Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

found win32:alureon-cm virus

Started by raybak , Aug 19 2009 04:32 PM

  • Please log in to reply

#1
raybak
Posted 19 August 2009 - 04:32 PM

raybak

    Member

  • Member
  • PipPip
  • 10 posts
Hello, I ran avast anitvirus and found win32:alureon-cm virus, i tried to clean it but it didn't work.
  • 0

Advertisements

#2
kahdah
Posted 19 August 2009 - 04:44 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello raybak

Welcome to G2Go. :)
=====================
  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt. These are saved in the same location as OTListIt2.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
===========
Download This file. Note its name and save it to your root folder, such as C:\.

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security program drivers will not conflict with this file.
  • Click on this link to see a list of programs that should be disabled.
  • Double-click on the downloaded file to start the program. (If running Vista, right click on it and select "Run as an Administrator")
  • Allow the driver to load if asked.
  • You may be prompted to scan immediately if it detects rootkit activity.
  • If you are prompted to scan your system click "Yes" to begin the scan.
  • If not prompted, click the "Rootkit/Malware" tab.
  • On the right-side, all items to be scanned should be checked by default except for "Show All". Leave that box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click the Scan button to begin. (Please be patient as it can take some time to complete)
  • When the scan is finished, click Save to save the scan results to your Desktop.
  • Save the file as Results.log and copy/paste the contents in your next reply.
  • Exit the program and re-enable all active protection when done.

  • 0

#3
raybak
Posted 19 August 2009 - 09:17 PM

raybak

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
OTL logfile created on: 19/08/2009 10:16:59 PM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Users\mauro\Pictures\Desktop\Desktop\Desktop\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18813)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.68 Gb Available Physical Memory | 83.91% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.37 Gb Total Space | 189.27 Gb Free Space | 65.64% Space Free | Partition Type: NTFS
Drive D: | 9.72 Gb Total Space | 5.59 Gb Free Space | 57.53% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MAURO-PC
Current User Name: mauro
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation)
PRC - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE ()
PRC - C:\Program Files\iolo\common\lib\ioloServiceManager.exe ()
PRC - C:\Windows\System32\PnkBstrA.exe ()
PRC - C:\Windows\System32\PnkBstrB.exe ()
PRC - C:\Windows\System32\WUDFHost.exe (Microsoft Corporation)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\WINDOWS\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\WINDOWS\zHotkey.exe ()
PRC - C:\WINDOWS\ModPS2Key.exe (Chicony)
PRC - C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe (Nuance Communications, Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Users\mauro\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
PRC - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\ehome\ehmsas.exe (Microsoft Corporation)
PRC - C:\Users\mauro\AppData\Local\Google\Update\1.2.183.7\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe ()
PRC - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe (Google Inc.)
PRC - C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Users\mauro\Pictures\Desktop\Desktop\Desktop\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (aawservice [Auto | Running]) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SRV - (AgereModemAudio [Auto | Running]) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (AntiVirSchedulerService [Auto | Running]) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (AntiVirService [Auto | Running]) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (aswUpdSv [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (avast! Antivirus [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ehRecvr [On_Demand | Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [On_Demand | Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (ehstart [Auto | Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (Eventlog [Auto | Running]) -- C:\Windows\System32\wevtsvc.dll (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (fsssvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (GoogleDesktopManager-061008-081103 [On_Demand | Stopped]) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (gusvc [Auto | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Running]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (IJPLMSVC [Auto | Running]) -- C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE ()
SRV - (ioloFileInfoList [Auto | Running]) -- C:\Program Files\iolo\common\lib\ioloServiceManager.exe ()
SRV - (ioloSystemService [Auto | Running]) -- C:\Program Files\iolo\common\lib\ioloServiceManager.exe ()
SRV - (Net Driver HPZ12 [Auto | Running]) -- C:\Windows\System32\HPZinw12.dll (Hewlett-Packard)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (npggsvc [On_Demand | Stopped]) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (nvsvc [Auto | Running]) -- C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Pml Driver HPZ12 [Auto | Running]) -- C:\Windows\System32\HPZipm12.dll (Hewlett-Packard)
SRV - (PnkBstrA [Auto | Running]) -- C:\Windows\System32\PnkBstrA.exe ()
SRV - (PnkBstrB [Auto | Running]) -- C:\Windows\System32\PnkBstrB.exe ()
SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (WLSetupSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [Auto | Running]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (ac97intc [On_Demand | Stopped]) -- C:\Windows\System32\drivers\ac97intc.sys (Intel Corporation)
DRV - (adp94xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (adpahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (adpu160m [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (adpu320 [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (AgereSoftModem [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\AGRSM.sys (Agere Systems)
DRV - (aic78xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (aliide [Disabled | Stopped]) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (arc [Disabled | Stopped]) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (arcsas [Disabled | Stopped]) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (aswFsBlk [Auto | Running]) -- C:\Windows\System32\DRIVERS\aswFsBlk.sys (ALWIL Software)
DRV - (aswMonFlt [Auto | Running]) -- C:\Windows\System32\DRIVERS\aswMonFlt.sys (ALWIL Software)
DRV - (aswRdr [System | Running]) -- C:\Windows\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswSP [System | Running]) -- C:\Windows\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswTdi [System | Running]) -- C:\Windows\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (avgio [System | Running]) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (avgntflt [Auto | Running]) -- C:\Windows\System32\DRIVERS\avgntflt.sys (Avira GmbH)
DRV - (avipbb [System | Running]) -- C:\Windows\System32\DRIVERS\avipbb.sys (Avira GmbH)
DRV - (bcm4sbxp [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\bcm4sbxp.sys (Broadcom Corporation)
DRV - (BrFiltLo [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (Brserid [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrSerWdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (cmdide [Disabled | Stopped]) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (E1G60 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\E1G60I32.sys (Intel Corporation)
DRV - (ElRawDisk [System | Running]) -- C:\Windows\System32\drivers\elrawdsk.sys (EldoS Corporation)
DRV - (elxstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (FileDisk [System | Running]) -- C:\Windows\System32\drivers\filedisk.sys (iolo technologies, LLC (based on original work by Bo Brantén))
DRV - (fssfltr [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\fssfltr.sys (Microsoft Corporation)
DRV - (HpCISSs [Disabled | Stopped]) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (ialm [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (iaStorV [Disabled | Stopped]) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (iirsp [Disabled | Stopped]) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (iteatapi [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (iteraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (LSI_FC [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (LSI_SAS [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (LSI_SCSI [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LVUSBSta [On_Demand | Stopped]) -- C:\Windows\System32\drivers\lvusbsta.sys ()
DRV - (megasas [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (motmodem [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\motmodem.sys (Motorola)
DRV - (Mraid35x [Disabled | Stopped]) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (NETw2v32 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\NETw2v32.sys (Intel® Corporation)
DRV - (nfrd960 [Disabled | Stopped]) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (NPPTNT2 [On_Demand | Stopped]) -- C:\Windows\System32\npptNT2.sys (INCA Internet Co., Ltd.)
DRV - (ntrigdigi [Disabled | Stopped]) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (nvlddmkm [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\nvlddmkm.sys (NVIDIA Corporation)
DRV - (nvraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor [Boot | Running]) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (nvstor32 [Boot | Running]) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (PnkBstrK [On_Demand | Stopped]) -- C:\Windows\System32\drivers\PnkBstrK.sys ()
DRV - (QCMerced [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\LVCM.sys ()
DRV - (ql2300 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (ql40xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\Windows\System32\drivers\SECDRV.SYS ()
DRV - (SiSRaid2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (SiSRaid4 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (ssmdrv [System | Running]) -- C:\Windows\System32\DRIVERS\ssmdrv.sys (Avira GmbH)
DRV - (Symc8xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_hi [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Sym_u3 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (uliahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (UlSata [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (ulsata2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\Windows\System32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (viaide [Disabled | Stopped]) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (vsmraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (yukonwlh [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\yk60x86.sys (Marvell)

========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.c...h...TP&M=GT5432
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.c...h...TP&M=GT5432
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SE...S01?FORM=TOOLBR
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,AutoSearch = http://ie.search.msn...autosearch.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "MyWebSearch"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..keyword.URL: "http://www.mywebsear...kwd&searchfor="

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/25 01:18:23 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/06/10 22:19:12 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/06/10 22:19:23 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5\extensions\\Components: C:\Program Files\Mozilla Firefox 3.1 Beta 3\components [2009/08/06 19:28:29 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox 3.1 Beta 3\plugins [2009/08/02 09:32:38 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.19\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/06/10 22:19:13 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.19\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2009/06/10 22:19:23 | 00,000,000 | ---D | M]

[2009/03/25 23:30:11 | 00,000,000 | ---D | M] -- C:\Users\mauro\AppData\Roaming\mozilla\Extensions
[2008/08/27 11:24:22 | 00,000,000 | ---D | M] -- C:\Users\mauro\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/03/25 23:30:11 | 00,000,000 | ---D | M] -- C:\Users\mauro\AppData\Roaming\mozilla\Extensions\[email protected]
[2009/05/21 13:22:24 | 00,000,000 | ---D | M] -- C:\Users\mauro\AppData\Roaming\mozilla\Firefox\Profiles\nz1y40uz.default\extensions
[2009/03/03 01:28:38 | 00,000,000 | ---D | M] -- C:\Users\mauro\AppData\Roaming\mozilla\Firefox\Profiles\nz1y40uz.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}
[2009/08/14 11:00:13 | 00,000,000 | ---D | M] -- C:\Users\mauro\AppData\Roaming\mozilla\Firefox\Profiles\nz1y40uz.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2008/11/16 13:36:18 | 00,000,000 | ---D | M] -- C:\Users\mauro\AppData\Roaming\mozilla\Firefox\Profiles\nz1y40uz.default\extensions\[email protected]
[2009/02/07 13:25:43 | 00,000,000 | ---D | M] -- C:\Users\mauro\AppData\Roaming\mozilla\Firefox\Profiles\nz1y40uz.default\extensions\[email protected]
[2008/10/25 01:15:02 | 00,000,000 | ---D | M] -- C:\Users\mauro\AppData\Roaming\mozilla\Firefox\Profiles\nz1y40uz.default\extensions\[email protected]
[2008/11/04 13:45:49 | 00,000,000 | ---D | M] -- C:\Users\mauro\AppData\Roaming\mozilla\Firefox\Profiles\nz1y40uz.default\extensions\[email protected]
[2008/11/05 01:02:29 | 00,000,000 | ---D | M] -- C:\Users\mauro\AppData\Roaming\mozilla\Firefox\Profiles\nz1y40uz.default\extensions\[email protected]
[2009/03/03 01:28:38 | 00,000,000 | ---D | M] -- C:\Users\mauro\AppData\Roaming\mozilla\Firefox\Profiles\nz1y40uz.default\extensions\staged-xpis
[2009/08/17 22:05:39 | 00,000,946 | ---- | M] () -- C:\Users\mauro\AppData\Roaming\Mozilla\FireFox\Profiles\nz1y40uz.default\searchplugins\merriam-webster-dictionary.xml
[2009/06/11 16:49:04 | 00,009,941 | ---- | M] () -- C:\Users\mauro\AppData\Roaming\Mozilla\FireFox\Profiles\nz1y40uz.default\searchplugins\mywebsearch.xml
[2008/10/09 08:19:32 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/03/25 23:27:56 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/06/19 00:05:02 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
[2008/06/18 23:54:02 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
[2008/07/23 15:59:27 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/03/25 23:27:54 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/03/25 23:27:54 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/08/01 14:55:49 | 00,122,880 | ---- | M] (Google) -- C:\Program Files\mozilla firefox\components\GoogleDesktopMozilla.dll
[2007/04/10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2008/09/03 20:11:24 | 00,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2008/07/23 12:47:22 | 01,335,600 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2008/07/23 12:47:46 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2007/12/19 08:57:38 | 00,310,272 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
[2009/03/25 23:27:55 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2006/10/26 23:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2008/12/28 01:47:08 | 00,239,432 | ---- | M] (Pando Networks) -- C:\Program Files\mozilla firefox\plugins\npPandoWebInst.dll
[2007/05/10 23:52:34 | 00,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2008/07/03 19:05:28 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2008/07/03 19:05:28 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2008/07/03 19:05:28 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2008/07/03 19:05:29 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2008/07/03 19:05:29 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2008/07/03 19:05:29 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2008/07/03 19:05:29 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2006/07/31 16:07:16 | 00,098,304 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll
[2008/09/24 21:21:16 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/09/24 21:21:16 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/09/24 21:21:16 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/11/18 09:53:07 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/09/24 21:21:16 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/09/24 21:21:16 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/09/24 21:21:16 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (1108 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (no name) - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CHotkey] C:\Windows\zHotkey.exe ()
O4 - HKLM..\Run: [iolo Startup] C:\Program Files\iolo\Common\Lib\ioloLManager.exe (iolo technologies, LLC)
O4 - HKLM..\Run: [ModPS2] C:\Windows\ModPS2Key.exe (Chicony)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ShowWnd] C:\Windows\ShowWnd.exe ()
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Users\mauro\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Google Update] C:\Users\mauro\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8 - Extra context menu item: &Search - File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Key error. File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support....veX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Reg Error: Key error.)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} http://ipgweb.cce.hp...ads/sysinfo.cab (Reg Error: Key error.)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebo...toUploader3.cab (Reg Error: Key error.)
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.h...ctDetection.cab (Reg Error: Key error.)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} http://support.gatew...rvest/gwCID.CAB (compid Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zon...ro.cab56649.cab (Reg Error: Key error.)
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} http://messenger.zon...ot.cab57213.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.1_01)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: CabBuilder http://kiw.imgag.com...llerControl.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/octet-stream - Reg Error: Value error. File not found
O18 - Protocol\Filter: - application/x-complus - Reg Error: Value error. File not found
O18 - Protocol\Filter: - application/x-msdownload - Reg Error: Value error. File not found
O18 - Protocol\Filter: - deflate - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1ad598e8-23a4-11de-ba02-001921facca5}\Shell\AutoRun\command - "" = C:\Windows\System32\Shell32.DLL -- [2009/04/11 02:28:24 | 11,584,000 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{e942da34-236f-11de-9983-001921facca5}\Shell\AutoRun - "" = Autorun
O33 - MountPoints2\{e942da34-236f-11de-9983-001921facca5}\Shell\AutoRun\command - "" = C:\Windows\System32\Shell32.DLL -- [2009/04/11 02:28:24 | 11,584,000 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{e942da37-236f-11de-9983-001921facca5}\Shell - "" = AutoRun
O33 - MountPoints2\{e942da37-236f-11de-9983-001921facca5}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[2009/08/19 22:12:49 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Users\mauro\Pictures\Desktop\Desktop\Desktop\Desktop\OTL.exe
[2009/08/19 14:50:21 | 00,145,719 | ---- | C] () -- C:\Users\mauro\Pictures\Desktop\Desktop\Desktop\Desktop\error message installing windows installer vlean up utility.odt
[2009/08/19 14:42:40 | 05,695,766 | ---- | C] () -- C:\Users\mauro\Pictures\Desktop\Desktop\Desktop\Desktop\setupxv.exe
[2009/08/19 13:15:31 | 00,000,000 | ---D | C] -- C:\ProgramData\{EF63305C-BAD7-4144-9208-D65528260864}
[2009/08/17 12:33:35 | 00,001,612 | ---- | C] () -- C:\Users\mauro\Pictures\Desktop\Desktop\Desktop\Desktop\WolfTeam.lnk
[2009/08/17 09:58:43 | 00,001,905 | ---- | C] () -- C:\Windows\diagwrn.xml
[2009/08/17 09:58:43 | 00,001,905 | ---- | C] () -- C:\Windows\diagerr.xml
[2009/08/14 10:29:22 | 00,000,000 | ---D | C] -- C:\285596cc09e4525adb
[2009/08/14 09:45:25 | 00,000,000 | ---D | C] -- C:\1bec936215dfeae0d23ffc63
[2009/08/13 20:03:50 | 00,499,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kerberos.dll
[2009/08/13 20:03:50 | 00,213,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msv1_0.dll
[2009/08/13 20:03:50 | 00,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdigest.dll
[2009/08/13 20:03:49 | 01,256,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2009/08/13 20:03:49 | 00,270,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schannel.dll
[2009/08/13 20:03:48 | 00,439,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ksecdd.sys
[2009/08/13 20:03:47 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll
[2009/08/13 20:03:47 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe
[2009/08/13 18:13:20 | 00,093,024 | ---- | C] (iolo technologies, LLC) -- C:\Windows\System32\IncContxMenu.dll
[2009/08/12 11:09:21 | 00,000,000 | -H-D | C] -- C:\ProgramData\{EFE627F2-85B4-425A-99CB-4FF4189D5429}
[2009/08/12 11:04:56 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\atl.dll
[2009/08/12 11:04:47 | 00,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wkssvc.dll
[2009/08/12 11:04:40 | 02,066,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstscax.dll
[2009/08/12 11:04:31 | 00,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2009/08/12 11:04:26 | 10,626,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmp.dll
[2009/08/12 11:04:25 | 00,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpdxm.dll
[2009/08/12 11:04:24 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2009/08/12 11:04:24 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2009/08/12 11:04:24 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2009/08/12 11:04:23 | 08,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2009/08/12 11:04:23 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
[2009/08/12 11:04:23 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
[2009/08/10 02:06:45 | 00,721,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB40032.DLL
[2009/08/10 02:06:45 | 00,001,713 | ---- | C] () -- C:\Users\Public\Desktop\Wake up News.lnk
[2009/08/10 02:06:44 | 00,000,000 | ---D | C] -- C:\Program Files\Wake up News
[2009/08/08 22:57:30 | 00,000,000 | ---D | C] -- C:\Windows\System32\ErrorLogs
[2009/08/08 16:42:14 | 00,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2009/08/08 16:42:14 | 00,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2009/08/08 16:42:13 | 00,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2009/08/07 20:58:28 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2009/08/07 20:41:20 | 00,000,091 | ---- | C] () -- C:\Windows\System32\SKYNETpevihybr.dat
[2009/08/07 20:39:16 | 00,019,968 | ---- | C] () -- C:\Windows\System32\SKYNETbtrurwii.dll
[2009/08/07 20:37:32 | 00,044,032 | ---- | C] () -- C:\Windows\System32\SKYNETowdqmtep.dll
[2009/08/07 20:37:32 | 00,003,166 | ---- | C] () -- C:\Windows\System32\SKYNETgfjouohq.dat
[2009/08/07 14:06:35 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/08/07 14:06:35 | 00,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2009/08/07 14:06:34 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/08/07 14:06:34 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2009/08/07 14:06:34 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2009/08/07 14:06:34 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/08/07 14:06:33 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2009/08/07 14:06:33 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2009/08/07 14:06:33 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2009/08/07 14:06:32 | 00,915,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/08/07 14:06:32 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2009/08/07 14:06:32 | 00,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2009/08/07 14:06:32 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2009/08/07 14:06:31 | 01,985,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/08/07 14:06:31 | 01,208,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/08/07 14:06:31 | 00,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/08/07 14:06:31 | 00,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/08/07 14:06:31 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2009/08/07 14:06:30 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2009/08/07 14:06:29 | 11,067,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/08/07 14:06:28 | 05,937,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/08/07 14:04:46 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2009/08/07 14:04:46 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll
[2009/08/07 14:04:46 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardie.dll
[2009/08/07 14:04:46 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2009/08/07 14:04:45 | 00,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2009/08/07 14:04:45 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2009/08/07 14:04:45 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tdc.ocx
[2009/08/07 14:04:45 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll
[2009/08/07 14:04:44 | 00,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2009/08/07 14:04:44 | 00,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2009/08/07 14:04:44 | 00,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2009/08/07 14:04:43 | 00,236,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webcheck.dll
[2009/08/07 14:04:43 | 00,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2009/08/07 14:04:43 | 00,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe
[2009/08/07 14:04:43 | 00,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2009/08/07 14:04:43 | 00,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2009/08/07 14:04:43 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2009/08/07 14:04:43 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2009/08/07 14:04:43 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2009/08/07 14:04:42 | 00,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009/08/07 14:04:42 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\advpack.dll
[2009/08/07 14:04:42 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2009/08/07 14:04:41 | 00,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2009/08/07 14:04:40 | 00,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2009/08/07 14:04:40 | 00,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2009/08/07 14:04:40 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2009/08/07 14:04:39 | 00,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2009/08/07 14:04:39 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshta.exe
[2009/08/07 14:04:38 | 03,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2009/08/07 14:04:38 | 00,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2009/08/07 14:04:38 | 00,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe
[2009/08/07 14:04:38 | 00,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2009/08/07 14:04:38 | 00,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2009/08/07 14:04:38 | 00,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetDepNx.exe
[2009/08/07 00:54:55 | 00,001,005 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.1.lnk
[2009/08/07 00:53:59 | 00,000,000 | ---D | C] -- C:\Program Files\JRE
[2009/08/07 00:45:19 | 00,148,888 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2009/08/07 00:45:19 | 00,144,792 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2009/08/07 00:45:19 | 00,144,792 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2009/08/07 00:43:20 | 00,000,000 | ---D | C] -- C:\Users\mauro\Pictures\Desktop\Desktop\Desktop\Desktop\OpenOffice.org 3.1 (en-US) Installation Files
[2009/08/07 00:43:05 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\sun
[2009/08/07 00:38:49 | 15,525,5392 | ---- | C] () -- C:\Users\mauro\Pictures\Desktop\Desktop\Desktop\Desktop\OOo_3.1.0_Win32Intel_install_wJRE_en-US.exe
[2009/08/06 18:30:08 | 00,000,000 | -H-D | C] -- C:\ProgramData\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}
[2009/08/01 21:29:45 | 00,028,085 | ---- | C] () -- C:\Users\mauro\Documents\sandra varios 3.p2g
[2009/06/06 12:00:08 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/02/03 23:02:07 | 00,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/02/03 00:21:08 | 00,017,920 | ---- | C] () -- C:\Windows\System32\Implode.dll
[2009/01/08 18:10:36 | 00,000,412 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2008/12/11 13:13:13 | 00,138,944 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2008/10/11 19:37:11 | 00,000,271 | ---- | C] () -- C:\Windows\SysMech.INI
[2008/07/23 22:35:54 | 00,081,920 | ---- | C] () -- C:\Windows\System32\pdfxp.dll
[2008/07/23 12:50:52 | 03,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/07/23 12:47:34 | 00,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008/07/23 12:47:34 | 00,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest
[2008/07/23 12:46:38 | 00,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008/04/27 12:29:03 | 00,000,039 | ---- | C] () -- C:\Windows\WININIT.INI
[2008/04/22 02:43:14 | 00,059,392 | R--- | C] () -- C:\Windows\System32\streamhlp.dll
[2008/03/12 22:00:29 | 00,000,804 | ---- | C] () -- C:\Windows\_delis32.ini
[2008/03/09 17:02:43 | 00,000,420 | ---- | C] () -- C:\Windows\Disney.ini
[2008/02/03 14:50:04 | 02,102,112 | ---- | C] () -- C:\Windows\System32\Incinerator.dll
[2008/02/03 14:46:21 | 00,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dll
[2008/02/01 18:13:42 | 00,000,063 | ---- | C] () -- C:\Windows\SIERRA.INI
[2008/02/01 18:12:05 | 00,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2008/02/01 18:12:05 | 00,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2008/02/01 18:12:05 | 00,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2008/01/21 16:15:56 | 00,471,232 | ---- | C] () -- C:\Windows\System32\drivers\lvcm.sys
[2008/01/21 16:15:56 | 00,019,968 | ---- | C] () -- C:\Windows\System32\drivers\LVUSBSta.sys
[2008/01/21 16:15:56 | 00,005,993 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2007/10/16 14:38:54 | 00,532,544 | ---- | C] () -- C:\Windows\PIC.dll
[2007/10/16 14:38:54 | 00,024,576 | ---- | C] () -- C:\Windows\HKNTDLL.dll
[2006/11/22 17:16:18 | 00,003,612 | ---- | C] () -- C:\Windows\ReaderString.ini
[2006/11/21 13:50:06 | 00,000,037 | ---- | C] () -- C:\Windows\sunkist.ini
[2006/11/02 08:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:23:31 | 00,000,244 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 06:23:31 | 00,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 03:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/05/20 14:44:46 | 00,051,392 | ---- | C] () -- C:\Windows\System32\drivers\atnt40k.sys
[2000/09/19 20:55:00 | 00,011,616 | R--- | C] () -- C:\Windows\System32\drivers\secdrv.sys
[1999/01/27 13:39:06 | 00,065,024 | ---- | C] () -- C:\Windows\System32\indounin.dll
[1997/06/13 21:56:08 | 00,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll

========== Files - Modified Within 30 Days ==========

[1 C:\Windows\*.tmp files]
[2009/08/19 22:15:00 | 00,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{006AEA10-C742-4895-9373-E785D26F90E0}.job
[2009/08/19 22:12:53 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Users\mauro\Pictures\Desktop\Desktop\Desktop\Desktop\OTL.exe
[2009/08/19 21:53:44 | 00,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/08/19 21:53:44 | 00,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/08/19 21:51:00 | 00,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4262586629-2059968801-1201914785-1000UA.job
[2009/08/19 21:51:00 | 00,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4262586629-2059968801-1201914785-1000Core.job
[2009/08/19 17:59:57 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/08/19 17:59:57 | 00,599,942 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/08/19 17:59:57 | 00,105,448 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/08/19 17:56:21 | 00,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2009/08/19 17:53:53 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/08/19 17:53:43 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/08/19 17:53:20 | 30,854,26688 | -HS- | M] () -- C:\hiberfil.sys
[2009/08/19 14:53:29 | 02,636,171 | -H-- | M] () -- C:\Users\mauro\AppData\Local\IconCache.db
[2009/08/19 14:50:23 | 00,145,719 | ---- | M] () -- C:\Users\mauro\Pictures\Desktop\Desktop\Desktop\Desktop\error message installing windows installer vlean up utility.odt
[2009/08/19 14:42:42 | 05,695,766 | ---- | M] () -- C:\Users\mauro\Pictures\Desktop\Desktop\Desktop\Desktop\setupxv.exe
[2009/08/17 12:33:35 | 00,001,612 | ---- | M] () -- C:\Users\mauro\Pictures\Desktop\Desktop\Desktop\Desktop\WolfTeam.lnk
[2009/08/17 10:27:22 | 00,001,905 | ---- | M] () -- C:\Windows\diagwrn.xml
[2009/08/17 10:27:22 | 00,001,905 | ---- | M] () -- C:\Windows\diagerr.xml
[2009/08/13 19:14:05 | 00,319,272 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/08/13 18:24:09 | 00,076,488 | ---- | M] () -- C:\Users\mauro\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/08/13 18:13:21 | 00,000,972 | ---- | M] () -- C:\Users\mauro\Pictures\Desktop\Desktop\Desktop\Desktop\System Mechanic.lnk
[2009/08/12 11:48:36 | 00,001,701 | ---- | M] () -- C:\Users\mauro\Pictures\Desktop\Desktop\Desktop\Desktop\CCleaner.lnk
[2009/08/10 02:22:17 | 00,001,713 | ---- | M] () -- C:\Users\Public\Desktop\Wake up News.lnk
[2009/08/08 15:56:26 | 00,000,244 | ---- | M] () -- C:\Windows\win.ini
[2009/08/08 09:13:03 | 00,003,166 | ---- | M] () -- C:\Windows\System32\SKYNETgfjouohq.dat
[2009/08/07 20:41:20 | 00,000,091 | ---- | M] () -- C:\Windows\System32\SKYNETpevihybr.dat
[2009/08/07 20:39:16 | 00,019,968 | ---- | M] () -- C:\Windows\System32\SKYNETbtrurwii.dll
[2009/08/07 20:37:32 | 00,044,032 | ---- | M] () -- C:\Windows\System32\SKYNETowdqmtep.dll
[2009/08/07 00:54:55 | 00,001,005 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.1.lnk
[2009/08/07 00:41:56 | 15,525,5392 | ---- | M] () -- C:\Users\mauro\Pictures\Desktop\Desktop\Desktop\Desktop\OOo_3.1.0_Win32Intel_install_wJRE_en-US.exe
[2009/08/05 22:13:30 | 00,055,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2009/08/03 19:09:21 | 00,115,712 | ---- | M] () -- C:\Users\mauro\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/01 21:29:45 | 00,028,085 | ---- | M] () -- C:\Users\mauro\Documents\sandra varios 3.p2g
[2009/07/29 20:49:14 | 24,281,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe
[2009/07/29 16:05:54 | 00,093,024 | ---- | M] (iolo technologies, LLC) -- C:\Windows\System32\IncContxMenu.dll
[2009/07/29 16:05:48 | 02,102,112 | ---- | M] () -- C:\Windows\System32\Incinerator.dll
[2009/07/21 17:52:28 | 00,915,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/07/21 17:52:13 | 01,208,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/07/21 17:50:46 | 00,206,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2009/07/21 17:48:31 | 05,937,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/07/21 17:48:27 | 00,594,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/07/21 17:48:27 | 00,055,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2009/07/21 17:47:47 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/07/21 17:47:41 | 01,469,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2009/07/21 17:47:28 | 00,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2009/07/21 17:47:28 | 00,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2009/07/21 17:47:27 | 01,985,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/07/21 17:47:27 | 00,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2009/07/21 17:47:26 | 11,067,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/07/21 17:47:26 | 00,184,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2009/07/21 17:47:26 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2009/07/21 17:47:21 | 00,386,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/07/21 16:13:58 | 00,133,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/07/21 16:13:51 | 00,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2009/07/21 16:13:15 | 00,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2009/07/21 16:12:49 | 01,638,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/07/21 14:31:43 | 00,057,667 | ---- | M] () -- C:\Windows\System32\ieuinit.inf

========== LOP Check ==========

[2009/08/12 11:16:17 | 00,000,000 | ---D | M] -- C:\Users\mauro\AppData\Roaming
[2008/02/01 21:11:31 | 00,000,000 | ---D | M] -- C:\Users\mauro\AppData\Roaming\7Wonders
[2008/02/19 19:52:31 | 00,000,000 | ---D | M] -- C:\Users\mauro\AppData\Roaming\Boomzap
[2009/01/08 18:29:15 | 00,000,000 | ---D | M] -- C:\Users\mauro\AppData\Roaming\Canon
[2008/03/05 10:23:33 | 00,000,000 | ---D | M] -- C:\Users\mauro\AppData\Roaming\CyberLink
[2009/08/19 22:15:54 | 00,000,000 | ---D | M] -- C:\Users\mauro\AppData\Roaming\DNA
[2009/06/10 12:19:42 | 00,000,000 | ---D | M] -- C:\Users\mauro\AppData\Roaming\Dreamlords
[2008/02/29 14:47:34 | 00,000,000 | ---D | M] -- C:\Users\mauro\AppData\Roaming\ForgottenRiddles
[2008/03/01 21:35:07 | 00,000,000 | ---D | M] -- C:\Users\mauro\AppData\Roaming\funkitron
[2009/06/23 12:27:45 | 00,000,000 | ---D | M] -- C:\Users\mauro\AppData\Roaming\GarageGames
[2008/02/04 00:30:02 | 00,000,000 | ---D | M] -- C:\Users\mauro\AppData\Roaming\gemsweeperextractedgfx
[2009/08/13 18:54:33 | 00,000,000 | ---D | M] -- C:\Users\mauro\AppData\Roaming\GetRightToGo
[2008/10/09 16:53:40 | 00,000,000 | ---D | M] -- C:\Users\mauro\AppData\Roaming\Image Zone Express
[2009/06/09 12:08:21 | 00,000,000 | ---D | M] -- C:\Users\mauro\AppData\Roaming\iolo
[2008/01/31 20:02:23 | 00,000,000 | ---D | M] -- C:\Users\mauro\AppData\Roaming\iWin
[2008/02/27 00:10:24 | 00,000,000 | ---D | M] -- C:\Users\mauro\AppData\Roaming\iWinArcade
[2009/08/14 11:00:13 | 00,000,000 | ---D | M] -- C:\Users\mauro\AppData\Roaming\LimeWire
[2008/07/08 00:52:08 | 00,000,000 | ---D | M] -- C:\Users\mauro\AppData\Roaming\LucasArts
[2006/11/02 08:37:34 | 00,000,000 | ---D | M] -- C:\Users\mauro\AppData\Roaming\Media Center Programs
[2009/05/01 16:01:48 | 00,000,000 | ---D | M] -- C:\Users\mauro\AppData\Roaming\NCH Swift Sound
[2008/10/14 01:07:49 | 00,000,000 | ---D | M] -- C:\Users\mauro\AppData\Roaming\OpenOffice.org
[2008/10/13 18:00:03 | 00,000,000 | ---D | M] -- C:\Users\mauro\AppData\Roaming\OpenOffice.org2
[2008/02/16 16:56:48 | 00,000,000 | ---D | M] -- C:\Users\mauro\AppData\Roaming\PlayFirst
[2008/10/09 16:53:40 | 00,000,000 | ---D | M] -- C:\Users\mauro\AppData\Roaming\Printer Info Cache
[2008/02/17 20:17:08 | 00,000,000 | ---D | M] -- C:\Users\mauro\AppData\Roaming\PTV Game
[2008/02/01 18:29:33 | 00,000,000 | ---D | M] -- C:\Users\mauro\AppData\Roaming\SampleView
[2009/01/08 18:10:25 | 00,000,000 | ---D | M] -- C:\Users\mauro\AppData\Roaming\ScanSoft
[2008/05/30 01:33:11 | 00,000,000 | RH-D | M] -- C:\Users\mauro\AppData\Roaming\SecuROM
[2009/02/07 13:23:02 | 00,000,000 | ---D | M] -- C:\Users\mauro\AppData\Roaming\Thunderbird
[2008/04/22 02:44:06 | 00,000,000 | ---D | M] -- C:\Users\mauro\AppData\Roaming\TrojanHunter
[2008/12/26 16:01:22 | 00,000,000 | ---D | M] -- C:\Users\mauro\AppData\Roaming\Ventrilo
[2008/01/23 12:55:34 | 00,000,000 | ---D | M] -- C:\Users\mauro\AppData\Roaming\WildTangent
[2008/08/23 15:37:35 | 00,000,000 | ---D | M] -- C:\Users\mauro\AppData\Roaming\ZipGenius
[2008/05/09 22:53:42 | 00,000,000 | ---D | M] -- C:\Users\mauro\AppData\Roaming\Zylom
[2009/08/19 17:56:21 | 00,000,868 | ---- | M] () -- C:\Windows\Tasks\Google Software Updater.job
[2009/08/19 21:51:00 | 00,000,856 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4262586629-2059968801-1201914785-1000Core.job
[2009/08/19 21:51:00 | 00,000,908 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4262586629-2059968801-1201914785-1000UA.job
[2009/08/19 17:53:53 | 00,000,006 | -H-- | M] () -- C:\Windows\Tasks\SA.DAT
[2009/08/19 14:53:38 | 00,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009/08/19 22:15:00 | 00,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{006AEA10-C742-4895-9373-E785D26F90E0}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:D7FE23E1
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:84F302CA
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:19C3C515
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:3D060AD2
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:B29E86D2
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0CB5F737
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:962CAC6E
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:3778F8BC
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:E943D067
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:958399A2
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:2615E8F1
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:47920A31
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:DF4017A4
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:90C14690
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:5C07C19F
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:15A63ACD
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:30399038
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:03411C97
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:D4CA4749
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:ABB2D038
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:A204137B
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:614867BA
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:1DDDEA0F
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:6D549BCC
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:3D66C2C2
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:57BF34C6
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:E33EA293
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:7E95B6FD
< End of report >


OTL Extras logfile created on: 19/08/2009 10:16:59 PM - Run 1
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Users\mauro\Pictures\Desktop\Desktop\Desktop\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18813)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.68 Gb Available Physical Memory | 83.91% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.37 Gb Total Space | 189.27 Gb Free Space | 65.64% Space Free | Partition Type: NTFS
Drive D: | 9.72 Gb Total Space | 5.59 Gb Free Space | 57.53% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MAURO-PC
Current User Name: mauro
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox 3.1 Beta 3\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-4262586629-2059968801-1201914785-1000]
"EnableNotificationsRef" = 2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-4262586629-2059968801-1201914785-500]
"EnableNotificationsRef" = 2

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Gameforge4D\AirRivals_EN\Launcher.atm" = C:\Program Files\Gameforge4D\AirRivals_EN\Launcher.atm:Enabled:GameExe2 -- File not found
"C:\Program Files\Gameforge4D\AirRivals_EN\Res-Voip\SCVoIP.exe" = C:\Program Files\Gameforge4D\AirRivals_EN\Res-Voip\SCVoIP.exe:Enabled:GameVoIP -- File not found


