Technologies Inc.)
DRV - (rimmptsk [Auto | Running]) -- C:\Windows\System32\DRIVERS\rimmptsk.sys (REDC)
DRV - (rimsptsk [Auto | Running]) -- C:\Windows\System32\DRIVERS\rimsptsk.sys (REDC)
DRV - (rismxdp [Auto | Running]) -- C:\Windows\System32\DRIVERS\rixdptsk.sys (REDC)
DRV - (SASDIFSV [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASENUM [On_Demand | Running]) -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL [System | Running]) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (secdrv [Auto | Running]) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (SiSRaid4 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (STHDA [On_Demand | Running]) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (Symc8xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_hi [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Sym_u3 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (TcUsb [On_Demand | Running]) -- C:\Windows\System32\Drivers\tcusb.sys (UPEK Inc.)
DRV - (uliahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (UlSata [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (ulsata2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (USBAAPL [On_Demand | Stopped]) -- C:\Windows\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (usb_rndisx [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\usb8023x.sys (Microsoft Corporation)
DRV - (viaide [Disabled | Stopped]) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (vsmraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (WQ_USBCBAF [Disabled | Stopped]) -- C:\Windows\system32\drivers\wq_cba.sys (WiQuest Communications, Inc.)
DRV - (WQ_USBDWA [Disabled | Stopped]) -- C:\Windows\system32\drivers\wq_dwa.sys (WiQuest Communications, Inc.)
DRV - (WQ_USBHWA [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\WQ_hwa.sys (WiQuest Communications, Inc.)
DRV - (WQ_USBLOAD [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\WQ_ldr.sys (WiQuest Communications, Inc.)
DRV - (WQ_USBRCI [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\WQ_rci.sys (WiQuest Communications, Inc.)
DRV - (yukonwlh [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\yk60x86.sys (Marvell)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.1

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/27 22:13:33 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/07/10 20:56:43 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/07/10 22:53:11 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/07/10 22:28:22 | 00,000,000 | ---D | M]

[2009/07/10 22:53:12 | 00,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\mozilla\Extensions
[2009/07/10 22:53:12 | 00,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/02/08 16:53:40 | 00,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\mozilla\Extensions\uploadr@flickr.com
[2009/07/10 22:57:03 | 00,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\mozilla\Firefox\Profiles\2g7yej1l.default\extensions
[2009/07/10 22:57:03 | 00,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\mozilla\Firefox\Profiles\2g7yej1l.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/07/10 22:28:23 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/07/10 22:28:23 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/07/02 18:52:45 | 00,023,040 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2008/07/02 18:52:46 | 00,134,144 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/07/07 21:36:18 | 00,122,880 | ---- | M] (Google) -- C:\Program Files\mozilla firefox\components\GoogleDesktopMozilla.dll
[2009/02/24 12:34:32 | 01,044,480 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\libdivx.dll
[2007/04/10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2009/02/24 12:34:14 | 01,337,648 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2009/02/24 12:34:22 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2008/07/02 18:52:47 | 00,065,536 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2006/10/26 20:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2008/10/14 22:33:30 | 00,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/06/28 17:44:05 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/06/28 17:44:05 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/06/28 17:44:05 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/06/28 17:44:05 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/06/28 17:44:05 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/06/28 17:44:06 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/06/28 17:44:06 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2007/04/16 10:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2009/02/24 12:34:32 | 00,200,704 | ---- | M] (The OpenSSL Project, http://www.openssl.org/) -- C:\Program Files\mozilla firefox\plugins\ssldivx.dll
[2008/07/02 09:31:38 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/07/02 09:31:38 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/07/02 09:31:38 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/07/02 09:31:38 | 00,002,642 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/07/02 09:31:38 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/07/02 09:31:38 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/07/02 09:31:38 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (291222 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10029 more lines...
O2 - BHO: (HelperObject Class) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [Google Desktop Search] File not found
O4 - HKLM..\Run: [hpbdfawep] C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe ()
O4 - HKLM..\Run: [HPUsageTracking] C:\Program Files\HP\HP UT\bin\hppusg.exe ( )
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe File not found
O4 - HKLM..\Run: [Nitro PDF Printer Monitor] C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PrintUtil] C:\Program Files\HP\HP Print Utility\PrintUtil.exe File not found
O4 - HKLM..\Run: [PSQLLauncher] File not found
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [USB2Check] C:\Windows\System32\PCLECoInst.DLL (Pinnacle Systems)
O4 - HKLM..\Run: [USBToolTip] C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe File not found
O4 - HKCU..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe (Pinnacle Systems)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoBackup Launcher.lnk = C:\Program Files\Seagate\AutoBackup\MemeoLauncher.exe (Memeo Inc.)
O4 - Startup: C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat080800 AM.bat ()
O4 - Startup: C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat080804 AM.bat ()
O4 - Startup: C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat080808 AM.bat ()
O4 - Startup: C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat101355 PM.bat ()
O4 - Startup: C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat102727 PM.bat ()
O4 - Startup: C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat114630 PM.bat ()
O4 - Startup: C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat114631 PM.bat ()
O4 - Startup: C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat115456 PM.bat ()
O4 - Startup: C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat115458 PM.bat ()
O4 - Startup: C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat115503 PM.bat ()
O4 - Startup: C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat120757 AM.bat ()
O4 - Startup: C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat120805 AM.bat ()
O4 - Startup: C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat120823 AM.bat ()
O4 - Startup: C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat120828 AM.bat ()
O4 - Startup: C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat120829 AM.bat ()
O4 - Startup: C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat120830 AM.bat ()
O4 - Startup: C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat120831 AM.bat ()
O4 - Startup: C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat175419 AM.bat ()
O4 - Startup: C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat180812 AM.bat ()
O4 - Startup: C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat180816 AM.bat ()
O4 - Startup: C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat280820 AM.bat ()
O4 - Startup: C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat280824 AM.bat ()
O4 - Startup: C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat280828 AM.bat ()
O4 - Startup: C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat380832 AM.bat ()
O4 - Startup: C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat380836 AM.bat ()
O4 - Startup: C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat480743 AM.bat ()
O4 - Startup: C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat480840 AM.bat ()
O4 - Startup: C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat480845 AM.bat ()
O4 - Startup: C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat480849 AM.bat ()
O4 - Startup: C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat580756 AM.bat ()
O4 - Startup: C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat580853 AM.bat ()
O4 - Startup: C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat580857 AM.bat ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: 64 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll (Installation Support)
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} http://zone.msn.com/...he.cab79352.cab (MSN Games – Texas Holdem Poker)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/...k.cab102118.cab (MSN Games - Installer)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Program) - File not found
O20 - AppInit_DLLs: (Files\RelevantKnowledge\rlai.dll) - File not found
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\psfus: DllName - C:\Windows\system32\psqlpwd.dll - C:\Windows\System32\psqlpwd.dll (UPEK Inc.)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/08 19:17:50 | 00,000,121 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/05/22 12:25:20 | 00,000,096 | -HS- | M] () - G:\AUTORUN.INF -- [ FAT32 ]
O33 - MountPoints2\{04e06c1b-03b2-11de-a7cc-00219bd0b350}\Shell\Auto\command - "" = config.exe
O33 - MountPoints2\{057e4064-881d-11dd-a66f-001644ec2390}\Shell - "" = AutoRun
O33 - MountPoints2\{057e4064-881d-11dd-a66f-001644ec2390}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{13a26675-7249-11dd-9b1b-00219bd0b350}\Shell\Auto\command - "" = config.exe
O33 - MountPoints2\{1a1d9d55-fa43-11dd-91b0-00219bd0b350}\Shell\Auto\command - "" = config.exe
O33 - MountPoints2\{253df904-5ea5-11dd-a249-00219bd0b350}\Shell\Auto\command - "" = config.exe
O33 - MountPoints2\{2b1d741c-5de4-11dd-8d75-00219bd0b350}\Shell\Auto\command - "" = config.exe
O33 - MountPoints2\{4a2c12ce-6ab0-11de-96eb-00219bd0b350}\Shell - "" = AutoRun
O33 - MountPoints2\{4a2c12ce-6ab0-11de-96eb-00219bd0b350}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O33 - MountPoints2\{4a9210aa-85f9-11dd-b79a-00219bd0b350}\Shell\Auto\command - "" = config.exe
O33 - MountPoints2\{7424b09d-617b-11dd-ba47-00219bd0b350}\Shell\Auto\command - "" = config.exe
O33 - MountPoints2\{873eb59f-81bb-11dd-bb80-00219bd0b350}\Shell\Auto\command - "" = config.exe
O33 - MountPoints2\{996e1a80-46dc-11de-9fe3-00219bd0b350}\Shell - "" = AutoRun
O33 - MountPoints2\{996e1a80-46dc-11de-9fe3-00219bd0b350}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O33 - MountPoints2\{9f82f4fa-7fa2-11dd-8b31-00219bd0b350}\Shell\Auto\command - "" = config.exe
O33 - MountPoints2\{b5bb4a06-60ee-11dd-b887-00219bd0b350}\Shell\Auto\command - "" = config.exe
O33 - MountPoints2\{b5bb4b49-60ee-11dd-b887-00219bd0b350}\Shell\Auto\command - "" = config.exe
O33 - MountPoints2\{cf629f8e-6820-11dd-bb6a-00219bd0b350}\Shell\Auto\command - "" = config.exe
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Install FreeAgent Tools.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

NetSvcs: FastUserSwitchingCompatibility - Service key not found. File not found
NetSvcs: Ias - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: Nla - Service key not found. File not found
NetSvcs: Ntmssvc - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - Service key not found. File not found
NetSvcs: SRService - Service key not found. File not found
NetSvcs: Wmi - Service key not found. File not found
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: LogonHours - Service key not found. File not found
NetSvcs: PCAudit - Service key not found. File not found
NetSvcs: helpsvc - Service key not found. File not found
NetSvcs: uploadmgr - Service key not found. File not found

MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: EventLog - C:\Windows\System32\wevtsvc.dll (Microsoft Corporation)
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: EventLog - C:\Windows\System32\wevtsvc.dll (Microsoft Corporation)
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {AAC3F1F0-5649-4670-A698-F1523729F015} - Microsoft .NET Framework 1.1 Hotfix (KB929729)
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: Nitro PDF Professional - cscript //B "C:\Program Files\Nitro PDF\Professional\RemoveOldAddins.vbs"

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\Windows\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.voxacm160 - C:\Windows\System32\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo8 - C:\Windows\System32\VfWWDM32.dll (Microsoft Corporation)
Drivers32: VIDC.ACDV - C:\Windows\System32\ACDV.dll (ACD Systems)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.i420 - vdrcodec.dll File not found
Drivers32: VIDC.MJPG - C:\Windows\System32\Pvmjpg30.dll (Pegasus Imaging Corporation)
Drivers32: VIDC.MP42 - C:\Windows\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: VIDC.MP43 - C:\Windows\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: VIDC.MPG4 - C:\Windows\System32\mpg4c32.dll (Microsoft Corporation)
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)

========== Files/Folders - Created Within 30 Days ==========

[2009/07/11 14:58:22 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/07/11 14:57:18 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Users\Luis\Desktop\OTL.exe
[2009/07/11 14:57:18 | 00,173,119 | ---- | C] (Eric_71) -- C:\Users\Luis\Desktop\Rooter.exe
[2009/07/11 14:39:05 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/07/11 14:38:53 | 00,000,915 | ---- | C] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/07/11 14:38:35 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/07/11 14:22:24 | 00,265,216 | ---- | C] (OldTimer Tools) -- C:\Users\Luis\Desktop\TFC.exe
[2009/07/11 14:22:15 | 00,794,112 | ---- | C] () -- C:\Users\Luis\Desktop\The_Comedian.exe
[2009/07/11 13:12:46 | 00,000,000 | R--D | C] -- C:\Users\Luis\Desktop\hijackthis
[2009/07/11 13:07:52 | 00,115,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSINET.OCX
[2009/07/11 13:07:52 | 00,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2009/07/11 12:53:07 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/07/10 22:57:41 | 00,068,487 | ---- | C] () -- C:\Users\Luis\Desktop\bookmarks.html
[2009/07/10 22:53:14 | 00,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/07/10 21:54:24 | 00,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2009/07/10 21:53:55 | 00,000,000 | ---D | C] -- C:\Users\Luis\AppData\Roaming\SUPERAntiSpyware.com
[2009/07/10 21:53:55 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/07/10 21:37:25 | 00,002,085 | ---- | C] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoBackup Launcher.lnk
[2009/07/10 21:37:25 | 00,001,828 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Ultrawideband Control Center.lnk
[2009/07/10 21:37:25 | 00,001,031 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
[2009/07/10 21:12:06 | 00,000,000 | ---D | C] -- C:\Windows\pss
[2009/07/10 21:05:17 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2009/07/10 20:56:57 | 00,011,952 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2009/07/10 20:56:56 | 00,108,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2009/07/10 20:56:52 | 38,052,555 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/07/10 20:56:52 | 06,061,540 | ---- | C] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2009/07/10 20:56:52 | 00,463,779 | ---- | C] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2009/07/10 20:56:52 | 00,335,752 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2009/07/10 20:56:52 | 00,025,155 | ---- | C] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/07/10 20:56:52 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg
[2009/07/10 20:56:42 | 00,000,000 | ---D | C] -- C:\ProgramData\avg8
[2009/07/10 20:56:42 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/07/10 20:45:52 | 00,027,784 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2009/07/10 20:45:48 | 00,000,000 | ---D | C] -- C:\Program Files\Grisoft
[2009/07/10 08:08:57 | 00,000,142 | -HS- | C] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat580857 AM.bat
[2009/07/10 08:08:53 | 00,000,142 | -HS- | C] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat580853 AM.bat
[2009/07/10 08:08:49 | 00,000,142 | -HS- | C] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat480849 AM.bat
[2009/07/10 08:08:45 | 00,000,142 | -HS- | C] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat480845 AM.bat
[2009/07/10 08:08:40 | 00,000,142 | -HS- | C] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat480840 AM.bat
[2009/07/10 08:08:36 | 00,000,142 | -HS- | C] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat380836 AM.bat
[2009/07/10 08:08:32 | 00,000,142 | -HS- | C] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat380832 AM.bat
[2009/07/10 08:08:28 | 00,000,142 | -HS- | C] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat280828 AM.bat
[2009/07/10 08:08:24 | 00,000,142 | -HS- | C] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat280824 AM.bat
[2009/07/10 08:08:20 | 00,000,142 | -HS- | C] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat280820 AM.bat
[2009/07/10 08:08:16 | 00,000,142 | -HS- | C] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat180816 AM.bat
[2009/07/10 08:08:12 | 00,000,142 | -HS- | C] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat180812 AM.bat
[2009/07/10 08:08:08 | 00,000,142 | -HS- | C] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat080808 AM.bat
[2009/07/10 08:08:04 | 00,000,142 | -HS- | C] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat080804 AM.bat
[2009/07/10 08:08:00 | 00,000,142 | -HS- | C] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat080800 AM.bat
[2009/07/10 08:07:56 | 00,000,142 | -HS- | C] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat580756 AM.bat
[2009/07/10 08:07:43 | 00,000,142 | -HS- | C] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat480743 AM.bat
[2009/07/10 07:54:19 | 00,000,142 | -HS- | C] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat175419 AM.bat
[2009/07/10 00:08:31 | 00,000,142 | -HS- | C] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat120831 AM.bat
[2009/07/10 00:08:30 | 00,000,142 | -HS- | C] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat120830 AM.bat
[2009/07/10 00:08:29 | 00,000,142 | -HS- | C] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat120829 AM.bat
[2009/07/10 00:08:28 | 00,000,142 | -HS- | C] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat120828 AM.bat
[2009/07/10 00:08:23 | 00,000,142 | -HS- | C] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat120823 AM.bat
[2009/07/10 00:08:05 | 00,000,142 | -HS- | C] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat120805 AM.bat
[2009/07/10 00:07:57 | 00,000,142 | -HS- | C] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat120757 AM.bat
[2009/07/09 23:55:03 | 00,000,142 | -HS- | C] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat115503 PM.bat
[2009/07/09 23:54:58 | 00,000,142 | -HS- | C] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat115458 PM.bat
[2009/07/09 23:54:57 | 00,000,142 | -HS- | C] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat115456 PM.bat
[2009/07/09 23:46:31 | 00,000,142 | -HS- | C] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat114631 PM.bat
[2009/07/09 23:46:30 | 00,000,142 | -HS- | C] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat114630 PM.bat
[2009/07/09 22:29:57 | 00,005,016 | -HS- | C] () -- C:\Windows\E88D4.exe
[2009/07/09 22:27:27 | 00,000,142 | -HS- | C] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat102727 PM.bat
[2009/07/09 22:18:23 | 00,000,000 | ---D | C] -- C:\Program Files\ARAX Disk Doctor Data Recovery
[2009/07/09 22:13:55 | 00,000,142 | -HS- | C] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat101355 PM.bat
[2009/07/09 21:54:13 | 00,193,061 | ---- | C] () -- C:\Windows\System32\AdobeFnt.lst
[2009/07/09 21:51:08 | 00,000,000 | ---D | C] -- C:\Users\Luis\Desktop\Arax Disk Doctor Data Recovery v3.1.036 + Crack [RH]
[2009/07/09 21:26:09 | 00,068,232 | ---- | C] (JGsoft - Just Great Software) -- C:\Windows\UnDeployV.exe
[2009/07/07 21:36:53 | 00,000,000 | ---D | C] -- C:\Users\Luis\Documents\My Google Gadgets
[2009/07/07 21:36:09 | 00,000,000 | ---D | C] -- C:\Program Files\Google
[2009/06/28 17:45:10 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/06/28 17:45:09 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/06/28 17:44:17 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2009/06/28 17:43:37 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/06/28 14:23:24 | 00,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/06/28 14:23:23 | 00,000,000 | ---D | C] -- C:\Users\Luis\AppData\Roaming\skypePM
[2009/06/28 14:16:37 | 00,000,000 | ---D | C] -- C:\Users\Luis\AppData\Roaming\Skype
[2009/06/28 14:16:13 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2009/06/28 14:16:12 | 00,000,000 | R--D | C] -- C:\Program Files\Skype
[2009/06/28 14:16:03 | 00,000,000 | ---D | C] -- C:\ProgramData\Skype
[2009/06/27 22:12:49 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/06/27 22:12:49 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2009/06/27 22:12:48 | 01,985,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/06/27 22:12:48 | 00,915,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/06/27 22:12:48 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2009/06/27 22:12:48 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2009/06/27 22:12:48 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2009/06/27 22:12:47 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2009/06/27 22:12:47 | 01,207,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/06/27 22:12:47 | 00,385,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/06/27 22:12:47 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/06/27 22:12:46 | 11,064,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/06/27 22:12:46 | 05,936,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/06/27 22:11:41 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2009/06/27 22:11:41 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll
[2009/06/27 22:11:41 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardie.dll
[2009/06/27 22:11:41 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2009/06/27 22:11:40 | 00,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2009/06/27 22:11:40 | 00,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2009/06/27 22:11:40 | 00,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2009/06/27 22:11:40 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2009/06/27 22:11:40 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tdc.ocx
[2009/06/27 22:11:40 | 00,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2009/06/27 22:11:40 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll
[2009/06/27 22:11:39 | 00,236,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webcheck.dll
[2009/06/27 22:11:39 | 00,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2009/06/27 22:11:39 | 00,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2009/06/27 22:11:39 | 00,183,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2009/06/27 22:11:39 | 00,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2009/06/27 22:11:39 | 00,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2009/06/27 22:11:39 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2009/06/27 22:11:39 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2009/06/27 22:11:39 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2009/06/27 22:11:39 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2009/06/27 22:11:38 | 00,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2009/06/27 22:11:38 | 00,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009/06/27 22:11:38 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/06/27 22:11:38 | 00,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2009/06/27 22:11:38 | 00,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2009/06/27 22:11:38 | 00,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe
[2009/06/27 22:11:38 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\advpack.dll
[2009/06/27 22:11:38 | 00,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2009/06/27 22:11:38 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2009/06/27 22:11:38 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2009/06/27 22:11:37 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2009/06/27 22:11:36 | 03,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2009/06/27 22:11:36 | 00,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2009/06/27 22:11:36 | 00,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2009/06/27 22:11:36 | 00,132,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/06/27 22:11:36 | 00,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe
[2009/06/27 22:11:36 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2009/06/27 22:11:36 | 00,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2009/06/27 22:11:36 | 00,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2009/06/27 22:11:36 | 00,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetDepNx.exe
[2009/06/27 22:11:36 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshta.exe
[2009/06/27 16:39:30 | 00,000,000 | ---D | C] -- C:\Users\Luis\AppData\Local\SourceTec
[2009/06/27 16:30:31 | 00,000,000 | ---D | C] -- C:\Users\Luis\Desktop\Sothink[1].SWF.Decompiler.v5.0.503.Cracked
[2009/06/27 15:47:11 | 00,000,000 | ---D | C] -- C:\Users\Luis\Documents\FD Trillix
[2009/06/27 15:24:02 | 00,000,000 | ---D | C] -- C:\Program Files\SWF Decompile Expert
[2009/06/27 15:18:54 | 00,000,000 | ---D | C] -- C:\ProgramData\Macrovision
[2009/06/27 15:14:16 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Macromedia Shared
[2009/06/27 15:12:39 | 00,000,000 | ---D | C] -- C:\Users\Luis\AppData\Local\Macromedia
[2009/06/27 15:12:39 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Macromedia
[2009/06/27 15:11:38 | 00,000,000 | ---D | C] -- C:\Program Files\Macromedia
[2009/06/27 14:58:53 | 00,000,000 | ---D | C] -- C:\Users\Luis\Desktop\Macromedia Flash MX Pro 2004, Keygen + How-To Guides
[2009/06/27 14:47:25 | 05,705,918 | ---- | C] () -- C:\Users\Luis\Desktop\lecture.swf
[2009/06/14 12:48:24 | 00,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2009/06/14 12:48:23 | 00,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2009/06/14 12:48:23 | 00,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2009/06/14 12:48:23 | 00,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2009/06/14 12:48:23 | 00,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2009/06/13 19:52:33 | 00,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
[2009/06/13 14:47:44 | 02,033,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2009/06/13 14:47:42 | 00,636,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll
[2009/06/13 14:47:40 | 00,784,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rpcrt4.dll
[2008/12/05 16:52:22 | 00,509,224 | ---- | C] () -- C:\Windows\System32\ICCProfiles.dll
[2008/08/17 16:24:57 | 00,065,536 | ---- | C] () -- C:\Windows\System32\HPPLVS.dll
[2008/08/17 14:18:43 | 00,000,214 | ---- | C] () -- C:\Windows\HP_48BitScanUpdatePatch.ini
[2008/08/08 19:17:50 | 00,196,096 | ---- | C] () -- C:\Windows\System32\macd32.dll
[2008/08/08 19:17:50 | 00,138,752 | ---- | C] () -- C:\Windows\System32\mase32.dll
[2008/08/08 19:17:50 | 00,136,192 | ---- | C] () -- C:\Windows\System32\mamc32.dll
[2008/08/08 19:17:50 | 00,057,856 | ---- | C] () -- C:\Windows\System32\masd32.dll
[2008/08/08 19:17:49 | 00,027,648 | ---- | C] () -- C:\Windows\System32\ma32.dll
[2008/08/01 18:18:24 | 00,000,502 | ---- | C] () -- C:\Windows\FORGE32.ini
[2008/08/01 18:18:20 | 00,061,952 | ---- | C] () -- C:\Windows\System32\rmmerge2.DLL
[2008/08/01 18:18:20 | 00,009,728 | ---- | C] () -- C:\Windows\System32\rmevents.DLL
[2008/08/01 18:11:47 | 00,210,944 | ---- | C] () -- C:\Windows\System32\MSVCRT10.DLL
[2008/08/01 18:11:46 | 00,000,149 | ---- | C] () -- C:\Windows\KPCMS.INI
[2008/07/24 02:03:39 | 00,167,936 | ---- | C] () -- C:\Windows\System32\nvccoin.dll
[2008/07/24 02:03:38 | 00,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/07/23 23:32:21 | 00,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2007/07/26 12:01:50 | 00,114,688 | ---- | C] () -- C:\Windows\System32\hppatusg01.dll
[2006/11/02 05:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:25:44 | 00,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 03:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 03:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 00:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005/10/09 19:33:54 | 00,137,216 | ---- | C] () -- C:\Windows\System32\secdel.dll
[2004/12/19 06:29:40 | 00,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2004/12/19 06:17:10 | 00,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2002/10/15 15:54:04 | 00,153,088 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2002/10/06 11:42:56 | 00,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll
[2002/10/04 16:04:24 | 00,921,600 | ---- | C] () -- C:\Windows\System32\VorbisEnc.dll
[2002/10/04 16:04:24 | 00,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2002/10/04 16:04:16 | 00,045,056 | ---- | C] () -- C:\Windows\System32\ogg.dll
[2002/05/15 16:38:40 | 00,091,136 | ---- | C] () -- C:\Windows\System32\mp4fil32.dll
[2002/03/21 15:39:02 | 00,073,728 | ---- | C] () -- C:\Windows\System32\UNACEV2.DLL

