Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HijackThis Log Help Required


  • This topic is locked This topic is locked
15 replies to this topic

#1 Tonyto

Tonyto

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 17 July 2010 - 06:48 AM

Hi,

I am looking for help analysing a HijackThis log. Below is a list of some of the symptoms I'm experiencing when working on my PC.

- IE and Mozilla browsers are consuming massive amounts of memory, making my system unstable.

- Bookmarking pages is unstable at times using IE.

- Multiple iexplore processes running in Task Manager. (The total of processes in Task Manager is always one more than the total of IE windows open)

- I believe my computer is infected with 007guard.com as I checked different process such apache.exe and iexplorer.exe, with the Process Explorer tool, and I've found that the 007guard.com is under TCP/IP or UDP.

- My hard disk drive is almost constantly busy and making a clicking sound. Seems to almost continually be in use.

Thanks in advance. thumbup2.gif

==============================================================================================================

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:26:22 AM, on 7/17/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Tomcat6.0\bin\tomcat6w.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Spybot\Spybot\TeaTimer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\GEEK SQUAD UPS\pppeuser.exe
C:\Program Files\PIXELA\Everio MediaBrowser HD Edition\MBCameraMonitor.exe
C:\Program Files\MySQL\MySQL Tools for 5.0\MySQLSystemTrayMonitor.exe
C:\Program Files\Zenview Manager\UltraMon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\iTunes\iTunes.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\xampp\xampp-control.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Adobe Dreamweaver CS3\Dreamweaver.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Process Explorer\procexp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://partnerpage.google.com/smallbiz.del...amp;ibd=0080619
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
*.local;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~2\COMCAS~1.DLL
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot\Spybot\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O2 - BHO: Cooliris Plug-In for Internet Explorer - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\cooliris.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Comcast Toolbar - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\PROGRA~1\COMCAS~2\COMCAS~1.DLL
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
O4 - HKLM\..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
O4 - HKLM\..\Run: [ApacheTomcatMonitor] "C:\Tomcat6.0\bin\tomcat6w.exe" //MS//Tomcat6
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\VistaCodecPack\rm\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
O4 - HKLM\..\Run: [Seagate Scheduler2 Service] "C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [CarboniteSetupLite] "C:\Program Files\Carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=900
O4 - HKLM\..\Run: [Standby] "c:\Program Files\Common Files\Corel\Standby\Standby.exe" -START
O4 - HKLM\..\Run: [Matrox PowerDesk SE] "C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe"
O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot\Spybot\TeaTimer.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Julio Reguero\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [PowerPanel Personal Edition User Interaction] "C:\Program Files\GEEK SQUAD UPS\pppeuser.exe"
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; GTB6.4; 3B/3.11; SLCC1; .NET CLR 2.0.50727; .NET CLR 1.1.4322; InfoPath.2; .NET CLR 3.5.30729; .NET CLR 3.0.30618; OfficeLiveConnector.1.4; OfficeLivePatch.1.3; NET_mmhpset)" -"http://www.airtightinteractive.com/demos/play/shock/drive.html"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3610672647-2412968442-863455602-1004\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'PostgreSQL')
O4 - Startup: Process Explorer.lnk = C:\Program Files\Process Explorer\procexp.exe
O4 - Global Startup: Amazon Unbox.lnk = ?
O4 - Global Startup: Camera Monitor HD.lnk = C:\Program Files\PIXELA\Everio MediaBrowser HD Edition\MBCameraMonitor.exe
O4 - Global Startup: MySQL System Tray Monitor.lnk = C:\Program Files\MySQL\MySQL Tools for 5.0\MySQLSystemTrayMonitor.exe
O4 - Global Startup: SmartSVN 6 (background).lnk = C:\Program Files\SmartSVN 6\bin\smartsvn.exe
O4 - Global Startup: Zenview Manager.lnk = ?
O8 - Extra context menu item: + Offline &Explorer: Download the link - file://C:\Program Files\Offline Explorer Pro\Add_UrlO.htm
O8 - Extra context menu item: + Offline E&xplorer: Download the current page - file://C:\Program Files\Offline Explorer Pro\Add_AllO.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\cooliris.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Online Poker Rooms\PartyPoker\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Online Poker Rooms\PartyPoker\PartyPoker\RunApp.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot\Spybot\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot\Spybot\SDHelper.dll
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Online Poker Rooms\Bodog Poker\BPGame.exe
O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - (no file) (HKCU)
O15 - Trusted Zone: http://www.orkut.com
O16 - DPF: Web-Based Email Tools - http://email.secureserver.net/Download.CAB
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - http://picasaweb.google.com/s/v/60.08/uploader2.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) - http://picasaweb.google.com/s/v/33.06/uploader2.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.5.0.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w3/resources/...NPUplden-us.cab
O16 - DPF: {60541D7A-4EF1-4117-9607-7C1B0EEAAD18} (Image Uploader Control) - http://iu.ak.sonico.com//ImageUploader.cab
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E9790C6C-DCAA-4E4F-8048-FFEC3B62DFED} (VOGWeb2 Class) - http://216.32.89.203/activex/vogweb29.cab
O16 - DPF: {EAC139A9-D22D-4C29-8D1C-252BE63750F9} - http://www.cooliris.com/shared/plinstll.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...ivex-latest.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: intu-help-qb2 - {84D77A00-41B5-4B8B-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - mscoree.dll (file missing)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Amazon Unbox Video Service (ADVService) - Amazon.com - C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Apache2.2 - Apache Software Foundation - c:\xampp\apache\bin\apache.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Crypkey License - CrypKey (Canada) Ltd. - C:\Windows\SYSTEM32\crypserv.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Linksys Updater (LinksysUpdater) - Unknown owner - C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
O23 - Service: Matrox.Pdesk.ServicesHost - Matrox Graphics Inc. - C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.Pdesk.ServicesHost.exe
O23 - Service: MySql - Unknown owner - C:/xampp/mysql/bin/mysqld.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: GEEK SQUAD POWER MANAGEMENT Service (ppped) - Unknown owner - C:\Program Files\GEEK SQUAD UPS\ppped.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: QBCFMonitorService - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot\Spybot\SDWinSec.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Seagate Scheduler2 Service (SgtSch2Svc) - Seagate - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: SupportSoft Sprocket Service (ddoctorv2) (sprtsvc_ddoctorv2) - SupportSoft, Inc. - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: SmartSVN Status Cache (statuscached) - Unknown owner - C:\Program Files\SmartSVN 6\bin\statuscached.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Apache Tomcat (Tomcat6) - Apache Software Foundation - C:\Tomcat6.0\bin\tomcat6.exe
O23 - Service: SAMSUNG WiselinkPro Service (WiselinkPro) - Unknown owner - C:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe

--
End of file - 22065 bytes


BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:29 AM

Posted 23 July 2010 - 06:33 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.

Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.

We need to create an OTL report,
  • Please download OTL from this link.
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    drivers32 /all
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.sys /90
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32
    ahcix86s.sys
    nvrd32.sys
    user32.dll
    ws2_32.dll
    /md5stop
    %systemroot%\*. /mp /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    CREATERESTOREPOINT

  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply.

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new OTL log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


In your reply, please post both OTL logs and the GMER log.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 Tonyto

Tonyto
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 24 July 2010 - 05:11 AM

Hi,

Attached you will find the OTL logs from the instructions you sent me. I read the instructions on how to properly create a GMER log, but unfortunately, I have trouble running the GMER tool. My computer crashes everytime I run gmer.exe, even when run in safe mode. I have also included a screenshot of the Windows Error Message under Safe Mode.

Please let me know if you need further information.

Thanks.

Update: I run the gmer.exe program from a folder on the Desktop (i.e. GMER/gmer.exe) I just realized that the instructions to create a GMER Log say to save the file to the Desktop. Should I try with the GMER tool again, this time directly from the desktop?



OTL logfile created on: 7/24/2010 12:15:26 AM - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Julio Reguero\Desktop
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 43.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.77 Gb Total Space | 65.93 Gb Free Space | 29.60% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.79 Gb Free Space | 67.94% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 232.88 Gb Total Space | 130.12 Gb Free Space | 55.87% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: CHRONOS
Current User Name: Julio Reguero
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/24 00:13:53 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Julio Reguero\Desktop\OTL.exe
PRC - [2010/06/28 08:05:47 | 001,054,880 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgupd.exe
PRC - [2010/06/22 09:30:45 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/06/22 09:30:41 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/06/22 09:30:41 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/06/22 09:30:38 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/06/22 09:30:33 | 005,897,808 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/06/22 09:30:33 | 000,596,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2010/06/22 09:30:31 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/06/22 09:30:30 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/06/22 09:30:29 | 000,842,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe
PRC - [2010/06/15 13:13:08 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe
PRC - [2010/04/12 17:29:25 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
PRC - [2009/11/12 17:33:04 | 010,358,048 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe
PRC - [2009/10/16 18:42:54 | 000,904,840 | ---- | M] (Acronis) -- C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
PRC - [2009/10/16 18:39:32 | 000,136,544 | ---- | M] (Seagate) -- C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
PRC - [2009/10/16 18:39:28 | 000,431,456 | ---- | M] (Seagate) -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
PRC - [2009/10/16 18:37:22 | 001,325,936 | ---- | M] (Seagate) -- C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
PRC - [2009/10/01 11:27:22 | 000,215,040 | ---- | M] () -- C:\Program Files\SmartSVN 6\bin\statuscached.exe
PRC - [2009/08/14 07:16:55 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TCPSVCS.EXE
PRC - [2009/07/24 16:05:24 | 000,139,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2009/05/21 12:13:58 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/05/19 08:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/04/28 23:07:34 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/03/30 13:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009/03/30 13:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/03/05 13:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot\Spybot\TeaTimer.exe
PRC - [2009/01/26 13:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot\Spybot\SDWinSec.exe
PRC - [2008/12/12 15:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/12/12 15:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/12/08 09:38:10 | 001,027,072 | ---- | M] () -- C:\Program Files\MySQL\MySQL Tools for 5.0\MySQLSystemTrayMonitor.exe
PRC - [2008/12/03 11:00:22 | 000,323,840 | ---- | M] (Matrox Graphics Inc.) -- C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.Pdesk.ServicesHost.exe
PRC - [2008/11/24 23:31:10 | 029,263,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2008/11/13 12:43:49 | 000,204,800 | ---- | M] () -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
PRC - [2008/10/28 23:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/09/10 20:37:36 | 000,024,576 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2008/08/13 21:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/06/18 17:58:39 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/05/28 06:52:10 | 003,522,600 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Program Files\Process Explorer\procexp.exe
PRC - [2008/04/24 10:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
PRC - [2008/03/03 18:06:00 | 001,848,648 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2008/02/26 07:57:28 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2008/01/20 19:35:03 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetsrv\inetinfo.exe
PRC - [2007/10/22 12:33:14 | 000,856,064 | ---- | M] () -- C:\Program Files\GEEK SQUAD UPS\ppped.exe
PRC - [2007/10/22 12:31:14 | 000,323,584 | ---- | M] () -- C:\Program Files\GEEK SQUAD UPS\pppeuser.exe
PRC - [2007/08/30 08:50:42 | 000,205,480 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007/07/19 19:20:14 | 000,098,304 | ---- | M] (Apache Software Foundation) -- C:\Tomcat6.0\bin\tomcat6w.exe
PRC - [2007/06/22 10:22:56 | 000,095,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
PRC - [2007/06/05 10:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe
PRC - [2007/05/14 02:03:20 | 004,452,352 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2003/11/26 14:44:19 | 000,061,440 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\Windows\System32\Crypserv.exe


========== Modules (SafeList) ==========

MOD - [2010/07/24 00:13:53 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Julio Reguero\Desktop\OTL.exe
MOD - [2010/06/22 09:30:41 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
MOD - [2008/01/20 19:34:30 | 002,085,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msi.dll
MOD - [2008/01/20 19:34:21 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2008/01/20 19:33:14 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll
MOD - [2006/11/02 02:46:07 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msiltcfg.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (McAfeeFramework)
SRV - [2010/06/25 21:05:05 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/06/25 15:34:49 | 000,064,328 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3001.dll -- (nosGetPlusHelper) getPlus®
SRV - [2010/06/23 20:53:21 | 002,561,624 | ---- | M] () [Auto | Stopped] -- c:\Program Files\Common Files\Akamai\rswin_3725.dll -- (Akamai)
SRV - [2010/06/22 09:30:38 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/06/22 09:30:33 | 005,897,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/03/29 08:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/16 18:39:28 | 000,431,456 | ---- | M] (Seagate) [Auto | Running] -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe -- (SgtSch2Svc)
SRV - [2009/10/01 11:27:22 | 000,215,040 | ---- | M] () [Auto | Running] -- C:\Program Files\SmartSVN 6\bin\statuscached.exe -- (statuscached)
SRV - [2009/09/03 12:41:06 | 000,025,704 | R--- | M] (Amazon.com) [Auto | Stopped] -- C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe -- (ADVService)
SRV - [2009/08/14 07:16:55 | 000,009,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\TCPSVCS.EXE -- (simptcp)
SRV - [2009/08/05 23:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/07/24 16:05:24 | 000,139,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2009/05/19 08:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/04/28 23:07:34 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/03/30 13:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/01/26 13:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot\Spybot\SDWinSec.exe -- (SBSDWSCService)
SRV - [2009/01/08 10:38:46 | 004,136,960 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe -- (WiselinkPro)
SRV - [2008/12/12 15:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008/12/03 11:00:22 | 000,323,840 | ---- | M] (Matrox Graphics Inc.) [Auto | Running] -- C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.Pdesk.ServicesHost.exe -- (Matrox.Pdesk.ServicesHost)
SRV - [2008/11/24 23:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/11/24 23:31:10 | 029,263,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQLSERVER) SQL Server (MSSQLSERVER)
SRV - [2008/11/24 23:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008/11/24 23:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008/11/13 12:43:49 | 000,204,800 | ---- | M] () [Auto | Running] -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater)
SRV - [2008/10/18 09:26:55 | 000,116,032 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2008/09/10 20:37:36 | 000,024,576 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2008/08/13 21:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/08/08 19:10:46 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2008/04/24 10:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)
SRV - [2008/02/28 12:31:50 | 000,063,040 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2008/02/13 12:07:30 | 004,653,056 | ---- | M] () [On_Demand | Stopped] -- C:/xampp/mysql/bin/mysqld.exe -- (MySql)
SRV - [2008/02/01 09:55:56 | 000,948,616 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2008/02/01 09:55:54 | 000,747,912 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2008/02/01 01:02:26 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) [On_Demand | Stopped] -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe -- (pgsql-8.3)
SRV - [2008/01/20 19:35:03 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2008/01/20 19:34:59 | 000,371,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2008/01/20 19:34:59 | 000,371,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2008/01/20 19:34:59 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2008/01/20 19:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/17 16:37:26 | 000,024,635 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- c:\xampp\apache\bin\apache.exe -- (Apache2.2)
SRV - [2007/12/25 14:25:50 | 000,586,240 | ---- | M] (FileZilla Project) [On_Demand | Stopped] -- C:\Program Files\FileZilla Server\FileZilla server.exe -- (FileZilla Server)
SRV - [2007/10/22 12:33:14 | 000,856,064 | ---- | M] () [Auto | Running] -- C:\Program Files\GEEK SQUAD UPS\ppped.exe -- (ppped)
SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/07/19 19:20:14 | 000,057,344 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- C:\Tomcat6.0\bin\tomcat6.exe -- (Tomcat6)
SRV - [2007/06/22 10:22:56 | 000,095,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe -- (msftesql) SQL Server FullText Search (MSSQLSERVER)
SRV - [2007/06/05 10:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2003/11/26 14:44:19 | 000,061,440 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\Windows\System32\Crypserv.exe -- (Crypkey License)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2010/06/22 09:30:43 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/06/22 09:30:34 | 000,122,448 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSDriver.sys -- (AVGIDSDrivervtx)
DRV - [2010/06/22 09:30:34 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSFilter.sys -- (AVGIDSFiltervtx)
DRV - [2010/06/22 09:30:34 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSShim.sys -- (AVGIDSShimvtx)
DRV - [2010/06/22 09:30:34 | 000,025,168 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\AVGIDSvx.sys -- (AVGIDSErHrvtx)
DRV - [2010/06/22 09:30:31 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/10 19:30:38 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2010/06/10 19:30:38 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\System32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2010/06/10 19:30:27 | 000,132,224 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2010/06/10 19:30:23 | 000,368,480 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tdrpman.sys -- (tdrpman)
DRV - [2010/06/01 09:38:53 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/04 10:32:44 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2009/08/05 23:48:42 | 000,054,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV - [2009/07/24 20:28:50 | 000,030,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2009/05/08 22:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2008/12/12 15:05:18 | 000,026,416 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\purendis.sys -- (purendis)
DRV - [2008/12/12 15:05:18 | 000,024,880 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/11/14 02:11:30 | 000,017,184 | ---- | M] (Realtime Soft Ltd) [Kernel | Auto | Running] -- C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys -- (UltraMonUtility)
DRV - [2008/10/18 09:26:33 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2008/10/18 09:26:33 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/07/04 03:35:40 | 003,847,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2008/07/04 03:35:40 | 003,847,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/06/01 00:13:10 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (npf)
DRV - [2008/02/28 12:31:52 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2008/02/01 09:55:52 | 000,042,376 | ---- | M] (PCTools Research Pty Ltd.) [File_System | On_Demand | Stopped] -- C:\Windows\system32\drivers\ikfilesec.sys -- (IKFileSec)
DRV - [2008/01/20 19:32:53 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 19:32:53 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 19:32:52 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 19:32:52 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 19:32:52 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 19:32:52 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 19:32:52 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hidbatt.sys -- (HidBatt)
DRV - [2008/01/20 19:32:51 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 19:32:51 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 19:32:50 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 19:32:50 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/20 19:32:50 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 19:32:49 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 19:32:49 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 19:32:49 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 19:32:49 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 19:32:49 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 19:32:48 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 19:32:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 19:32:47 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 19:32:47 | 000,073,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/01/20 19:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 19:32:46 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 19:32:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 19:32:21 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 19:32:21 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 19:32:21 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/12/14 15:16:34 | 000,570,880 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2007/12/10 11:53:28 | 000,081,288 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iksyssec.sys -- (IKSysSec)
DRV - [2007/12/10 11:53:28 | 000,066,952 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iksysflt.sys -- (IKSysFlt)
DRV - [2007/05/21 04:35:14 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2007/05/14 02:08:48 | 000,304,920 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2007/05/14 02:03:22 | 001,773,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/11/02 02:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 02:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 02:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 02:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 02:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 02:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 02:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 02:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 02:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 02:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 02:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 01:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 01:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 01:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 01:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 01:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 01:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 00:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2003/07/28 23:18:32 | 000,028,518 | ---- | M] () [Kernel | System | Running] -- C:\Windows\system32\ckldrv.sys -- (NetworkX)
DRV - [2003/03/06 04:00:00 | 000,084,448 | ---- | M] (Network Associates, Inc.) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\naiavf5x.sys -- (NaiAvFilter1)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/


IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3610672647-2412968442-863455602-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://partnerpage.google.com/smallbiz.del...amp;ibd=0080619
IE - HKU\S-1-5-21-3610672647-2412968442-863455602-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3610672647-2412968442-863455602-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3610672647-2412968442-863455602-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3610672647-2412968442-863455602-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3610672647-2412968442-863455602-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3610672647-2412968442-863455602-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-3610672647-2412968442-863455602-1000\..\URLSearchHook: CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3610672647-2412968442-863455602-1000\..\URLSearchHook: EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-3610672647-2412968442-863455602-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3610672647-2412968442-863455602-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1
*.local;*.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.825
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.11.6
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4
FF - prefs.js..extensions.enabledItems: FirePHPExtension-Build@firephp.org:0.4.3
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.0.5
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:3.3.3
FF - prefs.js..extensions.enabledItems: jsonview@brh.numbera.com:0.4
FF - prefs.js..extensions.enabledItems: librarydetector@paulbakaus.com:1.0.3
FF - prefs.js..extensions.enabledItems: multipletab@piro.sakura.ne.jp:0.5.2010043001
FF - prefs.js..extensions.enabledItems: pencil@evolus.vn:1.0.6
FF - prefs.js..extensions.enabledItems: seo@profesional:1.0.0
FF - prefs.js..extensions.enabledItems: {FCAB6FDD-5585-425b-95C1-5ED856F3FD08}:5.7
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.9
FF - prefs.js..extensions.enabledItems: validator@totalvalidator.com:6.5.0
FF - prefs.js..extensions.enabledItems: {68836a21-fc7d-4ea1-a065-7efabd99d414}:3.01
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: amznUWL@amazon.com:1.1

FF - HKLM\software\mozilla\3B\Extensions\\Plugins: C:\Program Files\3B\3B Browser\plugins [2010/07/03 12:22:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\3B\Extensions\\Components: C:\Program Files\3B\3B Browser\components [2010/04/18 19:45:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/07/21 08:21:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/04/24 13:34:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/08 17:14:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/08 18:02:38 | 000,000,000 | ---D | M]

[2010/07/23 03:46:47 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\Mozilla\Extensions
[2009/09/17 23:43:11 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\Mozilla\Extensions\pencil@evolus.vn
[2010/07/23 03:46:47 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\Mozilla\Extensions\uploadr@flickr.com
[2010/07/20 12:48:39 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\Mozilla\Firefox\Profiles\cixpmfwk.default\extensions
[2010/06/10 02:59:42 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Julio Reguero\AppData\Roaming\Mozilla\Firefox\Profiles\cixpmfwk.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010/04/29 20:21:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Julio Reguero\AppData\Roaming\Mozilla\Firefox\Profiles\cixpmfwk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/29 12:28:58 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Julio Reguero\AppData\Roaming\Mozilla\Firefox\Profiles\cixpmfwk.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/06/10 02:59:46 | 000,000,000 | ---D | M] (Stylish) -- C:\Users\Julio Reguero\AppData\Roaming\Mozilla\Firefox\Profiles\cixpmfwk.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2010/03/15 01:48:12 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Julio Reguero\AppData\Roaming\Mozilla\Firefox\Profiles\cixpmfwk.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/03/15 19:21:12 | 000,000,000 | ---D | M] (View Source Chart) -- C:\Users\Julio Reguero\AppData\Roaming\Mozilla\Firefox\Profiles\cixpmfwk.default\extensions\{68836a21-fc7d-4ea1-a065-7efabd99d414}
[2009/10/07 11:55:44 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\Julio Reguero\AppData\Roaming\Mozilla\Firefox\Profiles\cixpmfwk.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2010/01/14 01:50:18 | 000,000,000 | ---D | M] (ImTranslator) -- C:\Users\Julio Reguero\AppData\Roaming\Mozilla\Firefox\Profiles\cixpmfwk.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
[2009/10/07 11:55:56 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\Julio Reguero\AppData\Roaming\Mozilla\Firefox\Profiles\cixpmfwk.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2010/04/29 20:21:32 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Julio Reguero\AppData\Roaming\Mozilla\Firefox\Profiles\cixpmfwk.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/02/21 01:13:58 | 000,000,000 | ---D | M] (Sothink Web Video Downloader for Firefox) -- C:\Users\Julio Reguero\AppData\Roaming\Mozilla\Firefox\Profiles\cixpmfwk.default\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}
[2010/06/18 16:24:01 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\Mozilla\Firefox\Profiles\cixpmfwk.default\extensions\amznUWL@amazon.com
[2010/01/13 20:50:24 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\Mozilla\Firefox\Profiles\cixpmfwk.default\extensions\anycolor.pavlos256@gmail.com
[2010/06/10 02:59:24 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\Mozilla\Firefox\Profiles\cixpmfwk.default\extensions\firebug@software.joehewitt.com
[2010/01/29 13:39:50 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\Mozilla\Firefox\Profiles\cixpmfwk.default\extensions\FirePHPExtension-Build@firephp.org
[2010/01/14 01:44:40 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\Mozilla\Firefox\Profiles\cixpmfwk.default\extensions\jsonview@brh.numbera.com
[2010/06/10 02:59:47 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\Mozilla\Firefox\Profiles\cixpmfwk.default\extensions\librarydetector@paulbakaus.com
[2010/06/10 02:59:47 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\Mozilla\Firefox\Profiles\cixpmfwk.default\extensions\multipletab@piro.sakura.ne.jp
[2009/09/17 23:38:18 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\Mozilla\Firefox\Profiles\cixpmfwk.default\extensions\pencil@evolus.vn
[2010/01/13 20:50:29 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\Mozilla\Firefox\Profiles\cixpmfwk.default\extensions\piclens@cooliris.com
[2010/01/13 20:50:29 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\Mozilla\Firefox\Profiles\cixpmfwk.default\extensions\piclens@cooliris.com-trash
[2010/01/30 18:55:39 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\Mozilla\Firefox\Profiles\cixpmfwk.default\extensions\seo@profesional
[2010/06/10 02:59:47 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\Mozilla\Firefox\Profiles\cixpmfwk.default\extensions\validator@totalvalidator.com
[2010/01/29 13:39:50 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\Mozilla\Firefox\Profiles\cixpmfwk.default\extensions\FirePHPExtension-Build@firephp.org\__MACOSX
[2010/01/29 13:39:50 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\Mozilla\Firefox\Profiles\cixpmfwk.default\extensions\FirePHPExtension-Build@firephp.org\chrome
[2010/01/29 13:39:50 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\Mozilla\Firefox\Profiles\cixpmfwk.default\extensions\FirePHPExtension-Build@firephp.org\defaults
[2008/07/28 17:13:19 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\Mozilla\Webview\Profiles\3y2r9pz8.default\extensions
[2010/07/20 12:48:40 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/25 22:35:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/12/19 05:57:38 | 000,310,272 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
[2007/03/09 16:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
[2010/06/25 15:34:49 | 000,031,920 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\np_IEGetPlugin.dll

O1 HOSTS File: ([2010/07/23 23:38:07 | 000,412,129 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.123fporn.info
O1 - Hosts: 14243 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Comcast Toolbar) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\Program Files\ComcastToolbar\comcasttoolbar.dll (Comcast Cable Communications. )
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot\Spybot\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O2 - BHO: (no name) - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\cooliris.dll (Cooliris Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Comcast Toolbar) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\Program Files\ComcastToolbar\comcasttoolbar.dll (Comcast Cable Communications. )
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-3610672647-2412968442-863455602-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-3610672647-2412968442-863455602-1000\..\Toolbar\WebBrowser: (Comcast Toolbar) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\Program Files\ComcastToolbar\comcasttoolbar.dll (Comcast Cable Communications. )
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [ApacheTomcatMonitor] C:\Tomcat6.0\bin\tomcat6w.exe (Apache Software Foundation)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [CarboniteSetupLite] C:\Program Files\Carbonite\CarbonitePreinstaller.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe (Seagate)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Matrox PowerDesk SE] C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe (Matrox Graphics Inc.)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corp.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [POEngine] File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Seagate Scheduler2 Service] C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe (Seagate)
O4 - HKLM..\Run: [Standby] c:\Program Files\Common Files\Corel\Standby\Standby.exe (Corel)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\VistaCodecPack\rm\Update_OB\realsched.exe File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3610672647-2412968442-863455602-1000..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKU\S-1-5-21-3610672647-2412968442-863455602-1000..\Run: [fsm] File not found
O4 - HKU\S-1-5-21-3610672647-2412968442-863455602-1000..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKU\S-1-5-21-3610672647-2412968442-863455602-1000..\Run: [PowerPanel Personal Edition User Interaction] C:\Program Files\GEEK SQUAD UPS\pppeuser.exe ()
O4 - HKU\S-1-5-21-3610672647-2412968442-863455602-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot\Spybot\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-3610672647-2412968442-863455602-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-3610672647-2412968442-863455602-1000..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1100465 -Mozilla\4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident\4.0; GTB6.4; 3B\3.11; File not found
O4 - Startup: C:\Users\Julio Reguero\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Process Explorer.lnk = C:\Program Files\Process Explorer\procexp.exe (Sysinternals - www.sysinternals.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: + Offline &Explorer: Download the link - C:\Program Files\Offline Explorer Pro\Add_UrlO.htm ()
O8 - Extra context menu item: + Offline E&xplorer: Download the current page - C:\Program Files\Offline Explorer Pro\Add_AllO.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xportar a Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\cooliris.dll (Cooliris Inc.)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Online Poker Rooms\PartyPoker\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Online Poker Rooms\PartyPoker\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot\Spybot\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Online Poker Rooms\Bodog Poker\BPGame.exe (Bodog)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3610672647-2412968442-863455602-1000\..Trusted Domains: orkut.com ([www] http in Trusted sites)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.google.com/s/v/60.08/uploader2.cab (UploadListView Class)
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} http://picasaweb.google.com/s/v/33.06/uploader2.cab (UploadListView Class)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.5.0.cab (DLM Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w3/resources/...NPUplden-us.cab (MSN Photo Upload Tool)
O16 - DPF: {60541D7A-4EF1-4117-9607-7C1B0EEAAD18} http://iu.ak.sonico.com//ImageUploader.cab (Image Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E9790C6C-DCAA-4E4F-8048-FFEC3B62DFED} http://216.32.89.203/activex/vogweb29.cab (VOGWeb2 Class)
O16 - DPF: {EAC139A9-D22D-4C29-8D1C-252BE63750F9} http://www.cooliris.com/shared/plinstll.cab (Reg Error: Value error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} http://dlm.tools.akamai.com/dlmanager/vers...ivex-latest.cab (DownloadManager Control)
O16 - DPF: Web-Based Email Tools http://email.secureserver.net/Download.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.76.182 68.87.78.134
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Julio Reguero\AppData\Local\Realtime Soft\UltraMon\Zenview Manager Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\Julio Reguero\AppData\Local\Realtime Soft\UltraMon\Zenview Manager Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{af948084-47bf-11dd-b1d6-001d0994ab12}\Shell - "" = AutoRun
O33 - MountPoints2\{af948084-47bf-11dd-b1d6-001d0994ab12}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{db9ca586-7136-11df-a2f3-001d0994ab12}\Shell\AutoRun\command - "" = K:\Seagate\Installer\InstallSeagateManager.exe -- File not found
O33 - MountPoints2\{db9ca586-7136-11df-a2f3-001d0994ab12}\Shell\Install\command - "" = K:\Seagate\Installer\InstallSeagateManager.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe - (Intuit Inc.)
MsConfig - StartUpFolder: C:^Users^Julio Reguero^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Recorte de pantalla e Inicio rápido de OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe File not found
MsConfig - StartUpReg: AppleSyncNotifier - hkey= - key= - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
MsConfig - StartUpReg: Corel File Shell Monitor - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: Corel Photo Downloader - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: ddoctorv2 - hkey= - key= - C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe (SupportSoft, Inc.)
MsConfig - StartUpReg: FileZilla Server Interface - hkey= - key= - C:\Program Files\FileZilla Server\FileZilla Server Interface.exe (FileZilla Project)
MsConfig - StartUpReg: Google Desktop Search - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: googletalk - hkey= - key= - C:\Program Files\Google\Google Talk\googletalk.exe (Google)
MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: LogMeIn GUI - hkey= - key= - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.)
MsConfig - StartUpReg: McAfeeUpdaterUI - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: MsnMsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation)
MsConfig - StartUpReg: Nitro PDF Printer Monitor - hkey= - key= - C:\Program Files\Nitro PDF\Professional\NitroPDFPrinterMonitor.exe ()
MsConfig - StartUpReg: POEngine - hkey= - key= - Reg Error: Value error. File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: SmileboxTray - hkey= - key= - C:\Users\Julio Reguero\AppData\Roaming\Smilebox\SmileboxTray.exe (Smilebox, Inc.)
MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
MsConfig - StartUpReg: Web Video Downloader - hkey= - key= - C:\Program Files\SourceTec\Sothink Web Video Downloader Stand-alone\VideoDownloader.exe (SourceTec Software Co., LTD)
MsConfig - StartUpReg: Yahoo! Pager - hkey= - key= - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
MsConfig - State: "startup" - 2

Drivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm ()
Drivers32: msacm.avis - C:\Windows\System32\ff_acm.acm ()
Drivers32: msacm.dvacm - c:\Program Files\Common Files\Ulead Systems\VIO\DVACM.acm (Corel TW Corp.)
Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\Windows\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: VIDC.ACDV - ACDV.dll File not found
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - ff_vfw.dll File not found
Drivers32: vidc.i420 - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: VIDC.IYUV - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.MP42 - C:\Windows\System32\MPG4c32.dll (Microsoft Corporation)
Drivers32: vidc.MP43 - C:\Windows\System32\MPG4c32.dll (Microsoft Corporation)
Drivers32: vidc.MPG4 - C:\Windows\System32\MPG4c32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.XVID - xvidvfw.dll File not found
Drivers32: VIDC.YUY2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVU9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 90 Days ==========