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{227270A2-15E7-4B5D-9456-059AD2FA8C7F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{42D446C4-D516-4FBB-A8C2-33F041397207}" = lport=2869 | protocol=6 | dir=in | app=system |
"{59F0EC06-50E1-47EA-9353-62A7F0B5E059}" = lport=2869 | protocol=6 | dir=in | app=system |
"{616E6B8C-7D55-4589-8A54-962472142F52}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{6F8FDF0A-FE9E-4DBE-A8AD-79E731E3B189}" = lport=10243 | protocol=6 | dir=in | app=system |
"{9343C6E0-F80E-48F9-A4CB-3FFACF0A46DF}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A78A615B-7A93-4E53-8521-9219782011AF}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E0248F80-ACFB-48FF-A79D-81928546DFB8}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EA2E3315-29FD-4177-891B-15933A9D6D36}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FAD04BCA-843F-40E9-8E4E-449AB1B71E8D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FB4F057B-895B-42F9-B91C-F7CE2654B6E4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{052240AB-1223-4D6C-9661-87C0716C1011}" = protocol=17 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{111E56D5-0A39-49BF-AF90-8F47059104AB}" = protocol=6 | dir=in | app=c:\nexon\combat arms\nmservice.exe |
"{1421FF67-9FE9-46CB-8475-A8EEC524ADB6}" = protocol=6 | dir=in | app=c:\program files\aeriagames\project torque\projecttorque.bin |
"{163A3D73-B921-4FCE-93F2-AF278C665ED3}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{1680A702-4EB3-41FA-8584-2984D22B097F}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{1A001C7F-1B06-4B01-A6F6-D9BF9A372942}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1EC1B1A0-2A7F-476A-A5E6-A350341F1231}" = protocol=17 | dir=in | app=c:\program files\gamehi_usa\suddenattackna\suddenattack.exe |
"{21B4D80A-88E1-432B-B53D-BFAA2E662C60}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{27409048-4C83-4892-84F2-364A1134FA1F}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{2D92CB9F-2DC7-41C8-959F-AFB55698FBF6}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe |
"{2DF25B91-6F3E-41FA-952C-0AF26FBE9501}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{3161C162-5907-4916-A651-1B818377FE6D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{39A871AE-BCA0-4E65-84FE-A716E136CB96}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3F7CD228-D28C-42F0-B9AD-8C5334E36935}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{5324FAB3-FCC9-48BA-8497-644496EFCD2B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{65C800AD-35A0-4A21-9B87-1B5D7636364E}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{66577406-761A-4721-8956-78B9A132F4E5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6933E4D7-EB0E-4326-9819-F8A6F1906471}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{7589EBAC-F075-48D8-90E9-8CCCE5C880FF}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{81D97F2A-6695-4752-B3B1-9D75A41A0821}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{835A2FC1-B9B6-417A-98EA-34F4182EDDBE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{87744049-7687-4BB7-A0B5-512F150C1714}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8E1F91B0-E469-4CF7-97C6-938201E57790}" = protocol=17 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"{9B10C5D9-AB3C-4F27-993C-5110717E7E59}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{A2919240-2F68-4A39-88F6-6768F131A7BA}" = protocol=6 | dir=in | app=c:\program files\gamehi_usa\suddenattackna\suddenattack.exe |
"{ABBF07E8-41C6-4242-8C20-893B6FF95405}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe |
"{B3B5B351-9CCF-4412-A03C-65F96725B50A}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{B760856D-B6AC-445A-ADA5-A42AC23CD7E1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{BAA3F551-2763-429A-9E2F-00E1C0856394}" = protocol=17 | dir=in | app=c:\program files\aeriagames\project torque\projecttorque.bin |
"{C12D0DA2-EA4B-4B99-BF6C-D955E072D6FC}" = protocol=6 | dir=out | app=system |
"{C5AF2D3A-AEE6-4235-9F65-9AC1D3D7C708}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{CD0C4D09-C0BE-4A2C-9F79-A9455366C66C}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe |
"{D53BC8C4-8DF9-4730-B2B5-47F709385349}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D54D6ADC-AB5B-4B38-A253-0258EAF164C4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E244604C-3A7E-4427-BEF3-EBDC5402A08C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F6805A65-9CFA-4D2A-B1DD-431294A40E68}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{FED6BEDB-8694-42B2-B567-DCFDC4710446}" = protocol=6 | dir=in | app=c:\programdata\nexonus\ngm\ngm.exe |
"TCP Query User{01500362-3CF4-4B2C-994F-EC9DB0F1D682}C:\sierra\empire earth\empire earth.exe" = protocol=6 | dir=in | app=c:\sierra\empire earth\empire earth.exe |
"TCP Query User{038E4BC4-FFB3-4EA7-BB2E-3DCEEF8066D1}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd |
"TCP Query User{08144D9A-3A9F-409D-B443-FE33FEB83822}C:\program files\microsoft games\age of empires ii\empires2.icd" = protocol=6 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.icd |
"TCP Query User{1556597B-B296-4AF4-BF18-B4211749F26E}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{162E332D-1AA8-41F5-804B-CAE3EEBA14E5}C:\program files\america's army\system\armyops.exe" = protocol=6 | dir=in | app=c:\program files\america's army\system\armyops.exe |
"TCP Query User{2D951849-AA7F-44CD-89B7-32B156EA5F33}C:\users\mauro\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe" = protocol=6 | dir=in | app=c:\users\mauro\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe |
"TCP Query User{365956E2-3E95-4C7A-8BAE-0001CC51469C}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe |
"TCP Query User{42EBCA04-90AF-4B58-81AF-D91FBE055769}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{43820937-5731-43A2-9FDA-0D4AD0E4C607}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{48910412-19DD-438B-99D9-8B993AD2E701}C:\users\mauro\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\mauro\program files\dna\btdna.exe |
"TCP Query User{49E940D6-9B51-4B5E-BE26-40DDB21886B4}C:\program files\limewire\limewire.exe" = protocol=6 | dir=in | app=c:\program files\limewire\limewire.exe |
"TCP Query User{5AB7D339-A8DD-443F-8CE1-30037115F36A}C:\program files\america's army deploy client\aadeployclient.exe" = protocol=6 | dir=in | app=c:\program files\america's army deploy client\aadeployclient.exe |
"TCP Query User{5D059419-9F6A-4DEE-8A4F-E1B1F562419E}C:\users\mauro\appdata\local\kamuse\kcstraydownloader\kcstraydownloaderengine.exe" = protocol=6 | dir=in | app=c:\users\mauro\appdata\local\kamuse\kcstraydownloader\kcstraydownloaderengine.exe |
"TCP Query User{62B93F9A-58C8-49F5-A702-70772115520D}C:\program files\lucasarts\star wars empire at war\gamedata\fpupdate.exe" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars empire at war\gamedata\fpupdate.exe |
"TCP Query User{65F57A69-C953-46E2-918E-9611E77F2CFB}C:\rohan\rohanclient.exe" = protocol=6 | dir=in | app=c:\rohan\rohanclient.exe |
"TCP Query User{6CF00FDE-F16C-486D-929C-AA2D842D0DB9}C:\program files\bittorrent\bittorrent.exe" = protocol=6 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"TCP Query User{6F4660FC-5873-4FA2-BDDB-66F9B7A0E79A}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{7174CFAB-8F6C-4C9F-81D1-02244C13FF5A}C:\users\mauro\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\mauro\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"TCP Query User{71F647C8-5679-408C-8C4F-00B930414E06}C:\users\mauro\program files\dna\btdna.exe" = protocol=6 | dir=in | app=c:\users\mauro\program files\dna\btdna.exe |
"TCP Query User{80EB2A77-1536-49AE-A2E8-A60FE10C9AB0}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=6 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe |
"TCP Query User{8DE21097-C281-469E-964D-0BF074B09F33}C:\quake 3 arena\quake3.exe" = protocol=6 | dir=in | app=c:\quake 3 arena\quake3.exe |
"TCP Query User{907F90B7-A29C-4952-BE8B-E3417F8978D8}C:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.321\english\setup.exe" = protocol=6 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.321\english\setup.exe |
"TCP Query User{9460D54B-EC5E-4865-8863-1BCE17C97734}C:\sierra\empire earth - the art of conquest\ee-aoc.exe" = protocol=6 | dir=in | app=c:\sierra\empire earth - the art of conquest\ee-aoc.exe |
"TCP Query User{A3366E27-2069-4EBD-A4FD-752CBE28EA2B}C:\aom\aom\aom.exe" = protocol=6 | dir=in | app=c:\aom\aom\aom.exe |
"TCP Query User{A8AB7338-27EC-4E7F-949A-19EB609DA096}C:\aeriagames\wolfteam\wolfteam.bin" = protocol=6 | dir=in | app=c:\aeriagames\wolfteam\wolfteam.bin |
"TCP Query User{B1E736F5-C436-4EE3-87F4-7F9CDB397AB0}C:\kav\kav7\setup.exe" = protocol=6 | dir=in | app=c:\kav\kav7\setup.exe |
"TCP Query User{CF28991D-5C4E-4181-AB72-19FDC110E647}C:\users\mauro\appdata\local\chat republic games\superstar racing\chatrepublicplayer.exe" = protocol=6 | dir=in | app=c:\users\mauro\appdata\local\chat republic games\superstar racing\chatrepublicplayer.exe |
"TCP Query User{F173BA18-FFD7-4A94-ABBE-74CBE7054184}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{F1F87789-382B-4E13-BFE0-685BC54105E9}C:\aeriagames\dreamlords\dreamlords.exe" = protocol=6 | dir=in | app=c:\aeriagames\dreamlords\dreamlords.exe |
"UDP Query User{0511CEDF-B275-460D-AE7D-635A998B02B9}C:\sierra\empire earth - the art of conquest\ee-aoc.exe" = protocol=17 | dir=in | app=c:\sierra\empire earth - the art of conquest\ee-aoc.exe |
"UDP Query User{056087D9-13B4-4035-91EB-75AA84B6A3B0}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{056EB4CA-B7BF-49AB-9CAB-463B7E3F8DDF}C:\program files\america's army deploy client\aadeployclient.exe" = protocol=17 | dir=in | app=c:\program files\america's army deploy client\aadeployclient.exe |
"UDP Query User{0CC7A8D1-B341-465B-B1A7-BF88F35A61C8}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{1D087D77-0FB9-4400-B47D-5B483C5DC804}C:\rohan\rohanclient.exe" = protocol=17 | dir=in | app=c:\rohan\rohanclient.exe |
"UDP Query User{1D9B910D-BFD2-4D3D-BE68-F3EDF57B2FF6}C:\program files\limewire\limewire.exe" = protocol=17 | dir=in | app=c:\program files\limewire\limewire.exe |
"UDP Query User{30EAFFC8-E0D4-4177-A89C-577DA0EFC4C5}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{383C767C-5C1A-482D-B48D-225F2CF104E2}C:\sierra\empire earth\empire earth.exe" = protocol=17 | dir=in | app=c:\sierra\empire earth\empire earth.exe |
"UDP Query User{44573806-CD08-4AE8-A6BB-2B1CD57909C2}C:\users\mauro\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\mauro\program files\dna\btdna.exe |
"UDP Query User{4D6FA469-F049-4351-BBB1-096A6B273195}C:\program files\lucasarts\star wars empire at war\gamedata\fpupdate.exe" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars empire at war\gamedata\fpupdate.exe |
"UDP Query User{612119C7-A354-474D-9409-0007C3799023}C:\program files\bittorrent\bittorrent.exe" = protocol=17 | dir=in | app=c:\program files\bittorrent\bittorrent.exe |
"UDP Query User{63160000-8003-4C71-A8BF-6896EB463889}C:\quake 3 arena\quake3.exe" = protocol=17 | dir=in | app=c:\quake 3 arena\quake3.exe |
"UDP Query User{6A8BAB08-C2EE-466F-B74B-4A4E6A3722BB}C:\program files\america's army\system\armyops.exe" = protocol=17 | dir=in | app=c:\program files\america's army\system\armyops.exe |
"UDP Query User{6B58B772-0E39-4A4D-B7B2-709604603994}C:\kav\kav7\setup.exe" = protocol=17 | dir=in | app=c:\kav\kav7\setup.exe |
"UDP Query User{76B228E0-A892-49F0-8BBF-BA1B966B6640}C:\users\mauro\appdata\local\chat republic games\superstar racing\chatrepublicplayer.exe" = protocol=17 | dir=in | app=c:\users\mauro\appdata\local\chat republic games\superstar racing\chatrepublicplayer.exe |
"UDP Query User{84D9741D-247C-4851-9B1E-CC4C83E5ABBC}C:\aeriagames\wolfteam\wolfteam.bin" = protocol=17 | dir=in | app=c:\aeriagames\wolfteam\wolfteam.bin |
"UDP Query User{854FA6B5-7105-4509-B787-CBD7794E8662}C:\users\mauro\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe" = protocol=17 | dir=in | app=c:\users\mauro\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe |
"UDP Query User{92854E7A-55EC-4B27-A211-C89CFDEA43D7}C:\users\mauro\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\mauro\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe |
"UDP Query User{94CD528D-9503-4562-BDD4-839F26239A80}C:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd |
"UDP Query User{A2CC2658-0973-46B0-9D55-F597C0A65781}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{AA05C2B6-B973-4E96-9878-ED803D75102E}C:\program files\microsoft games\age of empires ii\empires2.icd" = protocol=17 | dir=in | app=c:\program files\microsoft games\age of empires ii\empires2.icd |
"UDP Query User{AC9063C8-B82F-4EE8-984D-2EF11C505368}C:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.321\english\setup.exe" = protocol=17 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.321\english\setup.exe |
"UDP Query User{B742B836-87AE-4D01-86D8-47BFB9731EA5}C:\users\mauro\appdata\local\kamuse\kcstraydownloader\kcstraydownloaderengine.exe" = protocol=17 | dir=in | app=c:\users\mauro\appdata\local\kamuse\kcstraydownloader\kcstraydownloaderengine.exe |
"UDP Query User{BB34F779-5E67-4D9D-94AD-D792FBAB57F0}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{D1452118-E9B9-4D2B-9667-D87E4CE1746E}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe |
"UDP Query User{D18DD00B-314D-4670-8C47-445C086C6D8D}C:\program files\wolfenstein - enemy territory\et.exe" = protocol=17 | dir=in | app=c:\program files\wolfenstein - enemy territory\et.exe |
"UDP Query User{DA37262E-83DA-463E-83BD-C3E83F0A8DD6}C:\aom\aom\aom.exe" = protocol=17 | dir=in | app=c:\aom\aom\aom.exe |
"UDP Query User{F0A68FB3-2406-4794-96E5-A4B6682C2ABA}C:\users\mauro\program files\dna\btdna.exe" = protocol=17 | dir=in | app=c:\users\mauro\program files\dna\btdna.exe |
"UDP Query User{F840E91D-4CBA-49DD-A4B3-5E053FC3F7E9}C:\aeriagames\dreamlords\dreamlords.exe" = protocol=17 | dir=in | app=c:\aeriagames\dreamlords\dreamlords.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02DFF6B1-1654-411C-8D7B-FD6052EF016F}" = Apple Software Update
"{07FCBED5-94C3-4F94-B9D3-360FA27C7B06}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32
"{089759B6-8B18-4AE5-9350-E132E0C22C01}" = Simply Accounting by Sage 2007
"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime
"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP140_series" = Canon MP140 series
"{1666FA7C-CB5F-11D6-A78C-00B0D079AF64}" = Java 2 Runtime Environment, SE v1.4.1_01
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1D243F00-1389-4C63-A7E9-B17E967D1901}" = WebEx Record and Playback
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 14
"{28DBD588-207D-4A26-8EAD-EFD8F128EB6D}" = ImpôtExpert Updater 2007
"{2C464EC1-2B0C-4490-9CAC-D4562DD8377A}" = Soap 3.0 Toolkit
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java™ 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java™ 6 Update 6
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{34FF0741-EC67-4C05-AC2A-6D257123DF2E}" = BigFix
"{377B0725-8AA2-47AB-9F31-E2C4CFBE0F47}" = LINGO 11.0
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3CCB26F5-E2A7-4C91-8340-9149D7B7C2BE}" = Virtual Earth 3D (Beta)
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 5.0
"{44C05309-60F4-410B-BC32-31733CFF1A41}" = Microsoft Digital Image Starter Edition 2006 Editor
"{451BB54C-8B23-4455-8BDC-14FC7D43E056}" = MSXML4SP2
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4FE542EB-FF0B-4739-94DD-25C8AE0AB251}" = Microsoft Digital Image Starter Edition 2006 Library
"{51A79BE3-6AF4-4405-AC9A-E5F74FE20299}" = Simple Comptable de Sage 2007
"{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1" = iolo technologies' System Mechanic
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6C31C1AC-8BB2-4DA0-869D-9EF7A77C0AD3}" = IORTutorial
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6F3F58D0-6CE9-4B76-B3C2-9E5BD6323992}" = Quake Live Mozilla Plugin
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}" = Windows Live Family Safety
"{77301550-4ACE-43A9-8563-C76ACA77CD9C}" = ImpotExpert 2008
"{7F3BCF8A-8E02-4659-AF25-F9AB66BD6718}" = Gateway Recovery Center Installer
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{894BAEF1-3AF6-42FF-9DA3-3B3F8D00CCD4}" = ImpôtExpert 2007
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_VISPROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_VISPROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_VISPROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}_VISPROR_{519D9F45-CBF4-4E57-B419-11F196CCA8AE}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_VISPROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_VISPROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{91120000-0051-0000-0000-0000000FF1CE}_VISPROR_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{91B3BEC8-748B-4912-82ED-29D38E140B2A}" = Linkit_eBay
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A236B4D3-BA07-4864-991E-D58B77A44A08}" = Reel Deal Slots - Nickels and More
"{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4C0A315-07FB-39F9-85CD-8CE20C019350}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BE2CC4A5-2128-4EA2-941D-14F7A6A1AB61}" = Digital Media Reader
"{C19796D5-E477-40A1-8C78-DF2EB439D99B}" = LINDO 6.1
"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials
"{C788569F-E51F-473E-92D8-BCBC8B024841}" = ImpotExpert Updater 2008
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1846BA1-6118-3EDF-8C57-6E1A04646738}" = Microsoft Visual C++ 2008 Express Edition - ENU
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{DEE88727-779B-47A9-ACEF-F87CA5F92A65}" = ScanSoft OmniPage SE 4
"{DF38F332-2AC3-37FF-9FDC-8C4C80E531FB}" = MSDN Library for Microsoft Visual Studio 2008 Express Editions
"{EC3B598C-1151-4191-B5B4-A9072ADE6259}_is1" = ZipGenius 6 (6.0.3.1150)
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F44DA61E-720D-4E79-871F-F6E628B33242}" = OpenOffice.org 3.0
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{FED701E0-E194-11D4-B231-0050DACD394D}" = Disney's Winnie the Pooh Baby
"{FF262740-C85A-11D5-BBEC-00D0B740900A}" = PS2 Multimedia Keyboard Driver
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Address Book Standard Edition" = Address Book Standard Edition
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agere Systems Soft Modem" = Agere Systems PCI-SV92PP Soft Modem
"Ask Toolbar_is1" = Ask Toolbar
"avast!" = avast! Antivirus
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CANONIJPLM100" = PIXMA Extended Survey Program
"CCleaner" = CCleaner (remove only)
"Easy-LayoutPrint" = Canon Utilities Easy-LayoutPrint
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IAPlayer" = InstantAction.com Plug-Ins
"InstallShield_{BE2CC4A5-2128-4EA2-941D-14F7A6A1AB61}" = Digital Media Reader
"LimeWire" = LimeWire 5.1.2
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Visual C++ 2008 Express Edition - ENU" = Microsoft Visual C++ 2008 Express Edition - ENU
"Money2006b" = Microsoft Money 2006
"Mozilla Firefox (3.0.7)" = Mozilla Firefox (3.0.7)
"Mozilla Firefox (3.5)" = Mozilla Firefox (3.5)
"Mozilla Thunderbird (2.0.0.19)" = Mozilla Thunderbird (2.0.0.19)
"MP Navigator 3.1" = Canon MP Navigator 3.1
"MSDN Library for Microsoft Visual Studio 2008 Express Editions" = MSDN Library for Microsoft Visual Studio 2008 Express Editions
"NVIDIA Drivers" = NVIDIA Drivers
"OpenAL" = OpenAL
"PictureItSuiteTrial_v12" = Microsoft Digital Image Starter Edition 2006
"PunkBusterSvc" = PunkBuster Services
"RealPlayer 6.0" = RealPlayer
"Starcraft Brood War (RAZOR 1911)" = Starcraft Brood War (RAZOR 1911)
"VeryPDF PDFcamp Printer v2.1_is1" = VeryPDF PDFcamp Printer v2.1
"VISPROR" = Microsoft Office Visio Professional 2007 Trial
"WildTangent gateway Master Uninstall" = Gateway Games
"WinAce Archiver" = WinAce Archiver
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"WolfTeam" = WolfTeam
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
"Zylom Games Player Plugin" = Zylom Games Player Plugin

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent DNA" = DNA
"Bookworm Deluxe" = Bookworm Deluxe
"Google Chrome" = Google Chrome
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Personal Schedule Manager" = Personal Schedule Manager

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 02/07/2009 11:34:06 PM | Computer Name = mauro-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://dino.socialcash.com/default.js failed, 00000005.

Error - 02/07/2009 11:34:13 PM | Computer Name = mauro-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://dino.socialcash.com/default.js failed, 00000005.

Error - 03/07/2009 9:50:50 AM | Computer Name = mauro-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://dino.socialcash.com/default.js failed, 00000005.

Error - 03/07/2009 9:53:52 AM | Computer Name = mauro-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://dino.socialcash.com/default.js failed, 00000005.

Error - 06/07/2009 12:51:16 AM | Computer Name = mauro-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://dino.socialcash.com/default.js failed, 00000005.

Error - 06/07/2009 12:59:30 AM | Computer Name = mauro-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://dino.socialcash.com/default.js failed, 00000005.

Error - 07/08/2009 7:00:07 PM | Computer Name = mauro-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://www.searching...m/n_xb72890.php failed, 00000005.

Error - 08/08/2009 9:17:24 AM | Computer Name = mauro-PC | Source = avast! | ID = 33554522
Description = Internal error has occurred in module basEncodeFileToSubmit failed!
, function 00000005.

Error - 08/08/2009 9:17:27 AM | Computer Name = mauro-PC | Source = avast! | ID = 33554522
Description = Internal error has occurred in module basEncodeFileToSubmit failed!
, function 00000005.

Error - 15/08/2009 5:33:03 PM | Computer Name = mauro-PC | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
http://www.searching...m/n_xb72890.php failed, 00000005.

[ Application Events ]
Error - 18/02/2009 9:23:57 PM | Computer Name = mauro-PC | Source = Google Update | ID = 20
Description =

Error - 18/02/2009 10:23:57 PM | Computer Name = mauro-PC | Source = Google Update | ID = 20
Description =

Error - 18/02/2009 11:23:57 PM | Computer Name = mauro-PC | Source = Google Update | ID = 20
Description =

Error - 19/02/2009 12:23:58 AM | Computer Name = mauro-PC | Source = Google Update | ID = 20
Description =

Error - 21/02/2009 3:50:52 AM | Computer Name = mauro-PC | Source = VSS | ID = 8194
Description =

Error - 25/02/2009 1:36:44 PM | Computer Name = mauro-PC | Source = Windows Search Service | ID = 3038
Description =

Error - 25/02/2009 1:36:45 PM | Computer Name = mauro-PC | Source = Windows Search Service | ID = 3028
Description =

Error - 25/02/2009 1:36:45 PM | Computer Name = mauro-PC | Source = Windows Search Service | ID = 3058
Description =

Error - 26/02/2009 1:45:03 PM | Computer Name = mauro-PC | Source = Application Error | ID = 1000
Description = Faulting application Engine.exe, version 0.0.0.0, time stamp 0x499bad9e,
faulting module nvd3dum.dll, version 7.15.11.7530, time stamp 0x485aa0ec, exception
code 0xc0000005, fault offset 0x002011e9, process id 0x290, application start time
0x01c998360e51e318.