========== Files - Modified Within 30 Days ==========

[2009/07/11 14:59:08 | 00,751,146 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/07/11 14:59:08 | 00,636,992 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/07/11 14:59:08 | 00,118,088 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/07/11 14:50:24 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Luis\Desktop\OTL.exe
[2009/07/11 14:49:52 | 00,173,119 | ---- | M] (Eric_71) -- C:\Users\Luis\Desktop\Rooter.exe
[2009/07/11 14:43:20 | 00,088,616 | ---- | M] () -- C:\ProgramData\nvModes.001
[2009/07/11 14:42:52 | 00,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/07/11 14:42:52 | 00,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/07/11 14:42:50 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/07/11 14:42:46 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/07/11 14:38:53 | 00,000,915 | ---- | M] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/07/11 14:22:52 | 00,265,216 | ---- | M] (OldTimer Tools) -- C:\Users\Luis\Desktop\TFC.exe
[2009/07/11 14:22:20 | 00,794,112 | ---- | M] () -- C:\Users\Luis\Desktop\The_Comedian.exe
[2009/07/11 12:53:34 | 00,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2009/07/11 09:06:18 | 38,052,555 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/07/10 22:56:14 | 00,068,487 | ---- | M] () -- C:\Users\Luis\Desktop\bookmarks.html
[2009/07/10 22:53:14 | 00,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2009/07/10 22:49:18 | 00,291,222 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2009/07/10 21:00:56 | 00,463,779 | ---- | M] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2009/07/10 21:00:56 | 00,025,155 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/07/10 20:56:57 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2009/07/10 20:56:56 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2009/07/10 20:56:52 | 06,061,540 | ---- | M] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2009/07/10 20:56:52 | 00,335,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2009/07/10 20:56:52 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2009/07/10 16:41:30 | 00,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{D1CAD405-44FD-4870-A5EA-E558523335D5}.job
[2009/07/10 08:08:57 | 00,000,142 | -HS- | M] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat580857 AM.bat
[2009/07/10 08:08:53 | 00,000,142 | -HS- | M] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat580853 AM.bat
[2009/07/10 08:08:49 | 00,000,142 | -HS- | M] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat480849 AM.bat
[2009/07/10 08:08:45 | 00,000,142 | -HS- | M] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat480845 AM.bat
[2009/07/10 08:08:40 | 00,000,142 | -HS- | M] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat480840 AM.bat
[2009/07/10 08:08:36 | 00,000,142 | -HS- | M] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat380836 AM.bat
[2009/07/10 08:08:32 | 00,000,142 | -HS- | M] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat380832 AM.bat
[2009/07/10 08:08:28 | 00,000,142 | -HS- | M] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat280828 AM.bat
[2009/07/10 08:08:24 | 00,000,142 | -HS- | M] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat280824 AM.bat
[2009/07/10 08:08:20 | 00,000,142 | -HS- | M] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat280820 AM.bat
[2009/07/10 08:08:16 | 00,000,142 | -HS- | M] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat180816 AM.bat
[2009/07/10 08:08:12 | 00,000,142 | -HS- | M] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat180812 AM.bat
[2009/07/10 08:08:08 | 00,000,142 | -HS- | M] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat080808 AM.bat
[2009/07/10 08:08:04 | 00,000,142 | -HS- | M] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat080804 AM.bat
[2009/07/10 08:08:00 | 00,000,142 | -HS- | M] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat080800 AM.bat
[2009/07/10 08:07:56 | 00,000,142 | -HS- | M] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat580756 AM.bat
[2009/07/10 08:07:43 | 00,000,142 | -HS- | M] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat480743 AM.bat
[2009/07/10 07:54:19 | 00,000,142 | -HS- | M] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat175419 AM.bat
[2009/07/10 00:08:31 | 00,000,142 | -HS- | M] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat120831 AM.bat
[2009/07/10 00:08:30 | 00,000,142 | -HS- | M] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat120830 AM.bat
[2009/07/10 00:08:29 | 00,000,142 | -HS- | M] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat120829 AM.bat
[2009/07/10 00:08:28 | 00,000,142 | -HS- | M] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat120828 AM.bat
[2009/07/10 00:08:23 | 00,000,142 | -HS- | M] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat120823 AM.bat
[2009/07/10 00:08:05 | 00,000,142 | -HS- | M] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat120805 AM.bat
[2009/07/10 00:07:57 | 00,000,142 | -HS- | M] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat120757 AM.bat
[2009/07/09 23:55:03 | 00,000,142 | -HS- | M] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat115503 PM.bat
[2009/07/09 23:55:03 | 00,000,142 | -HS- | M] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat115458 PM.bat
[2009/07/09 23:54:58 | 00,000,142 | -HS- | M] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat115456 PM.bat
[2009/07/09 23:46:31 | 00,000,142 | -HS- | M] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat114631 PM.bat
[2009/07/09 23:46:30 | 00,000,142 | -HS- | M] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat114630 PM.bat
[2009/07/09 22:30:37 | 00,005,016 | -HS- | M] () -- C:\Windows\E88D4.exe
[2009/07/09 22:27:27 | 00,000,142 | -HS- | M] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat102727 PM.bat
[2009/07/09 22:18:02 | 00,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2009/07/09 22:13:55 | 00,000,142 | -HS- | M] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat101355 PM.bat
[2009/07/09 21:54:13 | 00,193,061 | ---- | M] () -- C:\Windows\System32\AdobeFnt.lst
[2009/07/08 02:50:43 | 00,173,568 | ---- | M] () -- C:\Users\Luis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/05 15:16:44 | 00,088,616 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2009/06/28 14:23:24 | 00,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2009/06/28 13:28:53 | 00,000,498 | ---- | M] () -- C:\Users\Luis\Documents\My Sharing Folders.lnk
[2009/06/27 14:47:30 | 05,705,918 | ---- | M] () -- C:\Users\Luis\Desktop\lecture.swf
[2009/06/14 03:15:11 | 00,448,688 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/06/13 19:52:33 | 00,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf

========== LOP Check ==========

[2009/07/10 21:53:55 | 00,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming
[2008/09/29 21:17:51 | 00,000,000 | -HSD | M] -- C:\Users\Luis\AppData\Roaming\.#
[2008/07/29 21:03:49 | 00,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\ACD Systems
[2008/08/01 16:55:59 | 00,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\Acoustica
[2009/01/24 19:02:41 | 00,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\Any Video Converter
[2009/03/05 23:15:06 | 00,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\ArcSoft
[2009/03/28 21:40:03 | 00,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\Cool Record Edit Pro
[2008/09/14 00:31:10 | 00,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\CopyTrans
[2008/09/14 00:29:55 | 00,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\CopyTransControlCenter
[2008/07/29 22:21:14 | 00,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\CyberLink
[2008/08/01 16:51:12 | 00,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\DataSafeOnline
[2008/07/28 19:11:35 | 00,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\Dell
[2008/08/03 16:00:39 | 00,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\Flickr
[2009/01/17 18:50:40 | 00,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\Free Sound Recorder
[2008/07/29 20:35:39 | 00,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\Free-backup.info
[2006/11/02 05:37:34 | 00,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\Media Center Programs
[2008/10/20 13:20:38 | 00,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\Move Networks
[2008/08/17 13:59:13 | 00,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\Neuratron
[2009/03/07 17:15:33 | 00,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\Nitro PDF
[2008/11/01 10:29:54 | 00,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\ooVoo Details
[2008/10/10 14:36:14 | 00,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\PeerNetworking
[2008/08/18 23:06:16 | 00,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\Roxio
[2008/08/01 18:23:04 | 00,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\scar5
[2008/07/29 20:59:01 | 00,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\Softplicity
[2009/01/17 18:21:01 | 00,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\Thinstall
[2008/07/28 20:07:48 | 00,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\tmp
[2008/09/21 14:49:43 | 00,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\U3

[2009/04/29 23:09:02 | 00,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\Vso
[2008/10/16 05:01:30 | 00,000,314 | ---- | M] () -- C:\Windows\Tasks\HP WEP.job
[2009/07/11 14:42:50 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/07/11 14:34:54 | 00,032,566 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/07/10 16:41:30 | 00,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{D1CAD405-44FD-4870-A5EA-E558523335D5}.job

========== Purity Check ==========

========== Custom Scans ==========

< %systemroot%\System32\antiwpa.dll >

< %systemroot%\SYSTEM32\wpa.dll >

< %systemroot%\setup\scripts\biestart.exe >

< %systemroot%\system32\drivers\royal.sys >

< %systemroot%\system32\oobe\AntiWPA_Crypt.dll >

< %TEMP%\antiwpa_crypt.dll >

< %TEMP%\antiwpa.dll /s >

< %PROGRAMFILES%\antiwpa.dll /s >

< %systemroot%\system32\crypt.dll >

< %TEMP%\crypt.dll >

< %SYSTEMDRIVE%\*. >
[2009/07/11 14:57:18 | 00,000,000 | R--D | M] -- C:
[2009/07/11 14:46:30 | 00,000,000 | -H-D | M] -- C:\$AVG8.VAULT$
[2009/01/10 16:50:50 | 00,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2008/11/23 17:44:45 | 00,000,000 | ---D | M] -- C:\2Wire_DSL_Setup_Tool
[2008/08/01 18:19:10 | 00,000,000 | ---D | M] -- C:\audio
[2008/02/03 16:06:57 | 00,000,000 | -HSD | M] -- C:\Boot
[2008/08/09 13:41:57 | 00,000,000 | ---D | M] -- C:\CONSULT
[2008/10/27 14:33:40 | 00,000,000 | ---D | M] -- C:\DELL
[2008/07/23 23:26:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings
[2008/07/24 01:57:58 | 00,000,000 | ---D | M] -- C:\Drivers
[2008/08/01 18:11:47 | 00,000,000 | ---D | M] -- C:\KPCMS
[2008/07/28 20:17:57 | 00,000,000 | RH-D | M] -- C:\MSOCache
[2008/01/20 19:32:31 | 00,000,000 | ---D | M] -- C:\PerfLogs
[2009/07/11 14:38:35 | 00,000,000 | R--D | M] -- C:\Program Files
[2009/07/10 21:54:24 | 00,000,000 | -H-D | M] -- C:\ProgramData
[2008/07/29 21:50:52 | 00,000,000 | ---D | M] -- C:\ProgramDataTechSmith
[2009/07/11 14:58:22 | 00,000,000 | ---D | M] -- C:\Rooter$
[2009/07/11 02:29:28 | 00,000,000 | -HSD | M] -- C:\System Volume Information
[2008/10/27 14:13:14 | 00,000,000 | R--D | M] -- C:\Users
[2009/07/11 14:43:08 | 00,000,000 | ---D | M] -- C:\Windows

< %SYSTEMDRIVE%\*.* >
[2008/08/08 19:17:50 | 00,000,121 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008/01/20 19:24:42 | 00,333,203 | RHS- | M] () -- C:\bootmgr
[2008/10/14 21:29:19 | 00,000,054 | ---- | M] () -- C:\cleantemp.bat
[2006/09/18 14:43:37 | 00,000,010 | ---- | M] () -- C:\config.sys
[2008/05/14 09:21:26 | 00,088,560 | ---- | M] (Sonic Solutions) -- C:\DC_ShellExt.dll
[2008/07/24 02:03:49 | 00,005,243 | RH-- | M] () -- C:\dell.sdr
[2008/08/01 18:10:49 | 00,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/09/20 17:12:37 | 00,000,441 | -H-- | M] () -- C:\IPH.PH
[2008/08/01 18:10:49 | 00,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/07/23 23:32:18 | 00,026,927 | ---- | M] () -- C:\newkey
[2009/07/11 14:42:38 | 35,330,00704 | -HS- | M] () -- C:\pagefile.sys