[2010/07/24 00:13:42 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Julio Reguero\Desktop\OTL.exe
[2010/07/23 03:46:45 | 000,000,000 | ---D | C] -- C:\Users\Julio Reguero\AppData\Roaming\Flickr
[2010/07/23 03:46:45 | 000,000,000 | ---D | C] -- C:\Users\Julio Reguero\AppData\Local\Flickr
[2010/07/23 03:45:50 | 000,000,000 | ---D | C] -- C:\Program Files\Flickr Uploadr
[2010/07/17 02:16:45 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/07/15 14:13:52 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2010/07/12 23:25:16 | 000,000,000 | ---D | C] -- C:\mgafold
[2010/07/12 23:23:36 | 000,000,000 | ---D | C] -- C:\Program Files\Matrox
[2010/07/09 20:16:48 | 000,000,000 | ---D | C] -- C:\Users\Julio Reguero\AppData\Local\Realtime Soft
[2010/07/09 19:35:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Matrox
[2010/07/09 19:35:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Matrox Graphics Inc
[2010/07/09 19:35:33 | 000,000,000 | ---D | C] -- C:\Program Files\Matrox Graphics Inc
[2010/07/09 19:11:02 | 000,000,000 | ---D | C] -- C:\Users\Julio Reguero\AppData\Roaming\Realtime Soft
[2010/07/09 19:10:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Realtime Soft
[2010/07/09 19:10:51 | 000,000,000 | ---D | C] -- C:\Program Files\Zenview Manager
[2010/07/09 19:10:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Realtime Soft
[2010/07/09 19:06:09 | 000,000,000 | ---D | C] -- C:\Users\Julio Reguero\AppData\Local\Matrox
[2010/07/07 17:49:21 | 000,000,000 | ---D | C] -- C:\Users\Julio Reguero\AppData\Roaming\AVG9
[2010/06/25 23:36:35 | 000,000,000 | ---D | C] -- C:\Program Files\Digital Photo Recovery
[2010/06/25 23:26:45 | 000,165,888 | ---- | C] (Kenonic Controls) -- C:\Windows\Ckconfig.exe
[2010/06/25 23:26:45 | 000,061,440 | ---- | C] (CrypKey (Canada) Ltd.) -- C:\Windows\System32\Crypserv.exe
[2010/06/25 23:26:42 | 000,000,000 | ---D | C] -- C:\Stellar Phoenix NTFS
[2010/06/25 19:07:06 | 000,000,000 | ---D | C] -- C:\Users\Julio Reguero\Documents\CyberLink
[2010/06/25 18:54:40 | 000,000,000 | ---D | C] -- C:\ProgramData\COMPANY_NAME
[2010/06/25 18:01:49 | 000,000,000 | ---D | C] -- C:\Users\Julio Reguero\AppData\Roaming\Ulead Systems
[2010/06/25 17:54:28 | 000,000,000 | ---D | C] -- C:\ProgramData\eSellerate
[2010/06/25 17:53:15 | 000,000,000 | ---D | C] -- C:\Program Files\SmartSound Software
[2010/06/25 17:53:11 | 000,000,000 | ---D | C] -- C:\ProgramData\SmartSound Software Inc
[2010/06/25 17:52:22 | 000,000,000 | -H-D | C] -- C:\Windows\msdownld.tmp
[2010/06/25 17:52:22 | 000,000,000 | ---D | C] -- C:\Windows\RegisteredPackages
[2010/06/25 17:52:09 | 000,000,000 | ---D | C] -- C:\ProgramData\InterVideo
[2010/06/25 17:42:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Protexis
[2010/06/25 17:42:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Corel
[2010/06/25 17:39:59 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Components
[2010/06/25 17:39:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Ulead Systems
[2010/06/25 17:39:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Ulead Systems
[2010/06/25 15:35:39 | 000,000,000 | ---D | C] -- C:\Users\Julio Reguero\AppData\Local\NOS
[2010/06/25 15:34:49 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
[2010/06/22 09:30:41 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/06/10 21:11:54 | 000,000,000 | ---D | C] -- C:\ProgramData\muvee Technologies
[2010/06/10 21:11:24 | 000,000,000 | ---D | C] -- C:\Users\Julio Reguero\AppData\Roaming\muvee Technologies
[2010/06/10 20:00:53 | 000,000,000 | ---D | C] -- C:\Program Files\Carbonite
[2010/06/10 20:00:51 | 000,000,000 | -HSD | C] -- C:\Windows\ftpcache
[2010/06/10 19:58:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\muvee Technologies
[2010/06/10 19:49:52 | 000,000,000 | ---D | C] -- C:\Users\Julio Reguero\AppData\Roaming\Leadertech
[2010/06/10 19:30:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Seagate
[2010/06/10 19:28:52 | 000,000,000 | ---D | C] -- C:\Program Files\Seagate
[2010/06/10 19:28:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Seagate
[2010/06/06 00:16:37 | 000,000,000 | ---D | C] -- C:\Users\Julio Reguero\AppData\Roaming\VistaCodecs
[2010/06/06 00:16:31 | 000,000,000 | ---D | C] -- C:\Program Files\VistaCodecPack
[2010/06/06 00:15:21 | 000,000,000 | ---D | C] -- C:\ProgramData\VistaCodecs
[2010/05/28 03:40:53 | 000,000,000 | ---D | C] -- C:\ProgramData\PIXELA
[2010/05/28 03:23:20 | 000,000,000 | ---D | C] -- C:\Program Files\PIXELA
[2010/05/28 03:21:07 | 000,000,000 | ---D | C] -- C:\Program Files\Digital Photo Navigator 1.5
[2010/05/25 22:36:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/05/23 22:11:01 | 000,000,000 | ---D | C] -- C:\Users\Julio Reguero\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/05/23 21:58:40 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS
[2010/05/18 17:58:24 | 001,085,440 | ---- | C] (MPC-HC Team) -- C:\Windows\System32\VSFilter.dll
[2010/05/09 17:28:45 | 000,000,000 | ---D | C] -- C:\Users\Julio Reguero\Documents\Canon Utilities
[2010/05/01 21:10:48 | 000,000,000 | ---D | C] -- C:\Program Files\SopCast
[2010/04/30 19:08:28 | 000,000,000 | ---D | C] -- C:\Program Files\Balsamiq Mockups
[2010/04/28 03:42:48 | 000,000,000 | ---D | C] -- C:\Users\Julio Reguero\.javafx
[2010/04/25 17:37:01 | 000,000,000 | ---D | C] -- C:\Users\Julio Reguero\AppData\Local\Abacast
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/07/24 00:20:19 | 015,728,640 | -HS- | M] () -- C:\Users\Julio Reguero\NTUSER.DAT
[2010/07/24 00:20:08 | 000,000,000 | ---- | M] () -- C:\Users\Julio Reguero\AppData\Local\prvlcl.dat
[2010/07/24 00:19:09 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{8046DC5F-4FFC-48C2-9711-C770DBDA2FE8}.job
[2010/07/24 00:19:04 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3610672647-2412968442-863455602-1000UA.job
[2010/07/24 00:18:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/24 00:13:53 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Julio Reguero\Desktop\OTL.exe
[2010/07/23 23:38:07 | 000,412,129 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/07/23 23:29:43 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/07/23 23:29:43 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/07/23 19:56:56 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/07/23 17:19:01 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3610672647-2412968442-863455602-1000Core.job
[2010/07/23 16:33:55 | 062,394,897 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/07/23 15:42:50 | 000,920,490 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/07/23 15:42:50 | 000,762,504 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/07/23 15:42:50 | 000,157,276 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/07/23 15:42:17 | 000,000,480 | ---- | M] () -- C:\Windows\tasks\SDMsgUpdate (SD).job
[2010/07/23 15:39:22 | 000,002,427 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Zenview Manager.lnk
[2010/07/23 15:39:09 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/23 15:29:46 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/07/23 15:29:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/07/23 15:29:27 | 3219,312,640 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/23 09:38:42 | 000,524,288 | -HS- | M] () -- C:\Users\Julio Reguero\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms
[2010/07/23 09:38:42 | 000,065,536 | -HS- | M] () -- C:\Users\Julio Reguero\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf
[2010/07/23 09:38:07 | 004,099,092 | -H-- | M] () -- C:\Users\Julio Reguero\AppData\Local\IconCache.db
[2010/07/23 09:24:11 | 000,070,144 | ---- | M] () -- C:\Users\Julio Reguero\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/23 03:46:10 | 000,001,768 | ---- | M] () -- C:\Users\Julio Reguero\Desktop\Flickr Uploadr.lnk
[2010/07/21 18:30:18 | 000,000,000 | ---- | M] () -- C:\Windows\System32\null
[2010/07/19 13:00:22 | 279,538,234 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/07/11 13:36:11 | 000,000,680 | ---- | M] () -- C:\Users\Julio Reguero\AppData\Local\d3d9caps.dat
[2010/07/03 11:54:29 | 000,001,680 | ---- | M] () -- C:\Windows\System32\esnecil.ind
[2010/06/25 23:51:46 | 000,001,000 | ---- | M] () -- C:\Users\Julio Reguero\Desktop\Adobe Premiere Elements 8 for Dummies.lnk
[2010/06/25 23:27:48 | 000,001,680 | ---- | M] () -- C:\Windows\System32\esnecil.nlp
[2010/06/25 23:27:48 | 000,000,329 | ---- | M] () -- C:\Windows\win.ini
[2010/06/25 23:27:39 | 000,000,040 | ---- | M] () -- C:\Windows\Crypkey.ini
[2010/06/25 22:36:04 | 000,486,296 | ---- | M] () -- C:\Windows\System32\GDIPFONTCACHEV1.DAT
[2010/06/25 22:34:58 | 000,008,224 | ---- | M] () -- C:\Users\Julio Reguero\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/06/25 21:49:31 | 002,648,480 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/06/25 19:18:39 | 000,000,000 | ---- | M] () -- C:\Windows\PhotoNow.INI
[2010/06/25 18:04:51 | 000,005,642 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2010/06/25 18:03:44 | 000,000,008 | RHS- | M] () -- C:\ProgramData\115661B6FE.sys
[2010/06/23 16:55:13 | 000,001,068 | ---- | M] () -- C:\Users\Julio Reguero\Desktop\Liberation Revolution.lnk
[2010/06/22 09:30:43 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/06/22 09:30:41 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/06/22 09:30:34 | 000,025,168 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\AVGIDSvx.sys
[2010/06/22 09:30:31 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/06/08 22:15:17 | 000,403,643 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100723-233807.backup
[2010/06/01 09:38:53 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/05/28 09:12:39 | 000,001,014 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Camera Monitor HD.lnk
[2010/05/28 09:12:39 | 000,001,005 | ---- | M] () -- C:\Users\Julio Reguero\Desktop\Everio MediaBrowser HD Edition.lnk
[2010/05/18 17:58:24 | 001,085,440 | ---- | M] (MPC-HC Team) -- C:\Windows\System32\VSFilter.dll
[2010/05/12 14:10:46 | 000,002,075 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/05/05 14:19:56 | 000,050,688 | ---- | M] () -- C:\Windows\System32\ff_acm.acm
[2010/04/30 19:08:29 | 000,000,834 | ---- | M] () -- C:\Users\Public\Desktop\Balsamiq Mockups.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/23 03:46:10 | 000,001,768 | ---- | C] () -- C:\Users\Julio Reguero\Desktop\Flickr Uploadr.lnk
[2010/07/19 13:06:22 | 3219,312,640 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/17 01:11:38 | 000,001,656 | ---- | C] () -- C:\Users\Julio Reguero\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Process Explorer.lnk
[2010/07/15 14:10:41 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2010/07/15 14:10:41 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2010/07/15 14:10:41 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2010/07/09 19:10:52 | 000,002,427 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Zenview Manager.lnk
[2010/06/25 23:51:46 | 000,001,000 | ---- | C] () -- C:\Users\Julio Reguero\Desktop\Adobe Premiere Elements 8 for Dummies.lnk
[2010/06/25 23:27:48 | 000,001,680 | ---- | C] () -- C:\Windows\System32\esnecil.nlp
[2010/06/25 23:27:48 | 000,001,680 | ---- | C] () -- C:\Windows\System32\esnecil.ind
[2010/06/25 23:27:39 | 000,000,040 | ---- | C] () -- C:\Windows\Crypkey.ini
[2010/06/25 23:26:45 | 000,028,518 | ---- | C] () -- C:\Windows\System32\Ckldrv.sys
[2010/06/25 23:26:45 | 000,027,648 | R--- | C] () -- C:\Windows\Setup_ck.exe
[2010/06/25 23:26:45 | 000,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll
[2010/06/25 23:26:45 | 000,011,776 | ---- | C] () -- C:\Windows\Ckrfresh.exe
[2010/06/25 19:18:39 | 000,000,000 | ---- | C] () -- C:\Windows\PhotoNow.INI
[2010/06/25 18:03:44 | 000,000,008 | RHS- | C] () -- C:\ProgramData\115661B6FE.sys
[2010/06/25 18:03:37 | 000,005,642 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/06/23 16:55:13 | 000,001,068 | ---- | C] () -- C:\Users\Julio Reguero\Desktop\Liberation Revolution.lnk
[2010/05/31 00:12:45 | 000,001,005 | ---- | C] () -- C:\Users\Julio Reguero\Desktop\Everio MediaBrowser HD Edition.lnk
[2010/05/28 03:23:30 | 000,001,014 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Camera Monitor HD.lnk
[2010/05/12 14:10:46 | 000,002,075 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/05/05 14:19:56 | 000,050,688 | ---- | C] () -- C:\Windows\System32\ff_acm.acm
[2010/02/18 15:32:46 | 000,000,072 | ---- | C] () -- C:\Windows\ANS2000.INI
[2010/02/18 15:32:46 | 000,000,020 | -H-- | C] () -- C:\Windows\akebook.ini
[2010/02/18 15:32:46 | 000,000,004 | -H-- | C] () -- C:\Windows\a3kebook.ini
[2009/10/02 08:26:06 | 000,667,648 | ---- | C] () -- C:\Windows\System32\FreeImage.dll
[2009/10/02 08:26:06 | 000,237,638 | ---- | C] () -- C:\Windows\System32\bahrurlib.dll
[2009/10/02 08:26:06 | 000,135,168 | ---- | C] () -- C:\Windows\System32\bahruriLIB.dll
[2009/08/16 10:08:36 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/08/05 20:52:43 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009/08/05 20:52:18 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2009/08/03 12:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/11/17 08:41:36 | 000,000,095 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2008/10/22 08:49:46 | 000,000,025 | ---- | C] () -- C:\Windows\SW_Win2146X32.DLL
[2008/10/22 08:48:09 | 000,002,549 | ---- | C] () -- C:\Windows\CD_SearchHistory.INI
[2008/10/22 08:42:18 | 000,024,576 | ---- | C] () -- C:\Windows\System32\setdllhostEnglishResourceDll.dll
[2008/09/01 13:07:58 | 000,509,208 | ---- | C] () -- C:\Windows\System32\ICCProfiles.dll
[2008/08/26 12:53:39 | 000,000,088 | RHS- | C] () -- C:\Windows\System32\115661B6FE.sys
[2008/08/26 12:43:27 | 000,002,672 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2008/07/21 00:01:41 | 000,000,037 | ---- | C] () -- C:\Windows\SWFConverter.INI
[2008/07/09 17:19:27 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2008/07/05 09:52:05 | 000,000,075 | ---- | C] () -- C:\Windows\cdplayer.ini
[2008/07/05 02:38:47 | 000,000,480 | ---- | C] () -- C:\Windows\my.ini
[2008/06/18 21:40:13 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/06/01 00:13:10 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2008/02/28 12:30:08 | 000,008,784 | ---- | C] () -- C:\Windows\System32\ractrlkeyhook.dll
[2007/12/07 13:18:32 | 000,532,480 | ---- | C] () -- C:\Windows\System32\INT14PPP.dll
[2007/12/07 13:18:32 | 000,061,440 | ---- | C] () -- C:\Windows\System32\UTL10PPP.dll
[2007/04/24 10:22:02 | 000,274,432 | ---- | C] () -- C:\Windows\System32\MFT_anet.dll
[2007/02/22 08:17:50 | 000,000,071 | ---- | C] () -- C:\Windows\pn.ini
[2007/02/22 08:17:50 | 000,000,051 | ---- | C] () -- C:\Windows\pr.ini
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2000/08/29 10:01:02 | 000,077,824 | ---- | C] () -- C:\Windows\System32\libbz2.dll

========== LOP Check ==========

[2009/05/17 20:50:03 | 000,000,000 | -HSD | M] -- C:\Users\Julio Reguero\AppData\Roaming\.#
[2010/04/18 19:53:38 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\3B
[2008/07/09 02:41:26 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\ACD Systems
[2009/12/12 18:31:06 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\Amazon
[2009/03/14 19:42:46 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\Aptana
[2010/07/07 17:49:21 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\AVG9
[2009/09/17 23:31:19 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\BalsamiqMockupsForDesktop.EDE15CF69E11F7F7D45B5430C7D37CC6C3545E3C.1
[2010/01/15 02:41:09 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\Canon
[2010/05/23 22:11:01 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/06/17 22:05:35 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\com.ebay.sandimas.public-beta.AA1EEF5552BF52051F68E7EAF27E23FA6449A65C.1
[2009/03/07 08:49:53 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\ComcastToolbar
[2009/06/17 07:26:49 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\Cropper
[2009/08/09 00:06:49 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\DriverCure
[2010/02/17 22:05:19 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\EbkReader
[2008/09/26 13:37:18 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\eBookPro6
[2009/09/17 23:42:39 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\Evolus
[2010/07/19 23:30:35 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\FileZilla
[2010/07/23 03:46:45 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\Flickr
[2009/10/02 08:47:59 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\gtk-2.0
[2010/06/10 19:49:52 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\Leadertech
[2010/06/18 03:02:47 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\muvee Technologies
[2010/07/20 13:23:50 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\MySQL
[2008/11/08 09:41:07 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\Nitro PDF
[2010/07/20 13:24:05 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\Offline Explorer
[2008/07/13 21:13:07 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\Opera
[2008/07/04 13:56:08 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\PacificPoker
[2010/04/18 19:28:57 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\SecondLife
[2008/11/18 18:27:23 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\SmartDraw
[2008/11/09 13:58:51 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\Smilebox
[2010/01/10 00:31:50 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\Software Informer
[2008/11/17 02:33:40 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\Subversion
[2009/10/06 20:43:28 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\syntevo
[2010/06/25 18:01:51 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\Ulead Systems
[2009/08/07 09:19:35 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\Uniblue
[2010/06/25 21:20:46 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\uTorrent
[2010/06/06 00:16:37 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\VistaCodecs
[2008/07/28 17:13:14 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\Webview
[2009/04/19 19:14:16 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\Windows Live Writer
[2010/07/23 09:39:15 | 000,032,642 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/07/23 15:42:17 | 000,000,480 | ---- | M] () -- C:\Windows\Tasks\SDMsgUpdate (SD).job
[2010/07/24 00:19:09 | 000,000,438 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{8046DC5F-4FFC-48C2-9711-C770DBDA2FE8}.job

========== Purity Check ==========



========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2008/07/04 00:37:48 | 000,421,888 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\System32\ATIDEMGX.dll
[2009/03/08 04:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009/03/08 04:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2008/01/20 19:34:26 | 000,242,744 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2008/01/20 19:34:22 | 000,225,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll

< %systemroot%\system32\*.sys /90 >
[2010/05/01 06:53:49 | 002,036,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/01/20 20:31:11 | 015,716,352 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 20:31:01 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 20:31:12 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 03:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 03:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %SYSTEMDRIVE%\*.* >
[2006/09/18 14:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2008/01/20 19:34:29 | 000,333,203 | RHS- | M] () -- C:\bootmgr
[2006/09/18 14:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2008/06/18 21:40:23 | 000,004,503 | RH-- | M] () -- C:\dell.sdr
[2010/07/23 15:29:27 | 3219,312,640 | -HS- | M] () -- C:\hiberfil.sys
[2009/01/15 12:32:32 | 000,000,999 | ---- | M] () -- C:\net_save.dna
[2010/07/23 15:29:25 | 3533,127,680 | -HS- | M] () -- C:\pagefile.sys
[2008/07/01 05:02:55 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2008/07/01 05:02:55 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/03/31 22:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNMPD9F.DLL
[2008/03/31 22:00:00 | 000,069,632 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNMPP9F.DLL
[2008/10/18 09:26:33 | 000,047,416 | ---- | M] (LogMeIn, Inc.) -- C:\Windows\System32\spool\prtprocs\w32x86\LMIproc.dll
[2006/10/26 16:58:12 | 000,030,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\mdippr.dll
[2006/10/26 16:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\*. /mp /s >


< MD5 for: AGP440.SYS >
[2008/01/20 19:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008/01/20 19:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008/01/20 19:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008/01/20 19:32:22 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006/11/02 02:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/10 23:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008/01/20 19:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008/01/20 19:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008/01/20 19:32:21 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006/11/02 02:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2006/11/02 02:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006/11/02 02:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: EVENTLOG.DLL >
[2008/06/06 14:03:52 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll

< MD5 for: IASTOR.SYS >
[2007/05/14 02:08:48 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Drivers\storage\R154092\iastor.sys
[2007/05/14 02:08:48 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\drivers\iaStor.sys
[2007/05/14 02:08:48 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_3a63e5a6\iaStor.sys
[2007/05/14 02:08:48 | 000,304,920 | ---- | M] (Intel Corporation) MD5=997E8F5939F2D12CD9F2E6B395724C16 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_5f6e7be5\iaStor.sys

< MD5 for: IASTORV.SYS >
[2008/01/20 19:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008/01/20 19:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008/01/20 19:32:49 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006/11/02 02:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/04/10 23:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008/01/20 19:33:41 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008/01/20 19:33:41 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2006/11/02 02:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008/01/20 19:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008/01/20 19:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008/01/20 19:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: SCECLI.DLL >
[2008/01/20 19:34:39 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008/01/20 19:34:39 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009/04/10 23:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< MD5 for: USER32.DLL >
[2009/04/10 23:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2008/01/20 19:34:02 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2008/01/20 19:34:02 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll

< MD5 for: WS2_32.DLL >
[2008/01/20 19:34:36 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll
[2008/01/20 19:34:36 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.0.6001.18000_none_f2b7b0c2ce5605c4\ws2_32.dll

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

========== Files - Unicode (All) ==========
[2010/07/03 11:54:29 | 000,000,000 | ---D | M](C:\Windows\System32\?A?A?A?A) -- C:\Windows\System32\ĀĀĀĀ
[2010/07/03 11:54:29 | 000,000,000 | ---D | C](C:\Windows\System32\?A?A?A?A) -- C:\Windows\System32\ĀĀĀĀ

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 201 bytes -> C:\ProgramData\TEMP:E6F9610D
@Alternate Data Stream - 196 bytes -> C:\ProgramData\TEMP:832A886A
@Alternate Data Stream - 194 bytes -> C:\ProgramData\TEMP:867C1254
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:D4810DBE
< End of report >


EDIT: extract OTL log for analysis

Attached Files


Edited by etavares, 24 July 2010 - 10:12 AM.


#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:29 AM

Posted 24 July 2010 - 10:34 AM

Hello, .

First, you should have multiple instances of iexplore.exe. You should have one iexplore.exe for each tab; plus one for the main window. So, that's normal and good.

Next, you're NOT connecting to 007guard.com. That's the good news. It's just a poorly written HOSTS file...
QUOTE
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com


This redirects 007guard.com back to your computer if it was called...e.g. no connection. However, since the first line isn't 127.0.0.1 localhost, instead of saying 'localhost', it's picking up www.007guard.com. We can change it if you care, but it's only the display name. E.g. anything that goes to localhost displays as www.007guard.com. Let me know if you want instructions to change it.

Now...the other issues you mention are more concerning.


P2P Warning and Request
The log shows that you have been using so called peer-to-peer or file-sharing programmes (in your case uTorrent). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come a long way and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of their malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. I recommend that you uninstall this program. That is optional, however. If you decide to not uninstall, please refrain from using it until I let you know your computer is clean.
Online Poker Warning
Your logs show that you have online poker programs installed on your computer. I know that you may use these (this) game(s) on a regular basis but I think it's important to note that often these kind of programmes are installed with other unwanted software, namely spyware or adware. Due to this I strongly suggest that you uninstall these programmes if you do not use them anymore or did not install these programmes yourself on purpose. There are so many online poker games out there these days that it is close to impossible to keep track of whether a programme is infected or not. Should you have installed this online poker game on purpose and wish to continue using this, you may ignore this. Should you decide to uninstall the programme, then you can do so by following the below steps:

You can remove this via Add/Remove programs.











Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

etavares

EDIT: BBcode tag

Edited by etavares, 24 July 2010 - 10:34 AM.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#5 Tonyto

Tonyto
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 24 July 2010 - 09:51 PM

Hi and thanks for your prompt response.

- The Hosts file is working correctly now, so this can be ruled out.

- I'm following your recommendations and I uninstall some of the poker software from my computer since I only use two of them once in a while. I'm a casual online poker player, even though I have installed several poker programs and tools.

- I'm keeping uTorrent but I'm going to be more careful with the the torrents I choose. It's true that uTorrent could pose a threat and my system can get compromised as it will try to exploit vulnerabilities on it.

- Below the MBAM Log

========================================================================================================================================

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4345

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18928

7/24/2010 7:49:26 PM
mbam-log-2010-07-24 (19-49-26).txt

Scan type: Quick scan
Objects scanned: 155500
Time elapsed: 13 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

========================================================================================================================================

Regards,

Julio

#6 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:29 AM

Posted 25 July 2010 - 06:19 AM

Hello, Tonyto.