Error - 27/02/2009 10:56:55 AM | Computer Name = mauro-PC | Source = Application Error | ID = 1000
Description = Faulting application Engine.exe, version 0.0.0.0, time stamp 0x499bad9e,
faulting module nvd3dum.dll, version 7.15.11.7530, time stamp 0x485aa0ec, exception
code 0xc0000005, fault offset 0x002011e9, process id 0x15a8, application start time
0x01c998e92dca14b0.

[ Media Center Events ]
Error - 22/07/2008 9:46:00 PM | Computer Name = mauro-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 04/01/2009 11:28:02 PM | Computer Name = mauro-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 20/01/2009 7:52:01 PM | Computer Name = mauro-PC | Source = ehSched | ID = 5
Description = CResourceMgr::GetEhepgdat Error GetEhepgdatDispatcher 0x80040110

Error - 06/04/2009 9:30:50 PM | Computer Name = mauro-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

Error - 29/04/2009 10:13:34 PM | Computer Name = mauro-PC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: failed downloading package SportsSchedule.

[ OSession Events ]
Error - 03/03/2008 11:56:59 AM | Computer Name = mauro-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 208
seconds with 180 seconds of active time. This session ended with a crash.

Error - 16/03/2008 11:29:28 PM | Computer Name = mauro-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6211.1000, Microsoft Office Version: 12.0.6215.1000. This session lasted 279
seconds with 60 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 18/08/2009 11:35:10 AM | Computer Name = mauro-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 18/08/2009 11:35:44 AM | Computer Name = mauro-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 19/08/2009 12:54:28 AM | Computer Name = mauro-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 19/08/2009 12:54:59 AM | Computer Name = mauro-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 19/08/2009 12:55:33 AM | Computer Name = mauro-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 19/08/2009 8:43:00 AM | Computer Name = mauro-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 19/08/2009 12:53:58 PM | Computer Name = mauro-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 19/08/2009 1:14:16 PM | Computer Name = mauro-PC | Source = DCOM | ID = 10010
Description =

Error - 19/08/2009 5:55:01 PM | Computer Name = mauro-PC | Source = Service Control Manager | ID = 7026
Description =

Error - 19/08/2009 6:23:37 PM | Computer Name = mauro-PC | Source = DCOM | ID = 10010
Description =


< End of report >



THIS IS THE LOG OF DISC C:
GMER 1.0.15.15077 [h3puzdxu.exe] - http://www.gmer.net
Rootkit scan 2009-08-19 23:00:41
Windows 6.0.6002 Service Pack 1


---- System - GMER 1.0.15 ----

SSDT 9B941CCC ZwCreateThread
SSDT 9B941CB8 ZwOpenProcess
SSDT 9B941CBD ZwOpenThread
SSDT 9B941CC7 ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 221 818E1964 4 Bytes [CC, 1C, 94, 9B] {INT 3 ; SBB AL, 0x94; WAIT }
.text ntkrnlpa.exe!KeSetEvent + 3F1 818E1B34 4 Bytes [B8, 1C, 94, 9B]
.text ntkrnlpa.exe!KeSetEvent + 40D 818E1B50 4 Bytes [BD, 1C, 94, 9B]
.text ntkrnlpa.exe!KeSetEvent + 621 818E1D64 4 Bytes [C7, 1C, 94, 9B]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73FB7BA4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73FF98C5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73FBD3C8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73FAF527] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73FB7599] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73FAE43D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73FEB33D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73FBD68A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73FB012E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73FB0095] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73FA71F3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7403D802] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73FD75E1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73FADAE1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73FA668F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73FA66BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73FB1E45] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 000A0002
IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 000A0000

---- EOF - GMER 1.0.15 ----






THIS IS THE LOG FOR DISC D:
GMER 1.0.15.15077 [h3puzdxu.exe] - http://www.gmer.net
Rootkit scan 2009-08-19 23:09:50
Windows 6.0.6002 Service Pack 1


---- System - GMER 1.0.15 ----

SSDT 9B941CCC ZwCreateThread
SSDT 9B941CB8 ZwOpenProcess
SSDT 9B941CBD ZwOpenThread
SSDT 9B941CC7 ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 221 818E1964 4 Bytes [CC, 1C, 94, 9B] {INT 3 ; SBB AL, 0x94; WAIT }
.text ntkrnlpa.exe!KeSetEvent + 3F1 818E1B34 4 Bytes [B8, 1C, 94, 9B]
.text ntkrnlpa.exe!KeSetEvent + 40D 818E1B50 4 Bytes [BD, 1C, 94, 9B]
.text ntkrnlpa.exe!KeSetEvent + 621 818E1D64 4 Bytes [C7, 1C, 94, 9B]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73FB7BA4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73FF98C5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73FBD3C8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73FAF527] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73FB7599] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73FAE43D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73FEB33D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73FBD68A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73FB012E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73FB0095] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73FA71F3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [7403D802] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73FD75E1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73FADAE1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73FA668F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73FA66BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[500] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73FB1E45] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 000A0002
IAT C:\Windows\system32\services.exe[708] @ C:\Windows\system32\services.exe [KERNEL32.dll!CreateProcessW] 000A0000

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

---- EOF - GMER 1.0.15 ----
  • 0

#4
kahdah
Posted 20 August 2009 - 05:39 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please uninstall one of the antivirus programs you have.
Avast or Avira before proceeding.
===================================
First temporarily disable any antivirus program or any real time shields that are present:
If you do not know how then you can refer to this link:
http://www.bleepingc...opic114351.html
================
Then Download Combofix from any of the links below. You must rename it before saving it. Rename it to kahdah then save it to your desktop.
Link 1
Link 2
--------------------------------------------------------------------

Double click on kahdah.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt

  • 0

#5
raybak
Posted 20 August 2009 - 07:50 AM

raybak

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hello Kahdah..first of all thanks for your help.
this is the log for combofix



ComboFix 09-08-19.08 - mauro 20/08/2009 9:28.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.1.1252.2.1033.18.2942.1942 [GMT -4:00]
Running from: c:\users\mauro\Pictures\Desktop\Desktop\Desktop\Desktop\Kahdah.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-4262586629-2059968801-1201914785-500
C:\install.exe
c:\users\Public\Desktop\avast! Antivirus.lnk
c:\windows\Cursors\aero_link.cur
c:\windows\Installer\12f4103.msi
c:\windows\Installer\12f4109.msi
c:\windows\Installer\12f4f15.msi
c:\windows\Installer\16b8c21.msp
c:\windows\Installer\16b8c2a.msp
c:\windows\Installer\16b8c36.msp
c:\windows\Installer\16b8c37.msp
c:\windows\Installer\16b8cfe.msp
c:\windows\Installer\16b8d07.msp
c:\windows\Installer\16b8d22.msp
c:\windows\Installer\16b8d2b.msp
c:\windows\Installer\16b8d34.msp
c:\windows\Installer\16b8d3d.msp
c:\windows\Installer\2f23aa5.msp
c:\windows\Installer\47b7d.msp
c:\windows\Installer\4d60dc.msp
c:\windows\Installer\5eecbb.msi
c:\windows\Installer\5eecc1.msi
c:\windows\Installer\5eecc7.msi
c:\windows\Installer\5eeccd.msi
c:\windows\Installer\5eecd3.msi
c:\windows\Installer\5eece9.msi
c:\windows\Installer\5eecef.msi
c:\windows\Installer\5eed24.msi
c:\windows\Installer\77199.msp
c:\windows\Installer\8645fc.msi
c:\windows\Installer\864602.msi
c:\windows\Installer\98c51.msi
c:\windows\Installer\a7d4d7.msp
c:\windows\Installer\bfa51d.msi
c:\windows\Installer\d0448.msp
c:\windows\Installer\d0470.msp
c:\windows\Installer\d0486.msp
c:\windows\Installer\d049b.msp
c:\windows\Installer\d04b0.msp
c:\windows\system32\1161270.dll
c:\windows\system32\15491778.dll
c:\windows\system32\19550991.dll
c:\windows\system32\2136750.dll
c:\windows\system32\3286110.dll
c:\windows\system32\5055617.dll
c:\windows\system32\706417.dll
c:\windows\system32\mfc45.dll
c:\windows\system32\SKYNETbtrurwii.dll
c:\windows\system32\SKYNETgfjouohq.dat
c:\windows\system32\SKYNETowdqmtep.dll
c:\windows\system32\SKYNETpevihybr.dat

.
((((((((((((((((((((((((( Files Created from 2009-07-20 to 2009-08-20 )))))))))))))))))))))))))))))))
.

2009-08-20 13:38 . 2009-08-20 13:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-08-20 02:23 . 2009-08-20 02:23 288768 ----a-w- C:\h3puzdxu.exe
2009-08-19 17:15 . 2009-08-19 17:15 -------- dc-h--w- c:\programdata\{EF63305C-BAD7-4144-9208-D65528260864}
2009-08-14 14:29 . 2009-08-14 14:45 -------- d-----w- C:\285596cc09e4525adb
2009-08-14 13:45 . 2009-08-14 13:49 -------- d-----w- C:\1bec936215dfeae0d23ffc63
2009-08-14 02:11 . 2009-08-14 02:11 456304 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbA620.tmp.exe
2009-08-14 00:03 . 2009-06-15 15:24 175104 ----a-w- c:\windows\system32\wdigest.dll
2009-08-14 00:03 . 2009-06-15 15:22 213504 ----a-w- c:\windows\system32\msv1_0.dll
2009-08-14 00:03 . 2009-06-15 15:21 499712 ----a-w- c:\windows\system32\kerberos.dll
2009-08-14 00:03 . 2009-06-15 15:24 270848 ----a-w- c:\windows\system32\schannel.dll
2009-08-14 00:03 . 2009-06-15 15:23 1256448 ----a-w- c:\windows\system32\lsasrv.dll
2009-08-14 00:03 . 2009-06-15 18:20 439896 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-08-14 00:03 . 2009-06-15 15:24 72704 ----a-w- c:\windows\system32\secur32.dll
2009-08-14 00:03 . 2009-06-15 12:57 9728 ----a-w- c:\windows\system32\lsass.exe
2009-08-13 22:18 . 2009-07-02 05:37 1232 ----a-w- c:\users\mauro\AppData\Roaming\iolo\Registry\Working\restore.bat
2009-08-13 22:13 . 2009-07-29 20:05 93024 ----a-w- c:\windows\system32\IncContxMenu.dll
2009-08-12 15:09 . 2009-08-12 15:09 -------- dc-h--w- c:\programdata\{EFE627F2-85B4-425A-99CB-4FF4189D5429}
2009-08-12 15:09 . 2009-04-30 10:06 2835247 -c--a-w- c:\programdata\{EFE627F2-85B4-425A-99CB-4FF4189D5429}\speedupmypc2009.exe
2009-08-12 15:04 . 2009-07-17 14:35 71680 ----a-w- c:\windows\system32\atl.dll
2009-08-12 15:04 . 2009-06-10 12:12 160256 ----a-w- c:\windows\system32\wkssvc.dll
2009-08-12 15:04 . 2009-06-04 12:34 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-08-12 15:04 . 2009-06-10 12:07 91136 ----a-w- c:\windows\system32\avifil32.dll
2009-08-12 15:04 . 2009-07-14 13:00 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2009-08-12 15:04 . 2009-07-14 12:59 4096 ----a-w- c:\windows\system32\dxmasf.dll
2009-08-12 15:04 . 2009-07-14 12:58 7680 ----a-w- c:\windows\system32\spwmp.dll
2009-08-12 15:04 . 2009-07-14 10:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-08-10 06:06 . 1995-08-15 08:00 721168 ------w- c:\windows\system32\VB40032.DLL
2009-08-10 06:06 . 2009-08-10 06:24 -------- d-----w- c:\program files\Wake up News
2009-08-09 02:57 . 2009-08-09 02:57 -------- d-----w- c:\windows\system32\ErrorLogs
2009-08-08 20:42 . 2009-08-08 20:42 -------- d-----w- c:\windows\system32\ca-ES
2009-08-08 20:42 . 2009-08-08 20:42 -------- d-----w- c:\windows\system32\eu-ES
2009-08-08 20:42 . 2009-08-08 20:42 -------- d-----w- c:\windows\system32\vi-VN
2009-08-07 18:04 . 2009-03-08 11:32 72704 ----a-w- c:\windows\system32\admparse.dll
2009-08-07 04:53 . 2009-08-07 04:53 -------- d-----w- c:\program files\JRE
2009-08-06 22:30 . 2009-06-29 04:55 2568250 -c--a-w- c:\programdata\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\Uniblue RegistryBooster.exe
2009-08-06 22:30 . 2008-08-26 16:48 99624 -c--a-w- c:\programdata\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\registrybooster2\7390E4F0\6383BC9B\StartRegistryBooster.exe
2009-08-06 22:30 . 2008-08-26 16:48 757760 -c--a-w- c:\programdata\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\registrybooster2\2B86F085\6383BC9B\UBVarRB.dll
2009-08-06 22:30 . 2008-08-26 16:48 6676480 -c--a-w- c:\programdata\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\registrybooster2\4E45A1A4\6383BC9B\RegistryBooster.dll
2009-08-06 22:30 . 2008-08-26 16:48 497496 -c--a-w- c:\programdata\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\registrybooster2\AF01B0B\6383BC9B\XceedZip.dll
2009-08-06 22:30 . 2008-08-26 16:48 413696 -c--a-w- c:\programdata\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\registrybooster2\52CD59C9\6383BC9B\update.dll
2009-08-06 22:30 . 2008-08-26 16:48 2019624 -c--a-w- c:\programdata\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\registrybooster2\7CE1607E\6383BC9B\RegistryBooster.exe
2009-08-06 22:30 . 2008-08-26 16:48 111912 -c--a-w- c:\programdata\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}\registrybooster2\65B92A91\6383BC9B\KillRBProcess.exe
2009-08-06 22:30 . 2009-08-13 23:41 -------- dc-h--w- c:\programdata\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}
2009-07-25 23:22 . 2009-07-25 23:22 456304 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtbB884.tmp.exe
2009-07-22 02:23 . 2009-07-22 02:23 390664 ----a-w- c:\users\mauro\AppData\Roaming\Real\RealPlayer\Update\realplayer11gold.exe
2009-07-22 02:23 . 2009-07-22 02:23 390664 ------w- c:\users\mauro\AppData\Roaming\Real\Update\temp\~Upg3\realplayer11gold.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-20 13:38 . 2009-05-12 16:50 -------- d-----w- c:\users\mauro\AppData\Roaming\DNA
2009-08-20 13:06 . 2008-12-25 00:53 -------- d-----w- c:\programdata\Google Updater
2009-08-19 21:58 . 2008-10-14 05:08 1 ----a-w- c:\users\mauro\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-08-15 22:26 . 2009-01-08 22:22 -------- d-----w- c:\programdata\CanonIJPLM
2009-08-14 23:08 . 2008-02-03 18:34 -------- d-----w- c:\programdata\iolo
2009-08-14 22:36 . 2008-02-03 19:17 518 ----a-w- c:\users\mauro\AppData\Roaming\iolo\Registry\Last\restore.bat
2009-08-14 22:34 . 2008-02-18 04:54 1303 ----a-w- c:\users\mauro\AppData\Roaming\iolo\restore.bat
2009-08-14 15:00 . 2008-01-26 06:46 -------- d-----w- c:\users\mauro\AppData\Roaming\LimeWire
2009-08-14 14:31 . 2009-04-04 01:26 -------- d-----w- c:\program files\Mozilla Firefox 3.1 Beta 3
2009-08-14 00:06 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-08-13 22:54 . 2009-02-04 02:14 -------- d-----w- c:\users\mauro\AppData\Roaming\GetRightToGo
2009-08-13 22:24 . 2008-01-21 19:22 76488 ----a-w- c:\users\mauro\AppData\Local\GDIPFONTCACHEV1.DAT
2009-08-13 22:13 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-08-12 15:35 . 2007-10-16 18:46 -------- d-----w- c:\programdata\Microsoft Help
2009-08-08 20:43 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-08-08 20:43 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-08-08 20:43 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-08-08 20:43 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-08-08 20:42 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-08-08 20:42 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-08-07 05:02 . 2008-10-13 22:02 -------- d-----w- c:\program files\OpenOffice.org 3
2009-08-07 04:44 . 2007-10-16 18:51 -------- d-----w- c:\program files\Java
2009-08-06 02:13 . 2009-05-01 13:02 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-08-02 04:22 . 2008-02-22 17:26 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-29 20:05 . 2008-02-03 18:50 2102112 ----a-w- c:\windows\system32\Incinerator.dll
2009-07-21 21:52 . 2009-08-07 18:06 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-21 21:47 . 2009-08-07 18:06 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-07-21 21:47 . 2009-08-07 18:06 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-07-21 20:13 . 2009-08-07 18:06 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-07-14 16:05 . 2008-02-03 18:50 30208 ----a-w- c:\windows\system32\iolobtdfg.exe
2009-07-14 02:24 . 2009-07-14 02:24 390664 ------w- c:\users\mauro\AppData\Roaming\Real\Update\temp\~Upg2\realplayer11gold.exe
2009-07-10 18:21 . 2007-10-16 18:35 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-07-08 01:36 . 2008-02-03 18:50 11776 ----a-w- c:\windows\system32\smrgdf.exe
2009-07-04 02:24 . 2009-07-04 02:24 390664 ------w- c:\users\mauro\AppData\Roaming\Real\Update\temp\~Upg1\realplayer11gold.exe
2009-07-02 14:19 . 2009-07-02 14:19 680 ----a-w- c:\users\mauro\AppData\Local\d3d9caps.dat
2009-07-02 13:55 . 2008-12-28 05:47 -------- d-----w- c:\programdata\PMB Files
2009-07-01 03:14 . 2009-07-01 03:14 -------- d-----w- c:\program files\GameHi_USA
2009-06-24 02:24 . 2009-06-24 02:24 390664 ------w- c:\users\mauro\AppData\Roaming\Real\Update\temp\~Upg0\realplayer11gold.exe
2009-06-23 16:27 . 2009-06-23 16:27 77711 ----a-w- c:\users\mauro\AppData\Roaming\GarageGames\IAPlayer\Plugins\iaplayer-uninstall.exe
2009-06-23 16:27 . 2009-06-23 16:27 -------- d-----w- c:\users\mauro\AppData\Roaming\GarageGames
2009-06-15 15:24 . 2009-07-15 12:34 156672 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 15:20 . 2009-07-15 12:34 72704 ----a-w- c:\windows\system32\fontsub.dll
2009-06-15 15:20 . 2009-07-15 12:34 10240 ----a-w- c:\windows\system32\dciman32.dll
2009-06-15 14:52 . 2009-07-15 12:34 23552 ----a-w- c:\windows\system32\lpk.dll
2009-06-15 12:52 . 2009-07-15 12:34 289792 ----a-w- c:\windows\system32\atmfd.dll
2009-06-11 05:20 . 2009-06-10 23:22 1878984 ----a-w- c:\users\mauro\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
2009-06-10 03:23 . 2008-02-29 16:53 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2009-06-10 03:23 . 2008-02-29 16:53 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2008-08-01 18:55 . 2008-08-01 18:55 122880 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-29 21:24 325000 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-25 39408]
"Google Update"="c:\users\mauro\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]
"BitTorrent DNA"="c:\users\mauro\Program Files\DNA\btdna.exe" [2009-05-12 321344]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"iolo Startup"="c:\program files\iolo\Common\Lib\ioloLManager.exe" [2009-07-28 313200]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-20 13535776]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-06-11 198160]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2006-11-09 3784704]
"CHotkey"="zHotkey.exe" - c:\windows\zHotkey.exe [2006-11-07 547840]
"ShowWnd"="ShowWnd.exe" - c:\windows\ShowWnd.exe [2005-01-27 36864]
"ModPS2"="ModPS2Key.exe" - c:\windows\ModPS2Key.exe [2006-11-07 53248]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):10,c6,89,da,64,1c,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4262586629-2059968801-1201914785-1000]
"EnableNotificationsRef"=dword:00000002