< %PROGRAMFILES%\*. >
[2009/07/11 14:38:35 | 00,000,000 | R--D | M] -- C:\Program Files
[2008/07/29 21:03:01 | 00,000,000 | ---D | M] -- C:\Program Files\ACD Systems
[2008/08/01 16:56:18 | 00,000,000 | ---D | M] -- C:\Program Files\Acoustica CD Label Maker
[2008/08/24 18:47:53 | 00,000,000 | ---D | M] -- C:\Program Files\Acoustica MP3 CD Burner
[2008/11/08 20:00:17 | 00,000,000 | ---D | M] -- C:\Program Files\Adobe
[2009/02/26 23:24:09 | 00,000,000 | ---D | M] -- C:\Program Files\Align
[2009/07/11 12:53:07 | 00,000,000 | ---D | M] -- C:\Program Files\Alwil Software
[2009/01/24 18:16:51 | 00,000,000 | ---D | M] -- C:\Program Files\Any Video Converter
[2009/04/17 10:16:44 | 00,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2008/10/04 08:30:54 | 00,000,000 | ---D | M] -- C:\Program Files\ARAR
[2009/07/10 21:30:59 | 00,000,000 | ---D | M] -- C:\Program Files\ARAX Disk Doctor Data Recovery
[2009/03/05 21:29:46 | 00,000,000 | ---D | M] -- C:\Program Files\ArcSoft
[2008/11/23 17:57:03 | 00,000,000 | ---D | M] -- C:\Program Files\ATT
[2008/11/23 17:56:36 | 00,000,000 | ---D | M] -- C:\Program Files\att-aace
[2008/12/09 21:50:24 | 00,000,000 | -H-D | M] -- C:\Program Files\Avago-HP
[2009/07/10 20:56:42 | 00,000,000 | ---D | M] -- C:\Program Files\AVG
[2008/07/29 21:13:33 | 00,000,000 | ---D | M] -- C:\Program Files\AviSynth 2.5
[2009/06/28 17:44:17 | 00,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2008/10/26 21:06:55 | 00,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2008/07/23 23:32:33 | 00,000,000 | ---D | M] -- C:\Program Files\Cisco
[2008/07/23 23:45:49 | 00,000,000 | ---D | M] -- C:\Program Files\Citrix
[2008/10/14 20:21:00 | 00,000,000 | ---D | M] -- C:\Program Files\CleanCache 3.0
[2009/07/10 22:58:02 | 00,000,000 | ---D | M] -- C:\Program Files\Common Files
[2008/09/11 23:15:49 | 00,000,000 | ---D | M] -- C:\Program Files\ConvertHelper
[2008/07/23 23:26:53 | 00,000,000 | ---D | M] -- C:\Program Files\Creative
[2008/07/23 23:26:08 | 00,000,000 | ---D | M] -- C:\Program Files\Creative Live! Cam
[2008/07/23 23:38:15 | 00,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2009/05/17 11:21:34 | 00,000,000 | ---D | M] -- C:\Program Files\ddpoker3
[2008/08/08 18:32:23 | 00,000,000 | ---D | M] -- C:\Program Files\Dell
[2008/07/23 23:33:40 | 00,000,000 | ---D | M] -- C:\Program Files\Dell DataSafe Online
[2008/07/23 23:37:02 | 00,000,000 | ---D | M] -- C:\Program Files\Dell Support Center
[2008/07/24 02:03:30 | 00,000,000 | ---D | M] -- C:\Program Files\DellTPad
[2009/05/31 13:23:58 | 00,000,000 | ---D | M] -- C:\Program Files\DivX
[2008/07/29 20:37:45 | 00,000,000 | ---D | M] -- C:\Program Files\DVD Decrypter
[2008/07/29 20:56:23 | 00,000,000 | ---D | M] -- C:\Program Files\DVDFab Platinum 4
[2008/07/29 20:57:26 | 00,000,000 | ---D | M] -- C:\Program Files\DVDx
[2009/07/11 14:38:53 | 00,000,000 | ---D | M] -- C:\Program Files\ERUNT
[2008/07/29 21:05:26 | 00,000,000 | ---D | M] -- C:\Program Files\FastStone Image Viewer
[2008/07/23 23:25:29 | 00,000,000 | ---D | M] -- C:\Program Files\Fingerprint Reader Suite
[2009/05/25 18:09:13 | 00,000,000 | ---D | M] -- C:\Program Files\Flickr Uploadr
[2008/11/21 21:53:42 | 00,000,000 | -H-D | M] -- C:\Program Files\FLV Player
[2009/03/28 21:17:54 | 00,000,000 | ---D | M] -- C:\Program Files\Free Sound Recorder
[2008/12/05 19:15:38 | 00,000,000 | ---D | M] -- C:\Program Files\Free Video Converter
[2008/07/29 21:14:08 | 00,000,000 | ---D | M] -- C:\Program Files\Gabest
[2008/12/14 20:55:50 | 00,000,000 | ---D | M] -- C:\Program Files\Gadwin Systems
[2008/07/29 21:07:33 | 00,000,000 | ---D | M] -- C:\Program Files\GetData
[2009/07/07 21:36:09 | 00,000,000 | ---D | M] -- C:\Program Files\Google
[2009/07/10 20:45:48 | 00,000,000 | ---D | M] -- C:\Program Files\Grisoft
[2008/08/01 17:29:05 | 00,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2009/05/17 10:49:10 | 00,000,000 | ---D | M] -- C:\Program Files\Holdem Indicator
[2009/05/31 13:24:41 | 00,000,000 | ---D | M] -- C:\Program Files\HP
[2009/06/27 15:11:37 | 00,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2008/07/23 23:27:57 | 00,000,000 | ---D | M] -- C:\Program Files\Intel
[2009/06/27 22:21:18 | 00,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2009/06/28 17:45:10 | 00,000,000 | ---D | M] -- C:\Program Files\iPod
[2009/06/28 17:45:21 | 00,000,000 | ---D | M] -- C:\Program Files\iTunes
[2008/07/23 23:20:47 | 00,000,000 | ---D | M] -- C:\Program Files\Java
[2009/06/27 15:11:38 | 00,000,000 | ---D | M] -- C:\Program Files\Macromedia
[2008/08/03 14:14:20 | 00,000,000 | ---D | M] -- C:\Program Files\MagicISO
[2009/01/13 22:51:54 | 00,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/07/11 06:26:55 | 00,000,000 | ---D | M] -- C:\Program Files\McFunSoft Video Capture
[2008/08/08 20:03:00 | 00,000,000 | ---D | M] -- C:\Program Files\McFunSoft Video Solution
[2008/12/16 23:21:20 | 00,000,000 | ---D | M] -- C:\Program Files\Medieval Software
[2009/07/01 19:01:30 | 00,000,000 | ---D | M] -- C:\Program Files\Megacubo
[2008/08/16 18:13:28 | 00,000,000 | ---D | M] -- C:\Program Files\Memeo
[2009/02/23 22:13:56 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2006/11/02 05:37:34 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Games
[2008/07/28 20:22:24 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2009/03/01 14:05:32 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2008/07/23 23:22:00 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2008/11/23 03:25:03 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2009/04/30 20:23:51 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2008/07/28 20:21:59 | 00,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2008/12/14 17:08:10 | 00,000,000 | -H-D | M] -- C:\Program Files\Mihov Picture Downloader
[2008/01/20 19:35:17 | 00,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2009/07/11 14:40:32 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2008/07/29 21:05:58 | 00,000,000 | ---D | M] -- C:\Program Files\MP3Gain
[2006/11/02 05:37:34 | 00,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2008/07/28 19:22:40 | 00,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2009/03/07 17:13:59 | 00,000,000 | ---D | M] -- C:\Program Files\Nitro PDF
[2008/08/08 19:21:15 | 00,000,000 | ---D | M] -- C:\Program Files\Pinnacle
[2009/06/28 17:44:05 | 00,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2008/07/29 20:36:53 | 00,000,000 | ---D | M] -- C:\Program Files\RarZilla Free Unrar
[2008/07/29 21:13:30 | 00,000,000 | ---D | M] -- C:\Program Files\Red Kawa
[2006/11/02 05:37:34 | 00,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2009/03/04 22:59:20 | 00,000,000 | ---D | M] -- C:\Program Files\Replay Video Capture
[2008/07/23 23:45:26 | 00,000,000 | ---D | M] -- C:\Program Files\Roxio
[2008/11/23 23:00:52 | 00,000,000 | ---D | M] -- C:\Program Files\scar5
[2008/08/18 20:05:52 | 00,000,000 | ---D | M] -- C:\Program Files\Seagate
[2008/07/23 18:08:42 | 00,000,000 | ---D | M] -- C:\Program Files\Sigmatel
[2009/06/28 14:16:14 | 00,000,000 | R--D | M] -- C:\Program Files\Skype

[2009/07/10 21:29:10 | 00,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2009/07/11 13:08:57 | 00,000,000 | ---D | M] -- C:\Program Files\SpywareBlaster
[2009/07/10 21:53:57 | 00,000,000 | ---D | M] -- C:\Program Files\SUPERAntiSpyware
[2009/06/27 15:36:52 | 00,000,000 | ---D | M] -- C:\Program Files\SWF Decompile Expert
[2008/07/29 21:48:43 | 00,000,000 | ---D | M] -- C:\Program Files\TechSmith
[2008/07/29 21:12:01 | 00,000,000 | ---D | M] -- C:\Program Files\Total Video Converter
[2008/07/29 20:58:57 | 00,000,000 | ---D | M] -- C:\Program Files\TotalAudioConverter
[2009/05/17 13:21:40 | 00,000,000 | ---D | M] -- C:\Program Files\TVUPlayer
[2006/11/02 06:01:55 | 00,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2008/07/29 21:34:12 | 00,000,000 | ---D | M] -- C:\Program Files\URUSoft

[2008/09/20 17:12:08 | 00,000,000 | ---D | M] -- C:\Program Files\Viewpoint
[2008/07/29 21:00:15 | 00,000,000 | ---D | M] -- C:\Program Files\VirtualDJ
[2008/07/29 20:50:51 | 00,000,000 | ---D | M] -- C:\Program Files\VSO
[2008/08/18 18:46:08 | 00,000,000 | ---D | M] -- C:\Program Files\WinAce
[2008/07/29 21:57:08 | 00,000,000 | ---D | M] -- C:\Program Files\Winamp
[2008/01/20 19:35:18 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Calendar
[2008/01/20 19:35:15 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Collaboration
[2008/01/20 19:35:09 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Defender
[2008/01/20 19:35:14 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Journal
[2008/07/28 21:52:15 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2009/05/13 03:02:03 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Mail
[2009/03/11 03:06:18 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2006/11/02 05:37:34 | 00,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2008/01/20 19:35:14 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Photo Gallery
[2008/01/20 19:35:17 | 00,000,000 | ---D | M] -- C:\Program Files\Windows Sidebar
[2008/09/14 12:54:43 | 00,000,000 | ---D | M] -- C:\Program Files\WindSolutions
[2008/08/07 21:50:01 | 00,000,000 | ---D | M] -- C:\Program Files\Xilisoft
[2008/07/29 21:14:26 | 00,000,000 | ---D | M] -- C:\Program Files\X-VCD Player
[2008/07/29 21:14:43 | 00,000,000 | ---D | M] -- C:\Program Files\Xvid
[2009/01/22 19:01:14 | 00,000,000 | -H-D | M] -- C:\Program Files\Yahoo!

========== Alternate Data Streams ==========

@Alternate Data Stream - 223 bytes -> C:\ProgramData\TEMP:0CE7F3C9
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:98781370
< End of report >

#4 OFFLINE lemartines

Advanced Member

Members
50 posts

Gender:Male
Location:Los Angeles, CA

Posted 11 July 2009 - 10:29 PM

LOGS PART 3

OTL Extras logfile created on: 7/11/2009 2:59:28 PM - Run 1
OTL by OldTimer - Version 3.0.7.1 Folder = C:\Users\Luis\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18783)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.88 Gb Available Physical Memory | 93.83% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285.50 Gb Total Space | 160.83 Gb Free Space | 56.33% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.31 Gb Free Space | 53.13% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 247.20 Mb Total Space | 246.52 Mb Free Space | 99.73% Space Free | Partition Type: FAT
Drive G: | 7.46 Gb Total Space | 2.66 Gb Free Space | 35.63% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LUISPC
Current User Name: Luis
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = Photoshop.CHMFile] -- C:\Program Files\Adobe\Photoshop5\Photoshp.exe (Adobe Systems, Incorporated)
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
Reg Error: Unknown registry data type File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02C85EC5-E864-4847-AF55-42730861004C}" = MrvlUsgTracking
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
"{0AEA9ECE-2AD0-4DF0-932E-F0AC6B771749}" = SnagIt 8
"{0EC7C406-B592-4686-BAC1-AD29A85EAE6A}" = HP Driver Diagnostics
"{110B1ADF-2EAE-4E8F-B501-D2A1E6D8ED9D}" = Studio 11
"{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{2767DEDE-EA9D-4FCE-A06A-40F4DD293330}" = hppusgP1000
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.1
"{29F2FE64-EFCE-4FC5-8FEB-16B688578F89}" = Nitro PDF Professional
"{2F353D44-73BB-4971-B31D-F7642E9E9531}" = Macromedia Flash MX 2004
"{2F952048-3220-4AC7-A206-D01EFC774BB2}" = Studio 11
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3F198846-A8B6-44FD-80C9-139C51A8EB6B}" = DineCorp PixelEase
"{3FB3647F-B6A6-46B4-8613-A09BCFAB80F0}" = Roxio Creator Premier 10
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}" = Banctec Service Agreement
"{469EF13B-4AD0-48D7-AF89-6B92278293E2}" = Roxio Creator Premier
"{4B6AD248-D3BF-426A-8D64-847288154F13}" = QuickSet
"{4D3C9F4B-4B7D-4E5D-99B9-0123AB0D51ED}" = Dell DataSafe Online
"{4E5386F5-C0F6-4532-A54A-374865AEAB71}" = Cisco PEAP Module
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{58ECE031-9AAD-4011-B34A-BC78E77527E2}" = hppMSRedist
"{5D601655-6D54-4384-B52C-17EC5385FBBD}" = iTunes
"{62230596-37E5-4618-A329-0D21F529A86F}" = Browser Address Error Redirector
"{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}" = Live! Cam Avatar Creator
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B7B6D4D-8F9B-4CB3-8CA4-BCA9CC4C1A22}" = EDocs
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{76F9CF97-FC4B-4E20-B363-D127C888448F}" = Cisco LEAP Module
"{7902E313-FF0F-4493-ACB1-A8147B78DCD0}" = HPSSupply
"{7B02BF60-796D-4616-908B-B31A63CFDEFB}" = HPCarePackCore
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{8355F970-601D-442D-A79B-1D7DB4F24CAD}" = Apple Mobile Device Support
"{86B5E5AF-3D50-4979-9C81-687C1B3C586D}" = Dell WUSB
"{8920EF0D-633E-46D1-9561-90E713E3145A}" = AutoBackup
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Roxio CinePlayer Decoder Pack
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A2289997-10A3-48F2-AA03-99180D761661}" = Fingerprint Reader Suite 5.6
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B96D2269-568B-4CBF-9332-12FAE8B158F7}" = Medieval CUE Splitter
"{BB406CEB-6207-4512-9BB2-89950DC9D6B6}_is1" = ConvertXtoDVD 2.2.3.258g
"{BF53252E-4AB2-4C7F-A0FD-6100755745E3}" = Cisco EAP-FAST Module
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ECA31632-C2AD-4774-A3CA-2813D47E4DD0}" = HPCarePackProducts
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator Premier
"{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}" = Pinnacle Instant DVD Recorder
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F5A83924-6A0A-40A2-9A9C-00D876B62E7F}" = FreeAgent Pro Tools
"{F6CB42B9-F033-4152-8813-FF11DA8E6A78}" = Dell Dock
"{F8B98EB6-FC06-45BF-87D4-9784E0408611}" = ACDSee 10 Photo Manager
"{F9AEEC34-CF00-4CBD-9E36-DF9DC4002685}" = Yahoo! Desktop Login
"Acoustica CD/DVD Label Maker" = Acoustica CD/DVD Label Maker
"Acoustica MP3 CD Burner" = Acoustica MP3 CD Burner
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced Audio FX Engine" = Advanced Audio FX Engine
"Advanced RAR Repair v1.2" = Advanced RAR Repair v1.2
"Advanced Video FX Engine" = Advanced Video FX Engine
"Any Video Converter_is1" = Any Video Converter 2.5.1
"Applian FLV Player2.0.24" = Applian FLV Player
"ATT-AACE" = ATT-AACE
"AVG8Uninstall" = AVG Free 8.5
"AVI Codec Pack" = AVI Codec Pack
"AviSynth" = AviSynth 2.5
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CCleaner" = CCleaner (remove only)
"CleanCache 3.0_is1" = CleanCache 3.5
"CopyTrans Suite" = CopyTrans Suite Remove Only
"Creative OEM002" = Laptop Integrated Webcam Driver (1.04.01.1011)
"DD Poker 3 " = DD Poker 3
"Dell Webcam Center" = Dell Webcam Center
"Dell Webcam Manager" = Dell Webcam Manager
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVDFab Platinum 4_is1" = DVDFab Platinum 4.1.0.2
"DVDx_is1" = DVDx
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"FastStone Image Viewer" = FastStone Image Viewer 3.5
"Flickr Uploadr" = Flickr Uploadr 3.0.5
"FLV Player" = FLV Player 2.0 (build 25)
"Free Sound Recorder" = Free Sound Recorder
"Free Video Converter_is1" = Free Video Converter V 1.4
"Gadwin PrintScreen" = Gadwin PrintScreen
"Google Desktop" = Google Desktop
"GoToAssist" = GoToAssist 8.0.0.514
"HijackThis" = HijackThis 2.0.2
"HP LaserJet P1000 series" = HP LaserJet P1000 series
"InstallShield_{621C02EA-AAFF-4026-A903-165D59529A16}" = Driver Detective
"InstallShield_{F5A83924-6A0A-40A2-9A9C-00D876B62E7F}" = FreeAgent Pro Tools
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McFunSoft Video Capture_is1" = McFunSoft Video Capture v6.0.0.139
"McFunSoft Video Solution_is1" = McFunSoft Video Solution Trial Version (English) 8.0.4.20
"Megacubo_is1" = Megacubo 6.0.3
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mihov Picture Downloader" = Mihov Picture Downloader 1.4 (remove only)
"Mozilla Firefox (3.0.1)" = Mozilla Firefox (3.0.1)
"NVIDIA Drivers" = NVIDIA Drivers
"RarZilla Free Unrar 2.52" = RarZilla Free Unrar 2.52
"Recover My Files_is1" = Recover My Files
"Replay Video Capture3.1B" = Replay Video Capture
"Simple File Shredder" = Simple File Shredder 3.2
"Sonic Foundry MP3 encoder" = Sonic Foundry MP3 encoder v1.0d
"Sound Forge" = Sound Forge v4.5e final (329)
"SpywareBlaster_is1" = SpywareBlaster 4.0
"SubtitleWorkshop" = Subtitle Workshop 2.51
"Total Audio Converter_is1" = AudioConverter
"Total Video Converter 3.01_is1" = Total Video Converter 3.01
"Videora iPod Converter" = Videora iPod Converter 3.07
"ViewpointMediaPlayer" = Viewpoint Media Player
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"VobSub" = VobSub v2.23 (Remove Only)
"WinAce Archiver" = WinAce Archiver
"Winamp" = Winamp
"X-VCD Player" = X-VCD Player
"Xvid_is1" = Xvid 1.1.3 final uninstall
"Yahoo! Messenger" = Yahoo! Messenger
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"InstallShield_{8920EF0D-633E-46D1-9561-90E713E3145A}" = AutoBackup
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/18/2009 1:58:37 PM | Computer Name = LuisPC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 2/18/2009 1:58:38 PM | Computer Name = LuisPC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 2/18/2009 3:55:44 PM | Computer Name = LuisPC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 2/18/2009 4:03:53 PM | Computer Name = LuisPC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 2/20/2009 1:35:32 PM | Computer Name = LuisPC | Source = Application Error | ID = 1000
Description = Faulting application bcmwltry.exe, version 4.170.25.12, time stamp
0x46f3437a, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception
code 0xc0000005, fault offset 0x04729db2, process id 0x670, application start time
0x01c9938189cf6a9c.