Step 1

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the Browse button and navigate to the following file and click Submit.

C:\Program Files\SmartSVN 6\bin\statuscached.exe

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/



Step 2

Install ERUNT
This tool will create a complete backup of your registry. After every reboot, a new backup is created to ensure we have a safety net after each step. Do not delete these backups until we are finished.
  • Please download erunt-setup.exe to your desktop.
  • Double click erunt-setup.exe. Follow the prompts and allow ERUNT to be installed with the settings at default. If you do not want a Desktop icon, feel free to uncheck that. When asked if you want to create an ERUNT entry in the startup folder, answer Yes. You can delete the installation file after use.
  • Erunt will open when the installation is finished. Check all items to be backed up in the default location and click OK.

The automatic part won't work with Vista or W7. Please backup manually using ERUNT with the following instructions:
  1. Please locate the ERUNT icon on the desktop. If it is not there, click Start and type ERUNT into the search box.
  2. Right click the ERUNT icon in the desktop or the Start menu, and select Run as Administrator
  3. Click OK at the first message box.
  4. Ensure the checkboxes for both "system registry" and "current user registry" are checked. Leave the default save location in there.
  5. Click OK.
  6. Click Yes to create the new folder.
  7. You'll get a window saying "registry backup complete" once it's done. Click OK. If you get an error message, please STOP here and let me know. Do not proceed with any additional instructions until you check back with me.



Step 3

We need run an OTL Script
  1. Please download OTL from one of the following mirrors if you do not still have it.
    • This is first Mirror
    • [urhttp://www.itxassociates.com/OT-Tools/OTL.exe]This is the second mirror[/url]
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Paste the following code under the Custom Scans/Fixes box at the bottom. Do not include the word "Code".
    CODE
    :OTL
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
    IE - HKU\S-1-5-21-3610672647-2412968442-863455602-1000\..\URLSearchHook: CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
    IE - HKU\S-1-5-21-3610672647-2412968442-863455602-1000\..\URLSearchHook: EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
    IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [POEngine] File not found
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files\VistaCodecPack\rm\Update_OB\realsched.exe File not found
    O4 - HKU\S-1-5-21-3610672647-2412968442-863455602-1000..\Run: [fsm] File not found
    O4 - HKU\S-1-5-21-3610672647-2412968442-863455602-1000..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1100465 -Mozilla\4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident\4.0; GTB6.4; 3B\3.11; File not found
    O16 - DPF: {E9790C6C-DCAA-4E4F-8048-FFEC3B62DFED} http://216.32.89.203/activex/vogweb29.cab (VOGWeb2 Class)
    [2010/07/03 11:54:29 | 000,000,000 | ---D | M](C:\Windows\System32\?A?A?A?A) -- C:\Windows\System32\ĀĀĀĀ
    [2010/07/03 11:54:29 | 000,000,000 | ---D | C](C:\Windows\System32\?A?A?A?A) -- C:\Windows\System32\ĀĀĀĀ
    @Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:DFC5A2B2
    @Alternate Data Stream - 201 bytes -> C:\ProgramData\TEMP:E6F9610D
    @Alternate Data Stream - 196 bytes -> C:\ProgramData\TEMP:832A886A
    @Alternate Data Stream - 194 bytes -> C:\ProgramData\TEMP:867C1254
    @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:D1B5B4F1
    @Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:D4810DBE
    :Commands
    [EmptyTemp]
  5. Click the Run Fix button at the top.
  6. let the program run unhindered and reboot when it is done.
  7. You will get a log when it is done, please post that in your reply.
  8. Please then create a new OTL report....
  9. Click the "Scan All Users" checkbox.
  10. Push the button.
  11. A report will open, copy and paste it in a reply here.



Step 4

I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#7 Tonyto

Tonyto
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 27 July 2010 - 08:17 PM

Hi etavares, you can see the results of the different steps below.

Thanks!

Step 1: Jotti's malware scan

This file has been scanned before. The results for this previous scan are listed below.
--------------------------------------------------------------------------------

Filename: statuscached.exe
Status: Scan finished. 0 out of 21 scanners reported malware.
Scan taken on: Thu 29 Oct 2009 18:45:50

--------------------------------------------------------------------------------
Additional info

File size: 215040 bytes
Filetype: PE32 executable for MS Windows (console) Intel 80386
MD5: b766cb2503c9192c4518a19f3f50072c
SHA1: 7f750dda310711b2274b3d9b65ed9096a55165e6
Packer (Drweb): ZLIB

--------------------------------------------------------------------------------
Scanners used

2009-10-29 Found nothing 2009-10-29 Found nothing
2009-10-29 Found nothing 2009-10-29 Found nothing
2009-10-29 Found nothing 2009-10-29 Found nothing
2009-10-29 Found nothing 2009-10-29 Found nothing
2009-10-29 Found nothing 2009-10-28 Found nothing
2009-10-29 Found nothing 2009-10-29 Found nothing
2009-10-29 Found nothing 2009-10-29 Found nothing
2009-10-29 Found nothing 2009-10-28 Found nothing
2009-10-29 Found nothing 2009-10-29 Found nothing
2009-10-29 Found nothing



Step 2: Install ERUNT

Successfully completed!



Step 3: OTL

i) OTL Fix Log

All processes killed
========== OTL ==========
Service NwlnkFwd stopped successfully!
Service NwlnkFwd deleted successfully!
File C:\Windows\System32\DRIVERS\nwlnkfwd.sys not found.
Service NwlnkFlt stopped successfully!
Service NwlnkFlt deleted successfully!
File C:\Windows\System32\DRIVERS\nwlnkflt.sys not found.
Service IpInIp stopped successfully!
Service IpInIp deleted successfully!
File C:\Windows\System32\DRIVERS\ipinip.sys not found.
Registry value HKEY_USERS\S-1-5-21-3610672647-2412968442-863455602-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\CFBFAE00-17A6-11D0-99CB-00C04FD64497} deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3610672647-2412968442-863455602-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\POEngine deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\TkBellExe not found.
Registry value HKEY_USERS\S-1-5-21-3610672647-2412968442-863455602-1000\Software\Microsoft\Windows\CurrentVersion\Run\\fsm deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3610672647-2412968442-863455602-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Shockwave Updater deleted successfully.
Starting removal of ActiveX control {E9790C6C-DCAA-4E4F-8048-FFEC3B62DFED}
C:\Windows\Downloaded Program Files\vogweb2.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E9790C6C-DCAA-4E4F-8048-FFEC3B62DFED}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E9790C6C-DCAA-4E4F-8048-FFEC3B62DFED}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E9790C6C-DCAA-4E4F-8048-FFEC3B62DFED}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E9790C6C-DCAA-4E4F-8048-FFEC3B62DFED}\ not found.
C:\Windows\System32\ĀĀĀĀ folder moved successfully.
Folder C:\Windows\System32\ĀĀĀĀ\ not found.
ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
ADS C:\ProgramData\TEMP:E6F9610D deleted successfully.
ADS C:\ProgramData\TEMP:832A886A deleted successfully.
ADS C:\ProgramData\TEMP:867C1254 deleted successfully.
ADS C:\ProgramData\TEMP:D1B5B4F1 deleted successfully.
ADS C:\ProgramData\TEMP:D4810DBE deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: jreguero

User: Julio Reguero
->Temp folder emptied: 54827036 bytes
->Temporary Internet Files folder emptied: 101480998 bytes
->Java cache emptied: 123905939 bytes
->FireFox cache emptied: 58322332 bytes
->Google Chrome cache emptied: 9272454 bytes
->Apple Safari cache emptied: 20816896 bytes
->Flash cache emptied: 548375 bytes

User: PostgreSQL
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 66157 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1948435 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 354.00 mb


OTL by OldTimer - Version 3.2.9.1 log created on 07272010_155303

Files\Folders moved on Reboot...
File\Folder C:\Users\Julio Reguero\AppData\Local\Temp\~DFBBC6.tmp not found!
File\Folder C:\Users\Julio Reguero\AppData\Local\Temp\~DFBCD7.tmp not found!
File\Folder C:\Users\Julio Reguero\AppData\Local\Temp\~DFF860.tmp not found!
File\Folder C:\Users\Julio Reguero\AppData\Local\Temp\~DFF8CA.tmp not found!
C:\Users\Julio Reguero\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.
C:\Users\Julio Reguero\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HJRIUNVW\index[3].htm moved successfully.
C:\Users\Julio Reguero\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9839UB75\index[5].htm moved successfully.
C:\Users\Julio Reguero\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.
File\Folder C:\Windows\temp\hsperfdata_CHRONOS$\4804 not found!
C:\Windows\temp\e4j4910.tmp_dir15796\exe4jlib.jar moved successfully.
File move failed. C:\Windows\temp\Amazon Digital Video\Servicelog.adv scheduled to be moved on reboot.
File\Folder C:\Windows\temp\ib2403.tmp not found!
File\Folder C:\Windows\temp\ib2404.tmp not found!
File\Folder C:\Windows\temp\ib2405.tmp not found!
File\Folder C:\Windows\temp\ib2416.tmp not found!
File\Folder C:\Windows\temp\ib254F.tmp not found!
C:\Windows\temp\jna3800121460530100554.tmp moved successfully.

Registry entries deleted on Reboot...


ii) OTL Scan Report

OTL logfile created on: 7/27/2010 5:38:18 PM - Run 2
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Users\Julio Reguero\Desktop
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 50.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.77 Gb Total Space | 70.03 Gb Free Space | 31.43% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.79 Gb Free Space | 67.94% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 232.88 Gb Total Space | 130.11 Gb Free Space | 55.87% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: CHRONOS
Current User Name: Julio Reguero
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/07/24 00:13:53 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Julio Reguero\Desktop\OTL.exe
PRC - [2010/06/22 09:30:45 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/06/22 09:30:41 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/06/22 09:30:41 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/06/22 09:30:38 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/06/22 09:30:33 | 005,897,808 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/06/22 09:30:33 | 000,596,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2010/06/22 09:30:31 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/06/22 09:30:30 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/06/22 09:30:29 | 000,842,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe
PRC - [2010/06/15 13:13:08 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe
PRC - [2010/05/17 17:03:14 | 000,105,632 | ---- | M] (Corel) -- C:\Program Files\Common Files\Corel\Standby\Standby.exe
PRC - [2010/04/12 17:29:25 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
PRC - [2009/10/16 18:42:54 | 000,904,840 | ---- | M] (Acronis) -- C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
PRC - [2009/10/16 18:39:32 | 000,136,544 | ---- | M] (Seagate) -- C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
PRC - [2009/10/16 18:39:28 | 000,431,456 | ---- | M] (Seagate) -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
PRC - [2009/10/16 18:37:22 | 001,325,936 | ---- | M] (Seagate) -- C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
PRC - [2009/10/01 11:27:22 | 000,215,040 | ---- | M] () -- C:\Program Files\SmartSVN 6\bin\statuscached.exe
PRC - [2009/08/14 07:16:55 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TCPSVCS.EXE
PRC - [2009/07/24 16:05:24 | 000,139,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2009/07/21 17:25:42 | 000,541,976 | ---- | M] (PIXELA CORPORATION) -- C:\Program Files\PIXELA\Everio MediaBrowser HD Edition\MBCameraMonitor.exe
PRC - [2009/05/21 12:13:58 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/05/19 08:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/04/28 23:07:34 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/03/30 13:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009/03/30 13:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/03/05 13:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot\Spybot\TeaTimer.exe
PRC - [2009/01/26 13:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot\Spybot\SDWinSec.exe
PRC - [2008/12/12 15:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/12/12 15:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/12/08 09:38:10 | 001,027,072 | ---- | M] () -- C:\Program Files\MySQL\MySQL Tools for 5.0\MySQLSystemTrayMonitor.exe
PRC - [2008/12/03 11:00:22 | 000,323,840 | ---- | M] (Matrox Graphics Inc.) -- C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.Pdesk.ServicesHost.exe
PRC - [2008/11/24 23:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008/11/24 23:31:10 | 029,263,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
PRC - [2008/11/24 23:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
PRC - [2008/11/13 12:43:49 | 000,204,800 | ---- | M] () -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
PRC - [2008/10/28 23:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/09/10 20:37:36 | 000,024,576 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2008/08/13 21:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/06/18 17:58:39 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/05/28 06:52:10 | 003,522,600 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Program Files\Process Explorer\procexp.exe
PRC - [2008/04/24 10:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
PRC - [2008/03/03 18:06:00 | 001,848,648 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2008/02/26 07:57:28 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2008/01/20 19:35:03 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetsrv\inetinfo.exe
PRC - [2007/10/22 12:33:14 | 000,856,064 | ---- | M] () -- C:\Program Files\GEEK SQUAD UPS\ppped.exe
PRC - [2007/10/22 12:31:14 | 000,323,584 | ---- | M] () -- C:\Program Files\GEEK SQUAD UPS\pppeuser.exe
PRC - [2007/08/30 08:50:42 | 000,205,480 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007/07/19 19:20:14 | 000,098,304 | ---- | M] (Apache Software Foundation) -- C:\Tomcat6.0\bin\tomcat6w.exe
PRC - [2007/06/22 10:22:56 | 000,095,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
PRC - [2007/06/05 10:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe
PRC - [2007/05/14 02:03:20 | 004,452,352 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2003/11/26 14:44:19 | 000,061,440 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\Windows\System32\Crypserv.exe


========== Modules (SafeList) ==========

MOD - [2010/07/24 00:13:53 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Julio Reguero\Desktop\OTL.exe
MOD - [2010/06/22 09:30:41 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
MOD - [2008/01/20 19:34:30 | 002,085,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msi.dll
MOD - [2008/01/20 19:34:21 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2008/01/20 19:33:14 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll
MOD - [2006/11/02 02:46:07 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msiltcfg.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (McAfeeFramework)
SRV - [2010/06/25 21:05:05 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/06/25 15:34:49 | 000,064,328 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3001.dll -- (nosGetPlusHelper) getPlus®
SRV - [2010/06/23 20:53:21 | 002,561,624 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\rswin_3725.dll -- (Akamai)
SRV - [2010/06/22 09:30:38 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/06/22 09:30:33 | 005,897,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/03/29 08:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/16 18:39:28 | 000,431,456 | ---- | M] (Seagate) [Auto | Running] -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe -- (SgtSch2Svc)
SRV - [2009/10/01 11:27:22 | 000,215,040 | ---- | M] () [Auto | Running] -- C:\Program Files\SmartSVN 6\bin\statuscached.exe -- (statuscached)
SRV - [2009/09/03 12:41:06 | 000,025,704 | R--- | M] (Amazon.com) [Auto | Stopped] -- C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe -- (ADVService)
SRV - [2009/08/14 07:16:55 | 000,009,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\TCPSVCS.EXE -- (simptcp)
SRV - [2009/08/05 23:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/07/24 16:05:24 | 000,139,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2009/05/19 08:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/04/28 23:07:34 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/03/30 13:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/01/26 13:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot\Spybot\SDWinSec.exe -- (SBSDWSCService)
SRV - [2009/01/08 10:38:46 | 004,136,960 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe -- (WiselinkPro)
SRV - [2008/12/12 15:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008/12/03 11:00:22 | 000,323,840 | ---- | M] (Matrox Graphics Inc.) [Auto | Running] -- C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.Pdesk.ServicesHost.exe -- (Matrox.Pdesk.ServicesHost)
SRV - [2008/11/24 23:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/11/24 23:31:10 | 029,263,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQLSERVER) SQL Server (MSSQLSERVER)
SRV - [2008/11/24 23:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008/11/24 23:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008/11/13 12:43:49 | 000,204,800 | ---- | M] () [Auto | Running] -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater)
SRV - [2008/10/18 09:26:55 | 000,116,032 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2008/09/10 20:37:36 | 000,024,576 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2008/08/13 21:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/08/08 19:10:46 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2008/04/24 10:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)
SRV - [2008/02/28 12:31:50 | 000,063,040 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2008/02/13 12:07:30 | 004,653,056 | ---- | M] () [On_Demand | Stopped] -- C:/xampp/mysql/bin/mysqld.exe -- (MySql)
SRV - [2008/02/01 09:55:56 | 000,948,616 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2008/02/01 09:55:54 | 000,747,912 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2008/02/01 01:02:26 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) [On_Demand | Stopped] -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe -- (pgsql-8.3)
SRV - [2008/01/20 19:35:03 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2008/01/20 19:34:59 | 000,371,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2008/01/20 19:34:59 | 000,371,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2008/01/20 19:34:59 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2008/01/20 19:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/17 16:37:26 | 000,024,635 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- c:\xampp\apache\bin\apache.exe -- (Apache2.2)
SRV - [2007/12/25 14:25:50 | 000,586,240 | ---- | M] (FileZilla Project) [On_Demand | Stopped] -- C:\Program Files\FileZilla Server\FileZilla server.exe -- (FileZilla Server)
SRV - [2007/10/22 12:33:14 | 000,856,064 | ---- | M] () [Auto | Running] -- C:\Program Files\GEEK SQUAD UPS\ppped.exe -- (ppped)
SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/07/19 19:20:14 | 000,057,344 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- C:\Tomcat6.0\bin\tomcat6.exe -- (Tomcat6)
SRV - [2007/06/22 10:22:56 | 000,095,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe -- (msftesql) SQL Server FullText Search (MSSQLSERVER)
SRV - [2007/06/05 10:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2003/11/26 14:44:19 | 000,061,440 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\Windows\System32\Crypserv.exe -- (Crypkey License)