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4262586629-2059968801-1201914785-500]
"EnableNotificationsRef"=dword:00000002

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{835A2FC1-B9B6-417A-98EA-34F4182EDDBE}"= UDP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{B760856D-B6AC-445A-ADA5-A42AC23CD7E1}"= TCP:c:\program files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
"{65C800AD-35A0-4A21-9B87-1B5D7636364E}"= UDP:c:\program files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"TCP Query User{49E940D6-9B51-4B5E-BE26-40DDB21886B4}c:\\program files\\limewire\\limewire.exe"= UDP:c:\program files\limewire\limewire.exe:LimeWire
"UDP Query User{056087D9-13B4-4035-91EB-75AA84B6A3B0}c:\\program files\\limewire\\limewire.exe"= TCP:c:\program files\limewire\limewire.exe:LimeWire
"TCP Query User{1556597B-B296-4AF4-BF18-B4211749F26E}c:\\windows\\system32\\dplaysvr.exe"= UDP:c:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper
"UDP Query User{A2CC2658-0973-46B0-9D55-F597C0A65781}c:\\windows\\system32\\dplaysvr.exe"= TCP:c:\windows\system32\dplaysvr.exe:Microsoft DirectPlay Helper
"TCP Query User{08144D9A-3A9F-409D-B443-FE33FEB83822}c:\\program files\\microsoft games\\age of empires ii\\empires2.icd"= UDP:c:\program files\microsoft games\age of empires ii\empires2.icd:Age of Empires II
"UDP Query User{AA05C2B6-B973-4E96-9878-ED803D75102E}c:\\program files\\microsoft games\\age of empires ii\\empires2.icd"= TCP:c:\program files\microsoft games\age of empires ii\empires2.icd:Age of Empires II
"TCP Query User{8DE21097-C281-469E-964D-0BF074B09F33}c:\\quake 3 arena\\quake3.exe"= UDP:c:\quake 3 arena\quake3.exe:quake3
"UDP Query User{63160000-8003-4C71-A8BF-6896EB463889}c:\\quake 3 arena\\quake3.exe"= TCP:c:\quake 3 arena\quake3.exe:quake3
"TCP Query User{01500362-3CF4-4B2C-994F-EC9DB0F1D682}c:\\sierra\\empire earth\\empire earth.exe"= UDP:c:\sierra\empire earth\empire earth.exe:Empire Earth
"UDP Query User{383C767C-5C1A-482D-B48D-225F2CF104E2}c:\\sierra\\empire earth\\empire earth.exe"= TCP:c:\sierra\empire earth\empire earth.exe:Empire Earth
"TCP Query User{A3366E27-2069-4EBD-A4FD-752CBE28EA2B}c:\\aom\\aom\\aom.exe"= UDP:c:\aom\aom\aom.exe:Age of Mythology
"UDP Query User{DA37262E-83DA-463E-83BD-C3E83F0A8DD6}c:\\aom\\aom\\aom.exe"= TCP:c:\aom\aom\aom.exe:Age of Mythology
"TCP Query User{B1E736F5-C436-4EE3-87F4-7F9CDB397AB0}c:\\kav\\kav7\\setup.exe"= UDP:c:\kav\kav7\setup.exe:Kaspersky Anti-Virus 7.0 Setup
"UDP Query User{6B58B772-0E39-4A4D-B7B2-709604603994}c:\\kav\\kav7\\setup.exe"= TCP:c:\kav\kav7\setup.exe:Kaspersky Anti-Virus 7.0 Setup
"TCP Query User{907F90B7-A29C-4952-BE8B-E3417F8978D8}c:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 7.0.1.321\\english\\setup.exe"= UDP:c:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.321\english\setup.exe:Kaspersky Anti-Virus 7.0 Setup
"UDP Query User{AC9063C8-B82F-4EE8-984D-2EF11C505368}c:\\programdata\\kaspersky lab setup files\\kaspersky anti-virus 7.0.1.321\\english\\setup.exe"= TCP:c:\programdata\kaspersky lab setup files\kaspersky anti-virus 7.0.1.321\english\setup.exe:Kaspersky Anti-Virus 7.0 Setup
"{21B4D80A-88E1-432B-B53D-BFAA2E662C60}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{2DF25B91-6F3E-41FA-952C-0AF26FBE9501}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{C5AF2D3A-AEE6-4235-9F65-9AC1D3D7C708}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{B3B5B351-9CCF-4412-A03C-65F96725B50A}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"TCP Query User{6F4660FC-5873-4FA2-BDDB-66F9B7A0E79A}c:\\program files\\internet explorer\\iexplore.exe"= UDP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{BB34F779-5E67-4D9D-94AD-D792FBAB57F0}c:\\program files\\internet explorer\\iexplore.exe"= TCP:c:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{43820937-5731-43A2-9FDA-0D4AD0E4C607}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{0CC7A8D1-B341-465B-B1A7-BF88F35A61C8}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{62B93F9A-58C8-49F5-A702-70772115520D}c:\\program files\\lucasarts\\star wars empire at war\\gamedata\\fpupdate.exe"= UDP:c:\program files\lucasarts\star wars empire at war\gamedata\fpupdate.exe:fpupdate
"UDP Query User{4D6FA469-F049-4351-BBB1-096A6B273195}c:\\program files\\lucasarts\\star wars empire at war\\gamedata\\fpupdate.exe"= TCP:c:\program files\lucasarts\star wars empire at war\gamedata\fpupdate.exe:fpupdate
"TCP Query User{2D951849-AA7F-44CD-89B7-32B156EA5F33}c:\\users\\mauro\\appdata\\locallow\\powerchallenge\\powersoccer\\powersoccer.exe"= UDP:c:\users\mauro\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe:powersoccer.exe
"UDP Query User{854FA6B5-7105-4509-B787-CBD7794E8662}c:\\users\\mauro\\appdata\\locallow\\powerchallenge\\powersoccer\\powersoccer.exe"= TCP:c:\users\mauro\appdata\locallow\powerchallenge\powersoccer\powersoccer.exe:powersoccer.exe
"TCP Query User{038E4BC4-FFB3-4EA7-BB2E-3DCEEF8066D1}c:\\program files\\microsoft games\\age of empires ii\\age2_x1\\age2_x1.icd"= UDP:c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd:Age of Empires II Expansion
"UDP Query User{94CD528D-9503-4562-BDD4-839F26239A80}c:\\program files\\microsoft games\\age of empires ii\\age2_x1\\age2_x1.icd"= TCP:c:\program files\microsoft games\age of empires ii\age2_x1\age2_x1.icd:Age of Empires II Expansion
"{FED6BEDB-8694-42B2-B567-DCFDC4710446}"= UDP:c:\programdata\NexonUS\NGM\NGM.exe:Nexon Game Manager
"{8E1F91B0-E469-4CF7-97C6-938201E57790}"= TCP:c:\programdata\NexonUS\NGM\NGM.exe:Nexon Game Manager
"{111E56D5-0A39-49BF-AF90-8F47059104AB}"= UDP:c:\nexon\Combat Arms\NMService.exe:Nexon Messenger Core
"{052240AB-1223-4D6C-9661-87C0716C1011}"= TCP:c:\nexon\Combat Arms\NMService.exe:Nexon Messenger Core
"TCP Query User{365956E2-3E95-4C7A-8BAE-0001CC51469C}c:\\program files\\xfire\\xfire.exe"= UDP:c:\program files\xfire\xfire.exe:Xfire
"UDP Query User{D1452118-E9B9-4D2B-9667-D87E4CE1746E}c:\\program files\\xfire\\xfire.exe"= TCP:c:\program files\xfire\xfire.exe:Xfire
"TCP Query User{B49E264D-4340-4940-BC14-A1259F5CD88D}c:\\program files\\invasion interactive ltd\\rising eagle\\bin\\win32\\risingeagle.exe"= Disabled:UDP:c:\program files\invasion interactive ltd\rising eagle\bin\win32\risingeagle.exe:RisingEagle
"UDP Query User{FA1B9C0A-3596-400B-8E24-306DCBEE2DA5}c:\\program files\\invasion interactive ltd\\rising eagle\\bin\\win32\\risingeagle.exe"= Disabled:TCP:c:\program files\invasion interactive ltd\rising eagle\bin\win32\risingeagle.exe:RisingEagle
"TCP Query User{D61435CE-60AD-4630-A737-174D1EACE2AE}c:\\brood\\starcraft.exe"= Disabled:UDP:c:\brood\starcraft.exe:Starcraft
"UDP Query User{81704A91-CB10-4F39-B95F-421CB9C4A9CC}c:\\brood\\starcraft.exe"= Disabled:TCP:c:\brood\starcraft.exe:Starcraft
"TCP Query User{F173BA18-FFD7-4A94-ABBE-74CBE7054184}c:\\program files\\real\\realplayer\\realplay.exe"= UDP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"UDP Query User{30EAFFC8-E0D4-4177-A89C-577DA0EFC4C5}c:\\program files\\real\\realplayer\\realplay.exe"= TCP:c:\program files\real\realplayer\realplay.exe:RealPlayer
"TCP Query User{65F57A69-C953-46E2-918E-9611E77F2CFB}c:\\rohan\\rohanclient.exe"= UDP:c:\rohan\rohanclient.exe:Rohan Online Game
"UDP Query User{1D087D77-0FB9-4400-B47D-5B483C5DC804}c:\\rohan\\rohanclient.exe"= TCP:c:\rohan\rohanclient.exe:Rohan Online Game
"TCP Query User{5AB7D339-A8DD-443F-8CE1-30037115F36A}c:\\program files\\america's army deploy client\\aadeployclient.exe"= UDP:c:\program files\america's army deploy client\aadeployclient.exe:AADeployClient
"UDP Query User{056EB4CA-B7BF-49AB-9CAB-463B7E3F8DDF}c:\\program files\\america's army deploy client\\aadeployclient.exe"= TCP:c:\program files\america's army deploy client\aadeployclient.exe:AADeployClient
"TCP Query User{162E332D-1AA8-41F5-804B-CAE3EEBA14E5}c:\\program files\\america's army\\system\\armyops.exe"= UDP:c:\program files\america's army\system\armyops.exe:ArmyOps
"UDP Query User{6A8BAB08-C2EE-466F-B74B-4A4E6A3722BB}c:\\program files\\america's army\\system\\armyops.exe"= TCP:c:\program files\america's army\system\armyops.exe:ArmyOps
"TCP Query User{7174CFAB-8F6C-4C9F-81D1-02244C13FF5A}c:\\users\\mauro\\appdata\\roaming\\macromedia\\flash player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"= UDP:c:\users\mauro\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe:octoshape.exe
"UDP Query User{92854E7A-55EC-4B27-A211-C89CFDEA43D7}c:\\users\\mauro\\appdata\\roaming\\macromedia\\flash player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"= TCP:c:\users\mauro\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe:octoshape.exe
"TCP Query User{9460D54B-EC5E-4865-8863-1BCE17C97734}c:\\sierra\\empire earth - the art of conquest\\ee-aoc.exe"= UDP:c:\sierra\empire earth - the art of conquest\ee-aoc.exe:EE-AOC
"UDP Query User{0511CEDF-B275-460D-AE7D-635A998B02B9}c:\\sierra\\empire earth - the art of conquest\\ee-aoc.exe"= TCP:c:\sierra\empire earth - the art of conquest\ee-aoc.exe:EE-AOC
"TCP Query User{CF28991D-5C4E-4181-AB72-19FDC110E647}c:\\users\\mauro\\appdata\\local\\chat republic games\\superstar racing\\chatrepublicplayer.exe"= UDP:c:\users\mauro\appdata\local\chat republic games\superstar racing\chatrepublicplayer.exe:chatrepublicplayer.exe
"UDP Query User{76B228E0-A892-49F0-8BBF-BA1B966B6640}c:\\users\\mauro\\appdata\\local\\chat republic games\\superstar racing\\chatrepublicplayer.exe"= TCP:c:\users\mauro\appdata\local\chat republic games\superstar racing\chatrepublicplayer.exe:chatrepublicplayer.exe
"{163A3D73-B921-4FCE-93F2-AF278C665ED3}"= UDP:c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster
"{2D92CB9F-2DC7-41C8-959F-AFB55698FBF6}"= TCP:c:\program files\Pando Networks\Media Booster\PMB.exe:Pando Media Booster
"TCP Query User{80EB2A77-1536-49AE-A2E8-A60FE10C9AB0}c:\\program files\\wolfenstein - enemy territory\\et.exe"= UDP:c:\program files\wolfenstein - enemy territory\et.exe:ET
"UDP Query User{D18DD00B-314D-4670-8C47-445C086C6D8D}c:\\program files\\wolfenstein - enemy territory\\et.exe"= TCP:c:\program files\wolfenstein - enemy territory\et.exe:ET
"{F6805A65-9CFA-4D2A-B1DD-431294A40E68}"= UDP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{9B10C5D9-AB3C-4F27-993C-5110717E7E59}"= TCP:c:\windows\System32\PnkBstrA.exe:PnkBstrA
"{27409048-4C83-4892-84F2-364A1134FA1F}"= UDP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{7589EBAC-F075-48D8-90E9-8CCCE5C880FF}"= TCP:c:\windows\System32\PnkBstrB.exe:PnkBstrB
"{CD0C4D09-C0BE-4A2C-9F79-A9455366C66C}"= UDP:c:\program files\DNA\btdna.exe:DNA (TCP-In)
"{ABBF07E8-41C6-4242-8C20-893B6FF95405}"= TCP:c:\program files\DNA\btdna.exe:DNA (UDP-In)
"TCP Query User{6CF00FDE-F16C-486D-929C-AA2D842D0DB9}c:\\program files\\bittorrent\\bittorrent.exe"= UDP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"UDP Query User{612119C7-A354-474D-9409-0007C3799023}c:\\program files\\bittorrent\\bittorrent.exe"= TCP:c:\program files\bittorrent\bittorrent.exe:BitTorrent
"{1421FF67-9FE9-46CB-8475-A8EEC524ADB6}"= UDP:c:\program files\AeriaGames\Project Torque\ProjectTorque.bin:Project Torqu
"{BAA3F551-2763-429A-9E2F-00E1C0856394}"= TCP:c:\program files\AeriaGames\Project Torque\ProjectTorque.bin:Project Torqu
"TCP Query User{F1F87789-382B-4E13-BFE0-685BC54105E9}c:\\aeriagames\\dreamlords\\dreamlords.exe"= UDP:c:\aeriagames\dreamlords\dreamlords.exe:Dreamlords Game Client
"UDP Query User{F840E91D-4CBA-49DD-A4B3-5E053FC3F7E9}c:\\aeriagames\\dreamlords\\dreamlords.exe"= TCP:c:\aeriagames\dreamlords\dreamlords.exe:Dreamlords Game Client
"TCP Query User{5D059419-9F6A-4DEE-8A4F-E1B1F562419E}c:\\users\\mauro\\appdata\\local\\kamuse\\kcstraydownloader\\kcstraydownloaderengine.exe"= UDP:c:\users\mauro\appdata\local\kamuse\kcstraydownloader\kcstraydownloaderengine.exe:kcstraydownloaderengine.exe
"UDP Query User{B742B836-87AE-4D01-86D8-47BFB9731EA5}c:\\users\\mauro\\appdata\\local\\kamuse\\kcstraydownloader\\kcstraydownloaderengine.exe"= TCP:c:\users\mauro\appdata\local\kamuse\kcstraydownloader\kcstraydownloaderengine.exe:kcstraydownloaderengine.exe
"{A2919240-2F68-4A39-88F6-6768F131A7BA}"= UDP:c:\program files\GameHi_USA\SuddenAttackNA\suddenattack.exe:Sudden Attack
"{1EC1B1A0-2A7F-476A-A5E6-A350341F1231}"= TCP:c:\program files\GameHi_USA\SuddenAttackNA\suddenattack.exe:Sudden Attack
"TCP Query User{A8AB7338-27EC-4E7F-949A-19EB609DA096}c:\\aeriagames\\wolfteam\\wolfteam.bin"= UDP:c:\aeriagames\wolfteam\wolfteam.bin:WolfTeam
"UDP Query User{84D9741D-247C-4851-9B1E-CC4C83E5ABBC}c:\\aeriagames\\wolfteam\\wolfteam.bin"= TCP:c:\aeriagames\wolfteam\wolfteam.bin:WolfTeam

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\BitTorrent\\bittorrent.exe"= c:\program files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
"c:\\Program Files\\Gameforge4D\\AirRivals_EN\\Launcher.atm"= c:\program files\Gameforge4D\AirRivals_EN\Launcher.atm:Enabled:GameExe2
"c:\\Program Files\\Gameforge4D\\AirRivals_EN\\Res-Voip\\SCVoIP.exe"= c:\program files\Gameforge4D\AirRivals_EN\Res-Voip\SCVoIP.exe:Enabled:GameVoIP

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [14/05/2009 1:34 PM 114768]
R1 ElRawDisk;ElRawDisk;c:\windows\System32\drivers\elrawdsk.sys [03/02/2008 3:10 PM 12800]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [14/05/2009 1:34 PM 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [14/05/2009 1:34 PM 51792]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [03/02/2008 3:10 PM 600944]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [03/02/2008 3:10 PM 600944]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [15/02/2009 2:11 AM 55280]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 7:08 PM 533360]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [16/10/2007 2:50 PM 29744]
S3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\System32\drivers\NETw2v32.sys [02/11/2006 6:25 AM 2589184]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]

--- Other Services/Drivers In Memory ---

*Deregistered* - avgio
*Deregistered* - avipbb
*Deregistered* - ssmdrv

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-08-20 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-01-23 22:53]

2009-08-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4262586629-2059968801-1201914785-1000Core.job
- c:\users\mauro\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-03 14:33]

2009-08-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4262586629-2059968801-1201914785-1000UA.job
- c:\users\mauro\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-03 14:33]

2009-08-20 c:\windows\Tasks\User_Feed_Synchronization-{006AEA10-C742-4895-9373-E785D26F90E0}.job
- c:\windows\system32\msfeedssync.exe [2009-08-07 20:13]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5432
uInternet Settings,ProxyOverride = <local>
IE: &Search - http://edits.mywebse...html?p=ZUman000
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
FF - ProfilePath - c:\users\mauro\AppData\Roaming\Mozilla\Firefox\Profiles\nz1y40uz.default\
FF - prefs.js: browser.search.selectedEngine - MyWebSearch
FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZUman000&fl=0&ptb=x6iRGiJGNAfowK2ZRY5K6Q&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor=
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox 3.1 Beta 3\plugins\NPMyWebS.dll
FF - plugin: c:\program files\Mozilla Firefox 3.1 Beta 3\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - plugin: c:\programdata\id Software\QuakeLive\npquakezero.dll
FF - plugin: c:\programdata\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\programdata\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - plugin: c:\users\mauro\AppData\Local\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\users\mauro\AppData\Roaming\GarageGames\IAPlayer\Plugins\npiaplayer.0.4.2.0.dll
FF - plugin: c:\users\mauro\Program Files\DNA\plugins\npbtdna.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox 3.1 Beta 3\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-20 09:38
Windows 6.0.6002 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-08-20 9:41
ComboFix-quarantined-files.txt 2009-08-20 13:41

Pre-Run: 202,283,044,864 bytes free
Post-Run: 201,447,198,720 bytes free

432 --- E O F --- 2009-08-20 13:11
  • 0

#6
kahdah
Posted 20 August 2009 - 12:35 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
You are welcome.
================================Malwarebytes' Anti-Malware=================================
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatley.
================================Follow up scan=================================
  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad window. OTListIt.Txt a This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

  • 0

#7
raybak
Posted 20 August 2009 - 03:44 PM

raybak

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
here are the two logs

Malwarebytes' Anti-Malware 1.40
Database version: 2667
Windows 6.0.6002 Service Pack 1

20/08/2009 5:39:28 PM
mbam-log-2009-08-20 (17-39-28).txt

Scan type: Quick Scan
Objects scanned: 83420
Time elapsed: 4 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 13
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{1e0de227-5ce4-4ea3-ab0c-8b03e1aa76bc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{e79dfbca-5697-4fbd-94e5-5b2a9c7c1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\MenuExt\&Search\(default) (Adware.Hotbar) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)