Error - 2/20/2009 1:35:41 PM | Computer Name = LuisPC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 2/20/2009 1:36:22 PM | Computer Name = LuisPC | Source = WinMgmt | ID = 10
Description =

Error - 2/20/2009 2:13:07 PM | Computer Name = LuisPC | Source = EventSystem | ID = 4621
Description =

Error - 2/20/2009 3:08:43 PM | Computer Name = LuisPC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 2/20/2009 3:09:37 PM | Computer Name = LuisPC | Source = WinMgmt | ID = 10
Description =

[ Broadcom Wireless LAN Events ]
Error - 4/24/2009 12:35:32 AM | Computer Name = LuisPC | Source = WLAN-Tray | ID = 0
Description = 21:35:31, Thu, Apr 23, 09 Error - Unable to gain access to user store

[ Media Center Events ]
Error - 10/11/2008 1:38:23 PM | Computer Name = LuisPC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 10/28/2008 7:37:53 PM | Computer Name = LuisPC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ OSession Events ]
Error - 11/3/2008 5:24:29 PM | Computer Name = LuisPC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
12.0.6316.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 30
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 7/11/2009 5:36:39 PM | Computer Name = LuisPC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description =

Error - 7/11/2009 5:37:38 PM | Computer Name = LuisPC | Source = Service Control Manager | ID = 7001
Description =

Error - 7/11/2009 5:37:38 PM | Computer Name = LuisPC | Source = Service Control Manager | ID = 7026
Description =

Error - 7/11/2009 5:39:52 PM | Computer Name = LuisPC | Source = DCOM | ID = 10005
Description =

Error - 7/11/2009 5:42:50 PM | Computer Name = LuisPC | Source = HTTP | ID = 15016
Description =

Error - 7/11/2009 5:44:16 PM | Computer Name = LuisPC | Source = Service Control Manager | ID = 7000
Description =

Error - 7/11/2009 5:44:16 PM | Computer Name = LuisPC | Source = Service Control Manager | ID = 7000
Description =

Error - 7/11/2009 5:44:16 PM | Computer Name = LuisPC | Source = Service Control Manager | ID = 7000
Description =

Error - 7/11/2009 5:44:16 PM | Computer Name = LuisPC | Source = Service Control Manager | ID = 7000
Description =

Error - 7/11/2009 5:44:16 PM | Computer Name = LuisPC | Source = Service Control Manager | ID = 7000
Description =

< End of report >

#5 OFFLINE Rorschach112

Power Member

Moderators
1,029 posts

Posted 12 July 2009 - 01:02 AM

do you recognise these

O4 - Startup: C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat080800 AM.bat ()
O4 - Startup: C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat080804 AM.bat ()

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O20 - AppInit_DLLs: (Files\RelevantKnowledge\rlai.dll) - File not found
O33 - MountPoints2\{04e06c1b-03b2-11de-a7cc-00219bd0b350}\Shell\Auto\command - "" = config.exe
O33 - MountPoints2\{057e4064-881d-11dd-a66f-001644ec2390}\Shell - "" = AutoRun
O33 - MountPoints2\{057e4064-881d-11dd-a66f-001644ec2390}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{13a26675-7249-11dd-9b1b-00219bd0b350}\Shell\Auto\command - "" = config.exe
O33 - MountPoints2\{1a1d9d55-fa43-11dd-91b0-00219bd0b350}\Shell\Auto\command - "" = config.exe
O33 - MountPoints2\{253df904-5ea5-11dd-a249-00219bd0b350}\Shell\Auto\command - "" = config.exe
O33 - MountPoints2\{2b1d741c-5de4-11dd-8d75-00219bd0b350}\Shell\Auto\command - "" = config.exe
O33 - MountPoints2\{4a2c12ce-6ab0-11de-96eb-00219bd0b350}\Shell - "" = AutoRun
O33 - MountPoints2\{4a2c12ce-6ab0-11de-96eb-00219bd0b350}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O33 - MountPoints2\{4a9210aa-85f9-11dd-b79a-00219bd0b350}\Shell\Auto\command - "" = config.exe
O33 - MountPoints2\{7424b09d-617b-11dd-ba47-00219bd0b350}\Shell\Auto\command - "" = config.exe
O33 - MountPoints2\{873eb59f-81bb-11dd-bb80-00219bd0b350}\Shell\Auto\command - "" = config.exe
O33 - MountPoints2\{996e1a80-46dc-11de-9fe3-00219bd0b350}\Shell - "" = AutoRun
O33 - MountPoints2\{996e1a80-46dc-11de-9fe3-00219bd0b350}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -- File not found
O33 - MountPoints2\{9f82f4fa-7fa2-11dd-8b31-00219bd0b350}\Shell\Auto\command - "" = config.exe
O33 - MountPoints2\{b5bb4a06-60ee-11dd-b887-00219bd0b350}\Shell\Auto\command - "" = config.exe
O33 - MountPoints2\{b5bb4b49-60ee-11dd-b887-00219bd0b350}\Shell\Auto\command - "" = config.exe
O33 - MountPoints2\{cf629f8e-6820-11dd-bb6a-00219bd0b350}\Shell\Auto\command - "" = config.exe
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Install FreeAgent Tools.exe -- File not found
[2009/07/09 21:51:08 | 00,000,000 | ---D | C] -- C:\Users\Luis\Desktop\Arax Disk Doctor Data Recovery v3.1.036 + Crack [RH]
[2009/06/27 16:30:31 | 00,000,000 | ---D | C] -- C:\Users\Luis\Desktop\Sothink[1].SWF.Decompiler.v5.0.503.Cracked
[2009/06/27 14:58:53 | 00,000,000 | ---D | C] -- C:\Users\Luis\Desktop\Macromedia Flash MX Pro 2004, Keygen + How-To Guides


:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

By the power of truth, I, while living, have conquered the universe.

~Scratch~

#6 OFFLINE lemartines

Advanced Member

Members
50 posts

Gender:Male
Location:Los Angeles, CA

Posted 12 July 2009 - 01:44 AM

Thank you very much for your reply.

[quote name='Rorschach112' date='Jul 11 2009, 06:02 PM' post='141389']
do you recognise these

O4 - Startup: C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat080800 AM.bat ()
O4 - Startup: C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat080804 AM.bat ()

No I don't.

I did what you suggested. Here's the log.

OTL logfile created on: 7/11/2009 6:37:16 PM - Run 2
OTL by OldTimer - Version 3.0.7.1 Folder = C:\Users\Luis\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18783)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.95 Gb Available Physical Memory | 97.72% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285.50 Gb Total Space | 159.35 Gb Free Space | 55.82% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.31 Gb Free Space | 53.13% Space Free | Partition Type: NTFS
Drive E: | 702.31 Mb Total Space | 476.67 Mb Free Space | 67.87% Space Free | Partition Type: UDF
Drive F: | 247.20 Mb Total Space | 246.28 Mb Free Space | 99.63% Space Free | Partition Type: FAT
Drive G: | 7.46 Gb Total Space | 2.66 Gb Free Space | 35.63% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LUISPC
Current User Name: Luis
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 7 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation)
PRC - C:\Program Files\Fingerprint Reader Suite\upeksvr.exe (UPEK Inc.)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Windows\System32\WLTRYSVC.EXE ()
PRC - C:\Windows\System32\bcmwltry.exe (Dell Inc.)
PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe (Seagate LLC)
PRC - C:\Windows\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE (Software 2000 Limited)
PRC - C:\Windows\System32\aestsrv.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe (Intel Corporation)
PRC - C:\Program Files\Common Files\Motive\McciCMService.exe (Motive Communications, Inc.)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Windows\System32\STacSV.exe (IDT, Inc.)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\Windows\System32\WUDFHost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\Winamp\winampa.exe ()
PRC - C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH)
PRC - C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
PRC - C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe ()
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\HP\HP UT\bin\hppusg.exe ( )
PRC - C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe ()
PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
PRC - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\Dell\Dell WUSB\WQ_Tray2.exe (WiQuest Communications, Inc.)
PRC - C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Program Files\Fingerprint Reader Suite\psqltray.exe (UPEK Inc.)
PRC - C:\Windows\ehome\ehmsas.exe (Microsoft Corporation)
PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\HidFind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\DellTPad\Apntex.exe (Alps Electric Co., Ltd.)
PRC - C:\Windows\System32\mobsync.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation)
PRC - C:\Users\Luis\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (AESTFilters [Auto | Running]) -- C:\Windows\System32\aestsrv.exe (Andrea Electronics Corporation)
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (avg8wd [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (DockLoginService [Auto | Running]) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV - (ehRecvr [On_Demand | Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [On_Demand | Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (ehstart [Auto | Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (Eventlog [Auto | Running]) -- C:\Windows\System32\wevtsvc.dll (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (GoogleDesktopManager-092308-165331 [On_Demand | Stopped]) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (GoToAssist [On_Demand | Stopped]) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (IAANTMON [Auto | Running]) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe (Intel Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Macromedia Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe ()
SRV - (McciCMService [Auto | Running]) -- C:\Program Files\Common Files\Motive\McciCMService.exe (Motive Communications, Inc.)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (nvsvc [Auto | Running]) -- C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (PCLEPCI [Auto | Stopped]) -- C:\Windows\System32\drivers\pclepci.sys (Pinnacle Systems GmbH)
SRV - (RapiMgr [Auto | Running]) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (RoxLiveShare10 [Auto | Stopped]) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe (Sonic Solutions)
SRV - (RoxMediaDB10 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions)
SRV - (RoxWatch10 [Auto | Stopped]) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe (Sonic Solutions)
SRV - (SessionLauncher [Auto | Stopped]) -- File not found
SRV - (STacSV [Auto | Running]) -- C:\Windows\System32\STacSV.exe (IDT, Inc.)
SRV - (stllssvr [On_Demand | Stopped]) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (MicroVision Development, Inc.)
SRV - (usnjsvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (Viewpoint Manager Service [Auto | Running]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (WcesComm [Auto | Running]) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (wltrysvc [Auto | Running]) -- C:\Windows\System32\WLTRYSVC.EXE ()
SRV - (WMPNetworkSvc [Auto | Running]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [url="http://www.msn.com/"]http://www.msn.com/[/url]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [url="http://go.microsoft.com/fwlink/?LinkId=54896"]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.1

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/27 22:13:33 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/07/10 20:56:43 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/07/10 22:53:11 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/07/10 22:28:22 | 00,000,000 | ---D | M]

[2009/07/10 22:53:12 | 00,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\mozilla\Extensions
[2009/07/10 22:53:12 | 00,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/02/08 16:53:40 | 00,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\mozilla\Extensions\uploadr@flickr.com
[2009/07/10 22:57:03 | 00,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\mozilla\Firefox\Profiles\2g7yej1l.default\extensions
[2009/07/10 22:57:03 | 00,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\mozilla\Firefox\Profiles\2g7yej1l.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/07/10 22:28:23 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/07/10 22:28:23 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/07/02 18:52:45 | 00,023,040 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2008/07/02 18:52:46 | 00,134,144 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/07/07 21:36:18 | 00,122,880 | ---- | M] (Google) -- C:\Program Files\mozilla firefox\components\GoogleDesktopMozilla.dll
[2009/02/24 12:34:32 | 01,044,480 | ---- | M] (The OpenSSL Project, [url="http://www.openssl.org/)"]http://www.openssl.org/)[/url] -- C:\Program Files\mozilla firefox\plugins\libdivx.dll
[2007/04/10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2009/02/24 12:34:14 | 01,337,648 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2009/02/24 12:34:22 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2008/07/02 18:52:47 | 00,065,536 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2006/10/26 20:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2008/10/14 22:33:30 | 00,095,600 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2009/06/28 17:44:05 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/06/28 17:44:05 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/06/28 17:44:05 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/06/28 17:44:05 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/06/28 17:44:05 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/06/28 17:44:06 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/06/28 17:44:06 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2007/04/16 10:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npViewpoint.dll
[2009/02/24 12:34:32 | 00,200,704 | ---- | M] (The OpenSSL Project, [url="http://www.openssl.org/)"]http://www.openssl.org/)[/url] -- C:\Program Files\mozilla firefox\plugins\ssldivx.dll
[2008/07/02 09:31:38 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/07/02 09:31:38 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/07/02 09:31:38 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/07/02 09:31:38 | 00,002,642 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/07/02 09:31:38 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/07/02 09:31:38 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/07/02 09:31:38 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (291222 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10029 more lines...
O2 - BHO: (HelperObject Class) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [Google Desktop Search] File not found
O4 - HKLM..\Run: [hpbdfawep] C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe ()
O4 - HKLM..\Run: [HPUsageTracking] C:\Program Files\HP\HP UT\bin\hppusg.exe ( )
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe File not found
O4 - HKLM..\Run: [Nitro PDF Printer Monitor] C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PrintUtil] C:\Program Files\HP\HP Print Utility\PrintUtil.exe File not found
O4 - HKLM..\Run: [PSQLLauncher] File not found
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [USB2Check] C:\Windows\System32\PCLECoInst.DLL (Pinnacle Systems)
O4 - HKLM..\Run: [USBToolTip] C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe File not found
O4 - HKCU..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe (Pinnacle Systems)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoBackup Launcher.lnk = C:\Program Files\Seagate\AutoBackup\MemeoLauncher.exe (Memeo Inc.)
O4 - Startup: C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat080800 AM.bat ()
O4 - Startup: C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat080804 AM.bat ()
O4 - Startup: C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat080808 AM.bat ()
O4 - Startup: C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat101355 PM.bat ()
O4 - Startup: C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat102727 PM.bat ()
O4 - Startup: C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat114630 PM.bat ()
O4 - Startup: C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat114631 PM.bat ()
O4 - Startup: C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat115456 PM.bat ()
O4 - Startup: C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat115458 PM.bat ()
O4 - Startup: C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat115503 PM.bat ()
O4 - Startup: C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat120757 AM.bat ()
O4 - Startup: C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat120805 AM.bat ()
O4 - Startup: C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat120823 AM.bat ()
O4 - Startup: C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat120828 AM.bat ()
O4 - Startup: C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat120829 AM.bat ()
O4 - Startup: C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat120830 AM.bat ()
O4 - Startup: C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat120831 AM.bat ()
O4 - Startup: C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat175419 AM.bat ()
O4 - Startup: C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat180812 AM.bat ()
O4 - Startup: C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat180816 AM.bat ()
O4 - Startup: C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat280820 AM.bat ()
O4 - Startup: C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat280824 AM.bat ()
O4 - Startup: C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat280828 AM.bat ()
O4 - Startup: C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat380832 AM.bat ()
O4 - Startup: C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat380836 AM.bat ()
O4 - Startup: C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat480743 AM.bat ()
O4 - Startup: C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat480840 AM.bat ()
O4 - Startup: C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat480845 AM.bat ()
O4 - Startup: C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat480849 AM.bat ()
O4 - Startup: C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat580756 AM.bat ()
O4 - Startup: C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat580853 AM.bat ()
O4 - Startup: C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat580857 AM.bat ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: 64 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll (Installation Support)
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} [url="http://zone.msn.com/bingame/zpagames/zpa_txhe.cab79352.cab"]http://zone.msn.com/bingame/zpagames/zpa_txhe.cab79352.cab[/url] (MSN Games – Texas Holdem Poker)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} [url="http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab"]http://cdn2.zone.msn.com/binFramework/v10/...k.cab102118.cab[/url] (MSN Games - Installer)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\program) - File not found
O20 - AppInit_DLLs: (c:\progra~1\google\google~1\goec62~1.dll) - c:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\psfus: DllName - C:\Windows\system32\psqlpwd.dll - C:\Windows\System32\psqlpwd.dll (UPEK Inc.)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/08 19:17:50 | 00,000,121 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/05/22 12:25:20 | 00,000,096 | -HS- | M] () - G:\AUTORUN.INF -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 7 Days ==========