========== Driver Services (SafeList) ==========

DRV - [2010/06/22 09:30:43 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/06/22 09:30:34 | 000,122,448 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSDriver.sys -- (AVGIDSDrivervtx)
DRV - [2010/06/22 09:30:34 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSFilter.sys -- (AVGIDSFiltervtx)
DRV - [2010/06/22 09:30:34 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSShim.sys -- (AVGIDSShimvtx)
DRV - [2010/06/22 09:30:34 | 000,025,168 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\AVGIDSvx.sys -- (AVGIDSErHrvtx)
DRV - [2010/06/22 09:30:31 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/10 19:30:38 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2010/06/10 19:30:38 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\System32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2010/06/10 19:30:27 | 000,132,224 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2010/06/10 19:30:23 | 000,368,480 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tdrpman.sys -- (tdrpman)
DRV - [2010/06/01 09:38:53 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/04 10:32:44 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2009/08/05 23:48:42 | 000,054,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV - [2009/07/24 20:28:50 | 000,030,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2009/05/08 22:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2008/12/12 15:05:18 | 000,026,416 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\purendis.sys -- (purendis)
DRV - [2008/12/12 15:05:18 | 000,024,880 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/11/14 02:11:30 | 000,017,184 | ---- | M] (Realtime Soft Ltd) [Kernel | Auto | Running] -- C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys -- (UltraMonUtility)
DRV - [2008/10/18 09:26:33 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2008/10/18 09:26:33 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/07/04 03:35:40 | 003,847,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2008/07/04 03:35:40 | 003,847,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/06/01 00:13:10 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (npf)
DRV - [2008/02/28 12:31:52 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2008/02/01 09:55:52 | 000,042,376 | ---- | M] (PCTools Research Pty Ltd.) [File_System | On_Demand | Stopped] -- C:\Windows\system32\drivers\ikfilesec.sys -- (IKFileSec)
DRV - [2008/01/20 19:32:53 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 19:32:53 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 19:32:52 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 19:32:52 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 19:32:52 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 19:32:52 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 19:32:52 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hidbatt.sys -- (HidBatt)
DRV - [2008/01/20 19:32:51 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 19:32:51 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 19:32:50 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 19:32:50 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/20 19:32:50 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 19:32:49 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 19:32:49 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 19:32:49 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 19:32:49 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 19:32:49 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 19:32:48 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 19:32:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 19:32:47 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 19:32:47 | 000,073,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/01/20 19:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 19:32:46 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 19:32:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 19:32:21 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 19:32:21 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 19:32:21 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/12/14 15:16:34 | 000,570,880 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2007/12/10 11:53:28 | 000,081,288 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iksyssec.sys -- (IKSysSec)
DRV - [2007/12/10 11:53:28 | 000,066,952 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iksysflt.sys -- (IKSysFlt)
DRV - [2007/05/21 04:35:14 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2007/05/14 02:08:48 | 000,304,920 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2007/05/14 02:03:22 | 001,773,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/11/02 02:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 02:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 02:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 02:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 02:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 02:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 02:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 02:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 02:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 02:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 02:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 01:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 01:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 01:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 01:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 01:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 01:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 00:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2003/07/28 23:18:32 | 000,028,518 | ---- | M] () [Kernel | System | Running] -- C:\Windows\system32\ckldrv.sys -- (NetworkX)
DRV - [2003/03/06 04:00:00 | 000,084,448 | ---- | M] (Network Associates, Inc.) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\naiavf5x.sys -- (NaiAvFilter1)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3610672647-2412968442-863455602-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://partnerpage.google.com/smallbiz.del...amp;ibd=0080619
IE - HKU\S-1-5-21-3610672647-2412968442-863455602-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3610672647-2412968442-863455602-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-3610672647-2412968442-863455602-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3610672647-2412968442-863455602-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3610672647-2412968442-863455602-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKU\S-1-5-21-3610672647-2412968442-863455602-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-3610672647-2412968442-863455602-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3610672647-2412968442-863455602-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1
*.local;*.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.845
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.0.36949
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4
FF - prefs.js..extensions.enabledItems: FirePHPExtension-Build@firephp.org:0.4.3
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.0.7
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:3.3.3
FF - prefs.js..extensions.enabledItems: jsonview@brh.numbera.com:0.4
FF - prefs.js..extensions.enabledItems: librarydetector@paulbakaus.com:1.0.3
FF - prefs.js..extensions.enabledItems: multipletab@piro.sakura.ne.jp:0.5.2010070301
FF - prefs.js..extensions.enabledItems: pencil@evolus.vn:1.0.6
FF - prefs.js..extensions.enabledItems: seo@profesional:1.0.0
FF - prefs.js..extensions.enabledItems: {FCAB6FDD-5585-425b-95C1-5ED856F3FD08}:5.7
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.9
FF - prefs.js..extensions.enabledItems: validator@totalvalidator.com:6.5.0
FF - prefs.js..extensions.enabledItems: {68836a21-fc7d-4ea1-a065-7efabd99d414}:3.01
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: amznUWL@amazon.com:1.1
FF - prefs.js..extensions.enabledItems: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.1.072

FF - HKLM\software\mozilla\3B\Extensions\\Plugins: C:\Program Files\3B\3B Browser\plugins [2010/07/03 12:22:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\3B\Extensions\\Components: C:\Program Files\3B\3B Browser\components [2010/04/18 19:45:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/07/21 08:21:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/04/24 13:34:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/08 17:14:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/08 18:02:38 | 000,000,000 | ---D | M]

[2010/07/23 03:46:47 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\Mozilla\Extensions
[2009/09/17 23:43:11 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\Mozilla\Extensions\pencil@evolus.vn
[2010/07/23 03:46:47 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\Mozilla\Extensions\uploadr@flickr.com
[2010/07/24 14:39:14 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\Mozilla\Firefox\Profiles\cixpmfwk.default\extensions
[2010/07/24 14:32:33 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Julio Reguero\AppData\Roaming\Mozilla\Firefox\Profiles\cixpmfwk.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010/04/29 20:21:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Julio Reguero\AppData\Roaming\Mozilla\Firefox\Profiles\cixpmfwk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/24 14:38:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Julio Reguero\AppData\Roaming\Mozilla\Firefox\Profiles\cixpmfwk.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2010/06/29 12:28:58 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Julio Reguero\AppData\Roaming\Mozilla\Firefox\Profiles\cixpmfwk.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/06/10 02:59:46 | 000,000,000 | ---D | M] (Stylish) -- C:\Users\Julio Reguero\AppData\Roaming\Mozilla\Firefox\Profiles\cixpmfwk.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2010/03/15 01:48:12 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Julio Reguero\AppData\Roaming\Mozilla\Firefox\Profiles\cixpmfwk.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/03/15 19:21:12 | 000,000,000 | ---D | M] (View Source Chart) -- C:\Users\Julio Reguero\AppData\Roaming\Mozilla\Firefox\Profiles\cixpmfwk.default\extensions\{68836a21-fc7d-4ea1-a065-7efabd99d414}
[2009/10/07 11:55:44 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\Julio Reguero\AppData\Roaming\Mozilla\Firefox\Profiles\cixpmfwk.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2010/01/14 01:50:18 | 000,000,000 | ---D | M] (ImTranslator) -- C:\Users\Julio Reguero\AppData\Roaming\Mozilla\Firefox\Profiles\cixpmfwk.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
[2009/10/07 11:55:56 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\Julio Reguero\AppData\Roaming\Mozilla\Firefox\Profiles\cixpmfwk.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2010/04/29 20:21:32 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Julio Reguero\AppData\Roaming\Mozilla\Firefox\Profiles\cixpmfwk.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/02/21 01:13:58 | 000,000,000 | ---D | M] (Sothink Web Video Downloader for Firefox) -- C:\Users\Julio Reguero\AppData\Roaming\Mozilla\Firefox\Profiles\cixpmfwk.default\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}
[2010/06/18 16:24:01 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\Mozilla\Firefox\Profiles\cixpmfwk.default\extensions\amznUWL@amazon.com
[2010/01/13 20:50:24 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\Mozilla\Firefox\Profiles\cixpmfwk.default\extensions\anycolor.pavlos256@gmail.com
[2010/06/10 02:59:24 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\Mozilla\Firefox\Profiles\cixpmfwk.default\extensions\firebug@software.joehewitt.com
[2010/01/29 13:39:50 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\Mozilla\Firefox\Profiles\cixpmfwk.default\extensions\FirePHPExtension-Build@firephp.org
[2010/01/14 01:44:40 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\Mozilla\Firefox\Profiles\cixpmfwk.default\extensions\jsonview@brh.numbera.com
[2010/06/10 02:59:47 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\Mozilla\Firefox\Profiles\cixpmfwk.default\extensions\librarydetector@paulbakaus.com
[2010/07/24 14:32:33 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\Mozilla\Firefox\Profiles\cixpmfwk.default\extensions\multipletab@piro.sakura.ne.jp
[2009/09/17 23:38:18 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\Mozilla\Firefox\Profiles\cixpmfwk.default\extensions\pencil@evolus.vn
[2010/07/24 14:32:19 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\Mozilla\Firefox\Profiles\cixpmfwk.default\extensions\piclens@cooliris.com
[2010/07/24 14:32:19 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\Mozilla\Firefox\Profiles\cixpmfwk.default\extensions\piclens@cooliris.com-trash
[2010/01/30 18:55:39 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\Mozilla\Firefox\Profiles\cixpmfwk.default\extensions\seo@profesional
[2010/06/10 02:59:47 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\Mozilla\Firefox\Profiles\cixpmfwk.default\extensions\validator@totalvalidator.com
[2010/01/29 13:39:50 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\Mozilla\Firefox\Profiles\cixpmfwk.default\extensions\FirePHPExtension-Build@firephp.org\__MACOSX
[2010/01/29 13:39:50 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\Mozilla\Firefox\Profiles\cixpmfwk.default\extensions\FirePHPExtension-Build@firephp.org\chrome
[2010/01/29 13:39:50 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\Mozilla\Firefox\Profiles\cixpmfwk.default\extensions\FirePHPExtension-Build@firephp.org\defaults
[2008/07/28 17:13:19 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\Mozilla\Webview\Profiles\3y2r9pz8.default\extensions
[2010/07/20 12:48:40 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/25 22:35:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/12/19 05:57:38 | 000,310,272 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
[2007/03/09 16:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
[2010/06/25 15:34:49 | 000,031,920 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\np_IEGetPlugin.dll

O1 HOSTS File: ([2010/07/24 13:01:42 | 000,414,748 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14323 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Comcast Toolbar) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\Program Files\ComcastToolbar\comcasttoolbar.dll (Comcast Cable Communications. )
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot\Spybot\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O2 - BHO: (no name) - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\cooliris.dll (Cooliris Inc.)
O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\5.0.375.125\npchrome_frame.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Comcast Toolbar) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\Program Files\ComcastToolbar\comcasttoolbar.dll (Comcast Cable Communications. )
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-3610672647-2412968442-863455602-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-3610672647-2412968442-863455602-1000\..\Toolbar\WebBrowser: (Comcast Toolbar) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\Program Files\ComcastToolbar\comcasttoolbar.dll (Comcast Cable Communications. )
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [ApacheTomcatMonitor] C:\Tomcat6.0\bin\tomcat6w.exe (Apache Software Foundation)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [CarboniteSetupLite] C:\Program Files\Carbonite\CarbonitePreinstaller.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe (Seagate)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Matrox PowerDesk SE] C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe (Matrox Graphics Inc.)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corp.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Seagate Scheduler2 Service] C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe (Seagate)
O4 - HKLM..\Run: [Standby] c:\Program Files\Common Files\Corel\Standby\Standby.exe (Corel)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3610672647-2412968442-863455602-1000..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKU\S-1-5-21-3610672647-2412968442-863455602-1000..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKU\S-1-5-21-3610672647-2412968442-863455602-1000..\Run: [PowerPanel Personal Edition User Interaction] C:\Program Files\GEEK SQUAD UPS\pppeuser.exe ()
O4 - HKU\S-1-5-21-3610672647-2412968442-863455602-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot\Spybot\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-3610672647-2412968442-863455602-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Users\Julio Reguero\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\Julio Reguero\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Process Explorer.lnk = C:\Program Files\Process Explorer\procexp.exe (Sysinternals - www.sysinternals.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: + Offline &Explorer: Download the link - C:\Program Files\Offline Explorer Pro\Add_UrlO.htm ()
O8 - Extra context menu item: + Offline E&xplorer: Download the current page - C:\Program Files\Offline Explorer Pro\Add_AllO.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xportar a Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\cooliris.dll (Cooliris Inc.)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Online Poker Rooms\PartyPoker\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Online Poker Rooms\PartyPoker\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot\Spybot\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Online Poker Rooms\Bodog Poker\BPGame.exe (Bodog)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3610672647-2412968442-863455602-1000\..Trusted Domains: orkut.com ([www] http in Trusted sites)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.google.com/s/v/60.08/uploader2.cab (UploadListView Class)
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} http://picasaweb.google.com/s/v/33.06/uploader2.cab (UploadListView Class)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.5.0.cab (DLM Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w3/resources/...NPUplden-us.cab (MSN Photo Upload Tool)
O16 - DPF: {60541D7A-4EF1-4117-9607-7C1B0EEAAD18} http://iu.ak.sonico.com//ImageUploader.cab (Image Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E9790C6C-DCAA-4E4F-8048-FFEC3B62DFED} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {EAC139A9-D22D-4C29-8D1C-252BE63750F9} http://www.cooliris.com/shared/plinstll.cab (Reg Error: Value error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} http://dlm.tools.akamai.com/dlmanager/vers...ivex-latest.cab (DownloadManager Control)
O16 - DPF: Web-Based Email Tools http://email.secureserver.net/Download.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.76.182 68.87.78.134
O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\5.0.375.125\npchrome_frame.dll (Google Inc.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Julio Reguero\AppData\Local\Realtime Soft\UltraMon\Zenview Manager Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\Julio Reguero\AppData\Local\Realtime Soft\UltraMon\Zenview Manager Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{af948084-47bf-11dd-b1d6-001d0994ab12}\Shell - "" = AutoRun
O33 - MountPoints2\{af948084-47bf-11dd-b1d6-001d0994ab12}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{db9ca586-7136-11df-a2f3-001d0994ab12}\Shell\AutoRun\command - "" = K:\Seagate\Installer\InstallSeagateManager.exe -- File not found
O33 - MountPoints2\{db9ca586-7136-11df-a2f3-001d0994ab12}\Shell\Install\command - "" = K:\Seagate\Installer\InstallSeagateManager.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/07/27 15:53:03 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/07/27 15:45:28 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Julio Reguero\Desktop\OTL.exe
[2010/07/27 15:42:28 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/07/27 15:33:54 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/07/24 19:33:06 | 000,000,000 | ---D | C] -- C:\Users\Julio Reguero\AppData\Roaming\Malwarebytes
[2010/07/24 19:32:53 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/07/24 19:32:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/07/24 19:32:52 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/07/24 19:32:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/24 13:18:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2010/07/23 03:46:45 | 000,000,000 | ---D | C] -- C:\Users\Julio Reguero\AppData\Roaming\Flickr
[2010/07/23 03:46:45 | 000,000,000 | ---D | C] -- C:\Users\Julio Reguero\AppData\Local\Flickr
[2010/07/23 03:45:50 | 000,000,000 | ---D | C] -- C:\Program Files\Flickr Uploadr
[2010/07/17 02:16:45 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/07/15 14:13:52 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2010/07/15 14:11:00 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrsmgr.dll
[2010/07/15 14:10:49 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrs.exe
[2010/07/15 14:10:49 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrshost.exe
[2010/07/15 14:10:49 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmprovhost.exe
[2010/07/15 14:10:48 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wsmplpxy.dll
[2010/07/15 14:10:48 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrssrv.dll
[2010/07/15 14:10:47 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wevtfwd.dll
[2010/07/15 14:10:47 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecutil.exe
[2010/07/15 14:10:47 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wecapi.dll
[2010/07/15 14:10:45 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmRes.dll
[2010/07/15 14:10:45 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pwrshplugin.dll
[2010/07/15 14:10:40 | 000,241,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winrscmd.dll
[2010/07/15 14:10:40 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmWmiPl.dll
[2010/07/15 14:10:40 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WsmAuto.dll
[2010/07/15 14:10:39 | 000,252,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManMigrationPlugin.dll
[2010/07/15 14:10:39 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSManHTTPConfig.exe
[2010/07/12 23:25:16 | 000,000,000 | ---D | C] -- C:\mgafold
[2010/07/12 23:23:36 | 000,000,000 | ---D | C] -- C:\Program Files\Matrox
[2010/07/09 20:16:48 | 000,000,000 | ---D | C] -- C:\Users\Julio Reguero\AppData\Local\Realtime Soft
[2010/07/09 19:35:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Matrox
[2010/07/09 19:35:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Matrox Graphics Inc
[2010/07/09 19:35:33 | 000,000,000 | ---D | C] -- C:\Program Files\Matrox Graphics Inc
[2010/07/09 19:11:02 | 000,000,000 | ---D | C] -- C:\Users\Julio Reguero\AppData\Roaming\Realtime Soft
[2010/07/09 19:10:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Realtime Soft
[2010/07/09 19:10:51 | 000,000,000 | ---D | C] -- C:\Program Files\Zenview Manager
[2010/07/09 19:10:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Realtime Soft
[2010/07/09 19:06:09 | 000,000,000 | ---D | C] -- C:\Users\Julio Reguero\AppData\Local\Matrox
[2010/07/07 17:49:21 | 000,000,000 | ---D | C] -- C:\Users\Julio Reguero\AppData\Roaming\AVG9
[2010/07/03 04:02:08 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2010/07/03 04:02:08 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2010/07/03 04:02:08 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll

========== Files - Modified Within 30 Days ==========

[2010/07/27 17:41:42 | 015,728,640 | -HS- | M] () -- C:\Users\Julio Reguero\NTUSER.DAT
[2010/07/27 17:39:55 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{8046DC5F-4FFC-48C2-9711-C770DBDA2FE8}.job
[2010/07/27 17:19:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3610672647-2412968442-863455602-1000UA.job
[2010/07/27 17:19:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3610672647-2412968442-863455602-1000Core.job
[2010/07/27 17:18:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/27 16:50:23 | 000,000,000 | ---- | M] () -- C:\Users\Julio Reguero\AppData\Local\prvlcl.dat
[2010/07/27 16:06:00 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/07/27 16:05:59 | 000,002,427 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Zenview Manager.lnk
[2010/07/27 16:05:39 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/27 16:05:39 | 000,000,480 | ---- | M] () -- C:\Windows\tasks\SDMsgUpdate (SD).job
[2010/07/27 16:01:49 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/07/27 16:01:49 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/07/27 16:01:46 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/07/27 16:01:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/07/27 16:01:32 | 3219,312,640 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/27 15:59:13 | 000,524,288 | -HS- | M] () -- C:\Users\Julio Reguero\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms
[2010/07/27 15:59:13 | 000,065,536 | -HS- | M] () -- C:\Users\Julio Reguero\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf
[2010/07/27 15:34:41 | 000,000,915 | ---- | M] () -- C:\Users\Julio Reguero\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/07/27 14:42:04 | 062,646,716 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/07/26 22:36:48 | 000,762,504 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/07/26 22:36:48 | 000,161,856 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/07/26 22:36:47 | 000,925,256 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/07/26 22:28:11 | 004,524,033 | -H-- | M] () -- C:\Users\Julio Reguero\AppData\Local\IconCache.db
[2010/07/25 02:17:12 | 000,069,120 | ---- | M] () -- C:\Users\Julio Reguero\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/24 13:01:42 | 000,414,748 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/07/24 12:23:00 | 000,486,296 | ---- | M] () -- C:\Users\Julio Reguero\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/07/24 02:09:14 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/07/24 02:07:13 | 000,001,656 | ---- | M] () -- C:\Users\Julio Reguero\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Process Explorer.lnk
[2010/07/24 01:48:12 | 000,000,000 | ---- | M] () -- C:\Users\Julio Reguero\defogger_reenable
[2010/07/24 00:13:53 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Julio Reguero\Desktop\OTL.exe
[2010/07/23 23:38:07 | 000,412,129 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100724-021240.backup
[2010/07/21 18:30:18 | 000,000,000 | ---- | M] () -- C:\Windows\System32\null
[2010/07/19 13:00:22 | 279,538,234 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/07/11 13:36:11 | 000,000,680 | ---- | M] () -- C:\Users\Julio Reguero\AppData\Local\d3d9caps.dat
[2010/07/03 11:54:29 | 000,001,680 | ---- | M] () -- C:\Windows\System32\esnecil.ind