OTL logfile created on: 20/08/2009 5:41:41 PM - Run 2OTL by OldTimer - Version 3.0.10.7 Folder = C:\Users\mauro\Pictures\Desktop\Desktop\Desktop\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18813)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.84 Gb Available Physical Memory | 92.21% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.37 Gb Total Space | 186.80 Gb Free Space | 64.78% Space Free | Partition Type: NTFS
Drive D: | 9.72 Gb Total Space | 5.59 Gb Free Space | 57.53% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MAURO-PC
Current User Name: mauro
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation)
PRC - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\WINDOWS\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\WINDOWS\zHotkey.exe ()
PRC - C:\WINDOWS\ModPS2Key.exe (Chicony)
PRC - C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe (Nuance Communications, Inc.)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Users\mauro\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
PRC - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Users\mauro\AppData\Local\Google\Update\1.2.183.7\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Windows\ehome\ehmsas.exe (Microsoft Corporation)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE ()
PRC - C:\Program Files\iolo\common\lib\ioloServiceManager.exe ()
PRC - C:\Windows\System32\PnkBstrA.exe ()
PRC - C:\Windows\System32\PnkBstrB.exe ()
PRC - C:\Windows\System32\WUDFHost.exe (Microsoft Corporation)
PRC - C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe ()
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Windows\System32\mobsync.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe (Google Inc.)
PRC - C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Windows\System32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Users\mauro\Pictures\Desktop\Desktop\Desktop\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (aawservice [Auto | Running]) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SRV - (AgereModemAudio [Auto | Running]) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (aswUpdSv [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (avast! Antivirus [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ehRecvr [On_Demand | Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [On_Demand | Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (ehstart [Auto | Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (Eventlog [Auto | Running]) -- C:\Windows\System32\wevtsvc.dll (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (fsssvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (GoogleDesktopManager-061008-081103 [On_Demand | Stopped]) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (gusvc [Auto | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Running]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (IJPLMSVC [Auto | Running]) -- C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE ()
SRV - (ioloFileInfoList [Auto | Running]) -- C:\Program Files\iolo\common\lib\ioloServiceManager.exe ()
SRV - (ioloSystemService [Auto | Running]) -- C:\Program Files\iolo\common\lib\ioloServiceManager.exe ()
SRV - (Net Driver HPZ12 [Auto | Running]) -- C:\Windows\System32\HPZinw12.dll (Hewlett-Packard)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (npggsvc [On_Demand | Stopped]) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (nvsvc [Auto | Running]) -- C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Pml Driver HPZ12 [Auto | Running]) -- C:\Windows\System32\HPZipm12.dll (Hewlett-Packard)
SRV - (PnkBstrA [Auto | Running]) -- C:\Windows\System32\PnkBstrA.exe ()
SRV - (PnkBstrB [Auto | Running]) -- C:\Windows\System32\PnkBstrB.exe ()
SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (WLSetupSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [Auto | Running]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (ac97intc [On_Demand | Stopped]) -- C:\Windows\System32\drivers\ac97intc.sys (Intel Corporation)
DRV - (adp94xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (adpahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (adpu160m [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (adpu320 [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (AgereSoftModem [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\AGRSM.sys (Agere Systems)
DRV - (aic78xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (aliide [Disabled | Stopped]) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (arc [Disabled | Stopped]) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (arcsas [Disabled | Stopped]) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (aswFsBlk [Auto | Running]) -- C:\Windows\System32\DRIVERS\aswFsBlk.sys (ALWIL Software)
DRV - (aswMonFlt [Auto | Running]) -- C:\Windows\System32\DRIVERS\aswMonFlt.sys (ALWIL Software)
DRV - (aswRdr [System | Running]) -- C:\Windows\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswSP [System | Running]) -- C:\Windows\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswTdi [System | Running]) -- C:\Windows\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (bcm4sbxp [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\bcm4sbxp.sys (Broadcom Corporation)
DRV - (BrFiltLo [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (Brserid [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrSerWdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (cmdide [Disabled | Stopped]) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (E1G60 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\E1G60I32.sys (Intel Corporation)
DRV - (ElRawDisk [System | Running]) -- C:\Windows\System32\drivers\elrawdsk.sys (EldoS Corporation)
DRV - (elxstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (FileDisk [System | Running]) -- C:\Windows\System32\drivers\filedisk.sys (iolo technologies, LLC (based on original work by Bo Brantén))
DRV - (fssfltr [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\fssfltr.sys (Microsoft Corporation)
DRV - (HpCISSs [Disabled | Stopped]) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (ialm [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (iaStorV [Disabled | Stopped]) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (iirsp [Disabled | Stopped]) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (iteatapi [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (iteraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (LSI_FC [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (LSI_SAS [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (LSI_SCSI [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LVUSBSta [On_Demand | Stopped]) -- C:\Windows\System32\drivers\lvusbsta.sys ()
DRV - (megasas [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (motmodem [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\motmodem.sys (Motorola)
DRV - (Mraid35x [Disabled | Stopped]) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (NETw2v32 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\NETw2v32.sys (Intel® Corporation)
DRV - (nfrd960 [Disabled | Stopped]) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (ntrigdigi [Disabled | Stopped]) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (nvlddmkm [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\nvlddmkm.sys (NVIDIA Corporation)
DRV - (nvraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor [Boot | Running]) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (nvstor32 [Boot | Running]) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (PnkBstrK [On_Demand | Stopped]) -- C:\Windows\System32\drivers\PnkBstrK.sys ()
DRV - (QCMerced [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\LVCM.sys ()
DRV - (ql2300 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (ql40xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\Windows\System32\drivers\SECDRV.SYS ()
DRV - (SiSRaid2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (SiSRaid4 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (Symc8xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_hi [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Sym_u3 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (uliahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (UlSata [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (ulsata2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\Windows\System32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (viaide [Disabled | Stopped]) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (vsmraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (yukonwlh [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\yk60x86.sys (Marvell)

========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.c...h...TP&M=GT5432
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "MyWebSearch"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..keyword.URL: "http://www.mywebsear...kwd&searchfor="

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/25 01:18:23 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/06/10 22:19:12 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/06/10 22:19:23 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5\extensions\\Components: C:\Program Files\Mozilla Firefox 3.1 Beta 3\components [2009/08/06 19:28:29 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox 3.1 Beta 3\plugins [2009/08/02 09:32:38 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.19\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/06/10 22:19:13 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.19\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2009/06/10 22:19:23 | 00,000,000 | ---D | M]

[2009/03/25 23:30:11 | 00,000,000 | ---D | M] -- C:\Users\mauro\AppData\Roaming\mozilla\Extensions
[2008/08/27 11:24:22 | 00,000,000 | ---D | M] -- C:\Users\mauro\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/03/25 23:30:11 | 00,000,000 | ---D | M] -- C:\Users\mauro\AppData\Roaming\mozilla\Extensions\[email protected]
[2009/05/21 13:22:24 | 00,000,000 | ---D | M] -- C:\Users\mauro\AppData\Roaming\mozilla\Firefox\Profiles\nz1y40uz.default\extensions
[2009/03/03 01:28:38 | 00,000,000 | ---D | M] -- C:\Users\mauro\AppData\Roaming\mozilla\Firefox\Profiles\nz1y40uz.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}
[2009/08/14 11:00:13 | 00,000,000 | ---D | M] -- C:\Users\mauro\AppData\Roaming\mozilla\Firefox\Profiles\nz1y40uz.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2008/11/16 13:36:18 | 00,000,000 | ---D | M] -- C:\Users\mauro\AppData\Roaming\mozilla\Firefox\Profiles\nz1y40uz.default\extensions\[email protected]
[2009/02/07 13:25:43 | 00,000,000 | ---D | M] -- C:\Users\mauro\AppData\Roaming\mozilla\Firefox\Profiles\nz1y40uz.default\extensions\[email protected]
[2008/10/25 01:15:02 | 00,000,000 | ---D | M] -- C:\Users\mauro\AppData\Roaming\mozilla\Firefox\Profiles\nz1y40uz.default\extensions\[email protected]
[2008/11/04 13:45:49 | 00,000,000 | ---D | M] -- C:\Users\mauro\AppData\Roaming\mozilla\Firefox\Profiles\nz1y40uz.default\extensions\[email protected]
[2008/11/05 01:02:29 | 00,000,000 | ---D | M] -- C:\Users\mauro\AppData\Roaming\mozilla\Firefox\Profiles\nz1y40uz.default\extensions\[email protected]
[2009/03/03 01:28:38 | 00,000,000 | ---D | M] -- C:\Users\mauro\AppData\Roaming\mozilla\Firefox\Profiles\nz1y40uz.default\extensions\staged-xpis
[2009/08/17 22:05:39 | 00,000,946 | ---- | M] () -- C:\Users\mauro\AppData\Roaming\Mozilla\FireFox\Profiles\nz1y40uz.default\searchplugins\merriam-webster-dictionary.xml
[2009/06/11 16:49:04 | 00,009,941 | ---- | M] () -- C:\Users\mauro\AppData\Roaming\Mozilla\FireFox\Profiles\nz1y40uz.default\searchplugins\mywebsearch.xml
[2008/10/09 08:19:32 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/03/25 23:27:56 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/06/19 00:05:02 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
[2008/06/18 23:54:02 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
[2008/07/23 15:59:27 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/03/25 23:27:54 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/03/25 23:27:54 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/08/01 14:55:49 | 00,122,880 | ---- | M] (Google) -- C:\Program Files\mozilla firefox\components\GoogleDesktopMozilla.dll
[2007/04/10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2008/09/03 20:11:24 | 00,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2008/07/23 12:47:22 | 01,335,600 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2008/07/23 12:47:46 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2007/12/19 08:57:38 | 00,310,272 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
[2009/03/25 23:27:55 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2006/10/26 23:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2008/12/28 01:47:08 | 00,239,432 | ---- | M] (Pando Networks) -- C:\Program Files\mozilla firefox\plugins\npPandoWebInst.dll
[2007/05/10 23:52:34 | 00,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2008/07/03 19:05:28 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2008/07/03 19:05:28 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2008/07/03 19:05:28 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2008/07/03 19:05:29 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2008/07/03 19:05:29 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2008/07/03 19:05:29 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2008/07/03 19:05:29 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2006/07/31 16:07:16 | 00,098,304 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll
[2008/09/24 21:21:16 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/09/24 21:21:16 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/09/24 21:21:16 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/11/18 09:53:07 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/09/24 21:21:16 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/09/24 21:21:16 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/09/24 21:21:16 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (1108 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [CHotkey] C:\Windows\zHotkey.exe ()
O4 - HKLM..\Run: [iolo Startup] C:\Program Files\iolo\Common\Lib\ioloLManager.exe (iolo technologies, LLC)
O4 - HKLM..\Run: [ModPS2] C:\Windows\ModPS2Key.exe (Chicony)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ShowWnd] C:\Windows\ShowWnd.exe ()
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Users\mauro\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Google Update] C:\Users\mauro\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Search - Reg Error: Value error. File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Key error. File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support....veX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Reg Error: Key error.)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} http://ipgweb.cce.hp...ads/sysinfo.cab (Reg Error: Key error.)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebo...toUploader3.cab (Reg Error: Key error.)
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.h...ctDetection.cab (Reg Error: Key error.)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} http://support.gatew...rvest/gwCID.CAB (compid Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zon...ro.cab56649.cab (Reg Error: Key error.)
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} http://messenger.zon...ot.cab57213.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.1_01)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: CabBuilder http://kiw.imgag.com...llerControl.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/octet-stream - Reg Error: Value error. File not found
O18 - Protocol\Filter: - application/x-complus - Reg Error: Value error. File not found
O18 - Protocol\Filter: - application/x-msdownload - Reg Error: Value error. File not found
O18 - Protocol\Filter: - deflate - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[1 C:\Windows\*.tmp files]
[2009/08/20 17:32:37 | 00,000,825 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/20 17:32:34 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/08/20 17:32:33 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/08/20 17:32:33 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/08/20 17:32:06 | 03,942,048 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\mauro\Pictures\Desktop\Desktop\Desktop\Desktop\mbam-setup.exe
[2009/08/20 10:15:47 | 00,109,841 | ---- | C] () -- C:\Users\mauro\Pictures\Desktop\Desktop\Desktop\Desktop\system info.zip
[2009/08/20 10:10:45 | 02,403,880 | ---- | C] () -- C:\Users\mauro\Pictures\Desktop\Desktop\Desktop\Desktop\system info.nfo
[2009/08/20 10:06:12 | 00,166,717 | ---- | C] () -- C:\Users\mauro\Pictures\Desktop\Desktop\Desktop\Desktop\error screenshot.jpg
[2009/08/20 10:01:29 | 00,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2009/08/20 09:41:27 | 00,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2009/08/20 09:23:55 | 00,229,376 | ---- | C] () -- C:\Windows\PEV.exe
[2009/08/20 09:23:55 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2009/08/20 09:23:55 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2009/08/20 09:23:55 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2009/08/20 09:23:55 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009/08/20 09:23:55 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009/08/20 09:23:55 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009/08/20 09:23:55 | 00,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2009/08/20 09:23:52 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/08/20 09:23:51 | 00,000,000 | --SD | C] -- C:\Kahdah
[2009/08/20 09:23:33 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/08/20 09:22:22 | 03,180,391 | R--- | C] () -- C:\Users\mauro\Pictures\Desktop\Desktop\Desktop\Desktop\Kahdah.exe
[2009/08/20 00:11:36 | 00,000,000 | ---D | C] -- C:\Users\mauro\Pictures\Desktop\Desktop\Desktop\Desktop\arreglo pc
[2009/08/19 22:33:13 | 29,422,7145 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2009/08/19 22:23:38 | 00,288,768 | ---- | C] () -- C:\h3puzdxu.exe
[2009/08/19 22:12:49 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Users\mauro\Pictures\Desktop\Desktop\Desktop\Desktop\OTL.exe
[2009/08/19 13:15:31 | 00,000,000 | -H-D | C] -- C:\ProgramData\{EF63305C-BAD7-4144-9208-D65528260864}
[2009/08/17 12:33:35 | 00,001,612 | ---- | C] () -- C:\Users\mauro\Pictures\Desktop\Desktop\Desktop\Desktop\WolfTeam.lnk
[2009/08/17 09:58:43 | 00,001,905 | ---- | C] () -- C:\Windows\diagwrn.xml
[2009/08/17 09:58:43 | 00,001,905 | ---- | C] () -- C:\Windows\diagerr.xml
[2009/08/14 10:29:22 | 00,000,000 | ---D | C] -- C:\285596cc09e4525adb
[2009/08/14 09:45:25 | 00,000,000 | ---D | C] -- C:\1bec936215dfeae0d23ffc63
[2009/08/13 20:03:50 | 00,499,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kerberos.dll
[2009/08/13 20:03:50 | 00,213,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msv1_0.dll
[2009/08/13 20:03:50 | 00,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdigest.dll
[2009/08/13 20:03:49 | 01,256,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2009/08/13 20:03:49 | 00,270,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schannel.dll
[2009/08/13 20:03:48 | 00,439,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ksecdd.sys
[2009/08/13 20:03:47 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll
[2009/08/13 20:03:47 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe
[2009/08/13 18:13:20 | 00,093,024 | ---- | C] (iolo technologies, LLC) -- C:\Windows\System32\IncContxMenu.dll
[2009/08/12 11:09:21 | 00,000,000 | -H-D | C] -- C:\ProgramData\{EFE627F2-85B4-425A-99CB-4FF4189D5429}
[2009/08/12 11:04:56 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\atl.dll
[2009/08/12 11:04:47 | 00,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wkssvc.dll
[2009/08/12 11:04:40 | 02,066,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstscax.dll
[2009/08/12 11:04:31 | 00,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2009/08/12 11:04:26 | 10,626,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmp.dll
[2009/08/12 11:04:25 | 00,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpdxm.dll
[2009/08/12 11:04:24 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2009/08/12 11:04:24 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2009/08/12 11:04:24 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2009/08/12 11:04:23 | 08,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2009/08/12 11:04:23 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
[2009/08/12 11:04:23 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
[2009/08/10 02:06:45 | 00,721,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB40032.DLL
[2009/08/10 02:06:45 | 00,001,713 | ---- | C] () -- C:\Users\Public\Desktop\Wake up News.lnk
[2009/08/10 02:06:44 | 00,000,000 | ---D | C] -- C:\Program Files\Wake up News
[2009/08/08 22:57:30 | 00,000,000 | ---D | C] -- C:\Windows\System32\ErrorLogs
[2009/08/08 16:42:14 | 00,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2009/08/08 16:42:14 | 00,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2009/08/08 16:42:13 | 00,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2009/08/07 20:58:28 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2009/08/07 14:06:35 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/08/07 14:06:35 | 00,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2009/08/07 14:06:34 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/08/07 14:06:34 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2009/08/07 14:06:34 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2009/08/07 14:06:34 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/08/07 14:06:33 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2009/08/07 14:06:33 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2009/08/07 14:06:33 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2009/08/07 14:06:32 | 00,915,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/08/07 14:06:32 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2009/08/07 14:06:32 | 00,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2009/08/07 14:06:32 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2009/08/07 14:06:31 | 01,985,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/08/07 14:06:31 | 01,208,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/08/07 14:06:31 | 00,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/08/07 14:06:31 | 00,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/08/07 14:06:31 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2009/08/07 14:06:30 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2009/08/07 14:06:29 | 11,067,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/08/07 14:06:28 | 05,937,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/08/07 14:04:46 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2009/08/07 14:04:46 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll
[2009/08/07 14:04:46 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardie.dll
[2009/08/07 14:04:46 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2009/08/07 14:04:45 | 00,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2009/08/07 14:04:45 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2009/08/07 14:04:45 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tdc.ocx
[2009/08/07 14:04:45 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll
[2009/08/07 14:04:44 | 00,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2009/08/07 14:04:44 | 00,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2009/08/07 14:04:44 | 00,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2009/08/07 14:04:43 | 00,236,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webcheck.dll
[2009/08/07 14:04:43 | 00,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2009/08/07 14:04:43 | 00,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe
[2009/08/07 14:04:43 | 00,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2009/08/07 14:04:43 | 00,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2009/08/07 14:04:43 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2009/08/07 14:04:43 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2009/08/07 14:04:43 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2009/08/07 14:04:42 | 00,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009/08/07 14:04:42 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\advpack.dll
[2009/08/07 14:04:42 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2009/08/07 14:04:41 | 00,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2009/08/07 14:04:40 | 00,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2009/08/07 14:04:40 | 00,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2009/08/07 14:04:40 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2009/08/07 14:04:39 | 00,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2009/08/07 14:04:39 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshta.exe
[2009/08/07 14:04:38 | 03,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2009/08/07 14:04:38 | 00,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2009/08/07 14:04:38 | 00,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe
[2009/08/07 14:04:38 | 00,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2009/08/07 14:04:38 | 00,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2009/08/07 14:04:38 | 00,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetDepNx.exe
[2009/08/07 00:54:55 | 00,001,005 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.1.lnk
[2009/08/07 00:53:59 | 00,000,000 | ---D | C] -- C:\Program Files\JRE
[2009/08/07 00:45:19 | 00,148,888 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2009/08/07 00:45:19 | 00,144,792 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2009/08/07 00:45:19 | 00,144,792 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2009/08/07 00:43:20 | 00,000,000 | ---D | C] -- C:\Users\mauro\Pictures\Desktop\Desktop\Desktop\Desktop\OpenOffice.org 3.1 (en-US) Installation Files
[2009/08/07 00:43:05 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\sun
[2009/08/07 00:38:49 | 15,525,5392 | ---- | C] () -- C:\Users\mauro\Pictures\Desktop\Desktop\Desktop\Desktop\OOo_3.1.0_Win32Intel_install_wJRE_en-US.exe
[2009/08/06 18:30:08 | 00,000,000 | -H-D | C] -- C:\ProgramData\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}
[2009/08/01 21:29:45 | 00,028,085 | ---- | C] () -- C:\Users\mauro\Documents\sandra varios 3.p2g
[2009/06/06 12:00:08 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/02/03 23:02:07 | 00,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/02/03 00:21:08 | 00,017,920 | ---- | C] () -- C:\Windows\System32\Implode.dll
[2009/01/08 18:10:36 | 00,000,412 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2008/12/11 13:13:13 | 00,138,944 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2008/10/11 19:37:11 | 00,000,271 | ---- | C] () -- C:\Windows\SysMech.INI
[2008/07/23 22:35:54 | 00,081,920 | ---- | C] () -- C:\Windows\System32\pdfxp.dll
[2008/07/23 12:50:52 | 03,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/07/23 12:47:34 | 00,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008/07/23 12:47:34 | 00,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest
[2008/07/23 12:46:38 | 00,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008/04/27 12:29:03 | 00,000,039 | ---- | C] () -- C:\Windows\WININIT.INI
[2008/04/22 02:43:14 | 00,059,392 | R--- | C] () -- C:\Windows\System32\streamhlp.dll
[2008/03/12 22:00:29 | 00,000,804 | ---- | C] () -- C:\Windows\_delis32.ini
[2008/03/09 17:02:43 | 00,000,420 | ---- | C] () -- C:\Windows\Disney.ini
[2008/02/03 14:50:04 | 02,102,112 | ---- | C] () -- C:\Windows\System32\Incinerator.dll
[2008/02/01 18:13:42 | 00,000,063 | ---- | C] () -- C:\Windows\SIERRA.INI
[2008/02/01 18:12:05 | 00,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2008/02/01 18:12:05 | 00,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2008/02/01 18:12:05 | 00,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2008/01/21 16:15:56 | 00,471,232 | ---- | C] () -- C:\Windows\System32\drivers\lvcm.sys
[2008/01/21 16:15:56 | 00,019,968 | ---- | C] () -- C:\Windows\System32\drivers\LVUSBSta.sys
[2008/01/21 16:15:56 | 00,005,993 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2007/10/16 14:38:54 | 00,532,544 | ---- | C] () -- C:\Windows\PIC.dll
[2007/10/16 14:38:54 | 00,024,576 | ---- | C] () -- C:\Windows\HKNTDLL.dll
[2006/11/22 17:16:18 | 00,003,612 | ---- | C] () -- C:\Windows\ReaderString.ini
[2006/11/21 13:50:06 | 00,000,037 | ---- | C] () -- C:\Windows\sunkist.ini
[2006/11/02 08:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:23:31 | 00,000,244 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 06:23:31 | 00,000,215 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 03:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/05/20 14:44:46 | 00,051,392 | ---- | C] () -- C:\Windows\System32\drivers\atnt40k.sys
[2000/09/19 20:55:00 | 00,011,616 | R--- | C] () -- C:\Windows\System32\drivers\secdrv.sys
[1999/01/27 13:39:06 | 00,065,024 | ---- | C] () -- C:\Windows\System32\indounin.dll
[1997/06/13 21:56:08 | 00,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll

========== Files - Modified Within 30 Days ==========

[1 C:\Windows\*.tmp files]
[2009/08/20 17:40:00 | 00,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{006AEA10-C742-4895-9373-E785D26F90E0}.job
[2009/08/20 17:33:36 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/08/20 17:33:36 | 00,599,942 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/08/20 17:33:36 | 00,105,448 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/08/20 17:32:37 | 00,000,825 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/20 17:32:12 | 03,942,048 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\mauro\Pictures\Desktop\Desktop\Desktop\Desktop\mbam-setup.exe
[2009/08/20 17:31:14 | 00,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2009/08/20 17:28:51 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/08/20 17:28:46 | 00,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/08/20 17:28:46 | 00,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/08/20 17:28:37 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/08/20 17:28:33 | 30,854,26688 | -HS- | M] () -- C:\hiberfil.sys
[2009/08/20 15:36:27 | 06,291,456 | -H-- | M] () -- C:\Users\mauro\AppData\Local\IconCache.db
[2009/08/20 13:51:00 | 00,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4262586629-2059968801-1201914785-1000UA.job
[2009/08/20 10:15:47 | 00,109,841 | ---- | M] () -- C:\Users\mauro\Pictures\Desktop\Desktop\Desktop\Desktop\system info.zip
[2009/08/20 10:10:48 | 02,403,880 | ---- | M] () -- C:\Users\mauro\Pictures\Desktop\Desktop\Desktop\Desktop\system info.nfo
[2009/08/20 10:06:12 | 00,166,717 | ---- | M] () -- C:\Users\mauro\Pictures\Desktop\Desktop\Desktop\Desktop\error screenshot.jpg
[2009/08/20 09:56:10 | 00,229,376 | ---- | M] () -- C:\Windows\PEV.exe
[2009/08/20 09:38:57 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini
[2009/08/20 09:22:29 | 03,180,391 | R--- | M] () -- C:\Users\mauro\Pictures\Desktop\Desktop\Desktop\Desktop\Kahdah.exe
[2009/08/19 22:33:13 | 29,422,7145 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009/08/19 22:23:40 | 00,288,768 | ---- | M] () -- C:\h3puzdxu.exe
[2009/08/19 22:12:53 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Users\mauro\Pictures\Desktop\Desktop\Desktop\Desktop\OTL.exe
[2009/08/19 21:51:00 | 00,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4262586629-2059968801-1201914785-1000Core.job
[2009/08/17 12:33:35 | 00,001,612 | ---- | M] () -- C:\Users\mauro\Pictures\Desktop\Desktop\Desktop\Desktop\WolfTeam.lnk
[2009/08/17 10:27:22 | 00,001,905 | ---- | M] () -- C:\Windows\diagwrn.xml
[2009/08/17 10:27:22 | 00,001,905 | ---- | M] () -- C:\Windows\diagerr.xml
[2009/08/13 19:14:05 | 00,319,272 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/08/13 18:24:09 | 00,076,488 | ---- | M] () -- C:\Users\mauro\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/08/13 18:13:21 | 00,000,972 | ---- | M] () -- C:\Users\mauro\Pictures\Desktop\Desktop\Desktop\Desktop\System Mechanic.lnk
[2009/08/12 11:48:36 | 00,001,701 | ---- | M] () -- C:\Users\mauro\Pictures\Desktop\Desktop\Desktop\Desktop\CCleaner.lnk
[2009/08/10 02:22:17 | 00,001,713 | ---- | M] () -- C:\Users\Public\Desktop\Wake up News.lnk
[2009/08/08 15:56:26 | 00,000,244 | ---- | M] () -- C:\Windows\win.ini
[2009/08/07 00:54:55 | 00,001,005 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.1.lnk
[2009/08/07 00:41:56 | 15,525,5392 | ---- | M] () -- C:\Users\mauro\Pictures\Desktop\Desktop\Desktop\Desktop\OOo_3.1.0_Win32Intel_install_wJRE_en-US.exe
[2009/08/05 22:13:30 | 00,055,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2009/08/03 19:09:21 | 00,115,712 | ---- | M] () -- C:\Users\mauro\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/03 13:36:28 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/08/03 13:36:06 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/08/01 21:29:45 | 00,028,085 | ---- | M] () -- C:\Users\mauro\Documents\sandra varios 3.p2g
[2009/07/29 20:49:14 | 24,281,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe
[2009/07/29 16:05:54 | 00,093,024 | ---- | M] (iolo technologies, LLC) -- C:\Windows\System32\IncContxMenu.dll
[2009/07/29 16:05:48 | 02,102,112 | ---- | M] () -- C:\Windows\System32\Incinerator.dll
[2009/07/21 17:52:28 | 00,915,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/07/21 17:52:13 | 01,208,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/07/21 17:50:46 | 00,206,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2009/07/21 17:48:31 | 05,937,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/07/21 17:48:27 | 00,594,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/07/21 17:48:27 | 00,055,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2009/07/21 17:47:47 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/07/21 17:47:41 | 01,469,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2009/07/21 17:47:28 | 00,164,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2009/07/21 17:47:28 | 00,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2009/07/21 17:47:27 | 01,985,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/07/21 17:47:27 | 00,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2009/07/21 17:47:26 | 11,067,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/07/21 17:47:26 | 00,184,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2009/07/21 17:47:26 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2009/07/21 17:47:21 | 00,386,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:D7FE23E1
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:84F302CA
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:19C3C515
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:3D060AD2
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:B29E86D2
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0CB5F737
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:962CAC6E
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:3778F8BC
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:E943D067
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:958399A2
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:2615E8F1
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:47920A31
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:DF4017A4
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:90C14690
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:5C07C19F
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:15A63ACD
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:30399038
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:03411C97
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:D4CA4749
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:ABB2D038
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:A204137B
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:614867BA
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:1DDDEA0F
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:6D549BCC
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:3D66C2C2
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:57BF34C6
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:E33EA293
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:7E95B6FD
< End of report >
  • 0

#8
kahdah
Posted 21 August 2009 - 05:43 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please uninstall Asktoolbar.
=================
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
[2009/06/11 16:49:04 | 00,009,941 | ---- | M] () -- C:\Users\mauro\AppData\Roaming\Mozilla\FireFox\Profiles\nz1y40uz.default\searchplugins\mywebsearch.xml
FF - prefs.js..browser.search.selectedEngine: "MyWebSearch"
FF - prefs.js..keyword.URL: "http://www.mywebsearch.com/jsp/cfg_redir2.jsp?
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

:files
C:\Program Files\AskBarDis
  • Then click the Run Fix button at the top
  • Let the program run unhindered,when it is done it will say "Fix Complete press ok to open log"
  • Please post that log in your next reply.
================================Follow up scan=================================
  • Double click on OTL to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open one notepad window. OTListIt.Txt a This is saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

  • 0

#9
raybak
Posted 21 August 2009 - 06:23 AM

raybak

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
========== OTL ==========
C:\Users\mauro\AppData\Roaming\Mozilla\FireFox\Profiles\nz1y40uz.default\searchplugins\mywebsearch.xml moved successfully.
Prefs.js: "MyWebSearch" removed from browser.search.selectedEngine
Prefs.js: "http://www.mywebsear...cfg_redir2.jsp? removed from keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ not found.
File C:\Program Files\AskBarDis\bar\bin\askBar.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{3041d03e-fd4b-44e0-b742-2d9b88305f98} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}\ not found.
File C:\Program Files\AskBarDis\bar\bin\askBar.dll not found.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
========== FILES ==========
File\Folder C:\Program Files\AskBarDis not found.

OTL by OldTimer - Version 3.0.10.7 log created on 08212009_081837




OTL logfile created on: 21/08/2009 8:20:41 AM - Run 3
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Users\mauro\Pictures\Desktop\Desktop\Desktop\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18813)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.87 Gb Available Physical Memory | 93.61% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 100.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.37 Gb Total Space | 193.75 Gb Free Space | 67.19% Space Free | Partition Type: NTFS
Drive D: | 9.72 Gb Total Space | 5.59 Gb Free Space | 57.53% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MAURO-PC
Current User Name: mauro
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation)
PRC - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE ()
PRC - C:\Program Files\iolo\common\lib\ioloServiceManager.exe ()
PRC - C:\Windows\System32\PnkBstrA.exe ()
PRC - C:\Windows\System32\PnkBstrB.exe ()
PRC - C:\Windows\System32\WUDFHost.exe (Microsoft Corporation)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Windows\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\WINDOWS\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\WINDOWS\zHotkey.exe ()
PRC - C:\WINDOWS\ModPS2Key.exe (Chicony)
PRC - C:\Program Files\ScanSoft\OmniPageSE4\OpWareSE4.exe (Nuance Communications, Inc.)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Users\mauro\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
PRC - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Windows\ehome\ehmsas.exe (Microsoft Corporation)
PRC - C:\Users\mauro\AppData\Local\Google\Update\1.2.183.7\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Program Files\iolo\System Mechanic Professional 7\SMSystemAnalyzer.exe ()
PRC - C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe (Google Inc.)
PRC - C:\Windows\System32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Users\mauro\Pictures\Desktop\Desktop\Desktop\Desktop\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (aawservice [Auto | Running]) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe (Lavasoft)
SRV - (AgereModemAudio [Auto | Running]) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (aswUpdSv [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (avast! Antivirus [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ehRecvr [On_Demand | Stopped]) -- C:\Windows\ehome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [On_Demand | Stopped]) -- C:\Windows\ehome\ehsched.exe (Microsoft Corporation)
SRV - (ehstart [Auto | Stopped]) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation)
SRV - (Eventlog [Auto | Running]) -- C:\Windows\System32\wevtsvc.dll (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (fsssvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (GoogleDesktopManager-061008-081103 [On_Demand | Stopped]) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (gusvc [Auto | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Running]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (IJPLMSVC [Auto | Running]) -- C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE ()
SRV - (ioloFileInfoList [Auto | Running]) -- C:\Program Files\iolo\common\lib\ioloServiceManager.exe ()
SRV - (ioloSystemService [Auto | Running]) -- C:\Program Files\iolo\common\lib\ioloServiceManager.exe ()
SRV - (Net Driver HPZ12 [Auto | Running]) -- C:\Windows\System32\HPZinw12.dll (Hewlett-Packard)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (npggsvc [On_Demand | Stopped]) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (nvsvc [Auto | Running]) -- C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (Pml Driver HPZ12 [Auto | Running]) -- C:\Windows\System32\HPZipm12.dll (Hewlett-Packard)
SRV - (PnkBstrA [Auto | Running]) -- C:\Windows\System32\PnkBstrA.exe ()
SRV - (PnkBstrB [Auto | Running]) -- C:\Windows\System32\PnkBstrB.exe ()
SRV - (WinDefend [Auto | Running]) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (WLSetupSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [Auto | Running]) -- C:\Program Files\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (ac97intc [On_Demand | Stopped]) -- C:\Windows\System32\drivers\ac97intc.sys (Intel Corporation)
DRV - (adp94xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (adpahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (adpu160m [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (adpu320 [Disabled | Stopped]) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (AgereSoftModem [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\AGRSM.sys (Agere Systems)
DRV - (aic78xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (aliide [Disabled | Stopped]) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (arc [Disabled | Stopped]) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (arcsas [Disabled | Stopped]) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (aswFsBlk [Auto | Running]) -- C:\Windows\System32\DRIVERS\aswFsBlk.sys (ALWIL Software)
DRV - (aswMonFlt [Auto | Running]) -- C:\Windows\System32\DRIVERS\aswMonFlt.sys (ALWIL Software)
DRV - (aswRdr [System | Running]) -- C:\Windows\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswSP [System | Running]) -- C:\Windows\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswTdi [System | Running]) -- C:\Windows\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (bcm4sbxp [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\bcm4sbxp.sys (Broadcom Corporation)
DRV - (BrFiltLo [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (Brserid [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrSerWdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm [Disabled | Stopped]) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer [On_Demand | Stopped]) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (cmdide [Disabled | Stopped]) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (E1G60 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\E1G60I32.sys (Intel Corporation)
DRV - (ElRawDisk [System | Running]) -- C:\Windows\System32\drivers\elrawdsk.sys (EldoS Corporation)
DRV - (elxstor [Disabled | Stopped]) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (FileDisk [System | Running]) -- C:\Windows\System32\drivers\filedisk.sys (iolo technologies, LLC (based on original work by Bo Brantén))
DRV - (fssfltr [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\fssfltr.sys (Microsoft Corporation)
DRV - (HpCISSs [Disabled | Stopped]) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (ialm [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (iaStorV [Disabled | Stopped]) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (iirsp [Disabled | Stopped]) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (iteatapi [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (iteraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (LSI_FC [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (LSI_SAS [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (LSI_SCSI [Disabled | Stopped]) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LVUSBSta [On_Demand | Stopped]) -- C:\Windows\System32\drivers\lvusbsta.sys ()
DRV - (megasas [Disabled | Stopped]) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (motmodem [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\motmodem.sys (Motorola)
DRV - (Mraid35x [Disabled | Stopped]) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (NETw2v32 [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\NETw2v32.sys (Intel® Corporation)
DRV - (nfrd960 [Disabled | Stopped]) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (ntrigdigi [Disabled | Stopped]) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (nvlddmkm [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\nvlddmkm.sys (NVIDIA Corporation)
DRV - (nvraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor [Boot | Running]) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (nvstor32 [Boot | Running]) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (PnkBstrK [On_Demand | Stopped]) -- C:\Windows\System32\drivers\PnkBstrK.sys ()
DRV - (QCMerced [On_Demand | Stopped]) -- C:\Windows\System32\DRIVERS\LVCM.sys ()
DRV - (ql2300 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (ql40xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\Windows\System32\drivers\SECDRV.SYS ()
DRV - (SiSRaid2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (SiSRaid4 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (Symc8xx [Disabled | Stopped]) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_hi [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Sym_u3 [Disabled | Stopped]) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (uliahci [Disabled | Stopped]) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (UlSata [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (ulsata2 [Disabled | Stopped]) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (usbaudio [On_Demand | Stopped]) -- C:\Windows\System32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (viaide [Disabled | Stopped]) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (vsmraid [Disabled | Stopped]) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (yukonwlh [On_Demand | Running]) -- C:\Windows\System32\DRIVERS\yk60x86.sys (Marvell)

========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.c...h...TP&M=GT5432
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.useDBForOrder: true

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/06/25 01:18:23 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/06/10 22:19:12 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/06/10 22:19:23 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5\extensions\\Components: C:\Program Files\Mozilla Firefox 3.1 Beta 3\components [2009/08/06 19:28:29 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox 3.1 Beta 3\plugins [2009/08/02 09:32:38 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.19\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/06/10 22:19:13 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.19\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2009/06/10 22:19:23 | 00,000,000 | ---D | M]

[2009/03/25 23:30:11 | 00,000,000 | ---D | M] -- C:\Users\mauro\AppData\Roaming\mozilla\Extensions
[2008/08/27 11:24:22 | 00,000,000 | ---D | M] -- C:\Users\mauro\AppData\Roaming\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/03/25 23:30:11 | 00,000,000 | ---D | M] -- C:\Users\mauro\AppData\Roaming\mozilla\Extensions\[email protected]
[2009/08/21 08:17:10 | 00,000,000 | ---D | M] -- C:\Users\mauro\AppData\Roaming\mozilla\Firefox\Profiles\nz1y40uz.default\extensions
[2009/03/03 01:28:38 | 00,000,000 | ---D | M] -- C:\Users\mauro\AppData\Roaming\mozilla\Firefox\Profiles\nz1y40uz.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}
[2008/11/16 13:36:18 | 00,000,000 | ---D | M] -- C:\Users\mauro\AppData\Roaming\mozilla\Firefox\Profiles\nz1y40uz.default\extensions\[email protected]
[2009/02/07 13:25:43 | 00,000,000 | ---D | M] -- C:\Users\mauro\AppData\Roaming\mozilla\Firefox\Profiles\nz1y40uz.default\extensions\[email protected]
[2008/10/25 01:15:02 | 00,000,000 | ---D | M] -- C:\Users\mauro\AppData\Roaming\mozilla\Firefox\Profiles\nz1y40uz.default\extensions\[email protected]
[2008/11/04 13:45:49 | 00,000,000 | ---D | M] -- C:\Users\mauro\AppData\Roaming\mozilla\Firefox\Profiles\nz1y40uz.default\extensions\[email protected]
[2008/11/05 01:02:29 | 00,000,000 | ---D | M] -- C:\Users\mauro\AppData\Roaming\mozilla\Firefox\Profiles\nz1y40uz.default\extensions\[email protected]
[2009/03/03 01:28:38 | 00,000,000 | ---D | M] -- C:\Users\mauro\AppData\Roaming\mozilla\Firefox\Profiles\nz1y40uz.default\extensions\staged-xpis
[2009/08/17 22:05:39 | 00,000,946 | ---- | M] () -- C:\Users\mauro\AppData\Roaming\Mozilla\FireFox\Profiles\nz1y40uz.default\searchplugins\merriam-webster-dictionary.xml
[2008/10/09 08:19:32 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/03/25 23:27:56 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/06/19 00:05:02 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
[2008/06/18 23:54:02 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}
[2008/07/23 15:59:27 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/03/25 23:27:54 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/03/25 23:27:54 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2008/08/01 14:55:49 | 00,122,880 | ---- | M] (Google) -- C:\Program Files\mozilla firefox\components\GoogleDesktopMozilla.dll
[2007/04/10 17:21:08 | 00,163,256 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\np-mswmp.dll
[2008/09/03 20:11:24 | 00,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2008/07/23 12:47:22 | 01,335,600 | ---- | M] (DivX,Inc.) -- C:\Program Files\mozilla firefox\plugins\npdivx32.dll
[2008/07/23 12:47:46 | 00,098,304 | ---- | M] (DivX, Inc) -- C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll
[2007/12/19 08:57:38 | 00,310,272 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
[2009/03/25 23:27:55 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2006/10/26 23:12:16 | 00,016,192 | ---- | M] (Microsoft Corporation) -- C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL
[2008/12/28 01:47:08 | 00,239,432 | ---- | M] (Pando Networks) -- C:\Program Files\mozilla firefox\plugins\npPandoWebInst.dll
[2007/05/10 23:52:34 | 00,095,864 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\mozilla firefox\plugins\nppdf32.dll
[2008/07/03 19:05:28 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2008/07/03 19:05:28 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2008/07/03 19:05:28 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2008/07/03 19:05:29 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2008/07/03 19:05:29 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2008/07/03 19:05:29 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2008/07/03 19:05:29 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2006/07/31 16:07:16 | 00,098,304 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll
[2008/09/24 21:21:16 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2008/09/24 21:21:16 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/09/24 21:21:16 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2008/11/18 09:53:07 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2008/09/24 21:21:16 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2008/09/24 21:21:16 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2008/09/24 21:21:16 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (1108 bytes) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [CHotkey] C:\Windows\zHotkey.exe ()
O4 - HKLM..\Run: [iolo Startup] C:\Program Files\iolo\Common\Lib\ioloLManager.exe (iolo technologies, LLC)
O4 - HKLM..\Run: [ModPS2] C:\Windows\ModPS2Key.exe (Chicony)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ShowWnd] C:\Windows\ShowWnd.exe ()
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [BitTorrent DNA] C:\Users\mauro\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Google Update] C:\Users\mauro\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKCU..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Search - Reg Error: Value error. File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - Reg Error: Key error. File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\NLAapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\napinsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} https://oas.support....veX/MSDcode.cab (Microsoft Data Collection Control)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Reg Error: Key error.)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} http://ipgweb.cce.hp...ads/sysinfo.cab (Reg Error: Key error.)
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} http://upload.facebo...toUploader3.cab (Reg Error: Key error.)
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.h...ctDetection.cab (Reg Error: Key error.)
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2....re/HPDEXAXO.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} http://support.gatew...rvest/gwCID.CAB (compid Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zon...ro.cab56649.cab (Reg Error: Key error.)
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} http://messenger.zon...ot.cab57213.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.1_01)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: CabBuilder http://kiw.imgag.com...llerControl.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter: - application/octet-stream - Reg Error: Value error. File not found
O18 - Protocol\Filter: - application/x-complus - Reg Error: Value error. File not found
O18 - Protocol\Filter: - application/x-msdownload - Reg Error: Value error. File not found
O18 - Protocol\Filter: - deflate - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - gzip - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\Windows\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()