[2009/07/11 18:32:36 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/07/11 15:36:45 | 00,000,000 | ---D | C] -- C:\Program Files\SopCast
[2009/07/11 15:31:36 | 04,528,668 | -H-- | C] () -- C:\Users\Luis\AppData\Local\IconCache.db
[2009/07/11 14:58:22 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/07/11 14:57:18 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Users\Luis\Desktop\OTL.exe
[2009/07/11 14:57:18 | 00,173,119 | ---- | C] (Eric_71) -- C:\Users\Luis\Desktop\Rooter.exe
[2009/07/11 14:39:05 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/07/11 14:38:53 | 00,000,915 | ---- | C] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/07/11 14:38:35 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/07/11 14:22:24 | 00,265,216 | ---- | C] (OldTimer Tools) -- C:\Users\Luis\Desktop\TFC.exe
[2009/07/11 14:22:15 | 00,794,112 | ---- | C] () -- C:\Users\Luis\Desktop\The_Comedian.exe
[2009/07/11 13:12:46 | 00,000,000 | R--D | C] -- C:\Users\Luis\Desktop\hijackthis
[2009/07/11 13:07:52 | 00,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2009/07/11 12:53:07 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/07/10 22:57:41 | 00,068,487 | ---- | C] () -- C:\Users\Luis\Desktop\bookmarks.html
[2009/07/10 22:53:14 | 00,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/07/10 21:54:24 | 00,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2009/07/10 21:53:55 | 00,000,000 | ---D | C] -- C:\Users\Luis\AppData\Roaming\SUPERAntiSpyware.com
[2009/07/10 21:53:55 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/07/10 21:37:25 | 00,002,085 | ---- | C] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoBackup Launcher.lnk
[2009/07/10 21:37:25 | 00,001,828 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Ultrawideband Control Center.lnk
[2009/07/10 21:37:25 | 00,001,031 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
[2009/07/10 21:12:06 | 00,000,000 | ---D | C] -- C:\Windows\pss
[2009/07/10 21:05:17 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2009/07/10 20:56:57 | 00,011,952 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2009/07/10 20:56:56 | 00,108,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2009/07/10 20:56:52 | 38,072,861 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/07/10 20:56:52 | 06,061,540 | ---- | C] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2009/07/10 20:56:52 | 00,463,779 | ---- | C] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2009/07/10 20:56:52 | 00,335,752 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2009/07/10 20:56:52 | 00,025,155 | ---- | C] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/07/10 20:56:52 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg
[2009/07/10 20:56:42 | 00,000,000 | ---D | C] -- C:\ProgramData\avg8
[2009/07/10 20:56:42 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/07/10 20:45:52 | 00,027,784 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2009/07/10 20:45:48 | 00,000,000 | ---D | C] -- C:\Program Files\Grisoft
[2009/07/10 08:08:57 | 00,000,142 | -HS- | C] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat580857 AM.bat
[2009/07/10 08:08:53 | 00,000,142 | -HS- | C] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat580853 AM.bat
[2009/07/10 08:08:49 | 00,000,142 | -HS- | C] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat480849 AM.bat
[2009/07/10 08:08:45 | 00,000,142 | -HS- | C] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat480845 AM.bat
[2009/07/10 08:08:40 | 00,000,142 | -HS- | C] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat480840 AM.bat
[2009/07/10 08:08:36 | 00,000,142 | -HS- | C] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat380836 AM.bat
[2009/07/10 08:08:32 | 00,000,142 | -HS- | C] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat380832 AM.bat
[2009/07/10 08:08:28 | 00,000,142 | -HS- | C] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat280828 AM.bat
[2009/07/10 08:08:24 | 00,000,142 | -HS- | C] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat280824 AM.bat
[2009/07/10 08:08:20 | 00,000,142 | -HS- | C] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat280820 AM.bat
[2009/07/10 08:08:16 | 00,000,142 | -HS- | C] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat180816 AM.bat
[2009/07/10 08:08:12 | 00,000,142 | -HS- | C] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat180812 AM.bat
[2009/07/10 08:08:08 | 00,000,142 | -HS- | C] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat080808 AM.bat
[2009/07/10 08:08:04 | 00,000,142 | -HS- | C] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat080804 AM.bat
[2009/07/10 08:08:00 | 00,000,142 | -HS- | C] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat080800 AM.bat
[2009/07/10 08:07:56 | 00,000,142 | -HS- | C] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat580756 AM.bat
[2009/07/10 08:07:43 | 00,000,142 | -HS- | C] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat480743 AM.bat
[2009/07/10 07:54:19 | 00,000,142 | -HS- | C] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat175419 AM.bat
[2009/07/10 00:08:31 | 00,000,142 | -HS- | C] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat120831 AM.bat
[2009/07/10 00:08:30 | 00,000,142 | -HS- | C] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat120830 AM.bat
[2009/07/10 00:08:29 | 00,000,142 | -HS- | C] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat120829 AM.bat
[2009/07/10 00:08:28 | 00,000,142 | -HS- | C] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat120828 AM.bat
[2009/07/10 00:08:23 | 00,000,142 | -HS- | C] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat120823 AM.bat
[2009/07/10 00:08:05 | 00,000,142 | -HS- | C] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat120805 AM.bat
[2009/07/10 00:07:57 | 00,000,142 | -HS- | C] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat120757 AM.bat
[2009/07/09 23:55:03 | 00,000,142 | -HS- | C] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat115503 PM.bat
[2009/07/09 23:54:58 | 00,000,142 | -HS- | C] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat115458 PM.bat
[2009/07/09 23:54:57 | 00,000,142 | -HS- | C] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat115456 PM.bat
[2009/07/09 23:46:31 | 00,000,142 | -HS- | C] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat114631 PM.bat
[2009/07/09 23:46:30 | 00,000,142 | -HS- | C] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat114630 PM.bat
[2009/07/09 22:29:57 | 00,005,016 | -HS- | C] () -- C:\Windows\E88D4.exe
[2009/07/09 22:27:27 | 00,000,142 | -HS- | C] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat102727 PM.bat
[2009/07/09 22:18:23 | 00,000,000 | ---D | C] -- C:\Program Files\ARAX Disk Doctor Data Recovery
[2009/07/09 22:13:55 | 00,000,142 | -HS- | C] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat101355 PM.bat
[2009/07/09 21:54:13 | 00,193,061 | ---- | C] () -- C:\Windows\System32\AdobeFnt.lst
[2009/07/09 21:51:08 | 00,000,000 | ---D | C] -- C:\Users\Luis\Desktop\Arax Disk Doctor Data Recovery v3.1.036 + Crack [RH]
[2009/07/09 21:26:09 | 00,068,232 | ---- | C] (JGsoft - Just Great Software) -- C:\Windows\UnDeployV.exe
[2009/07/07 21:36:53 | 00,000,000 | ---D | C] -- C:\Users\Luis\Documents\My Google Gadgets
[2009/07/07 21:36:09 | 00,000,000 | ---D | C] -- C:\Program Files\Google

========== Files - Modified Within 7 Days ==========

[2009/07/11 18:34:51 | 00,088,616 | ---- | M] () -- C:\ProgramData\nvModes.001
[2009/07/11 18:34:14 | 00,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/07/11 18:34:14 | 00,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/07/11 18:34:14 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/07/11 18:34:10 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/07/11 17:50:22 | 38,072,861 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/07/11 17:50:22 | 00,025,155 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/07/11 17:22:24 | 00,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{D1CAD405-44FD-4870-A5EA-E558523335D5}.job
[2009/07/11 17:07:03 | 00,751,146 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/07/11 17:07:03 | 00,636,992 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/07/11 17:07:03 | 00,118,088 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/07/11 16:59:53 | 04,528,668 | -H-- | M] () -- C:\Users\Luis\AppData\Local\IconCache.db
[2009/07/11 14:50:24 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Luis\Desktop\OTL.exe
[2009/07/11 14:49:52 | 00,173,119 | ---- | M] (Eric_71) -- C:\Users\Luis\Desktop\Rooter.exe
[2009/07/11 14:38:53 | 00,000,915 | ---- | M] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/07/11 14:22:52 | 00,265,216 | ---- | M] (OldTimer Tools) -- C:\Users\Luis\Desktop\TFC.exe
[2009/07/11 14:22:20 | 00,794,112 | ---- | M] () -- C:\Users\Luis\Desktop\The_Comedian.exe
[2009/07/11 12:53:34 | 00,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2009/07/10 22:56:14 | 00,068,487 | ---- | M] () -- C:\Users\Luis\Desktop\bookmarks.html
[2009/07/10 22:53:14 | 00,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2009/07/10 22:49:18 | 00,291,222 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2009/07/10 21:00:56 | 00,463,779 | ---- | M] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2009/07/10 20:56:57 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2009/07/10 20:56:56 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2009/07/10 20:56:52 | 06,061,540 | ---- | M] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2009/07/10 20:56:52 | 00,335,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2009/07/10 20:56:52 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2009/07/10 08:08:57 | 00,000,142 | -HS- | M] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat580857 AM.bat
[2009/07/10 08:08:53 | 00,000,142 | -HS- | M] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat580853 AM.bat
[2009/07/10 08:08:49 | 00,000,142 | -HS- | M] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat480849 AM.bat
[2009/07/10 08:08:45 | 00,000,142 | -HS- | M] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat480845 AM.bat
[2009/07/10 08:08:40 | 00,000,142 | -HS- | M] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat480840 AM.bat
[2009/07/10 08:08:36 | 00,000,142 | -HS- | M] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat380836 AM.bat
[2009/07/10 08:08:32 | 00,000,142 | -HS- | M] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat380832 AM.bat
[2009/07/10 08:08:28 | 00,000,142 | -HS- | M] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat280828 AM.bat
[2009/07/10 08:08:24 | 00,000,142 | -HS- | M] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat280824 AM.bat
[2009/07/10 08:08:20 | 00,000,142 | -HS- | M] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat280820 AM.bat
[2009/07/10 08:08:16 | 00,000,142 | -HS- | M] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat180816 AM.bat
[2009/07/10 08:08:12 | 00,000,142 | -HS- | M] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat180812 AM.bat
[2009/07/10 08:08:08 | 00,000,142 | -HS- | M] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat080808 AM.bat
[2009/07/10 08:08:04 | 00,000,142 | -HS- | M] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat080804 AM.bat
[2009/07/10 08:08:00 | 00,000,142 | -HS- | M] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat080800 AM.bat
[2009/07/10 08:07:56 | 00,000,142 | -HS- | M] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat580756 AM.bat
[2009/07/10 08:07:43 | 00,000,142 | -HS- | M] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat480743 AM.bat
[2009/07/10 07:54:19 | 00,000,142 | -HS- | M] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat175419 AM.bat
[2009/07/10 00:08:31 | 00,000,142 | -HS- | M] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat120831 AM.bat
[2009/07/10 00:08:30 | 00,000,142 | -HS- | M] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat120830 AM.bat
[2009/07/10 00:08:29 | 00,000,142 | -HS- | M] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat120829 AM.bat
[2009/07/10 00:08:28 | 00,000,142 | -HS- | M] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat120828 AM.bat
[2009/07/10 00:08:23 | 00,000,142 | -HS- | M] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat120823 AM.bat
[2009/07/10 00:08:05 | 00,000,142 | -HS- | M] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat120805 AM.bat
[2009/07/10 00:07:57 | 00,000,142 | -HS- | M] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat120757 AM.bat
[2009/07/09 23:55:03 | 00,000,142 | -HS- | M] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat115503 PM.bat
[2009/07/09 23:55:03 | 00,000,142 | -HS- | M] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat115458 PM.bat
[2009/07/09 23:54:58 | 00,000,142 | -HS- | M] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat115456 PM.bat
[2009/07/09 23:46:31 | 00,000,142 | -HS- | M] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat114631 PM.bat
[2009/07/09 23:46:30 | 00,000,142 | -HS- | M] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat114630 PM.bat
[2009/07/09 22:30:37 | 00,005,016 | -HS- | M] () -- C:\Windows\E88D4.exe
[2009/07/09 22:27:27 | 00,000,142 | -HS- | M] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat102727 PM.bat
[2009/07/09 22:18:02 | 00,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2009/07/09 22:13:55 | 00,000,142 | -HS- | M] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat101355 PM.bat
[2009/07/09 21:54:13 | 00,193,061 | ---- | M] () -- C:\Windows\System32\AdobeFnt.lst
[2009/07/08 02:50:43 | 00,173,568 | ---- | M] () -- C:\Users\Luis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/05 15:16:44 | 00,088,616 | ---- | M] () -- C:\ProgramData\nvModes.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 223 bytes -> C:\ProgramData\TEMP:0CE7F3C9
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:98781370
< End of report >

#7 OFFLINE Rorschach112

Power Member

Moderators
1,029 posts

Posted 12 July 2009 - 01:49 AM

is this a work PC ? They could be related to that

By the power of truth, I, while living, have conquered the universe.

~Scratch~

#8 OFFLINE lemartines

Advanced Member

Members
50 posts

Gender:Male
Location:Los Angeles, CA

Posted 12 July 2009 - 03:26 AM

No, this is my home PC. The fact that I can make the browsers work when I start the computer in safe mode, does that make it a start up problem?

#9 OFFLINE Rorschach112

Power Member

Moderators
1,029 posts

Posted 12 July 2009 - 02:05 PM

hi

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
O4 - Startup: C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat080800 AM.bat ()
O4 - Startup: C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat080804 AM.bat ()
O4 - Startup: C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat080808 AM.bat ()
O4 - Startup: C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat101355 PM.bat ()
O4 - Startup: C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat102727 PM.bat ()
O4 - Startup: C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat114630 PM.bat ()
O4 - Startup: C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat114631 PM.bat ()
O4 - Startup: C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat115456 PM.bat ()
O4 - Startup: C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat115458 PM.bat ()
O4 - Startup: C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat115503 PM.bat ()
O4 - Startup: C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat120757 AM.bat ()
O4 - Startup: C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat120805 AM.bat ()
O4 - Startup: C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat120823 AM.bat ()
O4 - Startup: C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat120828 AM.bat ()
O4 - Startup: C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat120829 AM.bat ()
O4 - Startup: C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat120830 AM.bat ()
O4 - Startup: C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat120831 AM.bat ()
O4 - Startup: C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat175419 AM.bat ()
O4 - Startup: C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat180812 AM.bat ()
O4 - Startup: C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat180816 AM.bat ()
O4 - Startup: C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat280820 AM.bat ()
O4 - Startup: C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat280824 AM.bat ()
O4 - Startup: C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat280828 AM.bat ()
O4 - Startup: C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat380832 AM.bat ()
O4 - Startup: C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat380836 AM.bat ()
O4 - Startup: C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat480743 AM.bat ()
O4 - Startup: C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat480840 AM.bat ()
O4 - Startup: C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat480845 AM.bat ()
O4 - Startup: C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat480849 AM.bat ()
O4 - Startup: C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat580756 AM.bat ()
O4 - Startup: C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat580853 AM.bat ()
O4 - Startup: C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat580857 AM.bat ()
[2009/07/10 08:08:57 | 00,000,142 | -HS- | C] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat580857 AM.bat
[2009/07/10 08:08:53 | 00,000,142 | -HS- | C] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat580853 AM.bat
[2009/07/10 08:08:49 | 00,000,142 | -HS- | C] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat480849 AM.bat
[2009/07/10 08:08:45 | 00,000,142 | -HS- | C] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat480845 AM.bat
[2009/07/10 08:08:40 | 00,000,142 | -HS- | C] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat480840 AM.bat
[2009/07/10 08:08:36 | 00,000,142 | -HS- | C] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat380836 AM.bat
[2009/07/10 08:08:32 | 00,000,142 | -HS- | C] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat380832 AM.bat
[2009/07/10 08:08:28 | 00,000,142 | -HS- | C] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat280828 AM.bat
[2009/07/10 08:08:24 | 00,000,142 | -HS- | C] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat280824 AM.bat
[2009/07/10 08:08:20 | 00,000,142 | -HS- | C] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat280820 AM.bat
[2009/07/10 08:08:16 | 00,000,142 | -HS- | C] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat180816 AM.bat
[2009/07/10 08:08:12 | 00,000,142 | -HS- | C] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat180812 AM.bat
[2009/07/10 08:08:08 | 00,000,142 | -HS- | C] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat080808 AM.bat
[2009/07/10 08:08:04 | 00,000,142 | -HS- | C] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat080804 AM.bat
[2009/07/10 08:08:00 | 00,000,142 | -HS- | C] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat080800 AM.bat
[2009/07/10 08:07:56 | 00,000,142 | -HS- | C] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat580756 AM.bat
[2009/07/10 08:07:43 | 00,000,142 | -HS- | C] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat480743 AM.bat
[2009/07/10 07:54:19 | 00,000,142 | -HS- | C] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat175419 AM.bat
[2009/07/10 00:08:31 | 00,000,142 | -HS- | C] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat120831 AM.bat
[2009/07/10 00:08:30 | 00,000,142 | -HS- | C] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat120830 AM.bat
[2009/07/10 00:08:29 | 00,000,142 | -HS- | C] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat120829 AM.bat
[2009/07/10 00:08:28 | 00,000,142 | -HS- | C] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat120828 AM.bat
[2009/07/10 00:08:23 | 00,000,142 | -HS- | C] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat120823 AM.bat
[2009/07/10 00:08:05 | 00,000,142 | -HS- | C] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat120805 AM.bat
[2009/07/10 00:07:57 | 00,000,142 | -HS- | C] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat120757 AM.bat
[2009/07/09 23:55:03 | 00,000,142 | -HS- | C] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat115503 PM.bat
[2009/07/09 23:54:58 | 00,000,142 | -HS- | C] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat115458 PM.bat
[2009/07/09 23:54:57 | 00,000,142 | -HS- | C] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat115456 PM.bat
[2009/07/09 23:46:31 | 00,000,142 | -HS- | C] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat114631 PM.bat
[2009/07/09 23:46:30 | 00,000,142 | -HS- | C] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat114630 PM.bat
[2009/07/09 22:29:57 | 00,005,016 | -HS- | C] () -- C:\Windows\E88D4.exe
[2009/07/09 22:27:27 | 00,000,142 | -HS- | C] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat102727 PM.bat
[2009/07/09 22:13:55 | 00,000,142 | -HS- | C] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mel.bat101355 PM.bat
[2009/07/09 21:51:08 | 00,000,000 | ---D | C] -- C:\Users\Luis\Desktop\Arax Disk Doctor Data Recovery v3.1.036 + Crack [RH]

:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

By the power of truth, I, while living, have conquered the universe.

~Scratch~

#10 OFFLINE lemartines

Advanced Member

Members
50 posts

Gender:Male
Location:Los Angeles, CA

Posted 12 July 2009 - 06:23 PM

Thanks.

Here we go:

OTL logfile created on: 7/12/2009 11:17:41 AM - Run 3
OTL by OldTimer - Version 3.0.7.1 Folder = C:\Users\Luis\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.80 Gb Available Physical Memory | 89.80% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 285.50 Gb Total Space | 158.85 Gb Free Space | 55.64% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 5.31 Gb Free Space | 53.13% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 247.20 Mb Total Space | 246.37 Mb Free Space | 99.66% Space Free | Partition Type: FAT
Drive G: | 7.46 Gb Total Space | 2.66 Gb Free Space | 35.63% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LUISPC
Current User Name: Luis
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 7 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation)
PRC - C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
PRC - C:\Program Files\Fingerprint Reader Suite\upeksvr.exe (UPEK Inc.)
PRC - C:\Windows\System32\WLTRYSVC.EXE ()
PRC - C:\Windows\System32\bcmwltry.exe (Dell Inc.)
PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe (Seagate LLC)
PRC - C:\Windows\System32\aestsrv.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe (Intel Corporation)
PRC - C:\Program Files\Common Files\Motive\McciCMService.exe (Motive Communications, Inc.)
PRC - C:\Program Files\AVG\AVG8\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG8\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Windows\System32\spool\DRIVERS\W32X86\3\HP1006MC.EXE (Software 2000 Limited)
PRC - C:\Windows\System32\STacSV.exe (IDT, Inc.)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\Windows\System32\WUDFHost.exe (Microsoft Corporation)
PRC - C:\Windows\notepad.exe (Microsoft Corporation)
PRC - C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe ()
PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Winamp\winampa.exe ()
PRC - C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH)
PRC - C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
PRC - C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe ()
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\HP\HP UT\bin\hppusg.exe ( )
PRC - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
PRC - C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Fingerprint Reader Suite\psqltray.exe (UPEK Inc.)
PRC - C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
PRC - C:\Users\Luis\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
PRC - C:\Program Files\Dell\Dell WUSB\WQ_Tray2.exe (WiQuest Communications, Inc.)
PRC - C:\Windows\ehome\ehmsas.exe (Microsoft Corporation)
PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Program Files\DellTPad\Apntex.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\HidFind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Windows\System32\mobsync.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\ieuser.exe (Microsoft Corporation)
PRC - C:\Users\Luis\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Windows\System32\wbem\WMIADAP.EXE (Microsoft Corporation)
PRC - C:\Windows\System32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Users\Luis\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Users\Luis\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Users\Luis\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Users\Luis\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (AESTFilters [Auto | Running]) -- C:\Windows\System32\aestsrv.exe (Andrea Electronics Corporation)
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (avg8wd [Auto | Running]) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (DockLoginService [Auto | Running]) -- C:\Program Files\Dell\DellDock\DockLogin.exe (Stardock Corporation)
SRV - (ehRecvr [On_Demand | Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [On_Demand | Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (ehstart [Auto | Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (Eventlog [Auto | Running]) -- C:\Windows\System32\wevtsvc.dll (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (GoogleDesktopManager-092308-165331 [On_Demand | Stopped]) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (GoToAssist [On_Demand | Stopped]) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (IAANTMON [Auto | Running]) -- C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe (Intel Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (Macromedia Licensing Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe ()
SRV - (McciCMService [Auto | Running]) -- C:\Program Files\Common Files\Motive\McciCMService.exe (Motive Communications, Inc.)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (nvsvc [Auto | Running]) -- C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (PCLEPCI [Auto | Stopped]) -- C:\Windows\System32\drivers\pclepci.sys (Pinnacle Systems GmbH)
SRV - (RapiMgr [Auto | Running]) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (RoxLiveShare10 [Auto | Stopped]) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe (Sonic Solutions)
SRV - (RoxMediaDB10 [On_Demand | Stopped]) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe (Sonic Solutions)
SRV - (RoxWatch10 [Auto | Stopped]) -- C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe (Sonic Solutions)
SRV - (SessionLauncher [Auto | Stopped]) -- File not found
SRV - (STacSV [Auto | Running]) -- C:\Windows\System32\STacSV.exe (IDT, Inc.)
SRV - (stllssvr [On_Demand | Stopped]) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (MicroVision Development, Inc.)
SRV - (usnjsvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (Viewpoint Manager Service [Auto | Running]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (WcesComm [Auto | Running]) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (wltrysvc [Auto | Running]) -- C:\Windows\System32\WLTRYSVC.EXE ()
SRV - (WMPNetworkSvc [Auto | Running]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cl...amp;ibd=0080724
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.1

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/27 22:13:33 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/07/10 20:56:43 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/07/11 23:37:15 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/07/11 23:37:13 | 00,000,000 | ---D | M]

[2009/07/10 22:53:12 | 00,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\mozilla\Extensions
[2009/07/10 22:53:12 | 00,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/02/08 16:53:40 | 00,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\mozilla\Extensions\uploadr@flickr.com
[2009/07/10 22:57:03 | 00,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\mozilla\Firefox\Profiles\2g7yej1l.default\extensions
[2009/07/10 22:57:03 | 00,000,000 | ---D | M] -- C:\Users\Luis\AppData\Roaming\mozilla\Firefox\Profiles\2g7yej1l.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/07/11 23:37:13 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/07/11 23:37:13 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/07/02 18:52:45 | 00,023,040 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2008/07/02 18:52:46 | 00,134,144 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/07/02 18:52:47 | 00,065,536 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2008/07/02 09:31:38 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/07/02 09:31:38 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/07/02 09:31:38 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/07/02 09:31:38 | 00,002,642 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/07/02 09:31:38 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/07/02 09:31:38 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/07/02 09:31:38 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (291222 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 10029 more lines...
O2 - BHO: (HelperObject Class) - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll (TechSmith Corporation)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (SnagIt) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll (TechSmith Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [Google Desktop Search] File not found
O4 - HKLM..\Run: [hpbdfawep] C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe ()
O4 - HKLM..\Run: [HPUsageTracking] C:\Program Files\HP\HP UT\bin\hppusg.exe ( )
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe File not found
O4 - HKLM..\Run: [Nitro PDF Printer Monitor] C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\Windows\System32\nvHotkey.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PrintUtil] C:\Program Files\HP\HP Print Utility\PrintUtil.exe File not found
O4 - HKLM..\Run: [PSQLLauncher] File not found
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [USB2Check] C:\Windows\System32\PCLECoInst.DLL (Pinnacle Systems)
O4 - HKLM..\Run: [USBToolTip] C:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe (Pinnacle Systems GmbH)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Google Update] C:\Users\Luis\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe File not found
O4 - HKCU..\Run: [LaunchList] C:\Program Files\Pinnacle\Studio 11\LaunchList2.exe (Pinnacle Systems)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoBackup Launcher.lnk = C:\Program Files\Seagate\AutoBackup\MemeoLauncher.exe (Memeo Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: 56 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper20073151.dll (Installation Support)
O16 - DPF: {9BDF4724-10AA-43D5-BD15-AEA0D2287303} http://zone.msn.com/...he.cab79352.cab (MSN Games – Texas Holdem Poker)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/...k.cab102118.cab (MSN Games - Installer)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\program) - File not found
O20 - AppInit_DLLs: (c:\progra~1\google\google~1\goec62~1.dll) - c:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\psfus: DllName - C:\Windows\system32\psqlpwd.dll - C:\Windows\System32\psqlpwd.dll (UPEK Inc.)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/08 19:17:50 | 00,000,121 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/05/22 12:25:20 | 00,000,096 | -HS- | M] () - G:\AUTORUN.INF -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 7 Days ==========

[2009/07/11 23:37:16 | 00,001,726 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/07/11 23:37:12 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2009/07/11 21:40:23 | 00,000,000 | R--D | C] -- C:\Users\Luis\Desktop\Favorites
[2009/07/11 21:29:19 | 02,676,863 | -H-- | C] () -- C:\Users\Luis\AppData\Local\IconCache.db
[2009/07/11 21:22:05 | 00,002,085 | ---- | C] () -- C:\Users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoBackup Launcher.lnk
[2009/07/11 21:22:05 | 00,001,828 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Ultrawideband Control Center.lnk
[2009/07/11 21:22:05 | 00,001,031 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
[2009/07/11 21:21:13 | 00,000,000 | ---D | C] -- C:\Users\Luis\Documents\Downloads
[2009/07/11 21:21:01 | 00,002,039 | ---- | C] () -- C:\Users\Luis\Desktop\Google Chrome.lnk
[2009/07/11 21:20:07 | 00,000,852 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1714148476-2385143438-1770491188-1000Core.job
[2009/07/11 18:32:36 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/07/11 14:58:22 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/07/11 14:57:18 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Users\Luis\Desktop\OTL.exe
[2009/07/11 14:57:18 | 00,173,119 | ---- | C] (Eric_71) -- C:\Users\Luis\Desktop\Rooter.exe
[2009/07/11 14:39:05 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/07/11 14:22:24 | 00,265,216 | ---- | C] (OldTimer Tools) -- C:\Users\Luis\Desktop\TFC.exe
[2009/07/11 14:22:15 | 00,794,112 | ---- | C] () -- C:\Users\Luis\Desktop\The_Comedian.exe
[2009/07/11 13:12:46 | 00,000,000 | R--D | C] -- C:\Users\Luis\Desktop\hijackthis
[2009/07/11 13:07:52 | 00,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2009/07/10 22:57:41 | 00,068,487 | ---- | C] () -- C:\Users\Luis\Desktop\bookmarks.html
[2009/07/10 22:53:14 | 00,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2009/07/10 21:54:24 | 00,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2009/07/10 21:53:55 | 00,000,000 | ---D | C] -- C:\Users\Luis\AppData\Roaming\SUPERAntiSpyware.com
[2009/07/10 21:53:55 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/07/10 21:12:06 | 00,000,000 | ---D | C] -- C:\Windows\pss
[2009/07/10 21:05:17 | 00,000,000 | -H-D | C] -- C:\$AVG8.VAULT$
[2009/07/10 20:56:57 | 00,011,952 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2009/07/10 20:56:56 | 00,108,552 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2009/07/10 20:56:52 | 38,089,105 | ---- | C] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/07/10 20:56:52 | 06,061,540 | ---- | C] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2009/07/10 20:56:52 | 00,463,779 | ---- | C] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2009/07/10 20:56:52 | 00,335,752 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2009/07/10 20:56:52 | 00,025,283 | ---- | C] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/07/10 20:56:52 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\Avg
[2009/07/10 20:56:42 | 00,000,000 | ---D | C] -- C:\ProgramData\avg8
[2009/07/10 20:56:42 | 00,000,000 | ---D | C] -- C:\Program Files\AVG
[2009/07/10 20:45:52 | 00,027,784 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2009/07/09 21:54:13 | 00,193,061 | ---- | C] () -- C:\Windows\System32\AdobeFnt.lst
[2009/07/09 21:26:09 | 00,068,232 | ---- | C] (JGsoft - Just Great Software) -- C:\Windows\UnDeployV.exe
[2009/07/07 21:36:53 | 00,000,000 | ---D | C] -- C:\Users\Luis\Documents\My Google Gadgets
[2009/07/07 21:36:09 | 00,000,000 | ---D | C] -- C:\Program Files\Google

========== Files - Modified Within 7 Days ==========

[2009/07/12 11:17:10 | 00,751,146 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/07/12 11:17:10 | 00,636,992 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/07/12 11:17:10 | 00,118,088 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/07/12 11:14:05 | 00,088,616 | ---- | M] () -- C:\ProgramData\nvModes.001
[2009/07/12 11:10:40 | 00,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/07/12 11:10:40 | 00,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/07/12 11:10:39 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/07/12 11:10:36 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/07/12 09:39:36 | 38,089,105 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2009/07/12 09:39:36 | 00,025,283 | ---- | M] () -- C:\Windows\System32\drivers\Avg\microavi.avg
[2009/07/11 23:37:16 | 00,001,726 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2009/07/11 23:31:16 | 00,000,349 | ---- | M] () -- C:\Users\Public\Documents\PCLECHAL.INI
[2009/07/11 21:29:19 | 02,676,863 | -H-- | M] () -- C:\Users\Luis\AppData\Local\IconCache.db
[2009/07/11 21:21:01 | 00,002,039 | ---- | M] () -- C:\Users\Luis\Desktop\Google Chrome.lnk
[2009/07/11 21:20:07 | 00,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1714148476-2385143438-1770491188-1000Core.job
[2009/07/11 17:22:24 | 00,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{D1CAD405-44FD-4870-A5EA-E558523335D5}.job
[2009/07/11 14:50:24 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\Luis\Desktop\OTL.exe
[2009/07/11 14:49:52 | 00,173,119 | ---- | M] (Eric_71) -- C:\Users\Luis\Desktop\Rooter.exe
[2009/07/11 14:22:52 | 00,265,216 | ---- | M] (OldTimer Tools) -- C:\Users\Luis\Desktop\TFC.exe
[2009/07/11 14:22:20 | 00,794,112 | ---- | M] () -- C:\Users\Luis\Desktop\The_Comedian.exe
[2009/07/11 12:53:34 | 00,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2009/07/10 22:56:14 | 00,068,487 | ---- | M] () -- C:\Users\Luis\Desktop\bookmarks.html
[2009/07/10 22:53:14 | 00,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2009/07/10 22:49:18 | 00,291,222 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2009/07/10 21:00:56 | 00,463,779 | ---- | M] () -- C:\Windows\System32\drivers\Avg\miniavi.avg
[2009/07/10 20:56:57 | 00,011,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2009/07/10 20:56:56 | 00,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2009/07/10 20:56:52 | 06,061,540 | ---- | M] () -- C:\Windows\System32\drivers\Avg\avi7.avg
[2009/07/10 20:56:52 | 00,335,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2009/07/10 20:56:52 | 00,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2009/07/09 21:54:13 | 00,193,061 | ---- | M] () -- C:\Windows\System32\AdobeFnt.lst
[2009/07/08 02:50:43 | 00,173,568 | ---- | M] () -- C:\Users\Luis\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/05 15:16:44 | 00,088,616 | ---- | M] () -- C:\ProgramData\nvModes.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 223 bytes -> C:\ProgramData\TEMP:0CE7F3C9
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:98781370
< End of report >

#11 OFFLINE Rorschach112

Power Member

Moderators
1,029 posts

Posted 12 July 2009 - 09:04 PM

hi

Download TFC to your desktop

Open the file and close any other windows.
It will close all programs itself when run, make sure to let it run uninterrupted.
Click the Start button to begin the process. The program should not take long to finish its job
Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Go to Kaspersky website and perform an online antivirus scan.

Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

By the power of truth, I, while living, have conquered the universe.

~Scratch~

#12 OFFLINE lemartines

Advanced Member

Members
50 posts

Gender:Male
Location:Los Angeles, CA

Posted 13 July 2009 - 01:55 AM

The logs for Malwarebytes' Anti-Malware and Kaspersky follow this brief message.

I could only run Kaspersky with my computer in safe mode because neither IE or Mozilla are connecting to the internet unless the computer is booted in safe mode. Chrome works fine after a regular boot, but I am not being able to make Kaspersky run in Chrome even after following specific instructions for such. Therefore I ask: is it OK that I ran Kaspersky in IE with the computer booted in safe mode?

Here are the logs and again, thank you for your assistance.

***Malwarebytes' Anti-Malware:

Malwarebytes' Anti-Malware 1.38
Database version: 2413
Windows 6.0.6001 Service Pack 1

7/12/2009 3:47:33 PM
mbam-log-2009-07-12 (15-47-33).txt

Scan type: Full Scan (C:\|)
Objects scanned: 246841
Time elapsed: 1 hour(s), 3 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 33

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\CLSID\{46c166aa-3108-11d4-9348-00c04f8eeb71}\inprocserver32\(default) (Hijack.Hnetcfg) -> Bad: (\\?\globalroot\systemroot\installer\fc9a5.msi) Good: (hnetcfg.dll) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files\Megacubo\bin\sopcore.exe (Rogue.Installer) -> Quarantined and deleted successfully.
c:\Users\Luis\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\mel.bat080800 AM.bat (Trojan.Agent.M1) -> Quarantined and deleted successfully.
c:\Users\Luis\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\mel.bat080804 AM.bat (Trojan.Agent.M1) -> Quarantined and deleted successfully.
c:\Users\Luis\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\mel.bat080808 AM.bat (Trojan.Agent.M1) -> Quarantined and deleted successfully.
c:\Users\Luis\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\mel.bat101355 PM.bat (Trojan.Agent.M1) -> Quarantined and deleted successfully.
c:\Users\Luis\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\mel.bat102727 PM.bat (Trojan.Agent.M1) -> Quarantined and deleted successfully.
c:\Users\Luis\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\mel.bat114630 PM.bat (Trojan.Agent.M1) -> Quarantined and deleted successfully.
c:\Users\Luis\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\mel.bat114631 PM.bat (Trojan.Agent.M1) -> Quarantined and deleted successfully.
c:\Users\Luis\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\mel.bat115456 PM.bat (Trojan.Agent.M1) -> Quarantined and deleted successfully.
c:\Users\Luis\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\mel.bat115458 PM.bat (Trojan.Agent.M1) -> Quarantined and deleted successfully.
c:\Users\Luis\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\mel.bat115503 PM.bat (Trojan.Agent.M1) -> Quarantined and deleted successfully.
c:\Users\Luis\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\mel.bat120757 AM.bat (Trojan.Agent.M1) -> Quarantined and deleted successfully.
c:\Users\Luis\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\mel.bat120805 AM.bat (Trojan.Agent.M1) -> Quarantined and deleted successfully.
c:\Users\Luis\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\mel.bat120823 AM.bat (Trojan.Agent.M1) -> Quarantined and deleted successfully.
c:\Users\Luis\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\mel.bat120828 AM.bat (Trojan.Agent.M1) -> Quarantined and deleted successfully.
c:\Users\Luis\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\mel.bat120829 AM.bat (Trojan.Agent.M1) -> Quarantined and deleted successfully.
c:\Users\Luis\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\mel.bat120830 AM.bat (Trojan.Agent.M1) -> Quarantined and deleted successfully.
c:\Users\Luis\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\mel.bat120831 AM.bat (Trojan.Agent.M1) -> Quarantined and deleted successfully.
c:\Users\Luis\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\mel.bat175419 AM.bat (Trojan.Agent.M1) -> Quarantined and deleted successfully.
c:\Users\Luis\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\mel.bat180812 AM.bat (Trojan.Agent.M1) -> Quarantined and deleted successfully.
c:\Users\Luis\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\mel.bat180816 AM.bat (Trojan.Agent.M1) -> Quarantined and deleted successfully.
c:\Users\Luis\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\mel.bat280820 AM.bat (Trojan.Agent.M1) -> Quarantined and deleted successfully.
c:\Users\Luis\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\mel.bat280824 AM.bat (Trojan.Agent.M1) -> Quarantined and deleted successfully.
c:\Users\Luis\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\mel.bat280828 AM.bat (Trojan.Agent.M1) -> Quarantined and deleted successfully.
c:\Users\Luis\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\mel.bat380832 AM.bat (Trojan.Agent.M1) -> Quarantined and deleted successfully.
c:\Users\Luis\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\mel.bat380836 AM.bat (Trojan.Agent.M1) -> Quarantined and deleted successfully.
c:\Users\Luis\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\mel.bat480743 AM.bat (Trojan.Agent.M1) -> Quarantined and deleted successfully.
c:\Users\Luis\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\mel.bat480840 AM.bat (Trojan.Agent.M1) -> Quarantined and deleted successfully.
c:\Users\Luis\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\mel.bat480845 AM.bat (Trojan.Agent.M1) -> Quarantined and deleted successfully.
c:\Users\Luis\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\mel.bat480849 AM.bat (Trojan.Agent.M1) -> Quarantined and deleted successfully.
c:\Users\Luis\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\mel.bat580756 AM.bat (Trojan.Agent.M1) -> Quarantined and deleted successfully.
c:\Users\Luis\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\mel.bat580853 AM.bat (Trojan.Agent.M1) -> Quarantined and deleted successfully.
c:\Users\Luis\AppData\Roaming\microsoft\Windows\start menu\Programs\Startup\mel.bat580857 AM.bat (Trojan.Agent.M1) -> Quarantined and deleted successfully.

=====================

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Sunday, July 12, 2009
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Monday, July 13, 2009 03:24:00
Records in database: 2464318
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 186329
Threat name: 5
Infected objects: 8
Suspicious objects: 0
Duration of the scan: 02:30:06

File name / Threat name / Threats count
C:\Windows\Installer\fc9a5.msi Infected: Trojan.Win32.Crot.a 1
F:\FLASH DRIVE\Software\APPLICATIONS\ca_setup.exe Infected: not-a-virus:PSWTool.Win32.Cain.284 1
F:\FLASH DRIVE\Software\APPLICATIONS\wirelesskeyview\WirelessKeyView.exe Infected: not-a-virus:PSWTool.Win32.Messen.ct 1
F:\FLASH DRIVE\Software\VIDEO\AVICodecPackPlus220.exe Infected: not-a-virus:AdWare.Win32.Agent.acl 1
F:\resycled\boot.com Infected: Packed.Win32.Tdss.c 1
F:\Software\APPLICATIONS\ca_setup.exe Infected: not-a-virus:PSWTool.Win32.Cain.284 1
F:\Software\APPLICATIONS\wirelesskeyview\WirelessKeyView.exe Infected: not-a-virus:PSWTool.Win32.Messen.ct 1
F:\Software\VIDEO\AVICodecPackPlus220.exe Infected: not-a-virus:AdWare.Win32.Agent.acl 1

The selected area was scanned.

#13 OFFLINE Rorschach112

Power Member

Moderators
1,029 posts

Posted 13 July 2009 - 01:28 PM

hi

Please download OTM

Save it to your desktop.
Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).

Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

:Processes

:Services

:Reg

:Files
C:\Windows\Installer\fc9a5.msi
F:\FLASH DRIVE\Software\VIDEO\AVICodecPackPlus220.exe
F:\resycled
F:\Software\VIDEO\AVICodecPackPlus220.exe

:Commands
[purity]
[emptytemp]
[Reboot]

Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
Click the red Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTM and reboot your PC.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you don't know how to disable them then just continue on.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

By the power of truth, I, while living, have conquered the universe.

~Scratch~

#14 OFFLINE lemartines

Advanced Member

Members
50 posts

Gender:Male
Location:Los Angeles, CA

Posted 14 July 2009 - 03:05 AM

Thanks for your continued assistance with this matter.

Right now IE and Firefox can actually connect to the internet but they are both hijacked. If I do a Google or Yahoo search from IE I cannot get to the URL's I want to and I am taken elsewhere. ALSO, I cannot work from Yahoo on Firefox.

Also, I get a previously unseen small "Ogg DirectShow Filter" icon showing at the bottom of the screen near the clock. When I try to open the "My Documents" folder, a new empty window pop up but the requested folder does not open, the "Ogg" icon duplicates, triplicates, etc., and the computer slows down tremendously.

Again, thanks for your continued assistance with this matter. Here are the latest logs. Please advise if of further action needed.

OTM

All processes killed
========== PROCESSES ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File move failed. C:\Windows\Installer\fc9a5.msi scheduled to be moved on reboot.
F:\FLASH DRIVE\Software\VIDEO\AVICodecPackPlus220.exe moved successfully.
Folder move failed. F:\resycled scheduled to be moved on reboot.
F:\Software\VIDEO\AVICodecPackPlus220.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Luis
->Temp folder emptied: 77528312 bytes
File delete failed. C:\Users\Luis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 7245554 bytes
->Java cache emptied: 13553530 bytes
->FireFox cache emptied: 18834363 bytes
->Google Chrome cache emptied: 13092536 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 4424 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 124.22 mb

OTM by OldTimer - Version 3.0.0.5 log created on 07132009_193210

Files moved on Reboot...
File C:\Windows\Installer\fc9a5.msi not found!
Folder move failed. F:\resycled scheduled to be moved on reboot.

Registry entries deleted on Reboot...

================================

COMBOFIX

ComboFix 09-07-13.01 - Luis 07/13/2009 19:46.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3069.1827 [GMT -7:00]
Running from: c:\users\Luis\Desktop\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2773397201-2855733099-4214572315-500
c:\programdata\Microsoft\Windows\Start Menu\Programs\AVI Codec Pack +
c:\programdata\Microsoft\Windows\Start Menu\Programs\AVI Codec Pack +\Check For Updates.lnk
c:\users\Luis\AppData\Roaming\.#
c:\users\Luis\AppData\Roaming\Adobe\crc.dat
c:\users\Luis\AppData\Roaming\inst.exe
c:\windows\E88D4.exe
c:\windows\Installer\1513479.msi
D:\resycled
F:\resycled
f:\resycled\boot.com
c:\windows\Installer\fc9a5.msi . . . . failed to delete

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}

((((((((((((((((((((((((( Files Created from 2009-06-14 to 2009-07-14 )))))))))))))))))))))))))))))))
.

2009-07-14 02:32 . 2009-07-14 02:32 -------- d-----w- C:\_OTM
2009-07-12 23:34 . 2009-07-12 23:34 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-07-12 22:59 . 2009-07-12 22:59 -------- d-----w- c:\windows\Sun
2009-07-12 22:57 . 2009-07-12 22:57 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-07-12 21:32 . 2009-07-14 01:47 3775176 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-07-12 19:10 . 2009-07-12 19:10 -------- d-----w- c:\program files\SopCast
2009-07-12 18:42 . 2009-07-12 18:47 219358 ----a-w- C:\MGlogs.zip
2009-07-12 18:42 . 2009-07-12 18:47 -------- d-----w- C:\MGtools
2009-07-12 06:37 . 2009-07-12 18:35 -------- d-----w- c:\program files\Mozilla Firefox(26)
2009-07-12 01:32 . 2009-07-12 01:32 -------- d-----w- C:\_OTL
2009-07-11 21:58 . 2009-07-11 21:58 -------- d-----w- C:\Rooter$
2009-07-11 20:07 . 2009-07-11 20:08 -------- d-----w- c:\program files\SpywareBlaster
2009-07-11 05:53 . 2009-07-11 05:53 0 ----a-w- c:\windows\nsreg.dat
2009-07-11 04:54 . 2009-07-14 02:36 117760 ----a-w- c:\users\Luis\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-07-11 04:54 . 2009-07-11 04:54 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2009-07-11 04:53 . 2009-07-11 04:53 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-07-11 04:53 . 2009-07-11 04:53 -------- d-----w- c:\users\Luis\AppData\Roaming\SUPERAntiSpyware.com
2009-07-11 04:05 . 2009-07-11 21:46 -------- d--h--w- C:\$AVG8.VAULT$
2009-07-11 03:56 . 2009-07-11 03:56 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-11 03:56 . 2009-07-11 03:56 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-07-11 03:56 . 2009-07-14 01:38 -------- d-----w- c:\windows\system32\drivers\Avg
2009-07-11 03:56 . 2009-07-11 03:56 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-11 03:56 . 2009-07-11 03:56 -------- d-----w- c:\programdata\avg8
2009-07-11 03:56 . 2009-07-11 03:56 -------- d-----w- c:\program files\AVG
2009-07-11 03:45 . 2009-07-11 03:56 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-07-10 04:26 . 2009-02-09 10:10 68232 ----a-w- c:\windows\UnDeployV.exe
2009-07-08 04:36 . 2009-07-08 04:36 -------- d-----w- c:\program files\Google
2009-06-29 00:45 . 2009-06-29 00:45 -------- d-----w- c:\program files\iPod
2009-06-29 00:45 . 2009-06-29 00:45 -------- d-----w- c:\program files\iTunes
2009-06-29 00:44 . 2009-06-29 00:44 -------- d-----w- c:\program files\Bonjour
2009-06-29 00:43 . 2009-06-29 00:44 -------- d-----w- c:\program files\QuickTime
2009-06-29 00:36 . 2009-06-29 00:36 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-28 21:23 . 2009-07-12 23:34 -------- d-----w- c:\users\Luis\AppData\Roaming\skypePM
2009-06-28 21:16 . 2009-07-13 04:56 -------- d-----w- c:\users\Luis\AppData\Roaming\Skype
2009-06-28 21:16 . 2009-06-28 21:16 -------- d-----w- c:\program files\Common Files\Skype
2009-06-28 21:16 . 2009-06-28 21:16 -------- d-----r- c:\program files\Skype
2009-06-28 21:16 . 2009-06-28 21:16 -------- d-----w- c:\programdata\Skype
2009-06-28 05:12 . 2009-05-09 05:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-06-28 05:12 . 2009-05-09 05:50 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-27 23:39 . 2009-06-27 23:39 -------- d-----w- c:\users\Luis\AppData\Local\SourceTec
2009-06-27 22:18 . 2009-06-27 22:18 -------- d-----w- c:\programdata\Macrovision
2009-06-27 22:14 . 2009-06-27 22:14 -------- d-----w- c:\program files\Common Files\Macromedia Shared
2009-06-27 22:12 . 2009-06-27 22:12 -------- d-----w- c:\users\Luis\AppData\Local\Macromedia
2009-06-27 22:12 . 2009-06-27 22:12 -------- d-----w- c:\program files\Common Files\Macromedia
2009-06-27 22:11 . 2009-06-27 22:11 -------- d-----w- c:\program files\Macromedia
2009-06-27 02:25 . 2009-06-27 02:25 746744 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-06-14 19:48 . 2009-04-30 12:37 428544 ----a-w- c:\windows\system32\EncDec.dll
2009-06-14 19:48 . 2009-04-30 12:37 293376 ----a-w- c:\windows\system32\psisdecd.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-14 01:47 . 2008-09-27 22:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-13 20:36 . 2008-09-27 22:42 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 20:36 . 2008-09-27 22:42 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-13 01:56 . 2008-08-01 20:17 8268 ----a-w- c:\users\Luis\AppData\Local\d3d9caps.dat
2009-07-12 22:57 . 2008-07-24 06:20 -------- d-----w- c:\program files\Java
2009-07-12 20:57 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-07-12 20:56 . 2009-01-14 05:53 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2009-07-12 20:56 . 2008-07-30 04:11 -------- d-----w- c:\program files\Total Video Converter
2009-07-12 20:56 . 2008-07-24 06:40 -------- d-----w- c:\program files\Roxio
2009-07-12 20:56 . 2008-08-19 03:05 -------- d-----w- c:\program files\Common Files\eSellerate
2009-07-12 20:56 . 2008-08-09 02:57 -------- d-----w- c:\program files\McFunSoft Video Capture
2009-07-12 20:56 . 2008-07-24 09:03 -------- d-----w- c:\program files\DellTPad
2009-07-12 20:56 . 2008-10-27 21:23 -------- d-----w- c:\users\Administrator\AppData\Roaming\Winamp
2009-07-12 20:43 . 2009-05-17 20:21 -------- d-----w- c:\program files\Megacubo
2009-07-11 04:53 . 2008-07-30 04:47 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-11 04:39 . 2009-03-05 05:05 -------- d-----w- c:\programdata\McAfee
2009-07-11 04:29 . 2009-01-14 05:53 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-10 07:02 . 2008-07-30 04:14 -------- d-----w- c:\users\Luis\AppData\Roaming\uTorrent
2009-07-10 05:03 . 2008-07-24 06:56 -------- d-----w- c:\programdata\NVIDIA
2009-07-05 22:16 . 2008-07-29 02:29 88616 ----a-w- c:\programdata\nvModes.dat
2009-06-29 00:45 . 2008-07-29 04:10 -------- d-----w- c:\program files\Common Files\Apple
2009-06-27 22:11 . 2008-07-24 06:25 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-15 10:02 . 2008-07-29 03:18 -------- d-----w- c:\programdata\Microsoft Help
2009-06-14 02:52 . 2009-06-14 02:52 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-05-31 20:24 . 2008-08-17 21:48 -------- d-----w- c:\program files\HP
2009-05-31 20:23 . 2008-07-30 04:04 -------- d-----w- c:\program files\DivX
2009-05-31 20:20 . 2009-05-31 20:20 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-05-26 01:09 . 2008-07-30 03:38 -------- d-----w- c:\program files\Flickr Uploadr
2009-05-17 20:21 . 2009-05-17 20:21 -------- d-----w- c:\program files\TVUPlayer
2009-05-17 18:21 . 2009-05-17 18:21 -------- d-----w- c:\program files\ddpoker3
2009-05-17 17:49 . 2009-05-17 17:48 -------- d-----w- c:\program files\Holdem Indicator
2009-05-16 22:34 . 2009-05-16 22:34 -------- d-----w- c:\programdata\Trymedia
2009-05-15 21:01 . 2009-05-15 21:01 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll
2009-05-01 10:08 . 2008-07-29 02:11 127288 ----a-w- c:\users\Luis\AppData\Local\GDIPFONTCACHEV1.DAT
2009-04-27 00:25 . 2009-04-27 00:25 15240 ----a-w- c:\users\Luis\AppData\Roaming\Microsoft\IdentityCRL\PROD\ppcrlconfig.dll
2009-04-23 12:43 . 2009-06-13 21:47 784896 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-23 12:42 . 2009-06-13 21:47 636928 ----a-w- c:\windows\system32\localspl.dll
2009-04-21 11:55 . 2009-06-13 21:47 2033152 ----a-w- c:\windows\system32\win32k.sys
2008-07-03 01:52 . 2009-07-12 21:24 134144 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2009-07-08 04:36 . 2009-07-08 04:36 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2008-07-24 06:27 . 2008-07-24 06:27 74 --sh--r- c:\windows\CT4CET.bin
2008-07-24 09:02 . 2008-07-24 09:02 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2007-04-17 04:13 721408 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2007-04-17 04:13 721408 ----a-w- c:\program files\Fingerprint Reader Suite\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"LaunchList"="c:\program files\Pinnacle\Studio 11\LaunchList2.exe" [2007-03-21 145496]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-06-23 1830128]
"Google Update"="c:\users\Luis\AppData\Local\Google\Update\GoogleUpdate.exe" [2009-07-12 133104]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-10-10 36352]
"USBToolTip"="c:\program files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe" [2006-10-16 202312]
"USB2Check"="c:\windows\system32\PCLECoInst.dll" [2007-01-23 81920]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-27 413696]
"PSQLLauncher"="c:\program files\Fingerprint Reader Suite\launcher.exe" [2007-04-17 49168]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-12-21 184320]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2008-03-04 36864]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-03 92704]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2008-09-03 96800]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-03 13552160]
"Nitro PDF Printer Monitor"="c:\program files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe" [2008-12-05 210240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 174872]
"HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2007-05-04 36864]
"hpbdfawep"="c:\program files\HP\Dfawep\bin\hpbdfawep.exe" [2007-04-25 954368]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-07-08 30192]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-11 1948440]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-01-25 167936]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-12 148888]

c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-5-13 1058088]

c:\users\Luis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
AutoBackup Launcher.lnk - c:\program files\Seagate\AutoBackup\MemeoLauncher.exe [2008-1-14 95456]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Adobe\Photoshop5\Calibrat\Adobe Gamma Loader.exe [2008-8-1 68608]
Ultrawideband Control Center.lnk - c:\program files\Dell\Dell WUSB\WQ_Tray2.exe [2007-8-4 1965112]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 19:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-07-24 06:45 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2007-04-17 04:04 86528 ----a-w- c:\windows\System32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{A77798C1-DB2F-4E28-96F8-72796359DD0C}"= c:\program files\Dell\MediaDirect\MediaDirect.exe:Dell MediaDirect
"{0CB8740D-3AA3-40E7-A95E-7FE902056603}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{6C339200-59CF-4BCA-92C5-C51AE7313843}"= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{1952A9A7-9306-4B9A-8784-721A1CC9BB50}"= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{FD756F4B-D13B-49D6-A45C-02FC72C9B08C}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{365EFC4E-676C-47D8-9606-FDCDBF813037}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{247445D5-8BF8-450F-A32F-7A3BD77E4A19}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{31AFE65B-1D1F-4419-A187-85A42E4DFF57}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{FD8CAD01-E644-4B8C-8265-C96AC60E21AB}"= UDP:990:LocalSubnet:LocalSubnet|IF={5C0DC7BA-7D2A-4A8B-9062-D4B28EDBD015}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001
"{3DF2BE19-D176-4B19-B710-45417A9C5271}"= UDP:c:\program files\Pinnacle\Studio 11\programs\RM.exe:Render Manager
"{3ABBE58D-B52C-4189-967C-966D0326D42F}"= TCP:c:\program files\Pinnacle\Studio 11\programs\RM.exe:Render Manager
"{0056BC22-3C6B-400C-A116-24BB687322DA}"= UDP:c:\program files\Pinnacle\Studio 11\programs\Studio.exe:Studio
"{26FAA8C8-0ADC-4FC2-BBD2-ACE0EA040500}"= TCP:c:\program files\Pinnacle\Studio 11\programs\Studio.exe:Studio
"{64AFD69A-82CD-4125-AC9C-1E11D6BDD5E4}"= UDP:c:\program files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:PMSRegisterFile
"{39BD73F6-51F4-48B3-A784-F2DF411CE8F0}"= TCP:c:\program files\Pinnacle\Studio 11\programs\PMSRegisterFile.exe:PMSRegisterFile
"{9166B839-DA8D-40CD-8D20-D9989D731C0A}"= UDP:c:\program files\Pinnacle\Studio 11\programs\umi.exe:umi
"{202EE1AD-0448-414A-8895-7925D5CBDDE9}"= TCP:c:\program files\Pinnacle\Studio 11\programs\umi.exe:umi
"{D435B5E4-8007-494D-97CB-032095E4D309}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE:SMLMProxy Module - HP1006MC.EXE
"{169D44E8-6368-40F3-8562-DF3C1D7AC3EF}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE:SMLMProxy Module - HP1006MC.EXE
"{E1C2F2D4-4750-4E6D-BCB5-BF7F0644AB43}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{51923C88-1916-48F2-BE54-0178386596D7}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{DFEED90D-58F4-43DA-BD1A-1C3D7C00A829}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{E6D6FD43-9CF4-441C-8976-660E130247C7}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{28CB4B90-B87B-4841-9167-B81430417819}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{7CBADB69-4A3C-4855-A3F3-2598262BAE6F}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{5F9D7D2C-D089-4054-8CD5-4553E902E5E6}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{61A40F68-EBB4-4FBF-9AD5-DDD79EE27A04}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{300E802C-419D-4493-BC8B-89E036264A13}"= Disabled:UDP:443:ooVoo TCP port 443
"{28AACD42-BAE0-459E-9DE1-159031CA3778}"= Disabled:TCP:443:ooVoo UDP port 443
"{64B0B34D-762D-4E23-B6F0-08D56D7B41A0}"= Disabled:UDP:37674:ooVoo TCP port 37674
"{8F544738-11E8-42AC-A034-57D8F33357F5}"= Disabled:TCP:37674:ooVoo UDP port 37674
"{B5AB2B36-0E1E-45FB-89AD-0F40A87D45E0}"= Disabled:TCP:37675:ooVoo UDP port 37675
"TCP Query User{8C2C95C2-5E0E-4A52-A679-19BD3172D506}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:µTorrent
"UDP Query User{B93E62F9-F4C1-4AD1-A400-74BBBEFBB6DC}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:µTorrent
"{3D75A186-C8AA-4C7C-A2B0-822C272E9587}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE:SMLMProxy Module - HP1006MC.EXE
"{ABAA32F9-E89B-4961-A8E7-28EFF4D6F725}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE:SMLMProxy Module - HP1006MC.EXE
"TCP Query User{83EEE362-2A4C-4CC8-B5AD-0D63C884497B}c:\\program files\\oovoo\\oovoo.exe"= UDP:c:\program files\oovoo\oovoo.exe:ooVoo
"UDP Query User{2630C83B-61BC-407E-9E8A-C91FB84A1BEB}c:\\program files\\oovoo\\oovoo.exe"= TCP:c:\program files\oovoo\oovoo.exe:ooVoo
"TCP Query User{0933DB21-2B33-434F-9871-CA30A374EC7C}c:\\program files\\soulseekns\\slsk.exe"= UDP:c:\program files\soulseekns\slsk.exe:SoulSeek
"UDP Query User{F3C1BCE7-1EFC-48E1-A952-CA913F4F57C1}c:\\program files\\soulseekns\\slsk.exe"= TCP:c:\program files\soulseekns\slsk.exe:SoulSeek
"{36E0841A-3385-45C5-AF37-3FD06136F651}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{76D0D085-95A4-455A-95E7-05B32B5849F5}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{AF53E6A7-351E-498C-9FD2-62570103CE9C}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{B529639D-928A-4216-A504-665EF6F12A8C}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"TCP Query User{9B72C354-237D-47BB-9967-9878699B3E96}c:\\program files\\soulseekns\\slsk.exe"= UDP:c:\program files\soulseekns\slsk.exe:SoulSeek
"UDP Query User{73D4C46A-2460-4BBF-9567-604B49314779}c:\\program files\\soulseekns\\slsk.exe"= TCP:c:\program files\soulseekns\slsk.exe:SoulSeek
"TCP Query User{1D15448E-8A3E-44C0-9605-AC3609ABF20A}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{6C26A211-2F6D-46E2-B981-8781DB82FA18}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"{1383C2BE-384B-44EC-B9DD-6D7E22020393}"= UDP:c:\windows\Temp\~os67F6.tmp\ossproxy.exe:ossproxy.exe
"{15831919-7B01-48F0-B0B6-7B3F2AB9AA04}"= UDP:c:\program files\Megacubo\megacubo.exe:MegaCubo
"{1BAFC2E1-B4A5-4D63-BA82-2F6692E93E19}"= TCP:c:\program files\Megacubo\megacubo.exe:MegaCubo
"{3C4777E3-4820-474F-90B5-23A0E388B2DD}"= c:\program files\Skype\Phone\Skype.exe:Skype
"{C6D326CD-3FDA-4384-8236-91770F782F45}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{19221D4D-EE7B-4035-9DFE-F51DD3A75CE2}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{96EAFBB6-2EE3-4584-9D78-C3486B7EE9F2}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{2C27E47D-5D47-4CBB-9D53-926A37A73E00}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{50525947-BDBC-4FE7-8A51-AD64BAF34C21}"= c:\program files\AVG\AVG8\avgupd.exe:avgupd.exe
"{23E79156-7645-433A-BD7D-B25003F2EA86}"= c:\program files\AVG\AVG8\avgnsx.exe:avgnsx.exe
"TCP Query User{0DC72908-623D-451A-8B7E-52A749DCEC6D}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"UDP Query User{DA54E4C2-8565-4839-874C-A43879511D1D}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"{D039690F-0876-45D7-B43E-65FD3FFB0BA0}"= c:\program files\Skype\Phone\Skype.exe:Skype

R0 AFS;AFS;c:\windows\System32\drivers\AFS.SYS [8/1/2008 5:29 PM 77004]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\drivers\avgldx86.sys [7/10/2009 8:56 PM 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\System32\drivers\avgtdix.sys [7/10/2009 8:56 PM 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [6/23/2009 11:01 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [6/23/2009 11:01 AM 72944]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\AEstSrv.exe [7/23/2008 6:08 PM 73728]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/10/2009 8:56 PM 298776]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [4/28/2008 2:56 PM 161048]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\System32\drivers\OEM02Dev.sys [7/24/2008 2:03 AM 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\System32\drivers\OEM02Vfx.sys [7/24/2008 2:03 AM 7424]
R3 WQ_USBHWA;WiQuest Host Wire Adapter driver;c:\windows\System32\drivers\WQ_hwa.sys [7/24/2008 2:03 AM 157752]
R3 WQ_USBRCI;WiQuest UltraWideBand driver;c:\windows\System32\drivers\WQ_rci.sys [7/24/2008 2:03 AM 75448]
S3 GoogleDesktopManager-092308-165331;Google Desktop Manager 5.8.809.23506;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [7/7/2009 9:36 PM 30192]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [6/23/2009 11:01 AM 7408]
S3 WQ_USBLOAD;WiQuest WUSB Loader driver;c:\windows\System32\drivers\WQ_ldr.sys [7/24/2008 2:03 AM 33464]
S4 iaNvStor;Intel® Turbo Memory Controller;c:\windows\System32\drivers\iaNvStor.sys [7/24/2008 2:03 AM 209408]
S4 WQ_USBCBAF;WiQuest Cable Association driver;c:\windows\System32\drivers\WQ_cba.sys [7/24/2008 2:03 AM 33976]
S4 WQ_USBDWA;WiQuest Device Wire Adapter driver;c:\windows\System32\drivers\WQ_dwa.sys [7/24/2008 2:03 AM 94008]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - {79007602-0CDB-4405-9DBF-1257BB3226ED}
*NewlyCreated* - {79007602-0CDB-4405-9DBF-1257BB3226EE}
*Deregistered* - {79007602-0CDB-4405-9DBF-1257BB3226ED}
*Deregistered* - {79007602-0CDB-4405-9DBF-1257BB3226EE}

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\Nitro PDF Professional]
cscript //B "c:\program files\Nitro PDF\Professional\RemoveOldAddins.vbs"
.
Contents of the 'Scheduled Tasks' folder

2009-07-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1714148476-2385143438-1770491188-1000Core.job
- c:\users\Luis\AppData\Local\Google\Update\GoogleUpdate.exe [2009-07-12 21:20]

2009-07-13 c:\windows\Tasks\User_Feed_Synchronization-{D1CAD405-44FD-4870-A5EA-E558523335D5}.job
- c:\windows\system32\msfeedssync.exe [2009-06-28 11:31]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-ISUSPM - c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe
HKLM-Run-PrintUtil - c:\program files\HP\HP Print Utility\PrintUtil.exe
HKLM-Run-mcagent_exe - c:\program files\McAfee.com\Agent\mcagent.exe

.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: internet
Trusted Zone: mcafee.com
FF - ProfilePath - c:\users\Luis\AppData\Roaming\Mozilla\Firefox\Profiles\50lyguua.default\
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\components\GoogleDesktopMozilla.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\users\Luis\AppData\Local\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-13 19:55
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msqpdxserv.sys]
"imagepath"="\systemroot\system32\drivers\msqpdxebrrbsfe.sys"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.032"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.amr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.amr"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.ani"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.arw"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.asf"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (S-1-5-21-1714148476-2385143438-1770491188-1000)
@Denied: (2) (LocalSystem)
"Progid"="avifile"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.bay"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (S-1-5-21-1714148476-2385143438-1770491188-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.bmp"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.bw"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bwf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.bwf"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cel\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.cel"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.cr2"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.crw"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.cs1"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.cur"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.dcr"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (S-1-5-21-1714148476-2385143438-1770491188-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.dcx"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (S-1-5-21-1714148476-2385143438-1770491188-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.dib"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.djv"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.djvu"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.dng"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (S-1-5-21-1714148476-2385143438-1770491188-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.emf"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.eps"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.erf"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.fff"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.flc"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fli\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.fli"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.fpx"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (S-1-5-21-1714148476-2385143438-1770491188-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.gif"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.hdr"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.icl"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.icn"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ico\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.ico"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.iff"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.ilbm"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.int"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.inta"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.iw4"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.j2c"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.j2k"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (S-1-5-21-1714148476-2385143438-1770491188-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jfif"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (S-1-5-21-1714148476-2385143438-1770491188-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jif"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.jp2"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.jpc"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (S-1-5-21-1714148476-2385143438-1770491188-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jpe"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (S-1-5-21-1714148476-2385143438-1770491188-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jpeg"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (S-1-5-21-1714148476-2385143438-1770491188-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.jpg"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.jpk"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.jpx"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kar\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.kar"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.lbm"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m15\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.m15"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1a\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.m1a"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2a\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.m2a"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m75\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.m75"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.mef"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.mos"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.mpv"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.mrw"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.nef"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.orf"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.pbm"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.pcd"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.pct"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (S-1-5-21-1714148476-2385143438-1770491188-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pcx"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.pef"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.pgm"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (S-1-5-21-1714148476-2385143438-1770491188-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pic"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pics\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.pics"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.pict"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.pix"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (S-1-5-21-1714148476-2385143438-1770491188-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.png"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.ppm"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.psd"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.psp"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.pspimage"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qcp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.qcp"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qtpf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.qtpf"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.raf"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.ras"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.raw"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.rgb"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.rgba"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (S-1-5-21-1714148476-2385143438-1770491188-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.rle"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.rsb"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sdv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.sdv"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sfil\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.sfil"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.sgi"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.smf"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.smi"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smil\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.smil"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.sml"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.sr2"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.srf"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.swa\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.swa"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (S-1-5-21-1714148476-2385143438-1770491188-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.tga"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.thm"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (S-1-5-21-1714148476-2385143438-1770491188-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.tif"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (S-1-5-21-1714148476-2385143438-1770491188-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.tiff"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.ttc"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.ttf"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ulw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.ulw"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v10o\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.v10o"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v10p\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.v10p"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v10pf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.v10pf"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v9o\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.v9o"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v9p\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.v9p"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v9pf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.v9pf"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vfw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.vfw"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (S-1-5-21-1714148476-2385143438-1770491188-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.wbm"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (S-1-5-21-1714148476-2385143438-1770491188-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.wbmp"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (S-1-5-21-1714148476-2385143438-1770491188-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.wmf"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (S-1-5-21-1714148476-2385143438-1770491188-1000)
@Denied: (2) (LocalSystem)
"Progid"="WMVFile"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.xbm"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (S-1-5-21-1714148476-2385143438-1770491188-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.xif"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 10.0.xmp"

[HKEY_USERS\S-1-5-21-1714148476-2385143438-1770491188-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee 9.0.xpm"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(768)
c:\windows\system32\psqlpwd.dll
c:\program files\Fingerprint Reader Suite\homefus2.dll
c:\program files\Fingerprint Reader Suite\infra.dll

- - - - - - - > 'Explorer.exe'(3864)
c:\program files\Fingerprint Reader Suite\farchns.dll
c:\program files\Fingerprint Reader Suite\infra.dll
c:\program files\Dell\MediaDirect\Kernel\Video\CLMedia.dll
c:\program files\Dell\MediaDirect\Kernel\Video\CLM1Splter.ax
c:\program files\Dell\MediaDirect\Kernel\Video\CLM2Splter.ax
c:\program files\Replay Video Capture\bin\mcmpgdmx.ax
c:\windows\system32\DVobSub.ax
c:\windows\system32\vobsub.dll
c:\progra~1\COMMON~1\ArcSoft\MPEGEN~1\AC3Dec.ax
c:\progra~1\COMMON~1\ArcSoft\MPEGEN~1\AdavAC3Dec.dll
c:\progra~1\TOTALV~1\RealMediaSplitter.ax
c:\windows\system32\OggDS.dll
c:\windows\system32\vorbis.dll
c:\windows\system32\ogg.dll
c:\windows\system32\vorbisenc.dll
c:\program files\Replay Video Capture\bin\mcl2ad.ax
c:\program files\Replay Video Capture\bin\mcmpgadec.dll
c:\progra~1\COMMON~1\ArcSoft\MPEGEN~1\mpgaudio.ax
c:\progra~1\COMMON~1\ArcSoft\MPEGEN~1\AdavAudioDec.dll
c:\program files\Common Files\Roxio Shared\10.0\MPEG\RoxioMPEGDemuxer.dll
c:\program files\Roxio\SonicHDDemuxer.dll
c:\program files\Pinnacle\Shared Files\Filter\PCLEMPEGBox.ax
c:\program files\Pinnacle\Shared Files\Filter\pcleUtil.dll
c:\program files\Pinnacle\Shared Files\Filter\CSCSaFX.dll
c:\program files\Pinnacle\Shared Files\Filter\SaFireU.dll
c:\program files\Pinnacle\Shared Files\Pixie\Pixie.dll
c:\program files\Pinnacle\Shared Files\Filter\mpegdecoder2.dll
c:\progra~1\COMMON~1\ArcSoft\MPEGEN~1\ArcSpl.ax
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\nvvsvc.exe
c:\windows\System32\audiodg.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\BCMWLTRY.EXE
c:\windows\System32\wlanext.exe
c:\program files\Fingerprint Reader Suite\upeksvr.exe
c:\windows\System32\spool\drivers\w32x86\3\HP1006MC.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\System32\stacsv.exe
c:\program files\Viewpoint\Common\ViewpointService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\System32\wbem\WMIADAP.exe
.
**************************************************************************
.
Completion time: 2009-07-14 20:00 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-14 02:59

Pre-Run: 222,438,645,760 bytes free
Post-Run: 221,879,746,560 bytes free

766 --- E O F --- 2009-07-14 01:40

#15 OFFLINE Rorschach112

Power Member

Moderators
1,029 posts

Posted 14 July 2009 - 08:11 PM

hi

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Quote

Driver::
msqpdxserv.sys

File::
c:\windows\Installer\fc9a5.msi

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msqpdxserv.sys]

Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

By the power of truth, I, while living, have conquered the universe.

~Scratch~

#16 OFFLINE lemartines

Advanced Member

Members
50 posts

Gender:Male
Location:Los Angeles, CA

Posted 14 July 2009 - 10:58 PM

removed log

#17 OFFLINE lemartines

Advanced Member

Members
50 posts

Gender:Male
Location:Los Angeles, CA

Posted 14 July 2009 - 10:58 PM

removed log

#18 OFFLINE Rorschach112

Power Member

Moderators
1,029 posts

Posted 15 July 2009 - 12:29 PM

hi

Download TFC to your desktop

Open the file and close any other windows.
It will close all programs itself when run, make sure to let it run uninterrupted.
Click the Start button to begin the process. The program should not take long to finish its job
Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

By the power of truth, I, while living, have conquered the universe.

~Scratch~

#19 OFFLINE lemartines

Advanced Member

Members
50 posts

Gender:Male
Location:Los Angeles, CA

Posted 17 July 2009 - 03:04 PM

Thank you for the continued support. Here are the requested logs:

Malwarebytes' Anti-Malware 1.39
Database version: 2424
Windows 6.0.6001 Service Pack 1

7/16/2009 7:46:14 PM
mbam-log-2009-07-16 (19-46-14).txt

Scan type: Quick Scan
Objects scanned: 90771
Time elapsed: 5 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CLASSES_ROOT\CLSID\{46c166aa-3108-11d4-9348-00c04f8eeb71}\inprocserver32\(default) (Hijack.Hnetcfg) -> Bad: (\\?\globalroot\systemroot\installer\fc9a5.msi) Good: (hnetcfg.dll) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Friday, July 17, 2009
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Friday, July 17, 2009 09:05:52
Records in database: 2480249
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\

Scan statistics:
Files scanned: 190853
Threat name: 5
Infected objects: 15
Suspicious objects: 0
Duration of the scan: 02:40:45

File name / Threat name / Threats count
C:\Qoobox\Quarantine\C\Windows\Installer\_fc9a5_.msi.zip Infected: Trojan.Win32.Crot.a 6
C:\Users\Luis\DoctorWeb\Quarantine\AVICodecPackPlus220.exe Infected: not-a-virus:AdWare.Win32.Agent.acl 1
C:\Users\Luis\DoctorWeb\Quarantine\AVICodecPackPlus221.exe Infected: not-a-virus:AdWare.Win32.Agent.acl 1
F:\FLASH DRIVE\Software\APPLICATIONS\ca_setup.exe Infected: not-a-virus:PSWTool.Win32.Cain.284 1
F:\FLASH DRIVE\Software\APPLICATIONS\wirelesskeyview\WirelessKeyView.exe Infected: not-a-virus:PSWTool.Win32.Messen.ct 1
F:\Software\APPLICATIONS\ca_setup.exe Infected: not-a-virus:PSWTool.Win32.Cain.284 1
F:\Software\APPLICATIONS\wirelesskeyview\WirelessKeyView.exe Infected: not-a-virus:PSWTool.Win32.Messen.ct 1
G:\Software\APPLICATIONS\ca_setup.exe Infected: not-a-virus:PSWTool.Win32.Cain.284 1
G:\Software\APPLICATIONS\wirelesskeyview\WirelessKeyView.exe Infected: not-a-virus:PSWTool.Win32.Messen.ct 1
G:\AUTORUN.INF Infected: Backdoor.Win32.Hupigon.cfeh 1

The selected area was scanned.

#20 OFFLINE Rorschach112

Power Member

Moderators
1,029 posts

Posted 20 July 2009 - 09:17 PM

hi

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
O32 - AutoRun File - [2009/05/22 12:25:20 | 00,000,096 | -HS- | M] () - G:\AUTORUN.INF -- [ FAT32 ]

:Services

:Reg

:Files
G:\AUTORUN.INF
:Commands
[purity]
[emptytemp]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

By the power of truth, I, while living, have conquered the universe.

~Scratch~

Back to Spyware Hell