========== Files Created - No Company Name ==========

[2010/07/27 15:34:41 | 000,000,915 | ---- | C] () -- C:\Users\Julio Reguero\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/07/24 02:03:29 | 3219,312,640 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/24 01:48:12 | 000,000,000 | ---- | C] () -- C:\Users\Julio Reguero\defogger_reenable
[2010/07/17 01:11:38 | 000,001,656 | ---- | C] () -- C:\Users\Julio Reguero\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Process Explorer.lnk
[2010/07/15 14:10:41 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2010/07/15 14:10:41 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2010/07/15 14:10:41 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2010/07/09 19:10:52 | 000,002,427 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Zenview Manager.lnk
[2010/06/25 23:27:39 | 000,000,040 | ---- | C] () -- C:\Windows\Crypkey.ini
[2010/06/25 23:26:45 | 000,028,518 | ---- | C] () -- C:\Windows\System32\Ckldrv.sys
[2010/06/25 23:26:45 | 000,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll
[2010/06/25 19:18:39 | 000,000,000 | ---- | C] () -- C:\Windows\PhotoNow.INI
[2010/02/18 15:32:46 | 000,000,072 | ---- | C] () -- C:\Windows\ANS2000.INI
[2010/02/18 15:32:46 | 000,000,020 | -H-- | C] () -- C:\Windows\akebook.ini
[2010/02/18 15:32:46 | 000,000,004 | -H-- | C] () -- C:\Windows\a3kebook.ini
[2009/10/02 08:26:06 | 000,667,648 | ---- | C] () -- C:\Windows\System32\FreeImage.dll
[2009/10/02 08:26:06 | 000,237,638 | ---- | C] () -- C:\Windows\System32\bahrurlib.dll
[2009/10/02 08:26:06 | 000,135,168 | ---- | C] () -- C:\Windows\System32\bahruriLIB.dll
[2009/08/16 10:08:36 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/08/05 20:52:43 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009/08/05 20:52:18 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2009/08/03 12:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/11/17 08:41:36 | 000,000,095 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2008/10/22 08:49:46 | 000,000,025 | ---- | C] () -- C:\Windows\SW_Win2146X32.DLL
[2008/10/22 08:48:09 | 000,002,549 | ---- | C] () -- C:\Windows\CD_SearchHistory.INI
[2008/10/22 08:42:18 | 000,024,576 | ---- | C] () -- C:\Windows\System32\setdllhostEnglishResourceDll.dll
[2008/09/01 13:07:58 | 000,509,208 | ---- | C] () -- C:\Windows\System32\ICCProfiles.dll
[2008/08/26 12:53:39 | 000,000,088 | RHS- | C] () -- C:\Windows\System32\115661B6FE.sys
[2008/08/26 12:43:27 | 000,002,672 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2008/07/21 00:01:41 | 000,000,037 | ---- | C] () -- C:\Windows\SWFConverter.INI
[2008/07/09 17:19:27 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2008/07/05 09:52:05 | 000,000,075 | ---- | C] () -- C:\Windows\cdplayer.ini
[2008/07/05 02:38:47 | 000,000,480 | ---- | C] () -- C:\Windows\my.ini
[2008/06/18 21:40:13 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/06/01 00:13:10 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2008/02/28 12:30:08 | 000,008,784 | ---- | C] () -- C:\Windows\System32\ractrlkeyhook.dll
[2007/12/07 13:18:32 | 000,532,480 | ---- | C] () -- C:\Windows\System32\INT14PPP.dll
[2007/12/07 13:18:32 | 000,061,440 | ---- | C] () -- C:\Windows\System32\UTL10PPP.dll
[2007/04/24 10:22:02 | 000,274,432 | ---- | C] () -- C:\Windows\System32\MFT_anet.dll
[2007/02/22 08:17:50 | 000,000,071 | ---- | C] () -- C:\Windows\pn.ini
[2007/02/22 08:17:50 | 000,000,051 | ---- | C] () -- C:\Windows\pr.ini
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2000/08/29 10:01:02 | 000,077,824 | ---- | C] () -- C:\Windows\System32\libbz2.dll
< End of report >



Step 4: ESET OnlineScan Report

In Progress...

#8 Tonyto

Tonyto
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 28 July 2010 - 04:24 AM

Step 4: ESET Online Scanner Log

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=c633b8a04c72574db145b843a8011d50
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-07-28 08:51:55
# local_time=2010-07-28 01:51:55 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1029 16777213 100 91 0 21113059 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=5892 16776574 100 100 20318205 116887271 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=836889
# found=1
# cleaned=1
# scan_time=27417
C:\Online Poker Tools\PokerEdge\CageDLL.dll probably a variant of Win32/Agent trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

====================================================================================================================

Note: I have installed on my PC AVG Internet Security 9 as you may already know. It got in the way of the ESET's scanning process to detect a virus called JS/Generic on my system, which I sent to the vault. I have attached an screenshot of the event.

I already have removed all files related with 'PokerEdge' since I couldn't find any uninstaller for this program.


Attached Files



#9 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:29 AM

Posted 28 July 2010 - 05:58 PM

Hello, Tonyto.


Step 1


You have an incomplete uninstall of McAfee still on your system. Please follow this link:
http://service.mcafee.com/FAQDocument.aspx?id=TS100507

And do steps 1 and 2.



Step 2

Next, we need to update Java.
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 21 and save it to your desktop.
  • Scroll down to where it says "JDK 6 Update 21 (JDK or JRE)...allows end-users to run Java applications".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) or Java™ in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u21-windows-i586-p.exe to install the newest version.



Step 3


Please run one final OTL quick scan and post the log here. I think we're about done. How's your computer running?

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#10 Tonyto

Tonyto
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 29 July 2010 - 12:38 AM

Hi etavares,

Step 1:

I followed the instructions in the link you provided to fully uninstall McAfee, but it didn't work . After download and run MCPR.exe as Administrator I get the error displayed in the attached screenshot MCPR.jpg. Apparently all the McAfee products were preinstalled by the manufacturer of my computer (Dell), and I remember not having activated my subscription before uninstalling and removing the software. Then I did a quick research on Google on how to wipe McAfee off my computer, and found and downloaded the "McAfee Virtual Technician" in the Mcafee site. A visualization of the results can be seen in the attached images MVT.jpg and MVT Log.jpg

A final search led me to this link: https://kc.mcafee.com/corporate/index?page=...&id=KB55208 and although the version of the Common Management Agent program that I have installed is different from the version in this article, I think the solution would apply in my case could be the 4, i didn't wanted to give it a try... I would prefer not to mess with the registry to clear up this problem, but if it's absolutely necessary let me know please.


Step 2:

I uninstalled old versions of Java on my PC (JRE update 3, 5 and 7). My current environment is JRE 6 Update 20 and I'll update to the latest JDK soon for work reasons.


Step 3:

Overall the computer is running well but this whole experience has been a huge wake up call for me. I appreciate all your help!!!! However, there are still couple of IE related issues that annoyed me. One is with the "Add To Favorites" functionality (double entries after adding) and the other is related with keeping getting a frozen browser child window from any link I open in the the parent. I would like to be able to attach screenshots to illustrate what I'm talking about, but I I'm running out of space for new attachments. Any suggestions? Maybe you can delete all the previous files/images posted in this topic.

Below is the OTL log you asked for:

OTL logfile created on: 7/28/2010 10:32:11 PM - Run 3
OTL by OldTimer - Version 3.2.9.1 Folder = H:\Installers\AntiSpyware\[Malware Removal Toolkit]\OTL
Windows Vista Home Basic Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 29.00% Memory free
6.00 Gb Paging File | 3.00 Gb Available in Paging File | 55.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.77 Gb Total Space | 68.39 Gb Free Space | 30.70% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.79 Gb Free Space | 67.94% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 232.88 Gb Total Space | 130.07 Gb Free Space | 55.85% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: CHRONOS
Current User Name: Julio Reguero
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/24 00:13:53 | 000,574,976 | ---- | M] (OldTimer Tools) -- H:\Installers\AntiSpyware\[Malware Removal Toolkit]\OTL\OTL.exe
PRC - [2010/07/07 10:41:20 | 000,216,576 | ---- | M] () -- C:\Program Files\SmartSVN 6.5\bin\statuscached.exe
PRC - [2010/07/07 10:41:20 | 000,213,504 | ---- | M] () -- C:\Program Files\SmartSVN 6.5\bin\smartsvn.exe
PRC - [2010/06/22 09:30:45 | 002,065,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgtray.exe
PRC - [2010/06/22 09:30:41 | 000,620,896 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgnsx.exe
PRC - [2010/06/22 09:30:41 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgrsx.exe
PRC - [2010/06/22 09:30:38 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe
PRC - [2010/06/22 09:30:33 | 005,897,808 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/06/22 09:30:33 | 000,596,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2010/06/22 09:30:31 | 000,723,296 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgcsrvx.exe
PRC - [2010/06/22 09:30:30 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgchsvx.exe
PRC - [2010/06/22 09:30:29 | 000,842,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG9\avgam.exe
PRC - [2010/06/15 13:13:08 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe
PRC - [2010/04/12 17:29:25 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
PRC - [2009/11/12 17:33:04 | 010,358,048 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunes.exe
PRC - [2009/10/16 18:42:54 | 000,904,840 | ---- | M] (Acronis) -- C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
PRC - [2009/10/16 18:39:32 | 000,136,544 | ---- | M] (Seagate) -- C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
PRC - [2009/10/16 18:39:28 | 000,431,456 | ---- | M] (Seagate) -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
PRC - [2009/10/16 18:37:22 | 001,325,936 | ---- | M] (Seagate) -- C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
PRC - [2009/08/14 07:16:55 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\TCPSVCS.EXE
PRC - [2009/07/24 16:05:24 | 000,139,120 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2009/05/21 12:13:58 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/05/19 08:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009/04/28 23:07:34 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/03/30 13:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009/03/30 13:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009/03/05 13:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot\Spybot\TeaTimer.exe
PRC - [2009/01/26 13:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot\Spybot\SDWinSec.exe
PRC - [2008/12/12 15:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
PRC - [2008/12/12 15:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
PRC - [2008/12/08 09:38:10 | 001,027,072 | ---- | M] () -- C:\Program Files\MySQL\MySQL Tools for 5.0\MySQLSystemTrayMonitor.exe
PRC - [2008/12/03 11:00:22 | 000,323,840 | ---- | M] (Matrox Graphics Inc.) -- C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.Pdesk.ServicesHost.exe
PRC - [2008/11/13 12:43:49 | 000,204,800 | ---- | M] () -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe
PRC - [2008/10/28 23:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/09/10 20:37:36 | 000,024,576 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2008/08/13 21:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2008/06/18 17:58:39 | 000,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/05/28 06:52:10 | 003,522,600 | ---- | M] (Sysinternals - www.sysinternals.com) -- C:\Program Files\Process Explorer\procexp.exe
PRC - [2008/04/24 10:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
PRC - [2008/03/03 18:06:00 | 001,848,648 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2008/02/26 07:57:28 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2008/01/20 19:35:03 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetsrv\inetinfo.exe
PRC - [2007/10/22 12:33:14 | 000,856,064 | ---- | M] () -- C:\Program Files\GEEK SQUAD UPS\ppped.exe
PRC - [2007/10/22 12:31:14 | 000,323,584 | ---- | M] () -- C:\Program Files\GEEK SQUAD UPS\pppeuser.exe
PRC - [2007/08/30 08:50:42 | 000,205,480 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007/07/19 19:20:14 | 000,098,304 | ---- | M] (Apache Software Foundation) -- C:\Tomcat6.0\bin\tomcat6w.exe
PRC - [2007/06/05 10:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe
PRC - [2007/05/14 02:03:20 | 004,452,352 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2003/11/26 14:44:19 | 000,061,440 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\Windows\System32\Crypserv.exe


========== Modules (SafeList) ==========

MOD - [2010/07/24 00:13:53 | 000,574,976 | ---- | M] (OldTimer Tools) -- H:\Installers\AntiSpyware\[Malware Removal Toolkit]\OTL\OTL.exe
MOD - [2010/06/22 09:30:41 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
MOD - [2008/01/20 19:34:30 | 002,085,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msi.dll
MOD - [2008/01/20 19:34:21 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
MOD - [2008/01/20 19:33:14 | 001,684,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll
MOD - [2006/11/02 02:46:07 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msiltcfg.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (McAfeeFramework)
SRV - [2010/07/07 10:41:20 | 000,216,576 | ---- | M] () [Auto | Running] -- C:\Program Files\SmartSVN 6.5\bin\statuscached.exe -- (statuscached)
SRV - [2010/06/25 21:05:05 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/06/25 15:34:49 | 000,064,328 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3001.dll -- (nosGetPlusHelper) getPlus®
SRV - [2010/06/23 20:53:21 | 002,561,624 | ---- | M] () [Auto | Running] -- c:\Program Files\Common Files\Akamai\rswin_3725.dll -- (Akamai)
SRV - [2010/06/22 09:30:38 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/06/22 09:30:33 | 005,897,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/03/29 08:53:22 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus®
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/16 18:39:28 | 000,431,456 | ---- | M] (Seagate) [Auto | Running] -- C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe -- (SgtSch2Svc)
SRV - [2009/09/03 12:41:06 | 000,025,704 | R--- | M] (Amazon.com) [Auto | Stopped] -- C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe -- (ADVService)
SRV - [2009/08/14 07:16:55 | 000,009,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\TCPSVCS.EXE -- (simptcp)
SRV - [2009/08/05 23:48:42 | 000,704,864 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2009/07/24 16:05:24 | 000,139,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2009/05/19 08:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2009/04/28 23:07:34 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/03/30 13:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009/01/26 13:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot\Spybot\SDWinSec.exe -- (SBSDWSCService)
SRV - [2009/01/08 10:38:46 | 004,136,960 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe -- (WiselinkPro)
SRV - [2008/12/12 15:06:40 | 000,642,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
SRV - [2008/12/03 11:00:22 | 000,323,840 | ---- | M] (Matrox Graphics Inc.) [Auto | Running] -- C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.Pdesk.ServicesHost.exe -- (Matrox.Pdesk.ServicesHost)
SRV - [2008/11/24 23:31:12 | 000,087,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2008/11/24 23:31:10 | 029,263,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQLSERVER) SQL Server (MSSQLSERVER)
SRV - [2008/11/24 23:31:08 | 000,239,968 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2008/11/24 23:31:08 | 000,045,408 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - [2008/11/13 12:43:49 | 000,204,800 | ---- | M] () [Auto | Running] -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe -- (LinksysUpdater)
SRV - [2008/10/18 09:26:55 | 000,116,032 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\RaMaint.exe -- (LMIMaint)
SRV - [2008/09/10 20:37:36 | 000,024,576 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2008/08/13 21:04:44 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2008/08/08 19:10:46 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2008/04/24 10:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)
SRV - [2008/02/28 12:31:50 | 000,063,040 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2008/02/13 12:07:30 | 004,653,056 | ---- | M] () [On_Demand | Stopped] -- C:/xampp/mysql/bin/mysqld.exe -- (MySql)
SRV - [2008/02/01 09:55:56 | 000,948,616 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2008/02/01 09:55:54 | 000,747,912 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2008/02/01 01:02:26 | 000,065,536 | ---- | M] (PostgreSQL Global Development Group) [On_Demand | Stopped] -- C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe -- (pgsql-8.3)
SRV - [2008/01/20 19:35:03 | 000,013,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2008/01/20 19:34:59 | 000,371,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2008/01/20 19:34:59 | 000,371,200 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2008/01/20 19:34:59 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2008/01/20 19:33:00 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/17 16:37:26 | 000,024,635 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- c:\xampp\apache\bin\apache.exe -- (Apache2.2)
SRV - [2007/12/25 14:25:50 | 000,586,240 | ---- | M] (FileZilla Project) [On_Demand | Stopped] -- C:\Program Files\FileZilla Server\FileZilla server.exe -- (FileZilla Server)
SRV - [2007/10/22 12:33:14 | 000,856,064 | ---- | M] () [Auto | Running] -- C:\Program Files\GEEK SQUAD UPS\ppped.exe -- (ppped)
SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/07/19 19:20:14 | 000,057,344 | ---- | M] (Apache Software Foundation) [On_Demand | Stopped] -- C:\Tomcat6.0\bin\tomcat6.exe -- (Tomcat6)
SRV - [2007/06/22 10:22:56 | 000,095,592 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe -- (msftesql) SQL Server FullText Search (MSSQLSERVER)
SRV - [2007/06/05 10:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2003/11/26 14:44:19 | 000,061,440 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\Windows\System32\Crypserv.exe -- (Crypkey License)


========== Driver Services (SafeList) ==========

DRV - [2010/06/22 09:30:43 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010/06/22 09:30:34 | 000,122,448 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSDriver.sys -- (AVGIDSDrivervtx)
DRV - [2010/06/22 09:30:34 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSFilter.sys -- (AVGIDSFiltervtx)
DRV - [2010/06/22 09:30:34 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSShim.sys -- (AVGIDSShimvtx)
DRV - [2010/06/22 09:30:34 | 000,025,168 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\AVGIDSvx.sys -- (AVGIDSErHrvtx)
DRV - [2010/06/22 09:30:31 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/10 19:30:38 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2010/06/10 19:30:38 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\System32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2010/06/10 19:30:27 | 000,132,224 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2010/06/10 19:30:23 | 000,368,480 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tdrpman.sys -- (tdrpman)
DRV - [2010/06/01 09:38:53 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2010/03/04 10:32:44 | 000,052,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\Drivers\avgrkx86.sys -- (AvgRkx86)
DRV - [2009/08/05 23:48:42 | 000,054,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV - [2009/07/24 20:28:50 | 000,030,560 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2009/05/08 22:14:20 | 000,014,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nuidfltr.sys -- (NuidFltr)
DRV - [2008/12/12 15:05:18 | 000,026,416 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\purendis.sys -- (purendis)
DRV - [2008/12/12 15:05:18 | 000,024,880 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\pnarp.sys -- (pnarp)
DRV - [2008/11/14 02:11:30 | 000,017,184 | ---- | M] (Realtime Soft Ltd) [Kernel | Auto | Running] -- C:\Program Files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys -- (UltraMonUtility)
DRV - [2008/10/18 09:26:33 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2008/10/18 09:26:33 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/07/04 03:35:40 | 003,847,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2008/07/04 03:35:40 | 003,847,168 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/06/01 00:13:10 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (npf)
DRV - [2008/02/28 12:31:52 | 000,012,856 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2008/02/01 09:55:52 | 000,042,376 | ---- | M] (PCTools Research Pty Ltd.) [File_System | On_Demand | Stopped] -- C:\Windows\system32\drivers\ikfilesec.sys -- (IKFileSec)
DRV - [2008/01/20 19:32:53 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 19:32:53 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 19:32:52 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 19:32:52 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 19:32:52 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 19:32:52 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 19:32:52 | 000,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hidbatt.sys -- (HidBatt)
DRV - [2008/01/20 19:32:51 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 19:32:51 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 19:32:50 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 19:32:50 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/20 19:32:50 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 19:32:49 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 19:32:49 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 19:32:49 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 19:32:49 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 19:32:49 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 19:32:48 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 19:32:48 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 19:32:47 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 19:32:47 | 000,073,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/01/20 19:32:47 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 19:32:46 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 19:32:45 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 19:32:21 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 19:32:21 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 19:32:21 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007/12/14 15:16:34 | 000,570,880 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2007/12/10 11:53:28 | 000,081,288 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iksyssec.sys -- (IKSysSec)
DRV - [2007/12/10 11:53:28 | 000,066,952 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\iksysflt.sys -- (IKSysFlt)
DRV - [2007/05/21 04:35:14 | 000,228,224 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2007/05/14 02:08:48 | 000,304,920 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2007/05/14 02:03:22 | 001,773,536 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006/11/02 02:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 02:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 02:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 02:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 02:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 02:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 02:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 02:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 02:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 02:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 02:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 01:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 01:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 01:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 01:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 01:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 01:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 00:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2003/07/28 23:18:32 | 000,028,518 | ---- | M] () [Kernel | System | Running] -- C:\Windows\system32\ckldrv.sys -- (NetworkX)
DRV - [2003/03/06 04:00:00 | 000,084,448 | ---- | M] (Network Associates, Inc.) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\naiavf5x.sys -- (NaiAvFilter1)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.comcast.net/toolbar2.0/search/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://partnerpage.google.com/smallbiz.del...amp;ibd=0080619
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1
*.local;*.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.845
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.0.36949
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4
FF - prefs.js..extensions.enabledItems: FirePHPExtension-Build@firephp.org:0.4.3
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.0.7
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:3.3.3
FF - prefs.js..extensions.enabledItems: jsonview@brh.numbera.com:0.4
FF - prefs.js..extensions.enabledItems: librarydetector@paulbakaus.com:1.0.3
FF - prefs.js..extensions.enabledItems: multipletab@piro.sakura.ne.jp:0.5.2010070301
FF - prefs.js..extensions.enabledItems: pencil@evolus.vn:1.0.6
FF - prefs.js..extensions.enabledItems: seo@profesional:1.0.0
FF - prefs.js..extensions.enabledItems: {FCAB6FDD-5585-425b-95C1-5ED856F3FD08}:5.7
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.9
FF - prefs.js..extensions.enabledItems: validator@totalvalidator.com:6.5.0
FF - prefs.js..extensions.enabledItems: {68836a21-fc7d-4ea1-a065-7efabd99d414}:3.01
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.8
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: amznUWL@amazon.com:1.1
FF - prefs.js..extensions.enabledItems: {2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}:2.1.072

FF - HKLM\software\mozilla\3B\Extensions\\Plugins: C:\Program Files\3B\3B Browser\plugins [2010/07/03 12:22:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\3B\Extensions\\Components: C:\Program Files\3B\3B Browser\components [2010/04/18 19:45:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/07/21 08:21:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/04/24 13:34:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/08 17:14:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/08 18:02:38 | 000,000,000 | ---D | M]

[2010/07/23 03:46:47 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\Mozilla\Extensions
[2009/09/17 23:43:11 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\Mozilla\Extensions\pencil@evolus.vn
[2010/07/23 03:46:47 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\Mozilla\Extensions\uploadr@flickr.com
[2010/07/24 14:39:14 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\Mozilla\Firefox\Profiles\cixpmfwk.default\extensions
[2010/07/24 14:32:33 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Julio Reguero\AppData\Roaming\Mozilla\Firefox\Profiles\cixpmfwk.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010/04/29 20:21:24 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Julio Reguero\AppData\Roaming\Mozilla\Firefox\Profiles\cixpmfwk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/24 14:38:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Julio Reguero\AppData\Roaming\Mozilla\Firefox\Profiles\cixpmfwk.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}
[2010/06/29 12:28:58 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Julio Reguero\AppData\Roaming\Mozilla\Firefox\Profiles\cixpmfwk.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/06/10 02:59:46 | 000,000,000 | ---D | M] (Stylish) -- C:\Users\Julio Reguero\AppData\Roaming\Mozilla\Firefox\Profiles\cixpmfwk.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2010/03/15 01:48:12 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Julio Reguero\AppData\Roaming\Mozilla\Firefox\Profiles\cixpmfwk.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010/03/15 19:21:12 | 000,000,000 | ---D | M] (View Source Chart) -- C:\Users\Julio Reguero\AppData\Roaming\Mozilla\Firefox\Profiles\cixpmfwk.default\extensions\{68836a21-fc7d-4ea1-a065-7efabd99d414}
[2009/10/07 11:55:44 | 000,000,000 | ---D | M] (IE Tab) -- C:\Users\Julio Reguero\AppData\Roaming\Mozilla\Firefox\Profiles\cixpmfwk.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2010/01/14 01:50:18 | 000,000,000 | ---D | M] (ImTranslator) -- C:\Users\Julio Reguero\AppData\Roaming\Mozilla\Firefox\Profiles\cixpmfwk.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
[2009/10/07 11:55:56 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\Julio Reguero\AppData\Roaming\Mozilla\Firefox\Profiles\cixpmfwk.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2010/04/29 20:21:32 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Julio Reguero\AppData\Roaming\Mozilla\Firefox\Profiles\cixpmfwk.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010/02/21 01:13:58 | 000,000,000 | ---D | M] (Sothink Web Video Downloader for Firefox) -- C:\Users\Julio Reguero\AppData\Roaming\Mozilla\Firefox\Profiles\cixpmfwk.default\extensions\{FCAB6FDD-5585-425b-95C1-5ED856F3FD08}
[2010/06/18 16:24:01 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\Mozilla\Firefox\Profiles\cixpmfwk.default\extensions\amznUWL@amazon.com
[2010/01/13 20:50:24 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\Mozilla\Firefox\Profiles\cixpmfwk.default\extensions\anycolor.pavlos256@gmail.com
[2010/06/10 02:59:24 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\Mozilla\Firefox\Profiles\cixpmfwk.default\extensions\firebug@software.joehewitt.com
[2010/01/29 13:39:50 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\Mozilla\Firefox\Profiles\cixpmfwk.default\extensions\FirePHPExtension-Build@firephp.org
[2010/01/14 01:44:40 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\Mozilla\Firefox\Profiles\cixpmfwk.default\extensions\jsonview@brh.numbera.com
[2010/06/10 02:59:47 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\Mozilla\Firefox\Profiles\cixpmfwk.default\extensions\librarydetector@paulbakaus.com
[2010/07/24 14:32:33 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\Mozilla\Firefox\Profiles\cixpmfwk.default\extensions\multipletab@piro.sakura.ne.jp
[2009/09/17 23:38:18 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\Mozilla\Firefox\Profiles\cixpmfwk.default\extensions\pencil@evolus.vn
[2010/07/24 14:32:19 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\Mozilla\Firefox\Profiles\cixpmfwk.default\extensions\piclens@cooliris.com
[2010/07/24 14:32:19 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\Mozilla\Firefox\Profiles\cixpmfwk.default\extensions\piclens@cooliris.com-trash
[2010/01/30 18:55:39 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\Mozilla\Firefox\Profiles\cixpmfwk.default\extensions\seo@profesional
[2010/06/10 02:59:47 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\Mozilla\Firefox\Profiles\cixpmfwk.default\extensions\validator@totalvalidator.com
[2010/01/29 13:39:50 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\Mozilla\Firefox\Profiles\cixpmfwk.default\extensions\FirePHPExtension-Build@firephp.org\__MACOSX
[2010/01/29 13:39:50 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\Mozilla\Firefox\Profiles\cixpmfwk.default\extensions\FirePHPExtension-Build@firephp.org\chrome
[2010/01/29 13:39:50 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\Mozilla\Firefox\Profiles\cixpmfwk.default\extensions\FirePHPExtension-Build@firephp.org\defaults
[2008/07/28 17:13:19 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\Mozilla\Webview\Profiles\3y2r9pz8.default\extensions
[2010/07/28 19:19:23 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/25 22:35:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/12/19 05:57:38 | 000,310,272 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
[2007/03/09 16:16:44 | 000,189,496 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll
[2010/06/25 15:34:49 | 000,031,920 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\np_IEGetPlugin.dll

O1 HOSTS File: ([2010/07/24 13:01:42 | 000,414,748 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14323 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Comcast Toolbar) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\Program Files\ComcastToolbar\comcasttoolbar.dll (Comcast Cable Communications. )
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot\Spybot\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O2 - BHO: (no name) - {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} - C:\Program Files\PicLensIE\cooliris.dll (Cooliris Inc.)
O2 - BHO: (ChromeFrame BHO) - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\5.0.375.125\npchrome_frame.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Comcast Toolbar) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\Program Files\ComcastToolbar\comcasttoolbar.dll (Comcast Cable Communications. )
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Comcast Toolbar) - {4E7BD74F-2B8D-469E-93BE-BE2DF4D9AE29} - C:\Program Files\ComcastToolbar\comcasttoolbar.dll (Comcast Cable Communications. )
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [ApacheTomcatMonitor] C:\Tomcat6.0\bin\tomcat6w.exe (Apache Software Foundation)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [CarboniteSetupLite] C:\Program Files\Carbonite\CarbonitePreinstaller.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DiscWizardMonitor.exe] C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe (Seagate)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] C:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Matrox PowerDesk SE] C:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe (Matrox Graphics Inc.)
O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corp.)
O4 - HKLM..\Run: [nmctxth] C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Seagate Scheduler2 Service] C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe (Seagate)
O4 - HKLM..\Run: [Standby] c:\Program Files\Common Files\Corel\Standby\Standby.exe (Corel)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [PowerPanel Personal Edition User Interaction] C:\Program Files\GEEK SQUAD UPS\pppeuser.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot\Spybot\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Users\Julio Reguero\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\Julio Reguero\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Process Explorer.lnk = C:\Program Files\Process Explorer\procexp.exe (Sysinternals - www.sysinternals.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: + Offline &Explorer: Download the link - C:\Program Files\Offline Explorer Pro\Add_UrlO.htm ()
O8 - Extra context menu item: + Offline E&xplorer: Download the current page - C:\Program Files\Offline Explorer Pro\Add_AllO.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: E&xportar a Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Launch Cooliris - {3437D640-C91A-458f-89F5-B9095EA4C28B} - C:\Program Files\PicLensIE\cooliris.dll (Cooliris Inc.)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Online Poker Rooms\PartyPoker\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Online Poker Rooms\PartyPoker\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot\Spybot\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm ()
O9 - Extra Button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Online Poker Rooms\Bodog Poker\BPGame.exe (Bodog)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: orkut.com ([www] http in Trusted sites)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.1...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.google.com/s/v/60.08/uploader2.cab (UploadListView Class)
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} http://picasaweb.google.com/s/v/33.06/uploader2.cab (UploadListView Class)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.5.0.cab (DLM Control)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx2.hotmail.com/mail/w3/resources/...NPUplden-us.cab (MSN Photo Upload Tool)
O16 - DPF: {60541D7A-4EF1-4117-9607-7C1B0EEAAD18} http://iu.ak.sonico.com//ImageUploader.cab (Image Uploader Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E9790C6C-DCAA-4E4F-8048-FFEC3B62DFED} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {EAC139A9-D22D-4C29-8D1C-252BE63750F9} http://www.cooliris.com/shared/plinstll.cab (Reg Error: Value error.)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} http://dlm.tools.akamai.com/dlmanager/vers...ivex-latest.cab (DownloadManager Control)
O16 - DPF: Web-Based Email Tools http://email.secureserver.net/Download.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.76.182 68.87.78.134
O18 - Protocol\Handler\gcf {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\5.0.375.125\npchrome_frame.dll (Google Inc.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\intu-help-qb2 {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Julio Reguero\AppData\Local\Realtime Soft\UltraMon\Zenview Manager Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Users\Julio Reguero\AppData\Local\Realtime Soft\UltraMon\Zenview Manager Wallpaper.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 14:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{af948084-47bf-11dd-b1d6-001d0994ab12}\Shell - "" = AutoRun
O33 - MountPoints2\{af948084-47bf-11dd-b1d6-001d0994ab12}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{db9ca586-7136-11df-a2f3-001d0994ab12}\Shell\AutoRun\command - "" = K:\Seagate\Installer\InstallSeagateManager.exe -- File not found
O33 - MountPoints2\{db9ca586-7136-11df-a2f3-001d0994ab12}\Shell\Install\command - "" = K:\Seagate\Installer\InstallSeagateManager.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/07/28 17:46:07 | 000,000,000 | ---D | C] -- C:\Users\Julio Reguero\AppData\Roaming\McAfee
[2010/07/28 17:45:43 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2010/07/28 17:45:43 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2010/07/28 04:03:54 | 000,000,000 | ---D | C] -- C:\Program Files\SmartSVN 6.5
[2010/07/27 17:59:02 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/07/27 15:53:03 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/07/27 15:42:28 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/07/27 15:33:54 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/07/24 19:33:06 | 000,000,000 | ---D | C] -- C:\Users\Julio Reguero\AppData\Roaming\Malwarebytes
[2010/07/24 19:32:53 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/07/24 19:32:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/07/24 19:32:52 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/07/24 19:32:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/07/24 13:18:35 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
[2010/07/23 03:46:45 | 000,000,000 | ---D | C] -- C:\Users\Julio Reguero\AppData\Roaming\Flickr
[2010/07/23 03:46:45 | 000,000,000 | ---D | C] -- C:\Users\Julio Reguero\AppData\Local\Flickr
[2010/07/23 03:45:50 | 000,000,000 | ---D | C] -- C:\Program Files\Flickr Uploadr
[2010/07/17 02:16:45 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/07/15 14:13:52 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2010/07/12 23:25:16 | 000,000,000 | ---D | C] -- C:\mgafold
[2010/07/12 23:23:36 | 000,000,000 | ---D | C] -- C:\Program Files\Matrox
[2010/07/09 20:16:48 | 000,000,000 | ---D | C] -- C:\Users\Julio Reguero\AppData\Local\Realtime Soft
[2010/07/09 19:35:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Matrox
[2010/07/09 19:35:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Matrox Graphics Inc
[2010/07/09 19:35:33 | 000,000,000 | ---D | C] -- C:\Program Files\Matrox Graphics Inc
[2010/07/09 19:11:02 | 000,000,000 | ---D | C] -- C:\Users\Julio Reguero\AppData\Roaming\Realtime Soft
[2010/07/09 19:10:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Realtime Soft
[2010/07/09 19:10:51 | 000,000,000 | ---D | C] -- C:\Program Files\Zenview Manager
[2010/07/09 19:10:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Realtime Soft
[2010/07/09 19:06:09 | 000,000,000 | ---D | C] -- C:\Users\Julio Reguero\AppData\Local\Matrox
[2010/07/07 17:49:21 | 000,000,000 | ---D | C] -- C:\Users\Julio Reguero\AppData\Roaming\AVG9
[2010/06/25 23:36:35 | 000,000,000 | ---D | C] -- C:\Program Files\Digital Photo Recovery
[2010/06/25 23:26:45 | 000,165,888 | ---- | C] (Kenonic Controls) -- C:\Windows\Ckconfig.exe
[2010/06/25 23:26:45 | 000,061,440 | ---- | C] (CrypKey (Canada) Ltd.) -- C:\Windows\System32\Crypserv.exe
[2010/06/25 23:26:42 | 000,000,000 | ---D | C] -- C:\Stellar Phoenix NTFS
[2010/06/25 19:07:06 | 000,000,000 | ---D | C] -- C:\Users\Julio Reguero\Documents\CyberLink
[2010/06/25 18:54:40 | 000,000,000 | ---D | C] -- C:\ProgramData\COMPANY_NAME
[2010/06/25 18:01:49 | 000,000,000 | ---D | C] -- C:\Users\Julio Reguero\AppData\Roaming\Ulead Systems
[2010/06/25 17:54:28 | 000,000,000 | ---D | C] -- C:\ProgramData\eSellerate
[2010/06/25 17:53:15 | 000,000,000 | ---D | C] -- C:\Program Files\SmartSound Software
[2010/06/25 17:53:11 | 000,000,000 | ---D | C] -- C:\ProgramData\SmartSound Software Inc
[2010/06/25 17:52:22 | 000,000,000 | ---D | C] -- C:\Windows\RegisteredPackages
[2010/06/25 17:52:09 | 000,000,000 | ---D | C] -- C:\ProgramData\InterVideo
[2010/06/25 17:42:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Protexis
[2010/06/25 17:42:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Corel
[2010/06/25 17:39:59 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Components
[2010/06/25 17:39:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Ulead Systems
[2010/06/25 17:39:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Ulead Systems
[2010/06/25 15:35:39 | 000,000,000 | ---D | C] -- C:\Users\Julio Reguero\AppData\Local\NOS
[2010/06/25 15:34:49 | 000,000,000 | ---D | C] -- C:\Program Files\NOS
[2010/06/22 09:30:41 | 000,012,536 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/06/10 21:11:54 | 000,000,000 | ---D | C] -- C:\ProgramData\muvee Technologies
[2010/06/10 21:11:24 | 000,000,000 | ---D | C] -- C:\Users\Julio Reguero\AppData\Roaming\muvee Technologies
[2010/06/10 20:00:53 | 000,000,000 | ---D | C] -- C:\Program Files\Carbonite
[2010/06/10 20:00:51 | 000,000,000 | -HSD | C] -- C:\Windows\ftpcache
[2010/06/10 19:58:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\muvee Technologies
[2010/06/10 19:49:52 | 000,000,000 | ---D | C] -- C:\Users\Julio Reguero\AppData\Roaming\Leadertech
[2010/06/10 19:30:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Seagate
[2010/06/10 19:28:52 | 000,000,000 | ---D | C] -- C:\Program Files\Seagate
[2010/06/10 19:28:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Seagate
[2010/06/06 00:16:37 | 000,000,000 | ---D | C] -- C:\Users\Julio Reguero\AppData\Roaming\VistaCodecs
[2010/06/06 00:16:31 | 000,000,000 | ---D | C] -- C:\Program Files\VistaCodecPack
[2010/06/06 00:15:21 | 000,000,000 | ---D | C] -- C:\ProgramData\VistaCodecs
[2010/05/28 03:40:53 | 000,000,000 | ---D | C] -- C:\ProgramData\PIXELA
[2010/05/28 03:23:20 | 000,000,000 | ---D | C] -- C:\Program Files\PIXELA
[2010/05/28 03:21:07 | 000,000,000 | ---D | C] -- C:\Program Files\Digital Photo Navigator 1.5
[2010/05/25 22:36:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010/05/23 22:11:01 | 000,000,000 | ---D | C] -- C:\Users\Julio Reguero\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/05/23 21:58:40 | 000,000,000 | ---D | C] -- C:\ProgramData\NOS
[2010/05/18 17:58:24 | 001,085,440 | ---- | C] (MPC-HC Team) -- C:\Windows\System32\VSFilter.dll
[2010/05/09 17:28:45 | 000,000,000 | ---D | C] -- C:\Users\Julio Reguero\Documents\Canon Utilities
[2010/05/01 21:10:48 | 000,000,000 | ---D | C] -- C:\Program Files\SopCast
[2010/04/30 19:08:28 | 000,000,000 | ---D | C] -- C:\Program Files\Balsamiq Mockups
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/07/28 22:35:40 | 015,728,640 | -HS- | M] () -- C:\Users\Julio Reguero\NTUSER.DAT
[2010/07/28 22:35:28 | 000,000,000 | ---- | M] () -- C:\Users\Julio Reguero\AppData\Local\prvlcl.dat
[2010/07/28 22:34:58 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{8046DC5F-4FFC-48C2-9711-C770DBDA2FE8}.job
[2010/07/28 22:19:00 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3610672647-2412968442-863455602-1000UA.job
[2010/07/28 22:18:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/07/28 21:55:46 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/07/28 21:55:46 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/07/28 18:46:56 | 000,241,159 | ---- | M] () -- C:\Users\Julio Reguero\Desktop\Issue_1b_AddToFavorites.jpg
[2010/07/28 18:44:28 | 000,229,988 | ---- | M] () -- C:\Users\Julio Reguero\Desktop\Issue_1a_AddToFavorites.jpg
[2010/07/28 17:59:38 | 000,273,542 | ---- | M] () -- C:\Users\Julio Reguero\Desktop\MVT Log.jpg
[2010/07/28 17:47:51 | 000,210,001 | ---- | M] () -- C:\Users\Julio Reguero\Desktop\MVT.jpg
[2010/07/28 17:34:34 | 000,203,407 | ---- | M] () -- C:\Users\Julio Reguero\Desktop\MCPR.jpg
[2010/07/28 17:19:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3610672647-2412968442-863455602-1000Core.job
[2010/07/28 16:36:21 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/07/28 14:42:21 | 062,698,084 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010/07/28 13:18:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/07/28 13:13:58 | 000,925,256 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/07/28 13:13:58 | 000,762,504 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/07/28 13:13:58 | 000,161,856 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/07/28 12:42:24 | 000,000,000 | ---- | M] () -- C:\Windows\System32\null
[2010/07/28 04:50:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/07/28 04:26:28 | 000,182,013 | ---- | M] () -- C:\Users\Julio Reguero\Desktop\Problem_2_IE_New_Window_Frozen.jpg
[2010/07/28 04:05:42 | 000,000,970 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SmartSVN 6.5 (background).lnk
[2010/07/28 04:05:42 | 000,000,924 | ---- | M] () -- C:\Users\Public\Desktop\SmartSVN 6.5.lnk
[2010/07/28 03:57:08 | 000,000,480 | ---- | M] () -- C:\Windows\tasks\SDMsgUpdate (SD).job
[2010/07/28 03:56:32 | 000,002,427 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Zenview Manager.lnk
[2010/07/28 03:56:00 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/07/28 03:55:42 | 3219,312,640 | -HS- | M] () -- C:\hiberfil.sys
[2010/07/28 03:52:54 | 000,524,288 | -HS- | M] () -- C:\Users\Julio Reguero\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtrans-ms
[2010/07/28 03:52:54 | 000,065,536 | -HS- | M] () -- C:\Users\Julio Reguero\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf
[2010/07/28 03:52:47 | 004,620,764 | -H-- | M] () -- C:\Users\Julio Reguero\AppData\Local\IconCache.db
[2010/07/28 02:52:49 | 000,000,020 | ---- | M] () -- C:\Windows\System32\SYSTEM
[2010/07/27 21:22:23 | 000,068,096 | ---- | M] () -- C:\Users\Julio Reguero\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/07/27 15:34:41 | 000,000,915 | ---- | M] () -- C:\Users\Julio Reguero\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/07/24 13:01:42 | 000,414,748 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/07/24 12:23:00 | 000,486,296 | ---- | M] () -- C:\Users\Julio Reguero\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/07/24 02:09:14 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2010/07/24 02:07:13 | 000,001,656 | ---- | M] () -- C:\Users\Julio Reguero\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Process Explorer.lnk
[2010/07/24 01:48:12 | 000,000,000 | ---- | M] () -- C:\Users\Julio Reguero\defogger_reenable
[2010/07/23 23:38:07 | 000,412,129 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100724-021240.backup
[2010/07/19 13:00:22 | 279,538,234 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/07/11 13:36:11 | 000,000,680 | ---- | M] () -- C:\Users\Julio Reguero\AppData\Local\d3d9caps.dat
[2010/07/03 11:54:29 | 000,001,680 | ---- | M] () -- C:\Windows\System32\esnecil.ind
[2010/06/25 23:51:46 | 000,001,000 | ---- | M] () -- C:\Users\Julio Reguero\Desktop\Adobe Premiere Elements 8 for Dummies.lnk
[2010/06/25 23:27:48 | 000,001,680 | ---- | M] () -- C:\Windows\System32\esnecil.nlp
[2010/06/25 23:27:48 | 000,000,329 | ---- | M] () -- C:\Windows\win.ini
[2010/06/25 23:27:39 | 000,000,040 | ---- | M] () -- C:\Windows\Crypkey.ini
[2010/06/25 22:36:04 | 000,486,296 | ---- | M] () -- C:\Windows\System32\GDIPFONTCACHEV1.DAT
[2010/06/25 21:49:31 | 002,648,480 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/06/25 19:18:39 | 000,000,000 | ---- | M] () -- C:\Windows\PhotoNow.INI
[2010/06/25 18:04:51 | 000,005,642 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys
[2010/06/25 18:03:44 | 000,000,008 | RHS- | M] () -- C:\ProgramData\115661B6FE.sys
[2010/06/23 16:55:13 | 000,001,068 | ---- | M] () -- C:\Users\Julio Reguero\Desktop\Liberation Revolution.lnk
[2010/06/22 09:30:43 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgtdix.sys
[2010/06/22 09:30:41 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
[2010/06/22 09:30:34 | 000,025,168 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\System32\drivers\AVGIDSvx.sys
[2010/06/22 09:30:31 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgldx86.sys
[2010/06/08 22:15:17 | 000,403,643 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20100723-233807.backup
[2010/06/01 09:38:53 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\drivers\avgmfx86.sys
[2010/05/28 09:12:39 | 000,001,014 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Camera Monitor HD.lnk
[2010/05/28 09:12:39 | 000,001,005 | ---- | M] () -- C:\Users\Julio Reguero\Desktop\Everio MediaBrowser HD Edition.lnk
[2010/05/18 17:58:24 | 001,085,440 | ---- | M] (MPC-HC Team) -- C:\Windows\System32\VSFilter.dll
[2010/05/12 14:10:46 | 000,002,075 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/05/05 14:19:56 | 000,050,688 | ---- | M] () -- C:\Windows\System32\ff_acm.acm
[2010/04/30 19:08:29 | 000,000,834 | ---- | M] () -- C:\Users\Public\Desktop\Balsamiq Mockups.lnk
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/28 18:46:56 | 000,241,159 | ---- | C] () -- C:\Users\Julio Reguero\Desktop\Issue_1b_AddToFavorites.jpg
[2010/07/28 18:44:28 | 000,229,988 | ---- | C] () -- C:\Users\Julio Reguero\Desktop\Issue_1a_AddToFavorites.jpg
[2010/07/28 17:59:38 | 000,273,542 | ---- | C] () -- C:\Users\Julio Reguero\Desktop\MVT Log.jpg
[2010/07/28 17:47:51 | 000,210,001 | ---- | C] () -- C:\Users\Julio Reguero\Desktop\MVT.jpg
[2010/07/28 17:34:34 | 000,203,407 | ---- | C] () -- C:\Users\Julio Reguero\Desktop\MCPR.jpg
[2010/07/28 04:26:28 | 000,182,013 | ---- | C] () -- C:\Users\Julio Reguero\Desktop\Problem_2_IE_New_Window_Frozen.jpg
[2010/07/28 04:05:42 | 000,000,970 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SmartSVN 6.5 (background).lnk
[2010/07/28 04:05:42 | 000,000,924 | ---- | C] () -- C:\Users\Public\Desktop\SmartSVN 6.5.lnk
[2010/07/28 02:52:49 | 000,000,020 | ---- | C] () -- C:\Windows\System32\SYSTEM
[2010/07/27 15:34:41 | 000,000,915 | ---- | C] () -- C:\Users\Julio Reguero\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/07/24 02:03:29 | 3219,312,640 | -HS- | C] () -- C:\hiberfil.sys
[2010/07/24 01:48:12 | 000,000,000 | ---- | C] () -- C:\Users\Julio Reguero\defogger_reenable
[2010/07/17 01:11:38 | 000,001,656 | ---- | C] () -- C:\Users\Julio Reguero\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Process Explorer.lnk
[2010/07/15 14:10:41 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2010/07/15 14:10:41 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2010/07/15 14:10:41 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2010/07/09 19:10:52 | 000,002,427 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Zenview Manager.lnk
[2010/06/25 23:51:46 | 000,001,000 | ---- | C] () -- C:\Users\Julio Reguero\Desktop\Adobe Premiere Elements 8 for Dummies.lnk
[2010/06/25 23:27:48 | 000,001,680 | ---- | C] () -- C:\Windows\System32\esnecil.nlp
[2010/06/25 23:27:48 | 000,001,680 | ---- | C] () -- C:\Windows\System32\esnecil.ind
[2010/06/25 23:27:39 | 000,000,040 | ---- | C] () -- C:\Windows\Crypkey.ini
[2010/06/25 23:26:45 | 000,028,518 | ---- | C] () -- C:\Windows\System32\Ckldrv.sys
[2010/06/25 23:26:45 | 000,027,648 | R--- | C] () -- C:\Windows\Setup_ck.exe
[2010/06/25 23:26:45 | 000,018,432 | ---- | C] () -- C:\Windows\Setup_ck.dll
[2010/06/25 23:26:45 | 000,011,776 | ---- | C] () -- C:\Windows\Ckrfresh.exe
[2010/06/25 19:18:39 | 000,000,000 | ---- | C] () -- C:\Windows\PhotoNow.INI
[2010/06/25 18:03:44 | 000,000,008 | RHS- | C] () -- C:\ProgramData\115661B6FE.sys
[2010/06/25 18:03:37 | 000,005,642 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/06/23 16:55:13 | 000,001,068 | ---- | C] () -- C:\Users\Julio Reguero\Desktop\Liberation Revolution.lnk
[2010/05/31 00:12:45 | 000,001,005 | ---- | C] () -- C:\Users\Julio Reguero\Desktop\Everio MediaBrowser HD Edition.lnk
[2010/05/28 03:23:30 | 000,001,014 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Camera Monitor HD.lnk
[2010/05/12 14:10:46 | 000,002,075 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2010/05/05 14:19:56 | 000,050,688 | ---- | C] () -- C:\Windows\System32\ff_acm.acm
[2010/02/18 15:32:46 | 000,000,072 | ---- | C] () -- C:\Windows\ANS2000.INI
[2010/02/18 15:32:46 | 000,000,020 | -H-- | C] () -- C:\Windows\akebook.ini
[2010/02/18 15:32:46 | 000,000,004 | -H-- | C] () -- C:\Windows\a3kebook.ini
[2009/10/02 08:26:06 | 000,667,648 | ---- | C] () -- C:\Windows\System32\FreeImage.dll
[2009/10/02 08:26:06 | 000,237,638 | ---- | C] () -- C:\Windows\System32\bahrurlib.dll
[2009/10/02 08:26:06 | 000,135,168 | ---- | C] () -- C:\Windows\System32\bahruriLIB.dll
[2009/08/16 10:08:36 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009/08/05 20:52:43 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009/08/05 20:52:18 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2009/08/03 12:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/11/17 08:41:36 | 000,000,095 | ---- | C] () -- C:\Windows\QBChanUtil_Trigger.ini
[2008/10/22 08:49:46 | 000,000,025 | ---- | C] () -- C:\Windows\SW_Win2146X32.DLL
[2008/10/22 08:48:09 | 000,002,549 | ---- | C] () -- C:\Windows\CD_SearchHistory.INI
[2008/10/22 08:42:18 | 000,024,576 | ---- | C] () -- C:\Windows\System32\setdllhostEnglishResourceDll.dll
[2008/09/01 13:07:58 | 000,509,208 | ---- | C] () -- C:\Windows\System32\ICCProfiles.dll
[2008/08/26 12:53:39 | 000,000,088 | RHS- | C] () -- C:\Windows\System32\115661B6FE.sys
[2008/08/26 12:43:27 | 000,002,672 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2008/07/21 00:01:41 | 000,000,037 | ---- | C] () -- C:\Windows\SWFConverter.INI
[2008/07/09 17:19:27 | 002,463,976 | ---- | C] () -- C:\Windows\System32\NPSWF32.dll
[2008/07/05 09:52:05 | 000,000,075 | ---- | C] () -- C:\Windows\cdplayer.ini
[2008/07/05 02:38:47 | 000,000,480 | ---- | C] () -- C:\Windows\my.ini
[2008/06/18 21:40:13 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008/06/01 00:13:10 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2008/02/28 12:30:08 | 000,008,784 | ---- | C] () -- C:\Windows\System32\ractrlkeyhook.dll
[2007/12/07 13:18:32 | 000,532,480 | ---- | C] () -- C:\Windows\System32\INT14PPP.dll
[2007/12/07 13:18:32 | 000,061,440 | ---- | C] () -- C:\Windows\System32\UTL10PPP.dll
[2007/04/24 10:22:02 | 000,274,432 | ---- | C] () -- C:\Windows\System32\MFT_anet.dll
[2007/02/22 08:17:50 | 000,000,071 | ---- | C] () -- C:\Windows\pn.ini
[2007/02/22 08:17:50 | 000,000,051 | ---- | C] () -- C:\Windows\pr.ini
[2006/11/02 00:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2000/08/29 10:01:02 | 000,077,824 | ---- | C] () -- C:\Windows\System32\libbz2.dll

========== LOP Check ==========

[2009/05/17 20:50:03 | 000,000,000 | -HSD | M] -- C:\Users\Julio Reguero\AppData\Roaming\.#
[2010/04/18 19:53:38 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\3B
[2008/07/09 02:41:26 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\ACD Systems
[2009/12/12 18:31:06 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\Amazon
[2009/03/14 19:42:46 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\Aptana
[2010/07/07 17:49:21 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\AVG9
[2009/09/17 23:31:19 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\BalsamiqMockupsForDesktop.EDE15CF69E11F7F7D45B5430C7D37CC6C3545E3C.1
[2010/01/15 02:41:09 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\Canon
[2010/05/23 22:11:01 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/06/17 22:05:35 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\com.ebay.sandimas.public-beta.AA1EEF5552BF52051F68E7EAF27E23FA6449A65C.1
[2009/03/07 08:49:53 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\ComcastToolbar
[2009/06/17 07:26:49 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\Cropper
[2009/08/09 00:06:49 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\DriverCure
[2010/02/17 22:05:19 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\EbkReader
[2008/09/26 13:37:18 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\eBookPro6
[2009/09/17 23:42:39 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\Evolus
[2010/07/28 14:48:17 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\FileZilla
[2010/07/23 03:46:45 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\Flickr
[2009/10/02 08:47:59 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\gtk-2.0
[2010/06/10 19:49:52 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\Leadertech
[2010/06/18 03:02:47 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\muvee Technologies
[2010/07/24 13:12:16 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\MySQL
[2008/11/08 09:41:07 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\Nitro PDF
[2010/07/20 13:24:05 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\Offline Explorer
[2008/07/13 21:13:07 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\Opera
[2008/07/04 13:56:08 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\PacificPoker
[2010/04/18 19:28:57 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\SecondLife
[2008/11/18 18:27:23 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\SmartDraw
[2008/11/09 13:58:51 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\Smilebox
[2010/01/10 00:31:50 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\Software Informer
[2008/11/17 02:33:40 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\Subversion
[2009/10/06 20:43:28 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\syntevo
[2010/06/25 18:01:51 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\Ulead Systems
[2009/08/07 09:19:35 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\Uniblue
[2010/06/25 21:20:46 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\uTorrent
[2010/06/06 00:16:37 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\VistaCodecs
[2008/07/28 17:13:14 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\Webview
[2009/04/19 19:14:16 | 000,000,000 | ---D | M] -- C:\Users\Julio Reguero\AppData\Roaming\Windows Live Writer
[2010/07/28 03:53:01 | 000,032,642 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/07/28 03:57:08 | 000,000,480 | ---- | M] () -- C:\Windows\Tasks\SDMsgUpdate (SD).job
[2010/07/28 22:34:58 | 000,000,438 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{8046DC5F-4FFC-48C2-9711-C770DBDA2FE8}.job

========== Purity Check ==========


< End of report >


#11 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:29 AM

Posted 29 July 2010 - 05:58 PM

Try this to repair IE8:

http://support.microsoft.com/kb/318378

Please post back and let me know if it worked or if you still have the same issues.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#12 Tonyto

Tonyto
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 29 July 2010 - 11:27 PM

Hi,

After running the IE Performance Tool from the link you provide me, the IE browser is doing much better. I also disable a few more add-ons that were curently loaded and using a lot of load time in the IE browser. So far I have not experience the issues I mentioned in my last reply. Below is the detection and solutions details.

Issues found
One or more add-ons were detected and may slow down Internet Explorer startup and tab creation. Fixed
Disable add-ons that slow down Internet Explorer startup and tab creation -- Succeeded

Data Execution Prevention (DEP) in Internet Explorer is disabled which may leave the computer vulnerable to remote code execution threats. Fixed
Enable Data Execution Prevention -- Succeeded

Security settings are not set to the recommended levels which may leave the computer vulnerable to security threats. Fixed
Reset Security settings -- Succeeded

The Smartscreen Filter is disabled which may leave the computer vulnerable to phishing threats. Fixed
Enable Smartscreen Filter -- Succeeded

Thanks again for everything, thumbup.gif

Tonyto

#13 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:29 AM

Posted 30 July 2010 - 04:57 PM

Hello, Tonyto.

OK, one last thing I want to look for. Please run this..it will only take a minute. If this is clean, we'll clean up.

Please download MBRCheck by ad_13 and save it to your desktop.

Double-click to run. A window will pop up. If it says 'non-standard' or 'infected' MBR code detected, please type 3 for Exit for now and press Enter.

It will save a logfile on your desktop that starts with MBR, then has the date, etc. Please copy and paste the contents of that log in your reply.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#14 Tonyto

Tonyto
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:29 AM

Posted 31 July 2010 - 03:36 PM

Hi, this is the log:

MBRCheck, version 1.1.1

© 2010, AD



\\.\C: --> \\.\PhysicalDrive0

\\.\D: --> \\.\PhysicalDrive0

\\.\H: --> \\.\PhysicalDrive1



Size Device Name MBR Status

--------------------------------------------

232 GB \\.\PhysicalDrive0 Windows Vista MBR code detected

232 GB \\.\PhysicalDrive1 Error reading raw MBR!





Done! Press ENTER to exit...

#15 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:29 AM

Posted 31 July 2010 - 04:49 PM

Hello, Tonyto.

OK, good to go!


Ok, good news. Your log appears clean. Let's clean up our mess. If your computer is running well; please do the steps listed below. At the end, I've also listed a few completely optional things you can do to further secure your computer. Safe surfing!



Step 1

Next, we need to remove the other tools we have used.
  • Please download OTC by OldTimer and save it to you desktop
  • If that link doesn't work, try this one.
  • Doubleclick the icon to start the program.
  • Then, click the big button.
  • You will get a prompt saying Begin Cleanup Process. Click Yes.
  • Restart your computer when prompted.



Step 2

We need to purge your system restore so malware is not accidently restored. First, let's create a new restore point.
  1. Go to Start and type in SystemsPropertiesProtection and run that program.
  2. Select the System Protection tab.
  3. Press Create.
  4. Give the restore point a name and press create.
  5. You'll see it work, then say that it was created sucessfully.


Now, we need to remove the old, infected points using DiskCleanup.
  1. Click on Start --> My Computer
  2. Right-click on C: and select Properties.
  3. Click on Disk Cleanup.
  4. Double-click Files from all users on this computer.
  5. Click on More Options tab and press Clean Up... under System Restore and Shadow Copies.
  6. Click OK.
  7. You'll get a couple of prompts asking if you're sure you want do to this, select Yes for them.
  8. Disk cleanup will remove those restore points and close itself.

Optional Items

Please take the time to read below to secure your machine and take the necessary steps to keep it that way.


System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance. If you are running Windows Vista or Windows 7, please right-click on the icon, and select "Run As Administrator"; otherwise it won't work.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware

Protect yourself from malicious sites

The HOSTS file can protect you from connecting to bad sites. See The Hosts File and what it can do for you for more background.

Please download HostMan. It safeguards you with a regularly updated Hosts-file that blocks dangerous sites from opening. This adds another bit of safety while surfing the Internet. For installlation and setting up, follow these steps:
  1. Double-click the Downloaded installer and install the tool to a location of your choice
  2. Via the Startmenu, navigate to HostsMan and run the program.
    1. Click "Hosts" in the menu
    2. Click "Manage Updates" in the submenu
    3. Out of the three, select atleast one of the three (I have MVPS Host as my main one)
    4. Click "Add Update." After that you will only need to click on the following button to retrieve updates:
  3. Click the X to exit the program.
  4. Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.


Keep Windows Up to Date
It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.



Update your AntiVirus Software

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Use a Firewall

I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

For a tutorial on Firewalls and a listing of some available ones see the link below:

Understanding and Using Firewalls

Install an AntiSpyware Program

A highly recommended AntiSpyware program isMalwarebytes Anti-Malware. You can download the free version..

Installing this program will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.

Update all these programs regularly
Make sure you update all your programs regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

Good luck!

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users