========== Files/Folders - Created Within 30 Days ==========

[1 C:\Windows\*.tmp files]
[2009/08/21 08:18:37 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/08/20 17:32:37 | 00,000,825 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/20 17:32:34 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/08/20 17:32:33 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/08/20 17:32:33 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/08/20 10:01:29 | 00,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2009/08/20 09:41:27 | 00,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2009/08/20 09:23:55 | 00,229,376 | ---- | C] () -- C:\Windows\PEV.exe
[2009/08/20 09:23:55 | 00,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2009/08/20 09:23:55 | 00,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2009/08/20 09:23:55 | 00,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2009/08/20 09:23:55 | 00,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2009/08/20 09:23:55 | 00,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2009/08/20 09:23:55 | 00,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2009/08/20 09:23:55 | 00,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2009/08/20 09:23:52 | 00,000,000 | ---D | C] -- C:\Windows\ERDNT
[2009/08/20 09:23:51 | 00,000,000 | --SD | C] -- C:\Kahdah
[2009/08/20 09:23:33 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/08/20 09:22:22 | 03,180,391 | R--- | C] () -- C:\Users\mauro\Pictures\Desktop\Desktop\Desktop\Desktop\Kahdah.exe
[2009/08/20 00:11:36 | 00,000,000 | ---D | C] -- C:\Users\mauro\Pictures\Desktop\Desktop\Desktop\Desktop\arreglo pc
[2009/08/19 22:33:13 | 29,422,7145 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2009/08/19 22:23:38 | 00,288,768 | ---- | C] () -- C:\h3puzdxu.exe
[2009/08/19 22:12:49 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Users\mauro\Pictures\Desktop\Desktop\Desktop\Desktop\OTL.exe
[2009/08/19 13:15:31 | 00,000,000 | -H-D | C] -- C:\ProgramData\{EF63305C-BAD7-4144-9208-D65528260864}
[2009/08/17 12:33:35 | 00,001,612 | ---- | C] () -- C:\Users\mauro\Pictures\Desktop\Desktop\Desktop\Desktop\WolfTeam.lnk
[2009/08/17 09:58:43 | 00,001,905 | ---- | C] () -- C:\Windows\diagwrn.xml
[2009/08/17 09:58:43 | 00,001,905 | ---- | C] () -- C:\Windows\diagerr.xml
[2009/08/14 10:29:22 | 00,000,000 | ---D | C] -- C:\285596cc09e4525adb
[2009/08/14 09:45:25 | 00,000,000 | ---D | C] -- C:\1bec936215dfeae0d23ffc63
[2009/08/13 20:03:50 | 00,499,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\kerberos.dll
[2009/08/13 20:03:50 | 00,213,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msv1_0.dll
[2009/08/13 20:03:50 | 00,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wdigest.dll
[2009/08/13 20:03:49 | 01,256,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2009/08/13 20:03:49 | 00,270,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\schannel.dll
[2009/08/13 20:03:48 | 00,439,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ksecdd.sys
[2009/08/13 20:03:47 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secur32.dll
[2009/08/13 20:03:47 | 00,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsass.exe
[2009/08/13 18:13:20 | 00,093,024 | ---- | C] (iolo technologies, LLC) -- C:\Windows\System32\IncContxMenu.dll
[2009/08/12 11:09:21 | 00,000,000 | -H-D | C] -- C:\ProgramData\{EFE627F2-85B4-425A-99CB-4FF4189D5429}
[2009/08/12 11:04:56 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\atl.dll
[2009/08/12 11:04:47 | 00,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wkssvc.dll
[2009/08/12 11:04:40 | 02,066,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstscax.dll
[2009/08/12 11:04:31 | 00,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2009/08/12 11:04:26 | 10,626,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmp.dll
[2009/08/12 11:04:25 | 00,313,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmpdxm.dll
[2009/08/12 11:04:24 | 00,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2009/08/12 11:04:24 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2009/08/12 11:04:24 | 00,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2009/08/12 11:04:23 | 08,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2009/08/12 11:04:23 | 00,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
[2009/08/12 11:04:23 | 00,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
[2009/08/10 02:06:45 | 00,721,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB40032.DLL
[2009/08/10 02:06:45 | 00,001,713 | ---- | C] () -- C:\Users\Public\Desktop\Wake up News.lnk
[2009/08/10 02:06:44 | 00,000,000 | ---D | C] -- C:\Program Files\Wake up News
[2009/08/08 22:57:30 | 00,000,000 | ---D | C] -- C:\Windows\System32\ErrorLogs
[2009/08/08 16:42:14 | 00,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2009/08/08 16:42:14 | 00,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2009/08/08 16:42:13 | 00,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2009/08/07 20:58:28 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2009/08/07 14:06:35 | 01,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/08/07 14:06:35 | 00,206,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\occache.dll
[2009/08/07 14:06:34 | 00,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2009/08/07 14:06:34 | 00,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2009/08/07 14:06:34 | 00,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2009/08/07 14:06:34 | 00,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2009/08/07 14:06:33 | 00,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2009/08/07 14:06:33 | 00,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2009/08/07 14:06:33 | 00,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2009/08/07 14:06:32 | 00,915,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wininet.dll
[2009/08/07 14:06:32 | 00,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2009/08/07 14:06:32 | 00,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2009/08/07 14:06:32 | 00,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2009/08/07 14:06:31 | 01,985,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iertutil.dll
[2009/08/07 14:06:31 | 01,208,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\urlmon.dll
[2009/08/07 14:06:31 | 00,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2009/08/07 14:06:31 | 00,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2009/08/07 14:06:31 | 00,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2009/08/07 14:06:30 | 01,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2009/08/07 14:06:29 | 11,067,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieframe.dll
[2009/08/07 14:06:28 | 05,937,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.dll
[2009/08/07 14:04:46 | 00,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2009/08/07 14:04:46 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmled.dll
[2009/08/07 14:04:46 | 00,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardie.dll
[2009/08/07 14:04:46 | 00,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2009/08/07 14:04:45 | 00,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2009/08/07 14:04:45 | 00,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2009/08/07 14:04:45 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tdc.ocx
[2009/08/07 14:04:45 | 00,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll
[2009/08/07 14:04:44 | 00,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2009/08/07 14:04:44 | 00,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2009/08/07 14:04:44 | 00,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2009/08/07 14:04:43 | 00,236,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webcheck.dll
[2009/08/07 14:04:43 | 00,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2009/08/07 14:04:43 | 00,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe
[2009/08/07 14:04:43 | 00,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2009/08/07 14:04:43 | 00,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2009/08/07 14:04:43 | 00,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2009/08/07 14:04:43 | 00,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2009/08/07 14:04:43 | 00,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2009/08/07 14:04:42 | 00,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2009/08/07 14:04:42 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\advpack.dll
[2009/08/07 14:04:42 | 00,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2009/08/07 14:04:41 | 00,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2009/08/07 14:04:40 | 00,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2009/08/07 14:04:40 | 00,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2009/08/07 14:04:40 | 00,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2009/08/07 14:04:39 | 00,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2009/08/07 14:04:39 | 00,045,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshta.exe
[2009/08/07 14:04:38 | 03,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2009/08/07 14:04:38 | 00,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2009/08/07 14:04:38 | 00,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe
[2009/08/07 14:04:38 | 00,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2009/08/07 14:04:38 | 00,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2009/08/07 14:04:38 | 00,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetDepNx.exe
[2009/08/07 00:54:55 | 00,001,005 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.1.lnk
[2009/08/07 00:53:59 | 00,000,000 | ---D | C] -- C:\Program Files\JRE
[2009/08/07 00:45:19 | 00,148,888 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2009/08/07 00:45:19 | 00,144,792 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2009/08/07 00:45:19 | 00,144,792 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2009/08/07 00:43:20 | 00,000,000 | ---D | C] -- C:\Users\mauro\Pictures\Desktop\Desktop\Desktop\Desktop\OpenOffice.org 3.1 (en-US) Installation Files
[2009/08/07 00:43:05 | 00,000,000 | ---D | C] -- C:\Users\Public\Documents\sun
[2009/08/07 00:38:49 | 15,525,5392 | ---- | C] () -- C:\Users\mauro\Pictures\Desktop\Desktop\Desktop\Desktop\OOo_3.1.0_Win32Intel_install_wJRE_en-US.exe
[2009/08/06 18:30:08 | 00,000,000 | -H-D | C] -- C:\ProgramData\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}
[2009/08/01 21:29:45 | 00,028,085 | ---- | C] () -- C:\Users\mauro\Documents\sandra varios 3.p2g
[2009/06/06 12:00:08 | 00,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/02/03 23:02:07 | 00,000,162 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/02/03 00:21:08 | 00,017,920 | ---- | C] () -- C:\Windows\System32\Implode.dll
[2009/01/08 18:10:36 | 00,000,412 | ---- | C] () -- C:\Windows\MAXLINK.INI
[2008/12/11 13:13:13 | 00,138,944 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2008/10/11 19:37:11 | 00,000,271 | ---- | C] () -- C:\Windows\SysMech.INI
[2008/07/23 22:35:54 | 00,081,920 | ---- | C] () -- C:\Windows\System32\pdfxp.dll
[2008/07/23 12:50:52 | 03,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/07/23 12:47:34 | 00,000,416 | ---- | C] () -- C:\Windows\System32\dtu100.dll.manifest
[2008/07/23 12:47:34 | 00,000,416 | ---- | C] () -- C:\Windows\System32\dpl100.dll.manifest
[2008/07/23 12:46:38 | 00,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008/04/27 12:29:03 | 00,000,039 | ---- | C] () -- C:\Windows\WININIT.INI
[2008/04/22 02:43:14 | 00,059,392 | R--- | C] () -- C:\Windows\System32\streamhlp.dll
[2008/03/12 22:00:29 | 00,000,804 | ---- | C] () -- C:\Windows\_delis32.ini
[2008/03/09 17:02:43 | 00,000,420 | ---- | C] () -- C:\Windows\Disney.ini
[2008/02/03 14:50:04 | 02,102,112 | ---- | C] () -- C:\Windows\System32\Incinerator.dll
[2008/02/01 18:13:42 | 00,000,063 | ---- | C] () -- C:\Windows\SIERRA.INI
[2008/02/01 18:12:05 | 00,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2008/02/01 18:12:05 | 00,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2008/02/01 18:12:05 | 00,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2008/01/21 16:15:56 | 00,471,232 | ---- | C] () -- C:\Windows\System32\drivers\lvcm.sys
[2008/01/21 16:15:56 | 00,019,968 | ---- | C] () -- C:\Windows\System32\drivers\LVUSBSta.sys
[2008/01/21 16:15:56 | 00,005,993 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2007/10/16 14:38:54 | 00,532,544 | ---- | C] () -- C:\Windows\PIC.dll
[2007/10/16 14:38:54 | 00,024,576 | ---- | C] () -- C:\Windows\HKNTDLL.dll
[2006/11/22 17:16:18 | 00,003,612 | ---- | C] () -- C:\Windows\ReaderString.ini
[2006/11/21 13:50:06 | 00,000,037 | ---- | C] () -- C:\Windows\sunkist.ini
[2006/11/02 08:35:32 | 00,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:23:31 | 00,000,244 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 06:23:31 | 00,000,215 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 03:40:29 | 00,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/05/20 14:44:46 | 00,051,392 | ---- | C] () -- C:\Windows\System32\drivers\atnt40k.sys
[2000/09/19 20:55:00 | 00,011,616 | R--- | C] () -- C:\Windows\System32\drivers\secdrv.sys
[1999/01/27 13:39:06 | 00,065,024 | ---- | C] () -- C:\Windows\System32\indounin.dll
[1997/06/13 21:56:08 | 00,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll

========== Files - Modified Within 30 Days ==========

[1 C:\Windows\*.tmp files]
[2009/08/21 08:19:59 | 00,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{006AEA10-C742-4895-9373-E785D26F90E0}.job
[2009/08/21 08:19:32 | 00,690,960 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/08/21 08:19:32 | 00,599,942 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/08/21 08:19:32 | 00,105,448 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/08/21 08:16:46 | 00,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2009/08/21 08:14:25 | 00,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2009/08/21 08:14:25 | 00,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2009/08/21 08:14:24 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/08/21 08:14:13 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/08/21 08:14:09 | 30,833,66400 | -HS- | M] () -- C:\hiberfil.sys
[2009/08/21 05:09:53 | 02,067,695 | -H-- | M] () -- C:\Users\mauro\AppData\Local\IconCache.db
[2009/08/21 01:51:00 | 00,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4262586629-2059968801-1201914785-1000UA.job
[2009/08/20 21:51:00 | 00,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4262586629-2059968801-1201914785-1000Core.job
[2009/08/20 17:32:37 | 00,000,825 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/08/20 09:56:10 | 00,229,376 | ---- | M] () -- C:\Windows\PEV.exe
[2009/08/20 09:38:57 | 00,000,215 | ---- | M] () -- C:\Windows\system.ini
[2009/08/20 09:22:29 | 03,180,391 | R--- | M] () -- C:\Users\mauro\Pictures\Desktop\Desktop\Desktop\Desktop\Kahdah.exe
[2009/08/19 22:33:13 | 29,422,7145 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2009/08/19 22:23:40 | 00,288,768 | ---- | M] () -- C:\h3puzdxu.exe
[2009/08/19 22:12:53 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Users\mauro\Pictures\Desktop\Desktop\Desktop\Desktop\OTL.exe
[2009/08/17 12:33:35 | 00,001,612 | ---- | M] () -- C:\Users\mauro\Pictures\Desktop\Desktop\Desktop\Desktop\WolfTeam.lnk
[2009/08/17 10:27:22 | 00,001,905 | ---- | M] () -- C:\Windows\diagwrn.xml
[2009/08/17 10:27:22 | 00,001,905 | ---- | M] () -- C:\Windows\diagerr.xml
[2009/08/13 19:14:05 | 00,319,272 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/08/13 18:24:09 | 00,076,488 | ---- | M] () -- C:\Users\mauro\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/08/13 18:13:21 | 00,000,972 | ---- | M] () -- C:\Users\mauro\Pictures\Desktop\Desktop\Desktop\Desktop\System Mechanic.lnk
[2009/08/12 11:48:36 | 00,001,701 | ---- | M] () -- C:\Users\mauro\Pictures\Desktop\Desktop\Desktop\Desktop\CCleaner.lnk
[2009/08/10 02:22:17 | 00,001,713 | ---- | M] () -- C:\Users\Public\Desktop\Wake up News.lnk
[2009/08/08 15:56:26 | 00,000,244 | ---- | M] () -- C:\Windows\win.ini
[2009/08/07 00:54:55 | 00,001,005 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.1.lnk
[2009/08/07 00:41:56 | 15,525,5392 | ---- | M] () -- C:\Users\mauro\Pictures\Desktop\Desktop\Desktop\Desktop\OOo_3.1.0_Win32Intel_install_wJRE_en-US.exe
[2009/08/05 22:13:30 | 00,055,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2009/08/03 19:09:21 | 00,115,712 | ---- | M] () -- C:\Users\mauro\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/03 13:36:28 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2009/08/03 13:36:06 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2009/08/01 21:29:45 | 00,028,085 | ---- | M] () -- C:\Users\mauro\Documents\sandra varios 3.p2g
[2009/07/29 20:49:14 | 24,281,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mrt.exe
[2009/07/29 16:05:54 | 00,093,024 | ---- | M] (iolo technologies, LLC) -- C:\Windows\System32\IncContxMenu.dll
[2009/07/29 16:05:48 | 02,102,112 | ---- | M] () -- C:\Windows\System32\Incinerator.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:D7FE23E1
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:84F302CA
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:19C3C515
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:3D060AD2
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:B29E86D2
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:0CB5F737
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:962CAC6E
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:3778F8BC
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:E943D067
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:958399A2
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:2615E8F1
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:47920A31
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:DF4017A4
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:90C14690
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:5C07C19F
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:15A63ACD
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:30399038
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:03411C97
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:D4CA4749
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:ABB2D038
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:A204137B
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:614867BA
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:1DDDEA0F
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:6D549BCC
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:3D66C2C2
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:57BF34C6
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:E33EA293
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:7E95B6FD
< End of report >
  • 0

#10
kahdah
Posted 21 August 2009 - 06:27 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Looks good how are things running?
  • 0

#11
raybak
Posted 21 August 2009 - 08:09 AM

raybak

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
yep..everything is working just fine.
thank you very much for your time and help.
regards
  • 0

#12
kahdah
Posted 21 August 2009 - 04:51 PM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Cleanup:

Please double click on OTL it to run it.
Then click on Clean up.
Restart your computer when prompted.
This will remove what tools we used.
===============
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java SE Runtime Environment (JRE) and save it to your desktop.
  • Scroll down to where it says "Java SE Runtime Environment (JRE) 6 Update 16...allows end-users to run Java applications".
  • Click the "Download" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u10-windows-i586-p.exe to install the newest version.
======================
Delete\uninstall anything else that we have used.

System Restore
Then I will need you to reset your System Restore points.
The link below shows how to create a clean restore point.
How to Turn On and Turn Off System Restore in Windows XP
http://support.micro...kb/310405/en-us

If you are using Vista then see this link > http://www.bleepingc...143.html#manual
=====================================
After that your all set. :)


The following are some articles and a Windows Update link that I like to suggest to people to prevent malware and general PC maintenance.

Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

Prevention article To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections please read the Prevention artice by Miekiemoes.

If your computer is slow Is a tutorial on what you can do if your computer is slow.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP